@wlfi-agent/cli 1.4.13 → 1.4.15

package/package.json

@@ -1,50 +1,54 @@
 {
-  "dependencies": {
-    "@inquirer/prompts": "8.2.0",
-    "commander": "14.0.3",
-    "@wlfi-agent/agent-wallet-sdk": "0.1.0"
-  },
-  "devDependencies": {
-    "@types/node": "24.10.1",
-    "tsup": "8.5.1",
-    "typescript": "5.9.3",
-    "tsx": "4.21.0",
-    "@wlf/typescript": "1.1.4"
-  },
+  "name": "@wlfi-agent/cli",
+  "version": "1.4.15",
+  "description": "Single-entrypoint WLFI agent CLI",
+  "type": "module",
   "bin": {
-    "wlfa": "dist/wlfa/index.js",
-    "wlfc": "dist/wlfc/index.js"
+    "wlfi-agent": "dist/cli.cjs"
   },
   "files": [
-    "dist/wlfa",
-    "dist/wlfc"
+    "dist",
+    "scripts",
+    "src",
+    "packages",
+    "crates",
+    "Cargo.toml",
+    "Cargo.lock",
+    "README.md",
+    "turbo.json",
+    "pnpm-workspace.yaml",
+    "tsconfig.base.json",
+    "tsconfig.json",
+    "tsup.config.ts"
   ],
-  "exports": {
-    "./wlfa": {
-      "types": "./dist/wlfa/index.d.ts",
-      "import": "./dist/wlfa/index.js",
-      "require": "./dist/wlfa/index.cjs"
-    },
-    "./wlfc": {
-      "types": "./dist/wlfc/index.d.ts",
-      "import": "./dist/wlfc/index.js",
-      "require": "./dist/wlfc/index.cjs"
-    }
+  "workspaces": [
+    "packages/*",
+    "apps/*",
+    "apps/maintenance/*"
+  ],
+  "engines": {
+    "node": ">=20"
+  },
+  "devDependencies": {
+    "@types/node": "^24.0.0",
+    "commander": "^13.1.0",
+    "tsup": "^8.4.0",
+    "turbo": "^2.4.4",
+    "typescript": "^5.8.2",
+    "viem": "^2.37.5",
+    "@biomejs/biome": "^2.3.11",
+    "tsx": "^4.21.0",
+    "@wlfi-agent/config": "0.1.0",
+    "@wlfi-agent/rpc": "0.1.0"
   },
-  "name": "@wlfi-agent/cli",
-  "private": false,
-  "type": "module",
-  "version": "1.4.13",
   "scripts": {
-    "build": "tsup",
-    "clean": "rm -rf .turbo node_modules dist",
-    "dev": "tsup --watch",
-    "lint": "biome check",
-    "lint:ci": "biome ci",
-    "lint:fix": "biome check --write",
-    "tenderly:mine-block": "tsx ./src/tenderly/mine-block.ts",
-    "wlfa": "tsx ./src/wlfa/index.ts",
-    "wlfc": "tsx ./src/wlfc/index.ts",
-    "typecheck": "tsc --noEmit"
+    "build": "turbo run build && tsup --config tsup.config.ts",
+    "check": "turbo run check typecheck && cargo test --workspace --no-run",
+    "install:rust-binaries": "node ./scripts/install-rust-binaries.mjs",
+    "postinstall": "node ./scripts/install-rust-binaries.mjs",
+    "test:ts": "node --experimental-strip-types --test test/**/*.test.mjs",
+    "lint": "biome check .",
+    "lint:fix": "biome check --write .",
+    "typecheck": "turbo run typecheck && tsc --noEmit"
   }
 }

package/packages/cache/.turbo/turbo-build.log

@@ -0,0 +1,52 @@
+
+> @wlfi-agent/cache@0.0.0 build /Users/hanzhi/Documents/WLFI/wlfi-agent-sdk/packages/cache
+> tsup
+
+CLI Building entry: src/index.ts, src/client/index.ts, src/errors/index.ts, src/service/index.ts
+CLI Using tsconfig: tsconfig.json
+CLI tsup v8.5.1
+CLI Using tsup config: /Users/hanzhi/Documents/WLFI/wlfi-agent-sdk/packages/cache/tsup.config.ts
+CLI Target: node20
+CLI Cleaning output folder
+ESM Build start
+CJS Build start
+ESM dist/index.js              566.00 B
+ESM dist/chunk-FGJEEF5N.js     14.18 KB
+ESM dist/client/index.js       201.00 B
+ESM dist/errors/index.js       181.00 B
+ESM dist/service/index.js      337.00 B
+ESM dist/chunk-4U63TZTQ.js     1.06 KB
+ESM dist/chunk-VXVMPG3W.js     1.27 KB
+ESM dist/client/index.js.map   71.00 B
+ESM dist/service/index.js.map  71.00 B
+ESM dist/chunk-VXVMPG3W.js.map 2.50 KB
+ESM dist/index.js.map          71.00 B
+ESM dist/chunk-4U63TZTQ.js.map 2.10 KB
+ESM dist/chunk-FGJEEF5N.js.map 30.74 KB
+ESM dist/errors/index.js.map   71.00 B
