npm - @viewportai/daemon - Versions diffs - 0.5.1 → 0.5.3 - Mend

@viewportai/daemon 0.5.1 → 0.5.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (100) hide show

package/dist/cli/context-command.d.ts.map +1 -1
package/dist/cli/context-command.js +81 -3
package/dist/cli/context-command.js.map +1 -1
package/dist/cli/context-sync-target.d.ts +2 -1
package/dist/cli/context-sync-target.d.ts.map +1 -1
package/dist/cli/context-sync-target.js +28 -0
package/dist/cli/context-sync-target.js.map +1 -1
package/dist/cli/hook-command.d.ts.map +1 -1
package/dist/cli/hook-command.js +23 -1
package/dist/cli/hook-command.js.map +1 -1
package/dist/cli/install-command.d.ts.map +1 -1
package/dist/cli/install-command.js +31 -6
package/dist/cli/install-command.js.map +1 -1
package/dist/cli/lifecycle-commands.d.ts.map +1 -1
package/dist/cli/lifecycle-commands.js +6 -0
package/dist/cli/lifecycle-commands.js.map +1 -1
package/dist/cli/lifecycle-pair-command.js +2 -21
package/dist/cli/lifecycle-pair-command.js.map +1 -1
package/dist/cli/lifecycle-pair-server.d.ts.map +1 -1
package/dist/cli/lifecycle-pair-server.js +4 -0
package/dist/cli/lifecycle-pair-server.js.map +1 -1
package/dist/cli/open-url.d.ts +2 -0
package/dist/cli/open-url.d.ts.map +1 -0
package/dist/cli/open-url.js +21 -0
package/dist/cli/open-url.js.map +1 -0
package/dist/cli/skills-command.d.ts.map +1 -1
package/dist/cli/skills-command.js +27 -0
package/dist/cli/skills-command.js.map +1 -1
package/dist/context/local-edge-store.d.ts +12 -1
package/dist/context/local-edge-store.d.ts.map +1 -1
package/dist/context/local-edge-store.js +26 -0
package/dist/context/local-edge-store.js.map +1 -1
package/dist/context/local-edge-sync.d.ts +76 -0
package/dist/context/local-edge-sync.d.ts.map +1 -1
package/dist/context/local-edge-sync.js +304 -3
package/dist/context/local-edge-sync.js.map +1 -1
package/dist/context/local-edge-types.d.ts +9 -0
package/dist/context/local-edge-types.d.ts.map +1 -1
package/dist/core/daemon.d.ts +5 -0
package/dist/core/daemon.d.ts.map +1 -1
package/dist/core/daemon.js +11 -0
package/dist/core/daemon.js.map +1 -1
package/dist/hooks/ephemeral-plan-drafts.d.ts +34 -0
package/dist/hooks/ephemeral-plan-drafts.d.ts.map +1 -0
package/dist/hooks/ephemeral-plan-drafts.js +62 -0
package/dist/hooks/ephemeral-plan-drafts.js.map +1 -0
package/dist/hooks/installers/base.d.ts +2 -2
package/dist/hooks/installers/base.d.ts.map +1 -1
package/dist/hooks/installers/claude.d.ts.map +1 -1
package/dist/hooks/installers/claude.js +35 -16
package/dist/hooks/installers/claude.js.map +1 -1
package/dist/hooks/plan-extractor.d.ts.map +1 -1
package/dist/hooks/plan-extractor.js +6 -1
package/dist/hooks/plan-extractor.js.map +1 -1
package/dist/hooks/platform-plan-sync.d.ts +10 -8
package/dist/hooks/platform-plan-sync.d.ts.map +1 -1
package/dist/hooks/platform-plan-sync.js +67 -36
package/dist/hooks/platform-plan-sync.js.map +1 -1
package/dist/hooks/router.d.ts.map +1 -1
package/dist/hooks/router.js +14 -0
package/dist/hooks/router.js.map +1 -1
package/dist/hooks/specific-events.d.ts.map +1 -1
package/dist/hooks/specific-events.js +78 -2
package/dist/hooks/specific-events.js.map +1 -1
package/dist/hooks/trusted-edge-plan-artifacts.d.ts +114 -0
package/dist/hooks/trusted-edge-plan-artifacts.d.ts.map +1 -0
package/dist/hooks/trusted-edge-plan-artifacts.js +389 -0
package/dist/hooks/trusted-edge-plan-artifacts.js.map +1 -0
package/dist/relay/bridge-token-issuer.d.ts +1 -0
package/dist/relay/bridge-token-issuer.d.ts.map +1 -1
package/dist/relay/bridge-token-issuer.js +1 -1
package/dist/relay/bridge-token-issuer.js.map +1 -1
package/dist/server/context-preview-service.d.ts +26 -0
package/dist/server/context-preview-service.d.ts.map +1 -0
package/dist/server/context-preview-service.js +71 -0
package/dist/server/context-preview-service.js.map +1 -0
package/dist/server/http-context-routes.d.ts.map +1 -1
package/dist/server/http-context-routes.js +19 -15
package/dist/server/http-context-routes.js.map +1 -1
package/dist/server/rate-limiter.d.ts.map +1 -1
package/dist/server/rate-limiter.js +5 -0
package/dist/server/rate-limiter.js.map +1 -1
package/dist/server/trusted-edge-command-capability.d.ts +14 -0
package/dist/server/trusted-edge-command-capability.d.ts.map +1 -0
package/dist/server/trusted-edge-command-capability.js +103 -0
package/dist/server/trusted-edge-command-capability.js.map +1 -0
package/dist/server/ws-command-handlers.d.ts.map +1 -1
package/dist/server/ws-command-handlers.js +135 -0
package/dist/server/ws-command-handlers.js.map +1 -1
package/dist/server/ws-protocol.d.ts +199 -0
package/dist/server/ws-protocol.d.ts.map +1 -1
package/dist/server/ws-protocol.js +81 -0
package/dist/server/ws-protocol.js.map +1 -1
package/dist/startup.d.ts.map +1 -1
package/dist/startup.js +18 -1
package/dist/startup.js.map +1 -1
package/docs/protocol-matrix.json +66 -0
package/docs/{relay-noise-conformance-vectors.json → test-vectors/relay-noise-v2.json} +1 -0
package/docs/{relay-noise-v3-conformance-vectors.json → test-vectors/relay-noise-v3.json} +1 -0
package/package.json +1 -1

package/dist/hooks/specific-events.js CHANGED Viewed

@@ -36,6 +36,12 @@ export function emitSpecificHookEvent(eventBus, kind, data, ctx) {
                 toolResponse: data.tool_response,
             });
             break;
+        case 'PreToolUse':
