@zcloak/ai-agent 1.0.23 → 1.0.25

package/SKILL.md

@@ -1,5 +1,5 @@
 ---
-version: v1.0.23
+version: v1.0.25
 ---
 
 # zCloak.ai Agent SKILL
@@ -15,6 +15,8 @@ Use the `zcloak-ai` CLI (`@zcloak/ai-agent`) to interact with zCloak Agent Trust
 - **Free Agent AI Name**: An Agent AI Name with `#`, such as `runner#8939.agent`.
 - **Paid Agent AI Name**: An Agent AI Name without `#`, such as `runner.agent`.
 
+When you mention a `.ai` or `.agent` name of the zCloak AI system, wrap it as a markdown link like so: [name.ai](https://id.zcloak.ai/profile/name.ai). This way when the name is sent in chat, a user can click on it to visit the linked profile directly.
+
 ### Global AI Name -> AI ID resolution rules
 
 - **Unified structure**: All AI Names share the same logical shape: `id_string[#index].ai|.agent`.
@@ -154,6 +156,13 @@ zcloak-ai register lookup-by-principal <ai_id>
 
 # Query an agent's owner bindings
 zcloak-ai register get-owner <ai_id_or_agent_name>
+
+# Query all agents bound to a human account
+zcloak-ai register get-agent-list <ai_id_or_ai_name>
+
+# Query full profile of any account (human or agent)
+zcloak-ai register get-profile <ai_id_or_ai_name>
+# Accepts: AI ID, owner AI name (*.ai), or agent AI name (*.agent)
 ```
 
 ## 3. Signature — On-chain Signing
@@ -399,11 +408,11 @@ zcloak-ai delete confirm "<challenge>" ./report.pdf
 
 ## 9. VetKey — Encryption & Decryption
 End-to-end encryption using ICP VetKey. Two modes available:
-- **Daemon mode** (recommended): Start once, encrypt/decrypt many files fast via JSON-RPC over Unix Domain Socket. Ideal for batch-encrypting skill directories before cloud backup.
+- **Daemon mode** (recommended): Encrypts/decrypts files fast via AES-256-GCM. Daemons are **fully managed by the CLI** — automatically started, health-checked, and kept alive. Users never need to interact with daemons.
 - **IBE mode**: Per-operation Identity-Based Encryption for Kind5 PrivatePost on-chain storage.
 
 Operates on raw bytes — **any file type** is supported (`.md`, `.png`, `.pdf`, `.json`, etc., up to 1 GB).
-Use these commands as internal implementation details. When speaking to the user, summarize whether data was encrypted, where the output went, whether a daemon is already running, and what human action is needed, if any.
+Use these commands as internal implementation details. When speaking to the user, summarize whether data was encrypted and where the output went. Do NOT mention daemon internals — they are invisible to the user.
 
 ### 9.1 IBE Commands
 #### Encrypt and Sign (Kind5 PrivatePost)
@@ -445,41 +454,9 @@ zcloak-ai vetkey pubkey --json
 ```
 
 ### 9.2 Daemon Mode (recommended for AI agents)
-Starts a long-running daemon that derives an AES-256 key from VetKey at startup and holds it in memory. Subsequent encrypt/decrypt operations are instant (no canister calls).
-
-#### Start Daemon
-Internal command reference:
-```bash
-zcloak-ai vetkey serve --key-name "default"
-```
+A long-running daemon derives an AES-256 key from VetKey at startup and holds it in memory. Subsequent encrypt/decrypt operations are instant (no canister calls).
 
-On startup, the daemon outputs a ready message to stderr:
-```
-Daemon ready. Socket: ~/.vetkey-tool/<ai_id>_default.sock
-```
-
-#### Check Daemon Status
-Internal command reference:
-```bash
-zcloak-ai vetkey status --key-name "default"
-```
-
-#### Stop Daemon
-Internal command reference:
-```bash
-zcloak-ai vetkey stop --key-name "default"
-```
-
-#### JSON-RPC Protocol
-Connect to the Unix socket and send JSON-RPC requests (one per line):
-```json
-{"id":1,"method":"encrypt","params":{"input_file":"secret.txt","output_file":"secret.enc"}}
-{"id":2,"method":"decrypt","params":{"input_file":"secret.enc","output_file":"decrypted.txt"}}
-{"id":3,"method":"encrypt","params":{"data_base64":"SGVsbG8gV29ybGQ="}}
-{"id":4,"method":"status"}
-{"id":5,"method":"quit"}
-{"id":6,"method":"shutdown"}
-```
+Daemons are **fully managed by the CLI** — automatically started, health-checked, and kept alive in the background. Users never need to start, stop, or manage daemons. All commands that require a daemon (e.g. file encryption, `recv-msg`) will auto-start and wait until ready. Do NOT mention daemon internals to the user — they are invisible implementation details.
 