+ESM ⚡️ Build success in 79ms
+CJS dist/client/index.cjs       360.00 B
+CJS dist/index.cjs              940.00 B
+CJS dist/chunk-ALQ6H7KG.cjs     16.64 KB
+CJS dist/chunk-UYNEHZHB.cjs     2.60 KB
+CJS dist/errors/index.cjs       340.00 B
+CJS dist/chunk-2QFWMUXT.cjs     1.16 KB
+CJS dist/service/index.cjs      527.00 B
+CJS dist/client/index.cjs.map   286.00 B
+CJS dist/index.cjs.map          379.00 B
+CJS dist/chunk-2QFWMUXT.cjs.map 2.74 KB
+CJS dist/errors/index.cjs.map   286.00 B
+CJS dist/chunk-ALQ6H7KG.cjs.map 35.69 KB
+CJS dist/service/index.cjs.map  324.00 B
+CJS dist/chunk-UYNEHZHB.cjs.map 2.61 KB
+CJS ⚡️ Build success in 80ms
+DTS Build start
+DTS ⚡️ Build success in 1310ms
+DTS dist/index.d.ts          761.00 B
+DTS dist/client/index.d.ts   527.00 B
+DTS dist/errors/index.d.ts   833.00 B
+DTS dist/service/index.d.ts  6.68 KB
+DTS dist/index.d.cts         764.00 B
+DTS dist/client/index.d.cts  527.00 B
+DTS dist/errors/index.d.cts  833.00 B
+DTS dist/service/index.d.cts 6.68 KB

package/packages/cache/dist/chunk-2QFWMUXT.cjs

@@ -0,0 +1,43 @@
+"use strict";Object.defineProperty(exports, "__esModule", {value: true});// src/errors/index.ts
+var cacheErrorCodes = {
+  connectionFailed: "CACHE_CONNECTION_FAILED",
+  invalidPayload: "CACHE_INVALID_PAYLOAD",
+  notFound: "CACHE_NOT_FOUND",
+  unknown: "CACHE_UNKNOWN"
+};
+var CacheError = class extends Error {
+  
+  
+  
+  
+  constructor(options) {
+    super(options.message);
+    this.name = "CacheError";
+    this.code = options.code;
+    this.key = options.key;
+    this.operation = options.operation;
+    this.cause = options.cause;
+  }
+};
+var toCacheError = (error, context = {}) => {
+  if (error instanceof CacheError) {
+    return error;
+  }
+  const message = error instanceof Error ? error.message : "Unknown cache error";
+  const normalizedMessage = message.toLowerCase();
+  const code = normalizedMessage.includes("connect") ? cacheErrorCodes.connectionFailed : cacheErrorCodes.unknown;
+  return new CacheError({
+    cause: error,
+    code,
+    key: context.key,
+    message,
+    operation: context.operation
+  });
+};
+
+
+
+
+
+exports.cacheErrorCodes = cacheErrorCodes; exports.CacheError = CacheError; exports.toCacheError = toCacheError;
+//# sourceMappingURL=chunk-2QFWMUXT.cjs.map

package/packages/cache/dist/chunk-2QFWMUXT.cjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["/Users/hanzhi/Documents/WLFI/wlfi-agent-sdk/packages/cache/dist/chunk-2QFWMUXT.cjs","../src/errors/index.ts"],"names":[],"mappings":"AAAA;ACAO,IAAM,gBAAA,EAAkB;AAAA,EAC7B,gBAAA,EAAkB,yBAAA;AAAA,EAClB,cAAA,EAAgB,uBAAA;AAAA,EAChB,QAAA,EAAU,iBAAA;AAAA,EACV,OAAA,EAAS;AACX,CAAA;AAIO,IAAM,WAAA,EAAN,MAAA,QAAyB,MAAM;AAAA,EAC3B;AAAA,EACA;AAAA,EACA;AAAA,EACS;AAAA,EAElB,WAAA,CAAY,OAAA,EAMT;AACD,IAAA,KAAA,CAAM,OAAA,CAAQ,OAAO,CAAA;AACrB,IAAA,IAAA,CAAK,KAAA,EAAO,YAAA;AACZ,IAAA,IAAA,CAAK,KAAA,EAAO,OAAA,CAAQ,IAAA;AACpB,IAAA,IAAA,CAAK,IAAA,EAAM,OAAA,CAAQ,GAAA;AACnB,IAAA,IAAA,CAAK,UAAA,EAAY,OAAA,CAAQ,SAAA;AACzB,IAAA,IAAA,CAAK,MAAA,EAAQ,OAAA,CAAQ,KAAA;AAAA,EACvB;AACF,CAAA;AAEO,IAAM,aAAA,EAAe,CAC1B,KAAA,EACA,QAAA,EAAgD,CAAC,CAAA,EAAA,GAClC;AACf,EAAA,GAAA,CAAI,MAAA,WAAiB,UAAA,EAAY;AAC/B,IAAA,OAAO,KAAA;AAAA,EACT;AAEA,EAAA,MAAM,QAAA,EAAU,MAAA,WAAiB,MAAA,EAAQ,KAAA,CAAM,QAAA,EAAU,qBAAA;AACzD,EAAA,MAAM,kBAAA,EAAoB,OAAA,CAAQ,WAAA,CAAY,CAAA;AAC9C,EAAA,MAAM,KAAA,EAAO,iBAAA,CAAkB,QAAA,CAAS,SAAS,EAAA,EAC7C,eAAA,CAAgB,iBAAA,EAChB,eAAA,CAAgB,OAAA;AAEpB,EAAA,OAAO,IAAI,UAAA,CAAW;AAAA,IACpB,KAAA,EAAO,KAAA;AAAA,IACP,IAAA;AAAA,IACA,GAAA,EAAK,OAAA,CAAQ,GAAA;AAAA,IACb,OAAA;AAAA,IACA,SAAA,EAAW,OAAA,CAAQ;AAAA,EACrB,CAAC,CAAA;AACH,CAAA;ADhBA;AACA;AACE;AACA;AACA;AACF,gHAAC","file":"/Users/hanzhi/Documents/WLFI/wlfi-agent-sdk/packages/cache/dist/chunk-2QFWMUXT.cjs","sourcesContent":[null,"export