@vibelet/cli 0.1.38 → 1.0.0

package/dist/index.js

@@ -1,707 +0,0 @@
-import { createServer } from 'http';
-import { WebSocketServer } from 'ws';
-import { mkdir, readFile, stat, readdir, writeFile } from 'fs/promises';
-import { randomBytes } from 'crypto';
-import { extname, join } from 'path';
-import { networkInterfaces } from 'os';
-import QRCode from 'qrcode';
-import { config } from './config.js';
-import { SessionManager } from './session-manager.js';
-import { getExternalInventoryHealth } from './session-inventory.js';
-import { resolveFileRequestPath } from './utils.js';
-import { logger as rootLogger } from './logger.js';
-import { metrics } from './metrics.js';
-import { audit } from './audit.js';
-import { registerToken, sendPush, unregisterToken } from './push.js';
-import { handlePushProtocolMessage } from './push-protocol.js';
-import { collectPortOccupants } from './port-conflict.js';
-import { loadOrCreateDaemonIdentity } from './identity.js';
-import { PairingStore } from './pairing-store.js';
-import { isAuthorizedToken, isLegacyToken, isLoopbackAddress, resolveRequestToken } from './auth.js';
-import { computeAdvertisedConnectionTarget, computeAdvertisedHosts, readConfiguredFallbackHosts, readTailscaleHosts, } from './advertised-hosts.js';
-import { readRawDataAsText } from './ws-data.js';
-import { runStorageHousekeepingSync } from './storage-housekeeping.js';
-import { AUDIT_PATH, DAEMON_STDERR_LOG_PATH, DAEMON_STDOUT_LOG_PATH, PAIRING_QR_SVG_PATH, UPDATE_CHECK_PATH, VIBELET_DIR, VIBELET_UPLOADS_DIR } from './paths.js';
-import { CLI_VERSION } from './cli-version.js';
-import { CLAUDE_HOOK_SECRET_HEADER } from './claude-hooks.js';
-import { writeStdoutSafe } from './safe-stdio.js';
-const log = rootLogger.child({ module: 'daemon' });
-const wsLog = rootLogger.child({ module: 'ws' });
-function readLatestVersion() {
-    try {
-        const data = JSON.parse(require('fs').readFileSync(UPDATE_CHECK_PATH, 'utf8'));
-        return typeof data.latestVersion === 'string' ? data.latestVersion : undefined;
-    }
-    catch {
-        return undefined;
-    }
-}
-const identity = loadOrCreateDaemonIdentity(config.port);
-const manager = new SessionManager((title, body, data) => sendPush(title, body, {
-    daemonId: identity.daemonId,
-    canonicalHost: getAdvertisedConnectionTarget().canonicalHost,
-    ...(data ?? {}),
-}));
-const pairingStore = new PairingStore();
-const sockets = new Set();
-const authenticatedClients = new WeakMap();
-let shuttingDown = false;
-const startTime = Date.now();
-let storageHousekeepingInterval = null;
-let advertisedConnectionTargetCache = null;
-const ADVERTISED_CONNECTION_TARGET_CACHE_TTL_MS = 1_000;
-function getAdvertisedHosts() {
-    const tailscaleHosts = readTailscaleHosts();
-    return computeAdvertisedHosts({
-        canonicalHost: identity.canonicalHost,
-        configuredCanonicalHost: config.canonicalHost,
-        configuredFallbackHosts: readConfiguredFallbackHosts(config.fallbackHosts),
-        tailscaleCanonicalHost: tailscaleHosts.canonicalHost,
-        tailscaleFallbackHosts: tailscaleHosts.fallbackHosts,
-        interfaces: networkInterfaces(),
-    });
-}
-function getAdvertisedConnectionTarget() {
-    const now = Date.now();
-    if (advertisedConnectionTargetCache && advertisedConnectionTargetCache.expiresAt > now) {
-        return advertisedConnectionTargetCache.value;
-    }
-    const advertisedHosts = getAdvertisedHosts();
-    const connectionTarget = computeAdvertisedConnectionTarget({
-        canonicalHost: advertisedHosts.canonicalHost,
-        fallbackHosts: advertisedHosts.fallbackHosts,
-        port: identity.port,
-        relayUrl: config.relayUrl,
-    });
-    // Tailscale probing is synchronous and can take a few seconds when the socket
-    // is unavailable. Cache the computed target briefly so startup logging, health
-    // checks, and immediate pairing calls do not repeatedly block the event loop.