+            emitPlanProposalFromExitPlanMode(eventBus, data, ctx);
+            break;
+        case 'PermissionRequest':
+            emitPlanProposalFromExitPlanMode(eventBus, data, ctx);
+            break;
         case 'PostToolUseFailure':
             eventBus.emit('hook:tool-failed', {
                 sessionId: ctx.sessionId,
@@ -51,7 +57,9 @@ export function emitSpecificHookEvent(eventBus, kind, data, ctx) {
                 adapter: ctx.adapter,
                 lastMessage: data.last_assistant_message,
             });
-            emitExplicitPlanProposalFromStop(eventBus, data, ctx);
+            if (!emitExplicitPlanProposalFromStop(eventBus, data, ctx)) {
+                emitPlanModeProposalFromStop(eventBus, data, ctx);
+            }
             break;
         case 'SubagentStart':
             eventBus.emit('hook:subagent-start', {
@@ -90,6 +98,30 @@ export function emitSpecificHookEvent(eventBus, kind, data, ctx) {
             break;
     }
 }
+function emitPlanProposalFromExitPlanMode(eventBus, data, ctx) {
+    if (data.tool_name !== 'ExitPlanMode')
+        return;
+    const toolInput = readRecord(data.tool_input);
+    const plan = toolInput?.plan;
+    if (typeof plan !== 'string' || plan.trim().length === 0)
+        return;
+    const planFilePath = typeof toolInput?.planFilePath === 'string' ? toolInput.planFilePath : undefined;
+    eventBus.emit('hook:plan-proposed', {
+        sessionId: ctx.sessionId,
+        adapter: ctx.adapter,
+        cwd: ctx.cwd,
+        title: titleFromMarkdown(plan),
+        body: plan.trim(),
+        source: `${ctx.adapter}-exit-plan-mode`,
+        sourceRef: `hook://exit-plan-mode/${ctx.sessionId}`,
+        metadata: {
+            schema: PLAN_PROPOSAL_SCHEMA_VERSION,
+            extractedFrom: 'exit-plan-mode',
+            planFilePath,
+            hookRequestId: typeof data.hook_request_id === 'string' ? data.hook_request_id : undefined,
+        },
+    });
+}
 function readRecord(value) {
     if (!value || typeof value !== 'object' || Array.isArray(value))
         return undefined;
@@ -103,10 +135,17 @@ function planBodyFromData(data) {
     }
     return '';
 }
+function titleFromMarkdown(markdown) {
+    const firstHeading = markdown
+        .split(/\r?\n/)
+        .map((line) => line.trim())
+        .find((line) => /^#{1,3}\s+\S/.test(line));
+    return firstHeading?.replace(/^#{1,3}\s+/, '').trim();
+}
 function emitExplicitPlanProposalFromStop(eventBus, data, ctx) {
     const proposal = extractPlanProposalFromText(data.last_assistant_message);
     if (!proposal)
-        return;
+        return false;
     eventBus.emit('hook:plan-proposed', {
         sessionId: ctx.sessionId,
         adapter: ctx.adapter,
@@ -121,5 +160,42 @@ function emitExplicitPlanProposalFromStop(eventBus, data, ctx) {
             extractedFrom: 'explicit-marker',
         },
     });
+    return true;
+}
+function emitPlanModeProposalFromStop(eventBus, data, ctx) {
+    if (ctx.adapter !== 'claude')
+        return;
+    if (data.permission_mode !== 'plan')
+        return;
+    const body = data.last_assistant_message;
+    if (typeof body !== 'string')
+        return;
+    const trimmed = body.trim();
+    if (!looksLikePlanMarkdown(trimmed))
+        return;
+    eventBus.emit('hook:plan-proposed', {
+        sessionId: ctx.sessionId,
+        adapter: ctx.adapter,
+        cwd: ctx.cwd,
+        title: titleFromMarkdown(trimmed) ?? 'Claude plan',
+        body: trimmed,
+        source: `${ctx.adapter}-plan-mode-stop`,
+        sourceRef: `hook://stop/${ctx.sessionId}`,
+        metadata: {
+            schema: PLAN_PROPOSAL_SCHEMA_VERSION,
+            extractedFrom: 'claude-plan-mode-stop',
+        },
+    });
+}
+function looksLikePlanMarkdown(markdown) {
+    if (!markdown)
+        return false;
+    const lower = markdown.toLowerCase();
+    if (/^#{1,3}\s+plan\b/m.test(markdown))
+        return true;
+    if (/^plan\s*:/i.test(markdown))
+        return true;
+    return (lower.includes('phase') &&
+        (lower.includes('goal') || lower.includes('recommended order') || lower.includes('risk')));
 }
 //# sourceMappingURL=specific-events.js.map

package/dist/hooks/specific-events.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"specific-events.js","sourceRoot":"","sources":["../../src/hooks/specific-events.ts"],"names":[],"mappings":"AAGA,OAAO,EACL,2BAA2B,EAC3B,4BAA4B,EAC5B,4BAA4B,GAC7B,MAAM,qBAAqB,CAAC;AAQ7B,MAAM,UAAU,qBAAqB,CACnC,QAAyC,EACzC,IAAmB,EACnB,IAA6B,EAC7B,GAAyB;IAEzB,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,cAAc;YACjB,QAAQ,CAAC,IAAI,CAAC,oBAAoB,EAAE;gBAClC,SAAS,EAAE,GAAG,CAAC,SAAS;gBACxB,OAAO,EAAE,GAAG,CAAC,OAAO;gBACpB,GAAG,EAAE,IAAI,CAAC,GAAyB;gBACnC,MAAM,EAAE,IAAI,CAAC,MAA4B;gBACzC,SAAS,EAAE,IAAI,CAAC,UAAgC;gBAChD,KAAK,EAAE,IAAI,CAAC,KAA2B;aACxC,CAAC,CAAC;YACH,MAAM;QACR,KAAK,YAAY;YACf,QAAQ,CAAC,IAAI,CAAC,kBAAkB,EAAE;gBAChC,SAAS,EAAE,GAAG,CAAC,SAAS;gBACxB,OAAO,EAAE,GAAG,CAAC,OAAO;gBACpB,MAAM,EAAE,IAAI,CAAC,MAA4B;aAC1C,CAAC,CAAC;YACH,MAAM;QACR,KAAK,cAAc;YACjB,QAAQ,CAAC,IAAI,CAAC,mBAAmB,EAAE;gBACjC,SAAS,EAAE,GAAG,CAAC,SAAS;gBACxB,OAAO,EAAE,GAAG,CAAC,OAAO;gBACpB,OAAO,EAAG,IAAI,CAAC,OAAkB,IAAI,EAAE;gBACvC,KAAK,EAAE,IAAI,CAAC,KAA2B;gBACvC,gBAAgB,EAAE,IAAI,CAAC,iBAAuC;aAC/D,CAAC,CAAC;YACH,MAAM;QACR,KAAK,aAAa;YAChB,QAAQ,CAAC,IAAI,CAAC,qBAAqB,EAAE;