const cacheErrorCodes = {\n  connectionFailed: 'CACHE_CONNECTION_FAILED',\n  invalidPayload: 'CACHE_INVALID_PAYLOAD',\n  notFound: 'CACHE_NOT_FOUND',\n  unknown: 'CACHE_UNKNOWN',\n} as const;\n\nexport type CacheErrorCode = (typeof cacheErrorCodes)[keyof typeof cacheErrorCodes];\n\nexport class CacheError extends Error {\n  readonly code: CacheErrorCode;\n  readonly key?: string;\n  readonly operation?: string;\n  override readonly cause?: unknown;\n\n  constructor(options: {\n    cause?: unknown;\n    code: CacheErrorCode;\n    key?: string;\n    message: string;\n    operation?: string;\n  }) {\n    super(options.message);\n    this.name = 'CacheError';\n    this.code = options.code;\n    this.key = options.key;\n    this.operation = options.operation;\n    this.cause = options.cause;\n  }\n}\n\nexport const toCacheError = (\n  error: unknown,\n  context: { key?: string; operation?: string } = {},\n): CacheError => {\n  if (error instanceof CacheError) {\n    return error;\n  }\n\n  const message = error instanceof Error ? error.message : 'Unknown cache error';\n  const normalizedMessage = message.toLowerCase();\n  const code = normalizedMessage.includes('connect')\n    ? cacheErrorCodes.connectionFailed\n    : cacheErrorCodes.unknown;\n\n  return new CacheError({\n    cause: error,\n    code,\n    key: context.key,\n    message,\n    operation: context.operation,\n  });\n};\n"]}

package/packages/cache/dist/chunk-4U63TZTQ.js

@@ -0,0 +1,43 @@
+// src/errors/index.ts
+var cacheErrorCodes = {
+  connectionFailed: "CACHE_CONNECTION_FAILED",
+  invalidPayload: "CACHE_INVALID_PAYLOAD",
+  notFound: "CACHE_NOT_FOUND",
+  unknown: "CACHE_UNKNOWN"
+};
+var CacheError = class extends Error {
+  code;
+  key;
+  operation;
+  cause;
+  constructor(options) {
+    super(options.message);
+    this.name = "CacheError";
+    this.code = options.code;
+    this.key = options.key;
+    this.operation = options.operation;
+    this.cause = options.cause;
+  }
+};
+var toCacheError = (error, context = {}) => {
+  if (error instanceof CacheError) {
+    return error;
+  }
+  const message = error instanceof Error ? error.message : "Unknown cache error";
+  const normalizedMessage = message.toLowerCase();
+  const code = normalizedMessage.includes("connect") ? cacheErrorCodes.connectionFailed : cacheErrorCodes.unknown;
+  return new CacheError({
+    cause: error,
+    code,
+    key: context.key,
+    message,
+    operation: context.operation
+  });
+};
+
+export {
+  cacheErrorCodes,
+  CacheError,
+  toCacheError
+};
+//# sourceMappingURL=chunk-4U63TZTQ.js.map

package/packages/cache/dist/chunk-4U63TZTQ.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/errors/index.ts"],"sourcesContent":["export const cacheErrorCodes = {\n  connectionFailed: 'CACHE_CONNECTION_FAILED',\n  invalidPayload: 'CACHE_INVALID_PAYLOAD',\n  notFound: 'CACHE_NOT_FOUND',\n  unknown: 'CACHE_UNKNOWN',\n} as const;\n\nexport type CacheErrorCode = (typeof cacheErrorCodes)[keyof typeof cacheErrorCodes];\n\nexport class CacheError extends Error {\n  readonly code: CacheErrorCode;\n  readonly key?: string;\n  readonly operation?: string;\n  override readonly cause?: unknown;\n\n  constructor(options: {\n    cause?: unknown;\n    code: CacheErrorCode;\n    key?: string;\n    message: string;\n    operation?: string;\n  }) {\n    super(options.message);\n    this.name = 'CacheError';\n    this.code = options.code;\n    this.key = options.key;\n    this.operation = options.operation;\n    this.cause = options.cause;\n  }\n}\n\nexport const toCacheError = (\n  error: unknown,\n  context: { key?: string; operation?: string } = {},\n): CacheError => {\n  if (error