-    advertisedConnectionTargetCache = {
-        value: connectionTarget,
-        expiresAt: now + ADVERTISED_CONNECTION_TARGET_CACHE_TTL_MS,
-    };
-    return connectionTarget;
-}
-function createCompactPairingPayload(pairingPayload) {
-    const compactPayload = {
-        t: 'vp',
-        d: pairingPayload.daemonId,
-        n: pairingPayload.displayName,
-        h: pairingPayload.canonicalHost,
-        p: pairingPayload.port,
-        c: pairingPayload.pairNonce,
-        e: pairingPayload.expiresAt,
-    };
-    if (pairingPayload.fallbackHosts)
-        compactPayload.f = pairingPayload.fallbackHosts;
-    return compactPayload;
-}
-async function writeStartupPairingQr(pairingPayload) {
-    const payload = JSON.stringify(createCompactPairingPayload(pairingPayload));
-    if (process.stdout.isTTY) {
-        const qr = await QRCode.toString(payload, {
-            type: 'terminal',
-            small: true,
-            errorCorrectionLevel: 'L',
-        });
-        writeStdoutSafe(`\nScan this QR code with Vibelet app:\n\n${qr}\n`);
-        return;
-    }
-    await mkdir(VIBELET_DIR, { recursive: true });
-    const qrSvg = await QRCode.toString(payload, {
-        type: 'svg',
-        errorCorrectionLevel: 'L',
-        margin: 1,
-    });
-    await writeFile(PAIRING_QR_SVG_PATH, qrSvg, 'utf8');
-    writeStdoutSafe(`\nPairing QR saved to ${PAIRING_QR_SVG_PATH}\n`);
-    writeStdoutSafe('Open that SVG file to scan in shells or UIs that distort terminal QR output.\n');
-}
-async function readJsonBody(req) {
-    const chunks = [];
-    for await (const chunk of req) {
-        chunks.push(Buffer.isBuffer(chunk) ? chunk : Buffer.from(chunk));
-    }
-    const raw = Buffer.concat(chunks).toString('utf8');
-    return raw ? JSON.parse(raw) : {};
-}
-function sendJson(res, statusCode, body) {
-    res.writeHead(statusCode, { 'Content-Type': 'application/json' });
-    res.end(JSON.stringify(body, null, 2));
-}
-function getFileContentType(filePath) {
-    const ext = extname(filePath).toLowerCase();
-    const mimeTypes = {
-        '.png': 'image/png',
-        '.jpg': 'image/jpeg',
-        '.jpeg': 'image/jpeg',
-        '.gif': 'image/gif',
-        '.svg': 'image/svg+xml',
-        '.webp': 'image/webp',
-        '.heic': 'image/heic',
-        '.heif': 'image/heif',
-        '.pdf': 'application/pdf',
-        '.md': 'text/markdown; charset=utf-8',
-        '.markdown': 'text/markdown; charset=utf-8',
-        '.txt': 'text/plain; charset=utf-8',
-        '.log': 'text/plain; charset=utf-8',
-        '.json': 'application/json; charset=utf-8',
-        '.js': 'text/plain; charset=utf-8',
-        '.jsx': 'text/plain; charset=utf-8',
-        '.ts': 'text/plain; charset=utf-8',
-        '.tsx': 'text/plain; charset=utf-8',
-        '.mjs': 'text/plain; charset=utf-8',
-        '.cjs': 'text/plain; charset=utf-8',
-        '.css': 'text/plain; charset=utf-8',
-        '.html': 'text/plain; charset=utf-8',
-        '.yml': 'text/plain; charset=utf-8',
-        '.yaml': 'text/plain; charset=utf-8',
-    };
-    return mimeTypes[ext] || 'application/octet-stream';
-}
-function buildPairingPayload() {
-    const window = pairingStore.openWindow();
-    const connectionTarget = getAdvertisedConnectionTarget();
-    return {
-        type: 'vibelet-pair',
-        daemonId: identity.daemonId,
-        displayName: identity.displayName,
-        canonicalHost: connectionTarget.canonicalHost,
-        fallbackHosts: connectionTarget.fallbackHosts.length > 0 ? connectionTarget.fallbackHosts : undefined,
-        port: connectionTarget.port,
-        pairNonce: window.pairNonce,
-        expiresAt: window.expiresAt,
-    };
-}
-async function listDirs(path, cwd) {
-    const resolvedPath = resolveFileRequestPath(path, cwd);
-    const entries = await readdir(resolvedPath);
-    const results = [];
-    for (const name of entries) {
-        if (name.startsWith('.'))