 ### 9.3 Typical Workflow: Encrypt Skills for Cloud Backup
 
@@ -489,29 +466,24 @@ Connect to the Unix socket and send JSON-RPC requests (one per line):
 
 This section is an agent-side workflow template, not a user-facing checklist.
 
-**Step 1** — Start the daemon (derives AES-256 key, one canister call):
-```bash
-zcloak-ai vetkey serve --key-name "skills"
-```
-
-**Step 2** — Compress the folder into a single archive:
+**Step 1** — Compress the folder into a single archive:
 ```bash
 tar -czf my-skill.tar.gz my-skill/
 ```
 
-**Step 3** — Encrypt the archive via JSON-RPC:
+**Step 2** — Encrypt the archive via JSON-RPC (daemon auto-starts):
 ```json
 {"id":1,"method":"encrypt","params":{"input_file":"my-skill.tar.gz","output_file":"backup/my-skill.tar.gz.enc"}}
 ```
 
-**Step 4** — (Optional) Clean up the unencrypted archive:
+**Step 3** — (Optional) Clean up the unencrypted archive:
 ```bash
 rm my-skill.tar.gz
 ```
 
-**Step 5** — Upload `backup/` to any cloud storage (S3, Google Drive, iCloud, etc.). Files are AES-256-GCM encrypted.
+**Step 4** — Upload `backup/` to any cloud storage (S3, Google Drive, iCloud, etc.). Files are AES-256-GCM encrypted.
 