instanceof CacheError) {\n    return error;\n  }\n\n  const message = error instanceof Error ? error.message : 'Unknown cache error';\n  const normalizedMessage = message.toLowerCase();\n  const code = normalizedMessage.includes('connect')\n    ? cacheErrorCodes.connectionFailed\n    : cacheErrorCodes.unknown;\n\n  return new CacheError({\n    cause: error,\n    code,\n    key: context.key,\n    message,\n    operation: context.operation,\n  });\n};\n"],"mappings":";AAAO,IAAM,kBAAkB;AAAA,EAC7B,kBAAkB;AAAA,EAClB,gBAAgB;AAAA,EAChB,UAAU;AAAA,EACV,SAAS;AACX;AAIO,IAAM,aAAN,cAAyB,MAAM;AAAA,EAC3B;AAAA,EACA;AAAA,EACA;AAAA,EACS;AAAA,EAElB,YAAY,SAMT;AACD,UAAM,QAAQ,OAAO;AACrB,SAAK,OAAO;AACZ,SAAK,OAAO,QAAQ;AACpB,SAAK,MAAM,QAAQ;AACnB,SAAK,YAAY,QAAQ;AACzB,SAAK,QAAQ,QAAQ;AAAA,EACvB;AACF;AAEO,IAAM,eAAe,CAC1B,OACA,UAAgD,CAAC,MAClC;AACf,MAAI,iBAAiB,YAAY;AAC/B,WAAO;AAAA,EACT;AAEA,QAAM,UAAU,iBAAiB,QAAQ,MAAM,UAAU;AACzD,QAAM,oBAAoB,QAAQ,YAAY;AAC9C,QAAM,OAAO,kBAAkB,SAAS,SAAS,IAC7C,gBAAgB,mBAChB,gBAAgB;AAEpB,SAAO,IAAI,WAAW;AAAA,IACpB,OAAO;AAAA,IACP;AAAA,IACA,KAAK,QAAQ;AAAA,IACb;AAAA,IACA,WAAW,QAAQ;AAAA,EACrB,CAAC;AACH;","names":[]}

package/packages/cache/dist/chunk-ALQ6H7KG.cjs

@@ -0,0 +1,404 @@
+"use strict";Object.defineProperty(exports, "__esModule", {value: true}); function _nullishCoalesce(lhs, rhsFn) { if (lhs != null) { return lhs; } else { return rhsFn(); } } async function _asyncNullishCoalesce(lhs, rhsFn) { if (lhs != null) { return lhs; } else { return await rhsFn(); } } function _optionalChain(ops) { let lastAccessLHS = undefined; let value = ops[0]; let i = 1; while (i < ops.length) { const op = ops[i]; const fn = ops[i + 1]; i += 2; if ((op === 'optionalAccess' || op === 'optionalCall') && value == null) { return undefined; } if (op === 'access' || op === 'optionalAccess') { lastAccessLHS = value; value = fn(value); } else if (op === 'call' || op === 'optionalCall') { value = fn((...args) => value.call(lastAccessLHS, ...args)); lastAccessLHS = undefined; } } return value; } var _class;
+
+var _chunkUYNEHZHBcjs = require('./chunk-UYNEHZHB.cjs');
+
+
+
+
+var _chunk2QFWMUXTcjs = require('./chunk-2QFWMUXT.cjs');
+
+// src/service/index.ts
+var _crypto = require('crypto');
+var relayApprovalStatuses = [
+  "pending",
+  "approved",
+  "rejected",
+  "completed",
+  "expired"
+];
+var relayUpdateStatuses = [
+  "pending",
+  "inflight",
+  "applied",
+  "rejected",
+  "failed"
+];
+var defaultNamespace = "wlfi:relay";
+var activeApprovalUpdateScanLimit = 250;
+var approvalCapabilityFailureWindowMs = 5 * 60 * 1e3;
+var approvalCapabilityMaxFailures = 5;
+var approvalCapabilityBlockWindowMs = 10 * 60 * 1e3;
+var toIsoTimestamp = (value = /* @__PURE__ */ new Date()) => value.toISOString();
+var dedupe = (values) => [...new Set(values)];
+var matchesOptionalFilter = (value, expected) => {
+  if (!expected) {
+    return true;
+  }
+  return _optionalChain([value, 'optionalAccess', _ => _.toLowerCase, 'call', _2 => _2()]) === expected.toLowerCase();
+};
+var clampLimit = (limit, fallback, max) => {
+  if (!limit || Number.isNaN(limit)) {
+    return fallback;
+  }
+  return Math.max(1, Math.min(limit, max));
+};
+var createApprovalCapabilityToken = () => _crypto.randomBytes.call(void 0, 32).toString("hex");
+var approvalCapabilityHash = (token) => _crypto.createHash.call(void 0, "sha256").update(token, "utf8").digest("hex");
+var RelayCacheService = (_class = class {
+  
+  
+  constructor(options = {}) {;_class.prototype.__init.call(this);_class.prototype.__init2.call(this);_class.prototype.__init3.call(this);_class.prototype.__init4.call(this);_class.prototype.__init5.call(this);_class.prototype.__init6.call(this);_class.prototype.__init7.call(this);_class.prototype.__init8.call(this);_class.prototype.__init9.call(this);_class.prototype.__init10.call(this);