-            continue;
-        const s = await stat(join(resolvedPath, name)).catch(() => null);
-        if (s)
-            results.push({ name, isDirectory: s.isDirectory() });
-    }
-    // Sort: dirs first, then files
-    results.sort((a, b) => {
-        if (a.isDirectory !== b.isDirectory)
-            return a.isDirectory ? -1 : 1;
-        return a.name.localeCompare(b.name);
-    });
-    return { entries: results };
-}
-// HTTP server for file serving (images) + WebSocket upgrade + health endpoint
-const httpServer = createServer(async (req, res) => {
-    const url = new URL(req.url ?? '/', `http://localhost:${config.port}`);
-    // Health endpoint — no token required for basic health check
-    if (url.pathname === '/health') {
-        const connectionTarget = getAdvertisedConnectionTarget();
-        const health = {
-            status: 'ok',
-            version: CLI_VERSION,
-            daemonId: identity.daemonId,
-            displayName: identity.displayName,
-            canonicalHost: connectionTarget.canonicalHost,
-            uptimeSeconds: Math.round((Date.now() - startTime) / 1000),
-            activeSessions: manager.getActiveSessionCount(),
-            pairedDevices: pairingStore.pairedCount(),
-            wsClients: wss.clients.size,
-            drivers: manager.getDriverCounts(),
-            sessionInventory: getExternalInventoryHealth(),
-            metrics: metrics.snapshot(),
-        };
-        if (config.relayUrl) {
-            health.relayUrl = config.relayUrl;
-        }
-        const latestVersion = readLatestVersion();
-        if (latestVersion) {
-            health.latestVersion = latestVersion;
-        }
-        sendJson(res, 200, health);
-        return;
-    }
-    if (req.method === 'POST' && url.pathname === '/pair/open') {
-        if (!isLoopbackAddress(req.socket.remoteAddress)) {
-            sendJson(res, 403, { error: 'forbidden' });
-            return;
-        }
-        sendJson(res, 200, buildPairingPayload());
-        return;
-    }
-    if (req.method === 'POST' && url.pathname === '/pair/reset') {
-        if (!isLoopbackAddress(req.socket.remoteAddress)) {
-            sendJson(res, 403, { error: 'forbidden' });
-            return;
-        }
-        pairingStore.reset();
-        sendJson(res, 200, { ok: true });
-        return;
-    }
-    if (req.method === 'POST' && url.pathname === '/shutdown') {
-        if (!isLoopbackAddress(req.socket.remoteAddress)) {
-            sendJson(res, 403, { error: 'forbidden' });
-            return;
-        }
-        sendJson(res, 200, { status: 'stopping' });
-        setTimeout(() => shutdown('HTTP /shutdown request'), 50);
-        return;
-    }
-    if (req.method === 'POST' && url.pathname === '/hook/claude/session-start') {
-        if (!isLoopbackAddress(req.socket.remoteAddress)) {
-            sendJson(res, 403, { error: 'forbidden' });
-            return;
-        }
-        try {
-            const body = await readJsonBody(req);
-            const secretHeader = req.headers[CLAUDE_HOOK_SECRET_HEADER];
-            const secret = Array.isArray(secretHeader) ? secretHeader[0] : secretHeader;
-            manager.handleClaudeSessionStartHook(secret, body);
-            sendJson(res, 200, { ok: true });
-        }
-        catch (error) {
-            sendJson(res, 400, { error: String(error) });
-        }
-        return;
-    }
-    if (req.method === 'POST' && url.pathname === '/hook/claude/permission-request') {
-        if (!isLoopbackAddress(req.socket.remoteAddress)) {
-            sendJson(res, 403, { error: 'forbidden' });
-            return;
-        }
-        try {
-            const body = await readJsonBody(req);
-            const secretHeader = req.headers[CLAUDE_HOOK_SECRET_HEADER];
-            const secret = Array.isArray(secretHeader) ? secretHeader[0] : secretHeader;
-            const response = await manager.handleClaudePermissionHook(secret, body);
-            sendJson(res, 200, response);
-        }
-        catch (error) {
-            sendJson(res, 400, { error: String(error) });
-        }
-        return;
-    }
-    if (req.method === 'POST' && url.pathname === '/pair/create') {
-        try {
-            const body = await readJsonBody(req);
-            if (body.daemonId !== identity.daemonId ||