gBACnC,SAAS,EAAE,GAAG,CAAC,SAAS;gBACxB,OAAO,EAAE,GAAG,CAAC,OAAO;gBACpB,QAAQ,EAAG,IAAI,CAAC,SAAoB,IAAI,EAAE;gBAC1C,SAAS,EAAE,IAAI,CAAC,UAAU;gBAC1B,YAAY,EAAE,IAAI,CAAC,aAAa;aACjC,CAAC,CAAC;YACH,MAAM;QACR,KAAK,oBAAoB;YACvB,QAAQ,CAAC,IAAI,CAAC,kBAAkB,EAAE;gBAChC,SAAS,EAAE,GAAG,CAAC,SAAS;gBACxB,OAAO,EAAE,GAAG,CAAC,OAAO;gBACpB,QAAQ,EAAG,IAAI,CAAC,SAAoB,IAAI,EAAE;gBAC1C,KAAK,EAAE,IAAI,CAAC,KAA2B;gBACvC,WAAW,EAAE,IAAI,CAAC,YAAmC;aACtD,CAAC,CAAC;YACH,MAAM;QACR,KAAK,MAAM;YACT,QAAQ,CAAC,IAAI,CAAC,WAAW,EAAE;gBACzB,SAAS,EAAE,GAAG,CAAC,SAAS;gBACxB,OAAO,EAAE,GAAG,CAAC,OAAO;gBACpB,WAAW,EAAE,IAAI,CAAC,sBAA4C;aAC/D,CAAC,CAAC;YACH,gCAAgC,CAAC,QAAQ,EAAE,IAAI,EAAE,GAAG,CAAC,CAAC;~~YACtD~~,MAAM;QACR,KAAK,eAAe;YAClB,QAAQ,CAAC,IAAI,CAAC,qBAAqB,EAAE;gBACnC,SAAS,EAAE,GAAG,CAAC,SAAS;gBACxB,OAAO,EAAE,GAAG,CAAC,OAAO;gBACpB,OAAO,EAAE,IAAI,CAAC,QAA8B;gBAC5C,SAAS,EAAE,IAAI,CAAC,UAAgC;aACjD,CAAC,CAAC;YACH,MAAM;QACR,KAAK,cAAc;YACjB,QAAQ,CAAC,IAAI,CAAC,oBAAoB,EAAE;gBAClC,SAAS,EAAE,GAAG,CAAC,SAAS;gBACxB,OAAO,EAAE,GAAG,CAAC,OAAO;gBACpB,OAAO,EAAE,IAAI,CAAC,QAA8B;gBAC5C,SAAS,EAAE,IAAI,CAAC,UAAgC;gBAChD,WAAW,EAAE,IAAI,CAAC,sBAA4C;aAC/D,CAAC,CAAC;YACH,MAAM;QACR,KAAK,cAAc;YACjB,QAAQ,CAAC,IAAI,CAAC,oBAAoB,EAAE;gBAClC,SAAS,EAAE,GAAG,CAAC,SAAS;gBACxB,OAAO,EAAE,GAAG,CAAC,OAAO;gBACpB,GAAG,EAAE,IAAI,CAAC,GAAyB;gBACnC,KAAK,EAAE,IAAI,CAAC,KAA2B;gBACvC,OAAO,EAAE,IAAI,CAAC,OAA6B;gBAC3C,IAAI,EAAE,gBAAgB,CAAC,IAAI,CAAC;gBAC5B,MAAM,EAAE,IAAI,CAAC,MAA4B;gBACzC,SAAS,EAAE,IAAI,CAAC,UAAgC;gBAChD,QAAQ,EAAE;oBACR,GAAG,4BAA4B,CAAC,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;oBAC1D,MAAM,EAAE,4BAA4B;iBACrC;aACF,CAAC,CAAC;YACH,MAAM;QACR;YACE,MAAM;IACV,CAAC;AACH,CAAC;AAED,SAAS,UAAU,CAAC,KAAc;IAChC,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC;QAAE,OAAO,SAAS,CAAC;IAElF,OAAO,KAAgC,CAAC;AAC1C,CAAC;AAED,SAAS,gBAAgB,CAAC,IAA6B;IACrD,KAAK,MAAM,KAAK,IAAI,CAAC,MAAM,EAAE,eAAe,EAAE,MAAM,CAAU,EAAE,CAAC;QAC/D,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC;QAC1B,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC;YAAE,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC;IAChF,CAAC;IAED,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,SAAS,gCAAgC,CACvC,QAAyC,EACzC,IAA6B,EAC7B,GAAyB;IAEzB,MAAM,QAAQ,GAAG,2BAA2B,CAAC,IAAI,CAAC,sBAA4C,CAAC,CAAC;IAChG,IAAI,CAAC,QAAQ;QAAE,OAAO;~~IAEtB~~,QAAQ,CAAC,IAAI,CAAC,oBAAoB,EAAE;QAClC,SAAS,EAAE,GAAG,CAAC,SAAS;QACxB,OAAO,EAAE,GAAG,CAAC,OAAO;QACpB,GAAG,EAAE,GAAG,CAAC,GAAG;QACZ,KAAK,EAAE,QAAQ,CAAC,KAAK;QACrB,OAAO,EAAE,QAAQ,CAAC,OAAO;QACzB,IAAI,EAAE,QAAQ,CAAC,IAAI;QACnB,MAAM,EAAE,QAAQ,CAAC,MAAM,IAAI,GAAG,GAAG,CAAC,OAAO,OAAO;QAChD,SAAS,EAAE,QAAQ,CAAC,SAAS,IAAI,eAAe,GAAG,CAAC,SAAS,EAAE;QAC/D,QAAQ,EAAE;YACR,GAAG,CAAC,QAAQ,CAAC,QAAQ,IAAI,EAAE,CAAC;YAC5B,aAAa,EAAE,iBAAiB;SACjC;KACF,CAAC,CAAC;AACL,CAAC"}
1	+ {"version":3,"file":"specific-events.js","sourceRoot":"","sources":["../../src/hooks/specific-events.ts"],"names":[],"mappings":"AAGA,OAAO,EACL,2BAA2B,EAC3B,4BAA4B,EAC5B,4BAA4B,GAC7B,MAAM,qBAAqB,CAAC;AAQ7B,MAAM,UAAU,qBAAqB,CACnC,QAAyC,EACzC,IAAmB,EACnB,IAA6B,EAC7B,GAAyB;IAEzB,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,cAAc;YACjB,QAAQ,CAAC,IAAI,CAAC,oBAAoB,EAAE;gBAClC,SAAS,EAAE,GAAG,CAAC,SAAS;gBACxB,OAAO,EAAE,GAAG,CAAC,OAAO;gBACpB,GAAG,EAAE,IAAI,CAAC,GAAyB;gBACnC,MAAM,EAAE,IAAI,CAAC,MAA4B;gBACzC,SAAS,EAAE,IAAI,CAAC,UAAgC;gBAChD,KAAK,EAAE,IAAI,CAAC,KAA2B;aACxC,CAAC,CAAC;YACH,MAAM;QACR,KAAK,YAAY;YACf,QAAQ,CAAC,IAAI,CAAC,kBAAkB,EAAE;gBAChC,SAAS,EAAE,GAAG,CAAC,SAAS;gBACxB,OAAO,EAAE,GAAG,CAAC,OAAO;gBACpB,MAAM,EAAE,IAAI,CAAC,MAA4B;aAC1C,CAAC,CAAC;YACH,MAAM;QACR,KAAK,cAAc;YACjB,QAAQ,CAAC,IAAI,CAAC,mBAAmB,EAAE;gBACjC,SAAS,EAAE,GAAG,CAAC,SAAS;gBACxB,OAAO,EAAE,GAAG,CAAC,OAAO;gBACpB,OAAO,EAAG,IAAI,CAAC,OAAkB,IAAI,EAAE;gBACvC,KAAK,EAAE,IAAI,CAAC,KAA2B;gBACvC,gBAAgB,EAAE,IAAI,CAAC,iBAAuC;aAC/D,CAAC,CAAC;YACH,MAAM;QACR,KAAK,aAAa;YAChB,QAAQ,CAAC,IAAI,CAAC,qBAAqB,EAAE;gBACnC,SAAS,EAAE,GAAG,CAAC,SAAS;gBACxB,OAAO,EAAE,GAAG,CAAC,OAAO;gBACpB,QAAQ,EAAG,IAAI,CAAC,SAAoB,IAAI,EAAE;gBAC1C,SAAS,EAAE,IAAI,CAAC,UAAU;gBAC1B,YAAY,EAAE,IAAI,CAAC,aAAa;aACjC,CAAC,CAAC;YACH,MAAM;QACR,KAAK,YAAY;YACf,gCAAgC,CAAC,QAAQ,EAAE,IAAI,EAAE,GAAG,CAAC,CAAC;YACtD,MAAM;QACR,KAAK,mBAAmB;YACtB,gCAAgC,CAAC,QAAQ,EAAE,IAAI,EAAE,GAAG,CAAC,CAAC;YACtD,MAAM;QACR,KAAK,oBAAoB;YACvB,QAAQ,CAAC,IAAI,CAAC,kBAAkB,EAAE;gBAChC,SAAS,EAAE,GAAG,CAAC,SAAS;gBACxB,OAAO,EAAE,GAAG,CAAC,OAAO;gBACpB,QAAQ,EAAG,IAAI,CAAC,SAAoB,IAAI,EAAE;gBAC1C,KAAK,EAAE,IAAI,CAAC,KAA2B;gBACvC,WAAW,EAAE,IAAI,CAAC,YAAmC;aACtD,CAAC,CAAC;YACH,MAAM;QACR,KAAK,MAAM;YACT,QAAQ,CAAC,IAAI,CAAC,WAAW,EAAE;gBACzB,SAAS,EAAE,GAAG,CAAC,SAAS;gBACxB,OAAO,EAAE,GAAG,CAAC,OAAO;gBACpB,WAAW,EAAE,IAAI,CAAC,sBAA4C;aAC/D,CAAC,CAAC;YACH,IAAI,CAAC,gCAAgC,CAAC,QAAQ,EAAE,IAAI,EAAE,GAAG,CAAC,EAAE,CAAC;gBAC3D,4BAA4B,CAAC,QAAQ,EAAE,IAAI,EAAE,GAAG,CAAC,CAAC;YACpD,CAAC;YACD,MAAM;QACR,KAAK,eAAe;YAClB,QAAQ,CAAC,IAAI,CAAC,qBAAqB,EAAE;gBACnC,SAAS,EAAE,GAAG,CAAC,SAAS;gBACxB,OAAO,EAAE,GAAG,CAAC,OAAO;gBACpB,OAAO,EAAE,IAAI,CAAC,QAA8B;gBAC5C,SAAS,EAAE,IAAI,CAAC,UAAgC;aACjD,CAAC,CAAC;YACH,MAAM;QACR,KAAK,cAAc;YACjB,QAAQ,CAAC,IAAI,CAAC,oBAAoB,EAAE;gBAClC,SAAS,EAAE,GAAG,CAAC,SAAS;gBACxB,OAAO,EAAE,GAAG,CAAC,OAAO;gBACpB,OAAO,EAAE,IAAI,CAAC,QAA8B;gBAC5C,SAAS,EAAE,IAAI,CAAC,UAAgC;gBAChD,WAAW,EAAE,IAAI,CAAC,sBAA4C;aAC/D,CAAC,CAAC;YACH,MAAM;QACR,KAAK,cAAc;YACjB,QAAQ,CAAC,IAAI,CAAC,oBAAoB,EAAE;gBAClC,SAAS,EAAE,GAAG,CAAC,SAAS;gBACxB,OAAO,EAAE,GAAG,CAAC,OAAO;gBACpB,GAAG,EAAE,IAAI,CAAC,GAAyB;gBACnC,KAAK,