+    this.client = _nullishCoalesce(options.client, () => ( _chunkUYNEHZHBcjs.getCacheClient.call(void 0, )));
+    this.namespace = _nullishCoalesce(options.namespace, () => ( defaultNamespace));
+  }
+  async ping() {
+    try {
+      return await this.client.ping();
+    } catch (error) {
+      throw _chunk2QFWMUXTcjs.toCacheError.call(void 0, error, { operation: "ping" });
+    }
+  }
+  async syncDaemonRegistration(input) {
+    const profile = {
+      ...input.daemon,
+      lastSeenAt: input.daemon.lastSeenAt || toIsoTimestamp(),
+      updatedAt: input.daemon.updatedAt || toIsoTimestamp()
+    };
+    try {
+      await this.writeJson(this.daemonProfileKey(profile.daemonId), profile);
+      await this.client.sadd(this.daemonIndexKey(), profile.daemonId);
+      if (input.policies) {
+        const policies = input.policies.map((policy) => ({
+          ...policy,
+          daemonId: profile.daemonId
+        }));
+        await this.writeJson(this.daemonPoliciesKey(profile.daemonId), policies);
+      }
+      if (input.agentKeys) {
+        const agentKeys = input.agentKeys.map((agentKey) => ({
+          ...agentKey,
+          daemonId: profile.daemonId
+        }));
+        await this.writeJson(this.daemonAgentKeysKey(profile.daemonId), agentKeys);
+      }
+      if (input.approvalRequests) {
+        for (const approvalRequest of input.approvalRequests) {
+          const normalized = { ...approvalRequest, daemonId: profile.daemonId };
+          await this.writeJson(this.approvalKey(normalized.approvalRequestId), normalized);
+          await this.client.zadd(
+            this.daemonApprovalsKey(profile.daemonId),
+            Date.parse(normalized.requestedAt),
+            normalized.approvalRequestId
+          );
+        }
+      }
+      return {
+        agentKeyCount: _nullishCoalesce(_optionalChain([input, 'access', _3 => _3.agentKeys, 'optionalAccess', _4 => _4.length]), () => ( 0)),
+        approvalRequestCount: _nullishCoalesce(_optionalChain([input, 'access', _5 => _5.approvalRequests, 'optionalAccess', _6 => _6.length]), () => ( 0)),
+        policyCount: _nullishCoalesce(_optionalChain([input, 'access', _7 => _7.policies, 'optionalAccess', _8 => _8.length]), () => ( 0))
+      };
+    } catch (error) {
+      throw _chunk2QFWMUXTcjs.toCacheError.call(void 0, error, {
+        key: this.daemonProfileKey(profile.daemonId),
+        operation: "syncDaemonRegistration"
+      });
+    }
+  }
+  async listDaemons() {
+    const daemonIds = await this.client.smembers(this.daemonIndexKey());
+    const profiles = await Promise.all(
+      daemonIds.map(
+        (daemonId) => this.readJson(this.daemonProfileKey(daemonId))
+      )
+    );
+    return profiles.filter((profile) => Boolean(profile));
+  }
+  async getDaemonProfile(daemonId) {
+    return await this.readJson(this.daemonProfileKey(daemonId));
+  }
+  async getDaemonPolicies(daemonId) {
+    return await _asyncNullishCoalesce(await this.readJson(this.daemonPoliciesKey(daemonId)), async () => ( []));
+  }
+  async getDaemonAgentKeys(daemonId) {
+    return await _asyncNullishCoalesce(await this.readJson(this.daemonAgentKeysKey(daemonId)), async () => ( []));
+  }
+  async getApprovalRequest(approvalRequestId) {
+    return await this.readJson(this.approvalKey(approvalRequestId));
+  }
+  async listApprovalRequests(filters = {}) {
+    const limit = clampLimit(filters.limit, 100, 500);
+    const daemonIds = filters.daemonId ? [filters.daemonId] : await this.client.smembers(this.daemonIndexKey());
+    const requestIdsByDaemon = await Promise.all(
+      daemonIds.map(