-                typeof body.pairNonce !== 'string' ||
-                typeof body.deviceId !== 'string' ||
-                typeof body.deviceName !== 'string') {
-                sendJson(res, 400, { error: 'invalid_pair_request' });
-                return;
-            }
-            const window = pairingStore.consumeWindow(body.pairNonce);
-            if (!window) {
-                sendJson(res, 401, { error: 'pair_window_expired' });
-                return;
-            }
-            const pairToken = pairingStore.issuePairToken(body.deviceId, body.deviceName);
-            const connectionTarget = getAdvertisedConnectionTarget();
-            sendJson(res, 200, {
-                daemonId: identity.daemonId,
-                displayName: identity.displayName,
-                canonicalHost: connectionTarget.canonicalHost,
-                fallbackHosts: connectionTarget.fallbackHosts,
-                port: connectionTarget.port,
-                deviceId: body.deviceId,
-                pairToken,
-            });
-        }
-        catch (error) {
-            sendJson(res, 400, { error: String(error) });
-        }
-        return;
-    }
-    const token = resolveRequestToken(req.headers.authorization, url.searchParams.get('token'));
-    if (!isAuthorizedToken(token, config.legacyToken, (value, touch) => pairingStore.validateAnyPairToken(value, touch), false)) {
-        res.writeHead(401);
-        res.end('Unauthorized');
-        return;
-    }
-    // Upload image: POST /upload (raw binary body, Content-Type = image/*)
-    if (req.method === 'POST' && url.pathname === '/upload') {
-        const UPLOAD_MIME_TO_EXT = {
-            'image/png': '.png',
-            'image/jpeg': '.jpg',
-            'image/gif': '.gif',
-            'image/webp': '.webp',
-            'image/heic': '.heic',
-            'image/heif': '.heif',
-        };
-        const contentType = (req.headers['content-type'] ?? '').split(';')[0].trim();
-        const ext = UPLOAD_MIME_TO_EXT[contentType];
-        if (!ext) {
-            sendJson(res, 400, { error: 'Unsupported content type' });
-            return;
-        }
-        const MAX_UPLOAD_SIZE = 10 * 1024 * 1024; // 10MB
-        const chunks = [];
-        let totalSize = 0;
-        for await (const chunk of req) {
-            const buf = Buffer.isBuffer(chunk) ? chunk : Buffer.from(chunk);
-            totalSize += buf.length;
-            if (totalSize > MAX_UPLOAD_SIZE) {
-                res.writeHead(413);
-                res.end('File too large');
-                return;
-            }
-            chunks.push(buf);
-        }
-        try {
-            await mkdir(VIBELET_UPLOADS_DIR, { recursive: true });
-            const filename = `${Date.now()}_${randomBytes(8).toString('hex')}${ext}`;
-            const filePath = join(VIBELET_UPLOADS_DIR, filename);
-            await writeFile(filePath, Buffer.concat(chunks));
-            log.info({ filePath, size: totalSize }, 'file uploaded');
-            sendJson(res, 200, { path: filePath });
-        }
-        catch (e) {
-            log.error({ error: String(e) }, 'upload failed');
-            sendJson(res, 500, { error: 'Upload failed' });
-        }
-        return;
-    }
-    // Serve files: GET /file?path=/path/to/file&cwd=/repo&token=xxx
-    if (url.pathname === '/file') {
-        const filePath = url.searchParams.get('path');
-        const cwd = url.searchParams.get('cwd') || undefined;
-        if (!filePath) {
-            res.writeHead(400);
-            res.end('Missing path parameter');
-            return;
-        }
-        try {
-            const resolvedPath = resolveFileRequestPath(filePath, cwd);
-            const fileStat = await stat(resolvedPath);
-            if (!fileStat.isFile()) {
-                res.writeHead(404);
-                res.end('Not a file');
-                return;
-            }
-            const contentType = getFileContentType(resolvedPath);
-            const data = await readFile(resolvedPath);
-            res.writeHead(200, { 'Content-Type': contentType, 'Content-Length': data.length });
-            res.end(data);
-        }
-        catch (e) {
-            res.writeHead(404);
-            res.end('File not found');
-        }
-        return;
-    }
-    res.writeHead(200);