EAAE,IAAI,CAAC,KAA2B;gBACvC,OAAO,EAAE,IAAI,CAAC,OAA6B;gBAC3C,IAAI,EAAE,gBAAgB,CAAC,IAAI,CAAC;gBAC5B,MAAM,EAAE,IAAI,CAAC,MAA4B;gBACzC,SAAS,EAAE,IAAI,CAAC,UAAgC;gBAChD,QAAQ,EAAE;oBACR,GAAG,4BAA4B,CAAC,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;oBAC1D,MAAM,EAAE,4BAA4B;iBACrC;aACF,CAAC,CAAC;YACH,MAAM;QACR;YACE,MAAM;IACV,CAAC;AACH,CAAC;AAED,SAAS,gCAAgC,CACvC,QAAyC,EACzC,IAA6B,EAC7B,GAAyB;IAEzB,IAAI,IAAI,CAAC,SAAS,KAAK,cAAc;QAAE,OAAO;IAC9C,MAAM,SAAS,GAAG,UAAU,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IAC9C,MAAM,IAAI,GAAG,SAAS,EAAE,IAAI,CAAC;IAC7B,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO;IACjE,MAAM,YAAY,GAChB,OAAO,SAAS,EAAE,YAAY,KAAK,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS,CAAC;IAEnF,QAAQ,CAAC,IAAI,CAAC,oBAAoB,EAAE;QAClC,SAAS,EAAE,GAAG,CAAC,SAAS;QACxB,OAAO,EAAE,GAAG,CAAC,OAAO;QACpB,GAAG,EAAE,GAAG,CAAC,GAAG;QACZ,KAAK,EAAE,iBAAiB,CAAC,IAAI,CAAC;QAC9B,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE;QACjB,MAAM,EAAE,GAAG,GAAG,CAAC,OAAO,iBAAiB;QACvC,SAAS,EAAE,yBAAyB,GAAG,CAAC,SAAS,EAAE;QACnD,QAAQ,EAAE;YACR,MAAM,EAAE,4BAA4B;YACpC,aAAa,EAAE,gBAAgB;YAC/B,YAAY;YACZ,aAAa,EAAE,OAAO,IAAI,CAAC,eAAe,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,SAAS;SAC3F;KACF,CAAC,CAAC;AACL,CAAC;AAED,SAAS,UAAU,CAAC,KAAc;IAChC,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC;QAAE,OAAO,SAAS,CAAC;IAElF,OAAO,KAAgC,CAAC;AAC1C,CAAC;AAED,SAAS,gBAAgB,CAAC,IAA6B;IACrD,KAAK,MAAM,KAAK,IAAI,CAAC,MAAM,EAAE,eAAe,EAAE,MAAM,CAAU,EAAE,CAAC;QAC/D,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC;QAC1B,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC;YAAE,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC;IAChF,CAAC;IAED,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,SAAS,iBAAiB,CAAC,QAAgB;IACzC,MAAM,YAAY,GAAG,QAAQ;SAC1B,KAAK,CAAC,OAAO,CAAC;SACd,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;SAC1B,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;IAC7C,OAAO,YAAY,EAAE,OAAO,CAAC,YAAY,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;AACxD,CAAC;AAED,SAAS,gCAAgC,CACvC,QAAyC,EACzC,IAA6B,EAC7B,GAAyB;IAEzB,MAAM,QAAQ,GAAG,2BAA2B,CAAC,IAAI,CAAC,sBAA4C,CAAC,CAAC;IAChG,IAAI,CAAC,QAAQ;QAAE,OAAO,KAAK,CAAC;IAE5B,QAAQ,CAAC,IAAI,CAAC,oBAAoB,EAAE;QAClC,SAAS,EAAE,GAAG,CAAC,SAAS;QACxB,OAAO,EAAE,GAAG,CAAC,OAAO;QACpB,GAAG,EAAE,GAAG,CAAC,GAAG;QACZ,KAAK,EAAE,QAAQ,CAAC,KAAK;QACrB,OAAO,EAAE,QAAQ,CAAC,OAAO;QACzB,IAAI,EAAE,QAAQ,CAAC,IAAI;QACnB,MAAM,EAAE,QAAQ,CAAC,MAAM,IAAI,GAAG,GAAG,CAAC,OAAO,OAAO;QAChD,SAAS,EAAE,QAAQ,CAAC,SAAS,IAAI,eAAe,GAAG,CAAC,SAAS,EAAE;QAC/D,QAAQ,EAAE;YACR,GAAG,CAAC,QAAQ,CAAC,QAAQ,IAAI,EAAE,CAAC;YAC5B,aAAa,EAAE,iBAAiB;SACjC;KACF,CAAC,CAAC;IACH,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,4BAA4B,CACnC,QAAyC,EACzC,IAA6B,EAC7B,GAAyB;IAEzB,IAAI,GAAG,CAAC,OAAO,KAAK,QAAQ;QAAE,OAAO;IACrC,IAAI,IAAI,CAAC,eAAe,KAAK,MAAM;QAAE,OAAO;IAC5C,MAAM,IAAI,GAAG,IAAI,CAAC,sBAAsB,CAAC;IACzC,IAAI,OAAO,IAAI,KAAK,QAAQ;QAAE,OAAO;IACrC,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;IAC5B,IAAI,CAAC,qBAAqB,CAAC,OAAO,CAAC;QAAE,OAAO;IAE5C,QAAQ,CAAC,IAAI,CAAC,oBAAoB,EAAE;QAClC,SAAS,EAAE,GAAG,CAAC,SAAS;QACxB,OAAO,EAAE,GAAG,CAAC,OAAO;QACpB,GAAG,EAAE,GAAG,CAAC,GAAG;QACZ,KAAK,EAAE,iBAAiB,CAAC,OAAO,CAAC,IAAI,aAAa;QAClD,IAAI,EAAE,OAAO;QACb,MAAM,EAAE,GAAG,GAAG,CAAC,OAAO,iBAAiB;QACvC,SAAS,EAAE,eAAe,GAAG,CAAC,SAAS,EAAE;QACzC,QAAQ,EAAE;YACR,MAAM,EAAE,4BAA4B;YACpC,aAAa,EAAE,uBAAuB;SACvC;KACF,CAAC,CAAC;AACL,CAAC;AAED,SAAS,qBAAqB,CAAC,QAAgB;IAC7C,IAAI,CAAC,QAAQ;QAAE,OAAO,KAAK,CAAC;IAC5B,MAAM,KAAK,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC;IACrC,IAAI,mBAAmB,CAAC,IAAI,CAAC,QAAQ,CAAC;QAAE,OAAO,IAAI,CAAC;IACpD,IAAI,YAAY,CAAC,IAAI,CAAC,QAAQ,CAAC;QAAE,OAAO,IAAI,CAAC;IAC7C,OAAO,CACL,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC;QACvB,CAAC,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,mBAAmB,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAC1F,CAAC;AACJ,CAAC"}

package/dist/hooks/trusted-edge-plan-artifacts.d.ts ADDED Viewed

@@ -0,0 +1,114 @@
+import { transportFetch, type TlsVerifyMode } from '../cli/network.js';
+import type { DaemonEvents } from '../core/events.js';
+export declare const TRUSTED_EDGE_PLAN_BODY_SCHEMA = "viewport.plan_body_encrypted/v1";
+declare const PLAN_BODY_ALGORITHM = "AES-GCM-256";
+type PlanProposedEvent = DaemonEvents['hook:plan-proposed'];
+export interface TrustedEdgePlanEnvelope {
+    schema: typeof TRUSTED_EDGE_PLAN_BODY_SCHEMA;
+    algorithm: typeof PLAN_BODY_ALGORITHM;
+    key_ref: string;
+    ciphertext: string;
+    iv: string;
+    tag: string;
+    digest: string;
+    aad: Record<string, unknown>;
+}
+export interface TrustedEdgePlanFeedbackEnvelope {
+    schema: 'viewport.plan_feedback_field_encrypted/v1';
+    algorithm: typeof PLAN_BODY_ALGORITHM;
+    key_ref: string;
+    ciphertext: string;
+    iv: string;
+    tag: string;
+    digest: string;
+    aad: Record<string, unknown>;
+}
+export interface TrustedEdgePlanRecord {
+    workspaceId: string;
+    planId?: string;
+    sourceRef: string;
+    keyRef: string;
+    rawKey: string;
+    bodySha256: string;
+    createdAt: string;
+    updatedAt: string;
+}
+export interface TrustedEdgePlanWrappingKey {
+    keyId: string;
+    label: string;
+    algorithm: 'RSA-OAEP-256';
+    publicKeyJwk: Record<string, unknown>;
+    privateKeyJwk: Record<string, unknown>;
+    createdAt: string;
+    lastSeenAt: string;