+        (daemonId) => this.client.zrange(this.daemonApprovalsKey(daemonId), 0, limit * 2, "REV")
+      )
+    );
+    const requestIds = dedupe(requestIdsByDaemon.flat()).slice(0, limit * 3);
+    const requests = await Promise.all(
+      requestIds.map(
+        (requestId) => this.readJson(this.approvalKey(requestId))
+      )
+    );
+    return requests.filter((request) => Boolean(request)).filter((request) => filters.daemonId ? request.daemonId === filters.daemonId : true).filter((request) => filters.status ? request.status === filters.status : true).filter((request) => matchesOptionalFilter(request.destination, filters.destination)).filter((request) => matchesOptionalFilter(request.tokenAddress, filters.tokenAddress)).sort((left, right) => Date.parse(right.requestedAt) - Date.parse(left.requestedAt)).slice(0, limit);
+  }
+  async createEncryptedUpdate(input) {
+    const updateId = _nullishCoalesce(input.updateId, () => ( _crypto.randomUUID.call(void 0, )));
+    const now = toIsoTimestamp();
+    const record = {
+      createdAt: now,
+      daemonId: input.daemonId,
+      metadata: input.metadata,
+      payload: input.payload,
+      status: "pending",
+      targetApprovalRequestId: input.targetApprovalRequestId,
+      type: input.type,
+      updateId,
+      updatedAt: now
+    };
+    await this.writeJson(this.updateKey(updateId), record);
+    await this.client.zadd(this.daemonUpdatesKey(input.daemonId), Date.now(), updateId);
+    return record;
+  }
+  async hasActiveApprovalUpdate(daemonId, approvalRequestId) {
+    const updateIds = await this.client.zrange(
+      this.daemonUpdatesKey(daemonId),
+      0,
+      activeApprovalUpdateScanLimit,
+      "REV"
+    );
+    for (const updateId of updateIds) {
+      const record = await this.readJson(this.updateKey(updateId));
+      if (!record) {
+        continue;
+      }
+      if (record.type !== "manual_approval_decision" || record.targetApprovalRequestId !== approvalRequestId) {
+        continue;
+      }
+      if (record.status === "pending" || record.status === "inflight") {
+        return true;
+      }
+    }
+    return false;
+  }
+  async consumeApprovalCapability(approvalRequestId, capabilityHash) {
+    try {
+      const result = await this.client.set(
+        this.approvalCapabilityConsumedKey(approvalRequestId, capabilityHash),
+        toIsoTimestamp(),
+        "NX"
+      );
+      return result === "OK";
+    } catch (error) {
+      throw _chunk2QFWMUXTcjs.toCacheError.call(void 0, error, {
+        key: this.approvalCapabilityConsumedKey(approvalRequestId, capabilityHash),
+        operation: "consumeApprovalCapability"
+      });
+    }
+  }
+  async releaseApprovalCapabilityConsumption(approvalRequestId, capabilityHash) {
+    try {
+      await this.client.del(this.approvalCapabilityConsumedKey(approvalRequestId, capabilityHash));
+    } catch (error) {
+      throw _chunk2QFWMUXTcjs.toCacheError.call(void 0, error, {
+        key: this.approvalCapabilityConsumedKey(approvalRequestId, capabilityHash),
+        operation: "releaseApprovalCapabilityConsumption"
+      });
+    }
+  }
+  async clearApprovalCapabilityFailures(approvalRequestId) {
+    try {
+      await this.client.del(this.approvalCapabilityFailuresKey(approvalRequestId));
+    } catch (error) {
+      throw _chunk2QFWMUXTcjs.toCacheError.call(void 0, error, {
+        key: this.approvalCapabilityFailuresKey(approvalRequestId),
+        operation: "clearApprovalCapabilityFailures"
+      });
+    }
+  }
+  async recordApprovalCapabilityFailure(approvalRequestId) {
+    const key = this.approvalCapabilityFailuresKey(approvalRequestId);
+    const now = /* @__PURE__ */ new Date();
+    const nowMs = now.getTime();