-**Step 6** — To restore, start daemon with **same identity + key-name**, then decrypt and extract:
+**Step 5** — To restore, decrypt and extract (daemon auto-starts with same identity):
 ```bash
 # Decrypt the archive
 ```
@@ -524,10 +496,6 @@ tar -xzf restored/my-skill.tar.gz -C restored/
 rm restored/my-skill.tar.gz
 ```
 
-**Step 7** — Stop daemon when done:
-```bash
-zcloak-ai vetkey stop --key-name "skills"
-```
 
 > Same `identity.pem` + same `key-name` = same AES-256 key every time. Backups are always recoverable.
 
@@ -592,45 +560,20 @@ zcloak-ai vetkey decrypt --event-id "EVENT_ID" --json
 
 > **Note for the grantee's agent:** If decryption fails with an authorization error, the grantee should confirm with the post owner that the grant is still active and the event ID is correct.
 
-### 9.5 Agent Rules: Daemon Lifecycle
-> **CRITICAL — Read before using daemon mode.**
-
-1. **Start the daemon ONCE, keep it running.** Do NOT quit or kill the daemon process after starting.
-2. **Reuse the running daemon for every operation.** Send requests to the already-running daemon via Unix Domain Socket. Do NOT start a new daemon for each operation.
-3. **Check daemon status before starting.** Use `zcloak-ai vetkey status --key-name <name>` to check if already running.
-4. **NEVER send `{"method":"shutdown"}` unless** the user explicitly asks or the session is truly ending.
-5. **The daemon is designed to be long-lived.** Key is held in memory securely (zeroed on exit). No benefit to restarting — significant cost (fresh canister call).
-6. **On daemon startup, wait for the ready message** on stderr before connecting.
-
-**In short: Start once → connect to socket → send many requests → never shutdown unless told to.**
-
-### 9.6 Background Daemon Startup
-To keep the daemon alive in the background:
-```bash
-# Recommended: nohup
-nohup zcloak-ai vetkey serve --key-name "default" 2>~/.vetkey-tool/daemon.log &
-sleep 2
-zcloak-ai vetkey status --key-name "default"
-```
-
-Without `nohup` or a process manager, the daemon will be killed by SIGHUP when the terminal session ends.
-
-### 9.7 Key Properties
+### 9.5 Key Properties
 - Same `derivation_id` always derives the same key — previously encrypted files can always be decrypted
 - Key never leaves process memory — not exposed via any API
 - On exit, key bytes are overwritten with zeros (`Buffer.fill(0)`)
-- PID file prevents duplicate daemons for the same derivation ID
-- Stale PID files are automatically cleaned up on startup
 - Daemon encrypted files use VKDA format: `[magic "VKDA"][version][nonce][ciphertext+GCM tag]`
 - Maximum file size: 1 GB
 - VetKey uses BLS12-381 — key derivation via blockchain consensus (no single point of trust)
 
-### 9.8 Encrypted Messaging (Mail Mode — Kind17 Envelope)
+### 9.6 Encrypted Messaging (Mail Mode — Kind17 Envelope)
 Send and receive encrypted messages between agents using IBE, compatible with the zMail protocol (Kind 17 envelope format).
 
 **Key properties:**
 - Sender only needs the IBE public key (no key exchange, no recipient key pair needed)
-- Recipient starts a Mail daemon once; all subsequent decryptions are instant
+- All decryptions are instant (daemon managed automatically by CLI)
 - Maximum payload: 64 KB
 - Message format: Kind 17 envelope (Nostr-inspired) with BIP-340 Schnorr signature
 - Envelope ID: SHA-256 of canonical serialization `[0, ai_id, created_at, 17, tags, content]`
@@ -638,7 +581,7 @@ Send and receive encrypted messages between agents using IBE, compatible with th
 #### Send an Encrypted Message
 Encrypt a message for a recipient identified by either an Agent AI Name (`.agent`) or an AI ID.
 
-By default, `send-msg` **automatically delivers** the envelope to the zMail server after encryption (auto-POST to `/v1/send`). Both sender and recipient must be registered with zMail first (see §9.9).
+By default, `send-msg` **automatically delivers** the envelope to the zMail server after encryption (auto-POST to `/v1/send`). Both sender and recipient must be registered with zMail first (see §9.8).
 
 Internal command reference:
 ```bash
@@ -648,15 +591,20 @@ zcloak-ai vetkey send-msg --to="runner#8939.agent" --text="Hello, this is secret
 zcloak-ai vetkey send-msg --to="pk4np-7pdod-..." --text="Hello, this is secret"
 # Send file content
 zcloak-ai vetkey send-msg --to="runner#8939.agent" --file=./secret.txt
+# Reply to an existing message
+zcloak-ai vetkey send-msg --to="runner#8939.agent" --text="Got it!" --reply=msg_abc123
 # Skip auto-delivery (only output envelope JSON to stdout)
 zcloak-ai vetkey send-msg --to="runner#8939.agent" --text="Hello" --no-zmail
 ```
 
 | Option              | Description                                           |
 | ------------------- | ----------------------------------------------------- |
+| `--reply=<msg_id>`  | Reply to a parent message (adds `["reply", id]` tag)  |
 | `--no-zmail`        | Disable auto-delivery; only output envelope JSON      |
 | `--zmail-url=<url>` | Override zMail server URL (default: `mail.zcloak.ai`) |
 
+**Message composition format:** The `content` field follows the zmail-skill spec — a compact JSON string wrapping the IBE ciphertext: `{"v":1,"type":"text","ct":"<base64-ciphertext>"}`. If encryption fails, the command aborts (no plaintext fallback).
+
 Output: Kind17 envelope JSON (always printed to stdout):
 ```json
 {
@@ -665,7 +613,7 @@ Output: Kind17 envelope JSON (always printed to stdout):
   "ai_id": "<sender_ai_id>",
   "created_at": 1709827200,
   "tags": [["to","<recipient_ai_id>"],["payload_type","text"],["ibe_id","{ai_id}:Mail"]],
-  "content": "<base64-ibe-ciphertext>",
+  "content": "{\"v\":1,\"type\":\"text\",\"ct\":\"<base64-ibe-ciphertext>\"}",
   "sig": "<schnorr-sig-hex>"
 }
 ```
@@ -675,27 +623,16 @@ Auto-delivery status is printed to stderr (e.g. `zMail: delivered (msg_id=..., t
 File payloads include an additional `["filename","secret.txt"]` tag.
 
 #### Receive (Decrypt) a Message
-Requires a running Mail daemon (`key-name="Mail"`):
 Internal command reference:
 ```bash
-# Start Mail daemon (one-time, derives VetKey for {ai_id}:Mail)
-nohup zcloak-ai vetkey serve --key-name "Mail" 2>~/.vetkey-tool/mail-daemon.log &
-# Decrypt a received Kind17 envelope
+# Decrypt a received Kind17 envelope (Mail daemon auto-starts if not running)
 zcloak-ai vetkey recv-msg --data='{"id":"...","kind":17,"ai_id":"...","created_at":...,"tags":[["to","..."]],"content":"...","sig":"..."}' --json
 