+}
+export interface TrustedEdgePlanBodyKeyGrant {
+    schema: 'viewport.plan_body_key_grant/v1';
+    algorithm: 'RSA-OAEP-256';
+    recipient_user_id: number;
+    recipient_key_id: string;
+    key_ref: string;
+    encrypted_key: string;
+}
+export interface TrustedEdgePlanGrantRecipient {
+    user_id: number;
+    key_id: string;
+    public_key_jwk: Record<string, unknown>;
+}
+export interface TrustedEdgePlanSyncTarget {
+    workspaceId: string;
+    serverUrl: string;
+    credential: string;
+    tlsVerify?: TlsVerifyMode;
+    caCertPath?: string;
+    tlsPins?: string[];
+}
+export declare function saveTrustedEdgePlanDraft(options: {
+    event: PlanProposedEvent;
+    target: TrustedEdgePlanSyncTarget;
+    home?: string;
+    fetchImpl?: typeof transportFetch;
+}): Promise<{
+    planId: string;
+    sourceRef: string;
+    envelope: TrustedEdgePlanEnvelope;
+}>;
+export declare function decryptTrustedEdgePlanBody(options: {
+    workspaceId: string;
+    planId?: string;
+    sourceRef?: string;
+    envelope: TrustedEdgePlanEnvelope;
+    bodyKeyGrants?: TrustedEdgePlanBodyKeyGrant[];
+    home?: string;
+}): Promise<{
+    body: string;
+    bodySha256: string;
+    keyRef: string;
+}>;
+export declare function encryptTrustedEdgePlanFeedbackField(options: {
+    workspaceId: string;
+    planId?: string;
+    sourceRef?: string;
+    envelope: TrustedEdgePlanEnvelope;
+    text: string;
+    aad?: Record<string, unknown>;
+    bodyKeyGrants?: TrustedEdgePlanBodyKeyGrant[];
+    home?: string;
+}): Promise<TrustedEdgePlanFeedbackEnvelope>;
+export declare function publishTrustedEdgePlanWrappingKey(options: {
+    target: TrustedEdgePlanSyncTarget;
+    home?: string;
+    label?: string;
+    fetchImpl?: typeof transportFetch;
+}): Promise<TrustedEdgePlanWrappingKey>;
+export declare function wrapTrustedEdgePlanBodyKey(options: {
+    workspaceId: string;
+    planId?: string;
+    sourceRef?: string;
+    envelope: TrustedEdgePlanEnvelope;
+    bodyKeyGrants?: TrustedEdgePlanBodyKeyGrant[];
+    recipients: TrustedEdgePlanGrantRecipient[];
+    home?: string;
+}): Promise<TrustedEdgePlanBodyKeyGrant[]>;
+export {};
+//# sourceMappingURL=trusted-edge-plan-artifacts.d.ts.map

package/dist/hooks/trusted-edge-plan-artifacts.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"trusted-edge-plan-artifacts.d.ts","sourceRoot":"","sources":["../../src/hooks/trusted-edge-plan-artifacts.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,cAAc,EAAE,KAAK,aAAa,EAAE,MAAM,mBAAmB,CAAC;AACvE,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AAEtD,eAAO,MAAM,6BAA6B,oCAAoC,CAAC;AAE/E,QAAA,MAAM,mBAAmB,gBAAgB,CAAC;AAE1C,KAAK,iBAAiB,GAAG,YAAY,CAAC,oBAAoB,CAAC,CAAC;AAE5D,MAAM,WAAW,uBAAuB;IACtC,MAAM,EAAE,OAAO,6BAA6B,CAAC;IAC7C,SAAS,EAAE,OAAO,mBAAmB,CAAC;IACtC,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;IACnB,EAAE,EAAE,MAAM,CAAC;IACX,GAAG,EAAE,MAAM,CAAC;IACZ,MAAM,EAAE,MAAM,CAAC;IACf,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAC9B;AAED,MAAM,WAAW,+BAA+B;IAC9C,MAAM,EAAE,2CAA2C,CAAC;IACpD,SAAS,EAAE,OAAO,mBAAmB,CAAC;IACtC,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;IACnB,EAAE,EAAE,MAAM,CAAC;IACX,GAAG,EAAE,MAAM,CAAC;IACZ,MAAM,EAAE,MAAM,CAAC;IACf,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAC9B;AAED,MAAM,WAAW,qBAAqB;IACpC,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,0BAA0B;IACzC,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,cAAc,CAAC;IAC1B,YAAY,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACtC,aAAa,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACvC,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,2BAA2B;IAC1C,MAAM,EAAE,iCAAiC,CAAC;IAC1C,SAAS,EAAE,cAAc,CAAC;IAC1B,iBAAiB,EAAE,MAAM,CAAC;IAC1B,gBAAgB,EAAE,MAAM,CAAC;IACzB,OAAO,EAAE,MAAM,CAAC;IAChB,aAAa,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,6BAA6B;IAC5C,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;IACf,cAAc,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACzC;AAQD,MAAM,WAAW,yBAAyB;IACxC,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,aAAa,CAAC;IAC1B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;CACpB;AAED,wBAAsB,wBAAwB,CAAC,OAAO,EAAE;IACtD,KAAK,EAAE,iBAAiB,CAAC;IACzB,MAAM,EAAE,yBAAyB,CAAC;IAClC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,SAAS,CAAC,EAAE,OAAO,cAAc,CAAC;CACnC,GAAG,OAAO,CAAC;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,uBAAuB,CAAA;CAAE,CAAC,CAmEpF;AAED,wBAAsB,0BAA0B,CAAC,OAAO,EAAE;IACxD,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,uBAAuB,CAAC;IAClC,aAAa,CAAC,EAAE,2BAA2B,EAAE,CAAC;IAC9C,IAAI,CAAC,EAAE,MAAM,CAAC;CACf,GAAG,OAAO,CAAC;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,UAAU,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,CAAC,CA0BhE;AAED,wBAAsB,mCAAmC,CAAC,OAAO,EAAE;IACjE,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,uBAAuB,CAAC;IAClC,IAAI,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC9B,aAAa,CAAC,EAAE,2BAA2B,EAAE,CAAC;IAC9C,IAAI,CAAC,EAAE,MAAM,CAAC;CACf,GAAG,OAAO,CAAC,+BAA+B,CAAC,CA+B3C;AAED,wBAAsB,iCAAiC,CAAC,OAAO,EAAE;IAC/D,MAAM,EAAE,yBAAyB,CAAC;IAClC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,OAAO,cAAc,CAAC;CACnC,GAAG,OAAO,CAAC,0BAA0B,CAAC,CAoBtC;AAED,wBAAsB,0BAA0B,CAAC,OAAO,EAAE;IACxD,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,uBAAuB,CAAC;IAClC,aAAa,CAAC,EAAE,2BAA2B,EAAE,CAAC;IAC9C,UAAU,EAAE,6BAA6B,EAAE,CAAC;IAC5C,IAAI,CAAC,EAAE,MAAM,CAAC;CACf,GAAG,OAAO,CAAC,2BAA2B,EAAE,CAAC,CAoBzC"}