-    res.end(`Vibelet Daemon v${CLI_VERSION}`);
-});
-const wss = new WebSocketServer({ server: httpServer });
-httpServer.on('connection', (socket) => {
-    sockets.add(socket);
-    socket.on('close', () => {
-        sockets.delete(socket);
-    });
-});
-wss.on('connection', (ws, req) => {
-    const url = new URL(req.url ?? '/', `http://localhost:${config.port}`);
-    const token = url.searchParams.get('token');
-    if (token && isLegacyToken(token, config.legacyToken)) {
-        authenticatedClients.set(ws, { authMode: 'query_token' });
-        metrics.increment('ws.auth.success', { mode: 'query_token' });
-        manager.addGlobalClient(ws);
-        manager.prewarmCaches();
-    }
-    else if (token) {
-        const pairingRecord = pairingStore.validateAnyPairToken(token);
-        if (pairingRecord) {
-            authenticatedClients.set(ws, {
-                authMode: 'query_token',
-                deviceId: pairingRecord.deviceId,
-            });
-            metrics.increment('ws.auth.success', { mode: 'query_token' });
-            manager.addGlobalClient(ws);
-            manager.prewarmCaches();
-        }
-        else {
-            metrics.increment('ws.auth.failure', { mode: 'query_token' });
-            ws.close(4001, 'Unauthorized');
-            return;
-        }
-    }
-    wsLog.info({ clients: wss.clients.size }, 'client connected');
-    metrics.increment('ws.connect');
-    metrics.gauge('ws.clients', wss.clients.size);
-    audit.emit('ws.connect', {
-        clients: wss.clients.size,
-        authMode: authenticatedClients.get(ws)?.authMode ?? 'pending',
-        deviceId: authenticatedClients.get(ws)?.deviceId,
-    });
-    ws.on('message', async (data) => {
-        try {
-            const parsed = JSON.parse(readRawDataAsText(data));
-            // Basic validation: action must exist and be a string
-            if (!parsed || typeof parsed.action !== 'string') {
-                ws.send(JSON.stringify({ type: 'error', sessionId: '', message: 'Invalid message: missing or non-string "action" field' }));
-                return;
-            }
-            // Respond to heartbeat pings before auth check (harmless, keeps connection alive)
-            if (parsed.action === 'ping') {
-                ws.send(JSON.stringify({ type: 'pong' }));
-                return;
-            }
-            const msg = parsed;
-            if (!authenticatedClients.has(ws)) {
-                if (msg.action === 'auth.hello' &&
-                    msg.daemonId === identity.daemonId &&
-                    pairingStore.validatePairToken(msg.deviceId, msg.pairToken)) {
-                    authenticatedClients.set(ws, {
-                        authMode: 'auth_hello',
-                        deviceId: msg.deviceId,
-                    });
-                    metrics.increment('ws.auth.success', { mode: 'auth_hello' });
-                    manager.addGlobalClient(ws);
-                    manager.prewarmCaches();
-                    ws.send(JSON.stringify({
-                        type: 'response',
-                        id: msg.id,
-                        ok: true,
-                        data: {
-                            daemonId: identity.daemonId,
-                            displayName: identity.displayName,
-                        },
-                    }));
-                    return;
-                }
-                if (msg.action === 'auth.hello') {
-                    metrics.increment('ws.auth.failure', { mode: 'auth_hello' });
-                    ws.send(JSON.stringify({ type: 'response', id: msg.id, ok: false, error: 'auth_failed' }));
-                    ws.close(4001, 'Unauthorized');
-                    return;
-                }
-                metrics.increment('ws.auth.failure', { mode: 'missing' });
-                ws.send(JSON.stringify({ type: 'error', sessionId: '', message: 'Authentication required' }));
-                ws.close(4001, 'Unauthorized');
-                return;
-            }
-            // Handle log.report: app sends client-side logs to daemon audit trail
-            if (msg.action === 'log.report') {
-                for (const entry of msg.entries) {
-                    audit.emitApp(entry.event, entry.level, entry.data ?? {}, entry.ts);