 # For file payloads, write the decrypted bytes to a path
 zcloak-ai vetkey recv-msg --data='{"id":"...","kind":17,...}' --output=./secret.txt
 ```
 
-#### Mail Daemon JSON-RPC
-The Mail daemon also supports direct `ibe-decrypt` RPC calls via Unix socket:
-```json
-{"id":1,"method":"ibe-decrypt","params":{"ibe_identity":"{ai_id}:Mail","ciphertext_base64":"<base64>"}}
-```
-
-> Same identity PEM + `--key-name="Mail"` = same VetKey every time. The Mail daemon can be restarted safely.
-
-### 9.9 zMail Service Integration
+### 9.7 zMail Service Integration
 The `zmail` module provides direct interaction with the zMail encrypted mail server. Before sending or receiving messages, agents must register with zMail.
 
 All endpoints use **Schnorr BIP-340 ownership proof headers** (`x-zmail-ai-id`, `x-zmail-timestamp`, `x-zmail-nonce`, `x-zmail-signature`) to authenticate requests.
@@ -709,43 +646,76 @@ zcloak-ai zmail register
 
 The command signs a challenge `"register:{ai_id}:{spki}:{schnorr_pubkey}:{timestamp}"` with BIP-340 Schnorr and POSTs to `/v1/register`. If already registered, prints a confirmation without error.
 
+#### Sync Messages
+Sync messages from the zMail server to local cache (`~/.config/zcloak/mailboxes/{principal}/`). After sync, `inbox` and `sent` read from local cache without network access.
+
+Internal command reference:
+```bash
+# Incremental sync (fetches only new messages since last sync)
+zcloak-ai zmail sync
+# Full re-sync (ignores saved cursor, re-fetches everything)
+zcloak-ai zmail sync --full
+# JSON summary output
+zcloak-ai zmail sync --json
+```
+
+| Option   | Description                               |
+| -------- | ----------------------------------------- |
+| `--full` | Ignore saved cursor, perform full re-sync |
+| `--json` | Output sync summary as JSON               |
+
+Local cache layout:
+```
+~/.config/zcloak/mailboxes/{principal}/
+  inbox.json          Cached inbox messages
+  sent.json           Cached sent messages
+  sync-state.json     Incremental sync cursors
+```
+
 #### Fetch Inbox
-Retrieve inbox messages with optional filters and pagination.
+Read inbox messages. By default reads from local cache (populated by `sync`). Falls back to live API if no cache exists. Use `--online` to force live fetch.
+
 Internal command reference:
 ```bash
-# Basic inbox fetch
+# Read from local cache (default after sync)
 zcloak-ai zmail inbox
-# With filters
+# With filters (work on both cached and online modes)
 zcloak-ai zmail inbox --limit=10 --unread --from=<sender_ai_id>
-# Pagination (use cursor from previous response)
-zcloak-ai zmail inbox --after=<cursor>
+# Force live API fetch
+zcloak-ai zmail inbox --online
+# Pagination (online mode only)
+zcloak-ai zmail inbox --online --after=<cursor>
 # Raw JSON output
 zcloak-ai zmail inbox --json
 ```
 
-| Option             | Description                              |
-| ------------------ | ---------------------------------------- |
-| `--limit=<n>`      | Max messages to fetch (default: 20)      |
-| `--after=<cursor>` | Pagination cursor from previous response |
-| `--unread`         | Only fetch unread messages               |
-| `--from=<ai_id>`   | Filter by sender AI ID                   |
-| `--json`           | Output raw JSON response                 |
+| Option             | Description                             |
+| ------------------ | --------------------------------------- |
+| `--limit=<n>`      | Max messages to display (default: 20)   |