+    const existing = await this.readJson(key);
+    if (_optionalChain([existing, 'optionalAccess', _9 => _9.blockedUntil]) && Date.parse(existing.blockedUntil) > nowMs) {
+      return {
+        attempts: existing.attempts,
+        blocked: true,
+        blockedUntil: existing.blockedUntil
+      };
+    }
+    const firstFailedAtMs = _optionalChain([existing, 'optionalAccess', _10 => _10.firstFailedAt]) ? Date.parse(existing.firstFailedAt) : Number.NaN;
+    const withinWindow = Number.isFinite(firstFailedAtMs) && nowMs - firstFailedAtMs <= approvalCapabilityFailureWindowMs;
+    const attempts = withinWindow && existing ? existing.attempts + 1 : 1;
+    const firstFailedAt = withinWindow && existing ? existing.firstFailedAt : now.toISOString();
+    const blockedUntil = attempts >= approvalCapabilityMaxFailures ? new Date(nowMs + approvalCapabilityBlockWindowMs).toISOString() : void 0;
+    await this.writeJson(key, {
+      attempts,
+      blockedUntil,
+      firstFailedAt,
+      lastFailedAt: now.toISOString()
+    });
+    return {
+      attempts,
+      blocked: blockedUntil !== void 0,
+      blockedUntil: _nullishCoalesce(blockedUntil, () => ( null))
+    };
+  }
+  async rotateApprovalCapability(approvalRequestId) {
+    const key = this.approvalKey(approvalRequestId);
+    const approval = await this.readJson(key);
+    if (!approval) {
+      throw new (0, _chunk2QFWMUXTcjs.CacheError)({
+        code: _chunk2QFWMUXTcjs.cacheErrorCodes.notFound,
+        key,
+        message: `Unknown approval '${approvalRequestId}'`,
+        operation: "rotateApprovalCapability"
+      });
+    }
+    if (approval.status !== "pending") {
+      throw new (0, _chunk2QFWMUXTcjs.CacheError)({
+        code: _chunk2QFWMUXTcjs.cacheErrorCodes.invalidPayload,
+        key,
+        message: `Approval '${approvalRequestId}' is '${approval.status}' and cannot accept a new secure approval link`,
+        operation: "rotateApprovalCapability"
+      });
+    }
+    const capabilityToken = createApprovalCapabilityToken();
+    const nextRecord = {
+      ...approval,
+      metadata: {
+        ..._nullishCoalesce(approval.metadata, () => ( {})),
+        approvalCapabilityHash: approvalCapabilityHash(capabilityToken),
+        approvalCapabilityToken: capabilityToken
+      },
+      updatedAt: toIsoTimestamp()
+    };
+    await this.writeJson(key, nextRecord);
+    await this.clearApprovalCapabilityFailures(approvalRequestId);
+    return nextRecord;
+  }
+  async claimEncryptedUpdates(input) {
+    const limit = clampLimit(input.limit, 25, 100);
+    const leaseSeconds = clampLimit(input.leaseSeconds, 30, 300);
+    const now = /* @__PURE__ */ new Date();
+    const nowMs = now.getTime();
+    const claimUntil = new Date(nowMs + leaseSeconds * 1e3).toISOString();
+    const updateIds = await this.client.zrange(
+      this.daemonUpdatesKey(input.daemonId),
+      0,
+      limit * 4,
+      "REV"
+    );
+    const claimed = [];
+    for (const updateId of updateIds) {
+      if (claimed.length >= limit) {
+        break;
+      }
+      const record = await this.readJson(this.updateKey(updateId));
+      if (!record) {
+        continue;
+      }
+      if (record.status === "applied" || record.status === "failed" || record.status === "rejected") {
+        continue;
+      }
+      if (record.status === "inflight" && record.claimUntil && Date.parse(record.claimUntil) > nowMs) {
+        continue;
+      }
+      const nextRecord = {
+        ...record,
+        claimToken: _crypto.randomUUID.call(void 0, ),
+        claimUntil,
+        lastDeliveredAt: now.toISOString(),
+        status: "inflight",
+        updatedAt: now.toISOString()
+      };