-                    // Also log to daemon stdout for debugging
-                    const logFn = entry.level === 'error' ? log.error : entry.level === 'warn' ? log.warn : log.info;
-                    logFn.call(log, { event: entry.event, ...entry.data }, `[app] ${entry.event}`);
-                }
-                ws.send(JSON.stringify({ type: 'response', id: msg.id, ok: true }));
-                return;
-            }
-            // Handle dirs.list directly in index.ts
-            if (msg.action === 'dirs.list') {
-                try {
-                    const result = await listDirs(msg.path, msg.cwd);
-                    ws.send(JSON.stringify({ type: 'response', id: msg.id, ok: true, data: result }));
-                }
-                catch (e) {
-                    ws.send(JSON.stringify({ type: 'response', id: msg.id, ok: false, error: String(e) }));
-                }
-                return;
-            }
-            if (parsed.action === 'push.register') {
-                const context = authenticatedClients.get(ws);
-                handlePushProtocolMessage(parsed, {
-                    deviceId: context?.deviceId,
-                    registerToken,
-                    unregisterToken,
-                    respond: (response) => ws.send(JSON.stringify(response)),
-                });
-                return;
-            }
-            if (parsed.action === 'push.unregister') {
-                const context = authenticatedClients.get(ws);
-                handlePushProtocolMessage(parsed, {
-                    deviceId: context?.deviceId,
-                    registerToken,
-                    unregisterToken,
-                    respond: (response) => ws.send(JSON.stringify(response)),
-                });
-                return;
-            }
-            await manager.handle(ws, msg);
-        }
-        catch (e) {
-            wsLog.error({ error: String(e) }, 'message handling error');
-            ws.send(JSON.stringify({ type: 'error', sessionId: '', message: String(e) }));
-        }
-    });
-    ws.on('close', (code) => {
-        wsLog.info({ clients: wss.clients.size, code }, 'client disconnected');
-        metrics.increment('ws.disconnect');
-        metrics.increment('ws.disconnect.code', { code: String(code) });
-        metrics.gauge('ws.clients', wss.clients.size);
-        audit.emit('ws.disconnect', { clients: wss.clients.size, code });
-        manager.removeClient(ws);
-    });
-    ws.on('error', (err) => {
-        wsLog.error({ error: err.message }, 'websocket error');
-    });
-});
-function destroyAllSockets() {
-    for (const socket of sockets) {
-        try {
-            socket.destroy();
-        }
-        catch { }
-    }
-    sockets.clear();
-}
-function runStorageHousekeeping() {
-    const summary = runStorageHousekeepingSync({
-        auditPath: AUDIT_PATH,
-        stdoutLogPath: DAEMON_STDOUT_LOG_PATH,
-        stderrLogPath: DAEMON_STDERR_LOG_PATH,
-        auditMaxBytes: config.auditMaxBytes,
-        logMaxBytes: config.daemonLogMaxBytes,
-    });
-    if (summary.trimmedFiles > 0) {
-        log.info({
-            trimmedFiles: summary.trimmedFiles,
-            reclaimedBytes: summary.reclaimedBytes,
-            files: summary.files
-                .filter(file => file.trimmed)
-                .map(file => ({
-                path: file.path,
-                beforeBytes: file.beforeBytes,
-                afterBytes: file.afterBytes,
-            })),
-        }, 'trimmed vibelet storage');
-    }
-}
-function startStorageHousekeeping() {
-    if (storageHousekeepingInterval)
-        return;
-    storageHousekeepingInterval = setInterval(runStorageHousekeeping, config.storageHousekeepingIntervalMs);
-    storageHousekeepingInterval.unref();
-}
-function stopStorageHousekeeping() {
-    if (!storageHousekeepingInterval)
-        return;
-    clearInterval(storageHousekeepingInterval);
-    storageHousekeepingInterval = null;
-}
-function shutdown(reason, exitCode = 0) {
-    if (shuttingDown)
-        return;
-    shuttingDown = true;
-    log.info({ reason, exitCode }, 'shutting down');
-    audit.emit('daemon.shutdown', { reason, exitCode, uptimeSeconds: Math.round((Date.now() - startTime) / 1000) });
-    metrics.stopPeriodicLog();
-    stopStorageHousekeeping();