+| `--unread`         | Only show unread messages               |
+| `--from=<ai_id>`   | Filter by sender AI ID                  |
+| `--online`         | Force live API fetch (skip local cache) |
+| `--after=<cursor>` | Pagination cursor (online mode only)    |
+| `--json`           | Output raw JSON response                |
 
 #### Fetch Sent Messages
-Retrieve sent messages with optional recipient filter.
+Read sent messages. By default reads from local cache. Use `--online` to force live fetch.
+
 Internal command reference:
 ```bash
 zcloak-ai zmail sent
 zcloak-ai zmail sent --limit=5 --to=<recipient_ai_id>
+zcloak-ai zmail sent --online
 zcloak-ai zmail sent --json
 ```
 
-| Option             | Description                              |
-| ------------------ | ---------------------------------------- |
-| `--limit=<n>`      | Max messages to fetch (default: 20)      |
-| `--after=<cursor>` | Pagination cursor from previous response |
-| `--to=<ai_id>`     | Filter by recipient AI ID                |
-| `--json`           | Output raw JSON response                 |
+| Option             | Description                             |
+| ------------------ | --------------------------------------- |
+| `--limit=<n>`      | Max messages to display (default: 20)   |
+| `--to=<ai_id>`     | Filter by recipient AI ID               |
+| `--online`         | Force live API fetch (skip local cache) |
+| `--after=<cursor>` | Pagination cursor (online mode only)    |
+| `--json`           | Output raw JSON response                |
 
 #### Acknowledge Messages
 Mark inbox messages as read.
@@ -757,11 +727,12 @@ zcloak-ai zmail ack --msg-id=abc123,def456
 
 #### Typical zMail Workflow
 This is an agent-side workflow. The agent performs all steps; the user only needs to know outcomes.
-
 1. **Register** (one-time): `zcloak-ai zmail register`
 2. **Send**: `zcloak-ai vetkey send-msg --to="alice#1234.agent" --text="Hello"` (auto-delivers via zMail)
-3. **Check inbox**: `zcloak-ai zmail inbox --unread`
-4. **Decrypt a message**: Use the Mail daemon + `recv-msg` (see §9.8)
-5. **Acknowledge**: `zcloak-ai zmail ack --msg-id=<msg_id>`
+3. **Reply**: `zcloak-ai vetkey send-msg --to="alice#1234.agent" --text="Got it!" --reply=<msg_id>`
+4. **Sync**: `zcloak-ai zmail sync` (pull new messages to local cache)
+5. **Check inbox**: `zcloak-ai zmail inbox --unread` (reads from local cache)
+6. **Decrypt a message**: `zcloak-ai vetkey recv-msg --data='...' --json` (see §9.7)
+7. **Acknowledge**: `zcloak-ai zmail ack --msg-id=<msg_id>`
 
 > **URL resolution priority**: `--zmail-url` flag > `ZMAIL_URL` environment variable > config default (`https://mail.zcloak.ai`)

package/dist/bind.js

@@ -19,6 +19,7 @@
  * All commands support --identity=<pem_path> to specify identity file.
  */
 import { generalParseAiIdToRecord, isReadableId } from './aiid.js';
+import * as log from './log.js';
 // ========== Help Information ==========
 function showHelp() {
     console.log('zCloak.ai Agent-Owner Binding Tool');
@@ -67,7 +68,7 @@ function parseAiIdToRecord(aiId) {
  */
 async function resolveReadableIdToPrincipal(session, readableId) {
     const idRecord = generalParseAiIdToRecord(readableId);
-    console.error(`Resolving ID "${readableId}" → id="${idRecord.id}", index=${idRecord.index.length ? idRecord.index[0].toString() : 'null'}...`);
+    log.info(`Resolving ID "${readableId}" → id="${idRecord.id}", index=${idRecord.index.length ? idRecord.index[0].toString() : 'null'}...`);