package/dist/hooks/trusted-edge-plan-artifacts.js ADDED Viewed

@@ -0,0 +1,389 @@
+import crypto from 'node:crypto';
+import fs from 'node:fs/promises';
+import path from 'node:path';
+import { configDir } from '../core/config.js';
+import { stableJson } from '../context/local-edge-crypto.js';
+import { transportFetch } from '../cli/network.js';
+export const TRUSTED_EDGE_PLAN_BODY_SCHEMA = 'viewport.plan_body_encrypted/v1';
+const TRUSTED_EDGE_PLAN_KEY_STORE_SCHEMA = 'viewport.trusted_edge_plan_keys/v1';
+const PLAN_BODY_ALGORITHM = 'AES-GCM-256';
+export async function saveTrustedEdgePlanDraft(options) {
+    const sourceRef = options.event.sourceRef ?? `agent-hook:${options.event.sessionId}`;
+    await publishTrustedEdgePlanWrappingKey({
+        target: options.target,
+        home: options.home,
+        fetchImpl: options.fetchImpl,
+    });
+    const encrypted = await encryptTrustedEdgePlanBody({
+        workspaceId: options.target.workspaceId,
+        sourceRef,
+        sessionId: options.event.sessionId,
+        body: options.event.body,
+        source: options.event.source ?? options.event.adapter ?? null,
+    });
+    await upsertTrustedEdgePlanKey({
+        workspaceId: options.target.workspaceId,
+        sourceRef,
+        keyRef: encrypted.envelope.key_ref,
+        rawKey: encrypted.rawKey.toString('base64'),
+        bodySha256: encrypted.envelope.digest,
+    }, options.home);
+    const payload = await postJson(options.fetchImpl ?? transportFetch, `${options.target.serverUrl.replace(/\/+$/, '')}/api/runtime/workspaces/${encodeURIComponent(options.target.workspaceId)}/agent-hooks/plans`, {
+        credential: options.target.credential,
+        hook_event_name: 'PlanProposed',
+        schema: 'viewport.plan_proposal/v1',
+        session_id: options.event.sessionId,
+        cwd: options.event.cwd ?? null,
+        title: options.event.title?.trim() || 'Agent plan',
+        summary: options.event.summary?.trim() || null,
+        body_encryption: encrypted.envelope,
+        source: options.event.source ?? options.event.adapter ?? null,
+        source_ref: sourceRef,
+        payload: {
+            ...(options.event.metadata ?? {}),
+            privacy: 'trusted-edge',
+            encrypted_by: 'vpd',
+        },
+    }, {
+        tlsVerify: options.target.tlsVerify,
+        caCertPath: options.target.caCertPath,
+        tlsPins: options.target.tlsPins,
+    });
+    const plan = objectField(payload, 'data');
+    const planId = stringField(plan, 'id');
+    await upsertTrustedEdgePlanKey({
+        workspaceId: options.target.workspaceId,
+        planId,
+        sourceRef,
+        keyRef: encrypted.envelope.key_ref,
+        rawKey: encrypted.rawKey.toString('base64'),
+        bodySha256: encrypted.envelope.digest,
+    }, options.home);
+    return { planId, sourceRef, envelope: encrypted.envelope };
+}
+export async function decryptTrustedEdgePlanBody(options) {
+    const record = await resolveTrustedEdgePlanKey({
+        workspaceId: options.workspaceId,
+        planId: options.planId,
+        sourceRef: options.sourceRef,
+        keyRef: options.envelope.key_ref,
+        bodyKeyGrants: options.bodyKeyGrants,
+    }, options.home);
+    if (!record) {
+        throw new Error('Trusted edge does not have the key for this plan.');
+    }
+    const body = decryptEnvelope(options.envelope, Buffer.from(record.rawKey, 'base64'));
+    const digest = digestText(body);
+    if (record.bodySha256 &&
+        record.bodySha256 !== digest &&
+        record.bodySha256 !== options.envelope.digest) {
+        throw new Error('Trusted edge plan key does not match this encrypted body.');
+    }
+    return { body, bodySha256: digest, keyRef: record.keyRef };
+}
+export async function encryptTrustedEdgePlanFeedbackField(options) {
+    const record = await resolveTrustedEdgePlanKey({
+        workspaceId: options.workspaceId,
+        planId: options.planId,
+        sourceRef: options.sourceRef,
+        keyRef: options.envelope.key_ref,
+        bodyKeyGrants: options.bodyKeyGrants,
+    }, options.home);
+    if (!record) {
+        throw new Error('Trusted edge does not have the key for this plan.');
+    }
+    const rawKey = Buffer.from(record.rawKey, 'base64');
+    const aad = options.aad ?? {};
+    const iv = crypto.randomBytes(12);
+    const cipher = crypto.createCipheriv('aes-256-gcm', rawKey, iv);
+    cipher.setAAD(Buffer.from(stableJson(aad), 'utf8'));
+    const ciphertext = Buffer.concat([cipher.update(options.text, 'utf8'), cipher.final()]);
+    return {
+        schema: 'viewport.plan_feedback_field_encrypted/v1',
+        algorithm: PLAN_BODY_ALGORITHM,
+        key_ref: options.envelope.key_ref,
+        ciphertext: ciphertext.toString('base64'),
+        iv: iv.toString('base64'),
+        tag: cipher.getAuthTag().toString('base64'),
+        digest: digestText(options.text),
+        aad,
+    };
+}
+export async function publishTrustedEdgePlanWrappingKey(options) {
+    const key = await ensureTrustedEdgePlanWrappingKey(options.home, options.label);
+    await postJson(options.fetchImpl ?? transportFetch, `${options.target.serverUrl.replace(/\/+$/, '')}/api/runtime/workspaces/${encodeURIComponent(options.target.workspaceId)}/plan-encryption-keys`, {