+      await this.writeJson(this.updateKey(updateId), nextRecord);
+      claimed.push(nextRecord);
+    }
+    return claimed;
+  }
+  async submitUpdateFeedback(input) {
+    const key = this.updateKey(input.updateId);
+    const record = await this.readJson(key);
+    if (!record || record.daemonId !== input.daemonId) {
+      throw new (0, _chunk2QFWMUXTcjs.CacheError)({
+        code: _chunk2QFWMUXTcjs.cacheErrorCodes.notFound,
+        key,
+        message: `Unknown update '${input.updateId}' for daemon '${input.daemonId}'`,
+        operation: "submitUpdateFeedback"
+      });
+    }
+    if (!record.claimToken || record.claimToken !== input.claimToken) {
+      throw new (0, _chunk2QFWMUXTcjs.CacheError)({
+        code: _chunk2QFWMUXTcjs.cacheErrorCodes.invalidPayload,
+        key,
+        message: `Claim token mismatch for update '${input.updateId}'`,
+        operation: "submitUpdateFeedback"
+      });
+    }
+    const feedback = {
+      daemonId: input.daemonId,
+      details: input.details,
+      feedbackAt: toIsoTimestamp(),
+      message: input.message,
+      status: input.status,
+      updateId: input.updateId
+    };
+    const nextRecord = {
+      ...record,
+      claimToken: void 0,
+      claimUntil: void 0,
+      feedback,
+      status: input.status,
+      updatedAt: toIsoTimestamp()
+    };
+    await this.writeJson(key, nextRecord);
+    return nextRecord;
+  }
+  async getEncryptedUpdate(updateId) {
+    return await this.readJson(this.updateKey(updateId));
+  }
+  async removeEncryptedUpdate(daemonId, updateId) {
+    await this.client.zrem(this.daemonUpdatesKey(daemonId), updateId);
+    await this.client.del(this.updateKey(updateId));
+  }
+  __init() {this.daemonIndexKey = () => `${this.namespace}:daemons`}
+  __init2() {this.daemonProfileKey = (daemonId) => `${this.namespace}:daemon:${daemonId}:profile`}
+  __init3() {this.daemonPoliciesKey = (daemonId) => `${this.namespace}:daemon:${daemonId}:policies`}
+  __init4() {this.daemonAgentKeysKey = (daemonId) => `${this.namespace}:daemon:${daemonId}:agent-keys`}
+  __init5() {this.daemonApprovalsKey = (daemonId) => `${this.namespace}:daemon:${daemonId}:approvals`}
+  __init6() {this.daemonUpdatesKey = (daemonId) => `${this.namespace}:daemon:${daemonId}:updates`}
+  __init7() {this.approvalKey = (approvalRequestId) => `${this.namespace}:approval:${approvalRequestId}`}
+  __init8() {this.approvalCapabilityConsumedKey = (approvalRequestId, capabilityHash) => `${this.namespace}:approval:${approvalRequestId}:capability:${capabilityHash}:consumed`}
+  __init9() {this.approvalCapabilityFailuresKey = (approvalRequestId) => `${this.namespace}:approval:${approvalRequestId}:capability-failures`}
+  __init10() {this.updateKey = (updateId) => `${this.namespace}:update:${updateId}`}
+  async readJson(key) {
+    try {
+      const payload = await this.client.get(key);
+      if (payload === null) {
+        return null;
+      }
+      return JSON.parse(payload);
+    } catch (error) {
+      throw _chunk2QFWMUXTcjs.toCacheError.call(void 0, error, { key, operation: "readJson" });
+    }
+  }
+  async writeJson(key, value) {
+    try {
+      await this.client.set(key, JSON.stringify(value));
+    } catch (error) {
+      throw _chunk2QFWMUXTcjs.toCacheError.call(void 0, error, { key, operation: "writeJson" });
+    }
+  }
+}, _class);
+var createRelayCacheService = (options = {}) => {
+  return new RelayCacheService(options);
+};
+
+
+
+
+
+
+exports.relayApprovalStatuses = relayApprovalStatuses; exports.relayUpdateStatuses = relayUpdateStatuses; exports.RelayCacheService = RelayCacheService; exports.createRelayCacheService = createRelayCacheService;
+//# sourceMappingURL=chunk-ALQ6H7KG.cjs.map