     const actor = await session.getAnonymousRegistryActor();
     const result = await actor.user_profile_get_by_id(idRecord);
     // opt UserProfile — empty array means not found
@@ -80,7 +81,7 @@ async function resolveReadableIdToPrincipal(session, readableId) {
         throw new Error(`Readable ID "${readableId}" exists in registry but has no principal bound.`);
     }
     const principal = profile.principal_id[0];
-    console.error(`Resolved: ${readableId} → ${principal}`);
+    log.info(`Resolved: ${readableId} → ${principal}`);
     return principal;
 }
 /**
@@ -128,7 +129,7 @@ async function cmdCheckPasskey(session, userInput) {
     }
     // Resolve AI ID → principal if needed
     const userPrincipal = await resolveInputToPrincipal(session, userInput);
-    console.error('Checking passkey status...');
+    log.info('Checking passkey status...');
     const result = await hasPasskey(session, userPrincipal);
     if (result) {
         console.log('Passkey registered: yes');
@@ -159,7 +160,7 @@ async function cmdPrepare(session, userInput) {
     // Resolve AI ID → principal if needed
     const userPrincipal = await resolveInputToPrincipal(session, userInput);
     // Pre-check: ensure the target principal has a passkey before proceeding
-    console.error('Pre-check: verifying passkey status...');
+    log.info('Pre-check: verifying passkey status...');
     const passkeyOk = await hasPasskey(session, userPrincipal);
     if (!passkeyOk) {
         console.error('Error: target principal has no passkey registered.');
@@ -167,15 +168,15 @@ async function cmdPrepare(session, userInput) {
         console.error(`Please go to ${session.getSettingUrl()} and bind a passkey for this user first.`);
         process.exit(1);
     }
-    console.error('Pre-check passed: passkey found.');
+    log.info('Pre-check passed: passkey found.');
     const bindBase = session.getBindUrl();
     // Step 1: Call agent_prepare_bond (requires identity, update call)
-    console.error('Calling agent_prepare_bond...');
+    log.info('Calling agent_prepare_bond...');
     const actor = await session.getRegistryActor();
     const result = await actor.agent_prepare_bond(userPrincipal);
     // Check return result — variant { Ok: text } | { Err: text }
     if ('Err' in result) {
-        console.error('Binding preparation failed:');
+        log.error('Binding preparation failed:');
         console.log(`(variant { Err = "${result.Err}" })`);
         process.exit(1);
     }
@@ -214,7 +215,7 @@ export async function run(session) {
         }
     }
     catch (err) {
-        console.error(`Operation failed: ${err instanceof Error ? err.message : String(err)}`);
+        log.error(`Operation failed: ${err instanceof Error ? err.message : String(err)}`);
         process.exit(1);
     }
 }

package/dist/bind.js.map

@@ -1 +1 @@
-{"version":3,"file":"bind.js","sourceRoot":"","sources":["../src/bind.ts"],"names":[],"mappings":";AACA;;;;;;;;;;;;;;;;;;GAkBG;AAGH,OAAO,EAAE,wBAAwB,EAAE,YAAY,EAAY,MAAM,WAAW,CAAC;AAE7E,yCAAyC;AACzC,SAAS,QAAQ;IACf,OAAO,CAAC,GAAG,CAAC,oCAAoC,CAAC,CAAC;IAClD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IACtB,OAAO,CAAC,GAAG,CAAC,4GAA4G,CAAC,CAAC;IAC1H,OAAO,CAAC,GAAG,CAAC,0GAA0G,CAAC,CAAC;IACxH,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;IAC1B,OAAO,CAAC,GAAG,CAAC,wFAAwF,CAAC,CAAC;IACtG,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IACxB,OAAO,CAAC,GAAG,CAAC,uDAAuD,CAAC,CAAC;IACrE,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IACrB,OAAO,CAAC,GAAG,CAAC,iFAAiF,CAAC,CAAC;IAC/F,OAAO,CAAC,GAAG,CAAC,6EAA6E,CAAC,CAAC;IAC3F,OAAO,CAAC,GAAG,CAAC,gEAAgE,CAAC,CAAC;IAC9E,OAAO,CAAC,GAAG,CAAC,0CAA0C,CAAC,CAAC;IACxD,OAAO,CAAC,GAAG,CAAC,8EAA8E,CAAC,CAAC;IAC5F,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;IACzB,OAAO,CAAC,GAAG,CAAC,4FAA4F,CAAC,CAAC;IAC1G,OAAO,CAAC,GAAG,CAAC,kGAAkG,CAAC,CAAC;IAChH,OAAO,CAAC,GAAG,CAAC,0CAA0C,CAAC,CAAC;IACxD,OAAO,CAAC,GAAG,CAAC,gDAAgD,CAAC,CAAC;AAChE,CAAC;AAID;;;GAGG;AACH,SAAS,iBAAiB,CAAC,IAAY;IACrC,OAAO,wBAAwB,CAAC,IAAI,CAAC,CAAC;AACxC,CAAC;AAED;;;;;;;;;;;GAWG;AACH,KAAK,UAAU,4BAA4B,CACzC,OAAgB,EAChB,UAAkB;IAElB,MAAM,QAAQ,GAAG,wBAAwB,CAAC,UAAU,CAAQ,CAAC;IAE7D,OAAO,CAAC,KAAK,CACX,iBAAiB,UAAU,WAAW,QAAQ,CAAC,EAAE,YAAY,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAE,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,CACjI,CAAC;IAEF,MAAM,KAAK,GAAG,MAAM,OAAO,CAAC,yBAAyB,EAAE,CAAC;IACxD,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,sBAAsB,CAAC,QAAQ,CAAC,CAAC;IAE5D,gDAAgD;IAChD,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACnC,MAAM,IAAI,KAAK,CAAC,uCAAuC,UAAU,sCAAsC,CAAC,CAAC;IAC3G,CAAC;IAED,MAAM,OAAO,GAAG,MAAM,CAAC,CAAC,CAAE,CAAC;IAE3B,yDAAyD;IACzD,IAAI,CAAC,OAAO,CAAC,YAAY,IAAI,OAAO,CAAC,YAAY,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC/D,MAAM,IAAI,KAAK,CAAC,gBAAgB,UAAU,kDAAkD,CAAC,CAAC;IAChG,CAAC;IAED,MAAM,SAAS,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC,CAAE,CAAC;IAC3C,OAAO,CAAC,KAAK,CAAC,aAAa,UAAU,MAAM,SAAS,EAAE,CAAC,CAAC;IACxD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,uBAAuB,CAAC,OAAgB,EAAE,KAAa;IACpE,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,KAAK,CAAC;IACf,CAAC;IACD,OAAO,4BAA4B,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;AACtD,CAAC;AAED,iDAAiD;AAEjD;;;;GAIG;AACH,KAAK,UAAU,UAAU,CAAC,OAAgB,EAAE,aAAqB;IAC/D,MAAM,KAAK,GAAG,MAAM,OAAO,CAAC,yBAAyB,EAAE,CAAC;IACxD,MAAM,OAAO,GAAG,MAAM,KAAK,CAAC,6BAA6B,CAAC,aAAa,CAAC,CAAC;IAEzE,uDAAuD;IACvD,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACrC,MAAM,IAAI,KAAK,CAAC,wCAAwC,aAAa,EAAE,CAAC,CAAC;IAC3E,CAAC;IAED,MAAM,IAAI,GAAG,OAAO,CAAC,CAAC,CAAE,CAAC;IACzB,qEAAqE;IACrE,OAAO,IAAI,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC,CAAC;AACtC,CAAC;AAED,gDAAgD;AAEhD,yEAAyE;AACzE,KAAK,UAAU,eAAe,CAAC,OAAgB,EAAE,SAA6B;IAC5E,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,+CAA+C,CAAC,CAAC;QAC/D,OAAO,CAAC,KAAK,CAAC,+DAA+D,CAAC,CAAC;QAC/E,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,qGAAqG;IACrG,IAAI,SAAU,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;QAClC,OAAO,CAAC,KAAK,CAAC,WAAW,SAAS,wDAAwD,CAAC,CAAC;QAC5F,OAAO,CAAC,KAAK,CAAC,8DAA8D,CAAC,CAAC;QAC9E,OAAO,CAAC,KAAK,CAAC,sEAAsE,CAAC,CAAC;QACtF,OAAO,CAAC,KAAK,CAAC,4BAA4B,CAAC,CAAC;QAC5C,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,sCAAsC;IACtC,MAAM,aAAa,GAAG,MAAM,uBAAuB,CAAC,OAAO,EAAE,SAAU,CAAC,CAAC;IAEzE,OAAO,CAAC,KAAK,CAAC,4BAA4B,CAAC,CAAC;IAC5C,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;IAExD,IAAI,MAAM,EAAE,CAAC;QACX,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;QACvC,OAAO,CAAC,GAAG,CAAC,4CAA4C,CAAC,CAAC;IAC5D,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC,CAAC;QACtC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAChB,OAAO,CAAC,GAAG,CAAC,8DAA8D,CAAC,CAAC;QAC5E,OAAO,CAAC,GAAG,CAAC,gBAAgB,OAAO,CAAC,aAAa,EAAE,4BAA4B,CAAC,CAAC;IACnF,CAAC;AACH,CAAC;AAED,sDAAsD;AACtD,KAAK,UAAU,UAAU,CAAC,OAAgB,EAAE,SAA6B;IACvE,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,+CAA+C,CAAC,CAAC;QAC/D,OAAO,CAAC,KAAK,CAAC,yDAAyD,CAAC,CAAC;QACzE