+        credential: options.target.credential,
+        key_id: key.keyId,
+        label: key.label,
+        algorithm: key.algorithm,
+        public_key_jwk: key.publicKeyJwk,
+    }, {
+        tlsVerify: options.target.tlsVerify,
+        caCertPath: options.target.caCertPath,
+        tlsPins: options.target.tlsPins,
+    });
+    return key;
+}
+export async function wrapTrustedEdgePlanBodyKey(options) {
+    const record = await resolveTrustedEdgePlanKey({
+        workspaceId: options.workspaceId,
+        planId: options.planId,
+        sourceRef: options.sourceRef,
+        keyRef: options.envelope.key_ref,
+        bodyKeyGrants: options.bodyKeyGrants,
+    }, options.home);
+    if (!record) {
+        throw new Error('Trusted edge does not have the key for this plan.');
+    }
+    return wrapRawPlanBodyKey({
+        rawKey: Buffer.from(record.rawKey, 'base64'),
+        keyRef: options.envelope.key_ref,
+        recipients: options.recipients,
+    });
+}
+async function ensureTrustedEdgePlanWrappingKey(home = configDir(), label = 'Trusted edge plan key') {
+    const store = await readTrustedEdgePlanKeyStore(home);
+    const existing = store.wrappingKeys?.find((key) => key.algorithm === 'RSA-OAEP-256');
+    if (existing) {
+        existing.lastSeenAt = new Date().toISOString();
+        await writeTrustedEdgePlanKeyStore(store, home);
+        return existing;
+    }
+    const pair = crypto.generateKeyPairSync('rsa', {
+        modulusLength: 2048,
+        publicExponent: 0x10001,
+    });
+    const now = new Date().toISOString();
+    const key = {
+        keyId: `trusted-edge-${crypto.randomUUID()}`,
+        label,
+        algorithm: 'RSA-OAEP-256',
+        publicKeyJwk: withPublicJwkMetadata(pair.publicKey.export({ format: 'jwk' })),
+        privateKeyJwk: withPrivateJwkMetadata(pair.privateKey.export({ format: 'jwk' })),
+        createdAt: now,
+        lastSeenAt: now,
+    };
+    store.wrappingKeys = [...(store.wrappingKeys ?? []), key];
+    await writeTrustedEdgePlanKeyStore(store, home);
+    return key;
+}
+async function resolveTrustedEdgePlanKey(input, home = configDir()) {
+    const existing = await findTrustedEdgePlanKey(input, home);
+    if (existing)
+        return existing;
+    const unwrapped = await unwrapTrustedEdgePlanKeyGrant(input, home);
+    if (!unwrapped)
+        return null;
+    const recordInput = {
+        workspaceId: input.workspaceId,
+        planId: input.planId,
+        sourceRef: input.sourceRef ?? `grant:${input.keyRef}`,
+        keyRef: input.keyRef,
+        rawKey: unwrapped.toString('base64'),
+        bodySha256: '',
+    };
+    await upsertTrustedEdgePlanKey(recordInput, home);
+    return findTrustedEdgePlanKey(input, home);
+}
+async function unwrapTrustedEdgePlanKeyGrant(input, home = configDir()) {
+    const grants = input.bodyKeyGrants ?? [];
+    if (grants.length === 0)
+        return null;
+    const store = await readTrustedEdgePlanKeyStore(home);
+    const wrappingKeys = store.wrappingKeys ?? [];
+    for (const localKey of wrappingKeys) {
+        const grant = grants.find((candidate) => candidate.key_ref === input.keyRef &&
+            candidate.recipient_key_id === localKey.keyId &&
+            candidate.algorithm === 'RSA-OAEP-256');
+        if (!grant)
+            continue;
+        try {
+            return crypto.privateDecrypt({
+                key: crypto.createPrivateKey({
+                    key: localKey.privateKeyJwk,
+                    format: 'jwk',
+                }),
+                oaepHash: 'sha256',
+            }, Buffer.from(grant.encrypted_key, 'base64'));
+        }
+        catch {
+            continue;
+        }
+    }
+    return null;
+}
+async function wrapRawPlanBodyKey(input) {
+    const unique = new Map();
+    for (const recipient of input.recipients) {
+        unique.set(`${recipient.user_id}:${recipient.key_id}`, recipient);
+    }
+    return [...unique.values()].map((recipient) => {
+        const publicKey = crypto.createPublicKey({
+            key: recipient.public_key_jwk,
+            format: 'jwk',
+        });
+        const encryptedKey = crypto.publicEncrypt({
+            key: publicKey,
+            oaepHash: 'sha256',
+        }, input.rawKey);
+        return {
+            schema: 'viewport.plan_body_key_grant/v1',
+            algorithm: 'RSA-OAEP-256',
+            recipient_user_id: recipient.user_id,
+            recipient_key_id: recipient.key_id,
+            key_ref: input.keyRef,
+            encrypted_key: encryptedKey.toString('base64'),
+        };
+    });
+}
+function withPublicJwkMetadata(jwk) {
+    return {
+        ...jwk,
+        alg: 'RSA-OAEP-256',
+        key_ops: ['encrypt'],
+        ext: true,
+    };
+}
+function withPrivateJwkMetadata(jwk) {
+    return {
+        ...jwk,
+        alg: 'RSA-OAEP-256',
+        key_ops: ['decrypt'],
+        ext: true,
+    };
+}
+async function encryptTrustedEdgePlanBody(input) {
+    const rawKey = crypto.randomBytes(32);
+    const keyRef = `trusted-edge-plan-${crypto.randomUUID()}`;
+    const aad = {
+        purpose: 'trusted-edge-plan-body',
+        workspace_id: input.workspaceId,
+        source_ref: input.sourceRef,
+        session_id: input.sessionId,