-    manager.shutdown();
-    for (const client of wss.clients) {
-        try {
-            client.close(1001, 'Server shutting down');
-            client.terminate();
-        }
-        catch { }
-    }
-    wss.close((err) => {
-        if (err)
-            log.error({ error: String(err) }, 'websocket close error');
-    });
-    httpServer.close((err) => {
-        if (err) {
-            log.error({ error: String(err) }, 'http close error');
-            destroyAllSockets();
-            process.exit(1);
-            return;
-        }
-        destroyAllSockets();
-        process.exit(exitCode);
-    });
-    setTimeout(() => {
-        log.error('force exiting after shutdown timeout');
-        destroyAllSockets();
-        process.exit(exitCode || 1);
-    }, 3000).unref();
-}
-wss.on('error', (err) => {
-    wsLog.error({ error: err.message }, 'wss error');
-});
-httpServer.on('error', (err) => {
-    if (err.code === 'EADDRINUSE') {
-        const occupants = collectPortOccupants(config.port).filter((occupant) => occupant.pid !== process.pid);
-        log.error({ port: config.port, occupants }, 'port is already in use. Stop the existing process or use VIBE_PORT=<port> to specify another port');
-    }
-    else {
-        log.error({ error: String(err) }, 'server error');
-    }
-    shutdown(`httpServer error: ${err.code ?? err.message}`, 1);
-});
-process.once('SIGINT', () => shutdown('SIGINT'));
-process.once('SIGTERM', () => shutdown('SIGTERM'));
-process.once('SIGHUP', () => shutdown('SIGHUP'));
-process.once('SIGTTIN', () => shutdown('SIGTTIN'));
-process.once('SIGTSTP', () => shutdown('SIGTSTP'));
-process.on('uncaughtException', (err) => {
-    log.error({ error: String(err), stack: err.stack }, 'uncaughtException');
-    audit.emit('daemon.error', { type: 'uncaughtException', error: String(err) });
-});
-process.on('unhandledRejection', (reason) => {
-    log.error({ reason: String(reason) }, 'unhandledRejection');
-    audit.emit('daemon.error', { type: 'unhandledRejection', reason: String(reason) });
-});
-httpServer.listen(config.port, async () => {
-    runStorageHousekeeping();
-    audit.emit('daemon.start', { port: config.port });
-    metrics.startPeriodicLog();
-    startStorageHousekeeping();
-    const startupConnectionTarget = getAdvertisedConnectionTarget();
-    log.info({
-        port: config.port,
-        pairingPort: startupConnectionTarget.port,
-        daemonId: identity.daemonId,
-        displayName: identity.displayName,
-        canonicalHost: startupConnectionTarget.canonicalHost,
-        fallbackHosts: startupConnectionTarget.fallbackHosts,
-        claudePath: config.claudePath,
-        codexPath: config.codexPath,
-        auditMaxBytes: config.auditMaxBytes,
-        daemonLogMaxBytes: config.daemonLogMaxBytes,
-        storageHousekeepingIntervalMs: config.storageHousekeepingIntervalMs,
-        turnStallTimeoutMs: config.turnStallTimeoutMs,
-    }, 'daemon started');
-    const window = pairingStore.openWindow();
-    const qrPayload = {
-        type: 'vibelet-pair',
-        daemonId: identity.daemonId,
-        displayName: identity.displayName,
-        canonicalHost: startupConnectionTarget.canonicalHost,
-        fallbackHosts: startupConnectionTarget.fallbackHosts.length > 0 ? startupConnectionTarget.fallbackHosts : undefined,
-        port: startupConnectionTarget.port,
-        pairNonce: window.pairNonce,
-        expiresAt: window.expiresAt,
-    };
-    // Keep the human-friendly banner on stdout for interactive use
-    writeStdoutSafe(`
-╔══════════════════════════════════════╗
-║       Vibelet Daemon v${CLI_VERSION}         ║
-╠══════════════════════════════════════╣
-║  Port:  ${String(qrPayload.port).padEnd(28)}║
-║  ID:    ${identity.daemonId.slice(0, 28).padEnd(28)}║
-║  Host:  ${qrPayload.canonicalHost.slice(0, 28).padEnd(28)}║
-╚══════════════════════════════════════╝
-
-Pair with: npx @vibelet/cli or npx vibelet
-Host: ${qrPayload.canonicalHost}
-Fallbacks: ${qrPayload.fallbackHosts?.join(', ') || '(none)'}
-
-Claude: ${config.claudePath}
-Codex:  ${config.codexPath}
-`);
-    // Print QR code for app to scan
-    try {
-        await writeStartupPairingQr(qrPayload);
-    }
-    catch {
-        // QR generation is best-effort
-    }
-});
-//# sourceMappingURL=index.js.map