+        source: input.source,
+        created_at: new Date().toISOString(),
+    };
+    const iv = crypto.randomBytes(12);
+    const cipher = crypto.createCipheriv('aes-256-gcm', rawKey, iv);
+    cipher.setAAD(Buffer.from(stableJson(aad), 'utf8'));
+    const ciphertext = Buffer.concat([cipher.update(input.body, 'utf8'), cipher.final()]);
+    return {
+        rawKey,
+        envelope: {
+            schema: TRUSTED_EDGE_PLAN_BODY_SCHEMA,
+            algorithm: PLAN_BODY_ALGORITHM,
+            key_ref: keyRef,
+            ciphertext: ciphertext.toString('base64'),
+            iv: iv.toString('base64'),
+            tag: cipher.getAuthTag().toString('base64'),
+            digest: digestText(input.body),
+            aad,
+        },
+    };
+}
+function decryptEnvelope(envelope, rawKey) {
+    if (envelope.schema !== TRUSTED_EDGE_PLAN_BODY_SCHEMA) {
+        throw new Error(`Unsupported plan body schema: ${envelope.schema}`);
+    }
+    if (envelope.algorithm !== PLAN_BODY_ALGORITHM) {
+        throw new Error(`Unsupported plan body algorithm: ${envelope.algorithm}`);
+    }
+    if (!envelope.tag) {
+        throw new Error('Trusted-edge plan envelope is missing an authentication tag.');
+    }
+    const decipher = crypto.createDecipheriv('aes-256-gcm', rawKey, Buffer.from(envelope.iv, 'base64'));
+    decipher.setAAD(Buffer.from(stableJson(envelope.aad ?? {}), 'utf8'));
+    decipher.setAuthTag(Buffer.from(envelope.tag, 'base64'));
+    return Buffer.concat([
+        decipher.update(Buffer.from(envelope.ciphertext, 'base64')),
+        decipher.final(),
+    ]).toString('utf8');
+}
+async function upsertTrustedEdgePlanKey(input, home = configDir()) {
+    const store = await readTrustedEdgePlanKeyStore(home);
+    const now = new Date().toISOString();
+    const existing = store.records.find((record) => record.workspaceId === input.workspaceId &&
+        record.keyRef === input.keyRef &&
+        ((input.planId && record.planId === input.planId) ||
+            (!input.planId && record.sourceRef === input.sourceRef)));
+    if (existing) {
+        Object.assign(existing, input, { updatedAt: now });
+    }
+    else {
+        store.records.push({ ...input, createdAt: now, updatedAt: now });
+    }
+    await writeTrustedEdgePlanKeyStore(store, home);
+}
+async function findTrustedEdgePlanKey(input, home = configDir()) {
+    const store = await readTrustedEdgePlanKeyStore(home);
+    return (store.records.find((record) => record.workspaceId === input.workspaceId &&
+        record.keyRef === input.keyRef &&
+        ((input.planId && record.planId === input.planId) ||
+            (input.sourceRef && record.sourceRef === input.sourceRef))) ?? null);
+}
+async function readTrustedEdgePlanKeyStore(home = configDir()) {
+    try {
+        const raw = await fs.readFile(trustedEdgePlanKeyStorePath(home), 'utf8');
+        const parsed = JSON.parse(raw);
+        if (parsed.schema !== TRUSTED_EDGE_PLAN_KEY_STORE_SCHEMA || !Array.isArray(parsed.records)) {
+            throw new Error('Invalid trusted-edge plan key store.');
+        }
+        return parsed;
+    }
+    catch (error) {
+        if (error.code === 'ENOENT') {
+            return { schema: TRUSTED_EDGE_PLAN_KEY_STORE_SCHEMA, records: [] };
+        }
+        throw error;
+    }
+}
+async function writeTrustedEdgePlanKeyStore(store, home = configDir()) {
+    const filePath = trustedEdgePlanKeyStorePath(home);
+    await fs.mkdir(path.dirname(filePath), { recursive: true });
+    await fs.writeFile(filePath, JSON.stringify(store, null, 2) + '\n', {
+        encoding: 'utf8',
+        mode: 0o600,
+    });
+    await fs.chmod(filePath, 0o600);
+}
+function trustedEdgePlanKeyStorePath(home = configDir()) {
+    return path.join(home, 'plans', 'trusted-edge-keys.json');
+}
+async function postJson(fetchImpl, url, body, transportOptions = {}) {
+    const response = await fetchImpl(url, {
+        method: 'POST',
+        headers: { 'content-type': 'application/json', accept: 'application/json' },
+        body: JSON.stringify(body),
+        timeoutMs: 5_000,
+        ...transportOptions,
+    });
+    const payload = await response.json().catch(() => null);
+    if (!response.ok) {
+        const reason = payload && typeof payload === 'object' && 'reason' in payload
+            ? String(payload.reason)
+            : `${response.status} ${response.statusText}`;
+        throw new Error(`Plan hook sync request failed: ${reason}`);
+    }
+    return payload;
+}
+function digestText(value) {
+    return `sha256:${crypto.createHash('sha256').update(value, 'utf8').digest('hex')}`;
+}
+function objectField(value, field) {
+    if (!value || typeof value !== 'object' || Array.isArray(value)) {
+        throw new Error(`Expected response object while reading ${field}`);
+    }
+    const child = value[field];
+    if (!child || typeof child !== 'object' || Array.isArray(child)) {
+        throw new Error(`Plan hook sync response did not include ${field}`);
+    }
+    return child;
+}
+function stringField(value, field) {
+    const child = value[field];
+    if (typeof child !== 'string' || child.trim().length === 0) {
+        throw new Error(`Plan hook sync response did not include ${field}`);
+    }
+    return child;
+}
+//# sourceMappingURL=trusted-edge-plan-artifacts.js.map