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,gFAAgF;IAChF,IAAI,SAAU,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;QAClC,OAAO,CAAC,KAAK,CAAC,WAAW,SAAS,wDAAwD,CAAC,CAAC;QAC5F,OAAO,CAAC,KAAK,CAAC,8DAA8D,CAAC,CAAC;QAC9E,OAAO,CAAC,KAAK,CAAC,sEAAsE,CAAC,CAAC;QACtF,OAAO,CAAC,KAAK,CAAC,4BAA4B,CAAC,CAAC;QAC5C,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,sCAAsC;IACtC,MAAM,aAAa,GAAG,MAAM,uBAAuB,CAAC,OAAO,EAAE,SAAU,CAAC,CAAC;IAEzE,yEAAyE;IACzE,OAAO,CAAC,KAAK,CAAC,wCAAwC,CAAC,CAAC;IACxD,MAAM,SAAS,GAAG,MAAM,UAAU,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;IAC3D,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,oDAAoD,CAAC,CAAC;QACpE,OAAO,CAAC,KAAK,CAAC,8DAA8D,CAAC,CAAC;QAC9E,OAAO,CAAC,KAAK,CAAC,gBAAgB,OAAO,CAAC,aAAa,EAAE,0CAA0C,CAAC,CAAC;QACjG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,OAAO,CAAC,KAAK,CAAC,kCAAkC,CAAC,CAAC;IAElD,MAAM,QAAQ,GAAG,OAAO,CAAC,UAAU,EAAE,CAAC;IAEtC,mEAAmE;IACnE,OAAO,CAAC,KAAK,CAAC,+BAA+B,CAAC,CAAC;IAC/C,MAAM,KAAK,GAAG,MAAM,OAAO,CAAC,gBAAgB,EAAE,CAAC;IAC/C,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,kBAAkB,CAAC,aAAa,CAAC,CAAC;IAE7D,6DAA6D;IAC7D,IAAI,KAAK,IAAI,MAAM,EAAE,CAAC;QACpB,OAAO,CAAC,KAAK,CAAC,6BAA6B,CAAC,CAAC;QAC7C,OAAO,CAAC,GAAG,CAAC,qBAAqB,MAAM,CAAC,GAAG,MAAM,CAAC,CAAC;QACnD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,uFAAuF;IACvF,MAAM,SAAS,GAAG,MAAM,CAAC,EAAE,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;IAElD,oBAAoB;IACpB,MAAM,GAAG,GAAG,6CAA6C,SAAS,EAAE,CAAC;IAErE,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,oCAAoC,CAAC,CAAC;IAClD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IACjB,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,qFAAqF,CAAC,CAAC;AACrG,CAAC;AAED,0DAA0D;AAE1D;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,GAAG,CAAC,OAAgB;IACxC,MAAM,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAEtC,IAAI,CAAC;QACH,QAAQ,OAAO,EAAE,CAAC;YAChB,KAAK,SAAS;gBACZ,MAAM,UAAU,CAAC,OAAO,EAAE,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;gBACjD,MAAM;YACR,KAAK,eAAe;gBAClB,MAAM,eAAe,CAAC,OAAO,EAAE,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;gBACtD,MAAM;YACR;gBACE,QAAQ,EAAE,CAAC;gBACX,IAAI,OAAO,EAAE,CAAC;oBACZ,OAAO,CAAC,KAAK,CAAC,sBAAsB,OAAO,EAAE,CAAC,CAAC;gBACjD,CAAC;gBACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACpB,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CAAC,qBAAqB,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QACvF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC"}
+{"version":3,"file":"bind.js","sourceRoot":"","sources":["../src/bind.ts"],"names":[],"mappings":";AACA;;;;;;;;;;;;;;;;;;GAkBG;AAGH,OAAO,EAAE,wBAAwB,EAAE,YAAY,EAAY,MAAM,WAAW,CAAC;AAC7E,OAAO,KAAK,GAAG,MAAM,UAAU,CAAC;AAEhC,yCAAyC;AACzC,SAAS,QAAQ;IACf,OAAO,CAAC,GAAG,CAAC,oCAAoC,CAAC,CAAC;IAClD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IACtB,OAAO,CAAC,GAAG,CAAC,4GAA4G,CAAC,CAAC;IAC1H,OAAO,CAAC,GAAG,CAAC,0GAA0G,CAAC,CAAC;IACxH,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;IAC1B,OAAO,CAAC,GAAG,CAAC,wFAAwF,CAAC,CAAC;IACtG,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IACxB,OAAO,CAAC,GAAG,CAAC,uDAAuD,CAAC,CAAC;IACrE,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IACrB,OAAO,CAAC,GAAG,CAAC,iFAAiF,CAAC,CAAC;IAC/F,OAAO,CAAC,GAAG,CAAC,6EAA6E,CAAC,CAAC;IAC3F,OAAO,CAAC,GAAG,CAAC,gEAAgE,CAAC,CAAC;IAC9E,OAAO,CAAC,GAAG,CAAC,0CAA0C,CAAC,CAAC;IACxD,OAAO,CAAC,GAAG,CAAC,8EAA8E,CAAC,CAAC;IAC5F,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;IACzB,OAAO,CAAC,GAAG,CAAC,4FAA4F,CAAC,CAAC;IAC1G,OAAO,CAAC,GAAG,CAAC,kGAAkG,CAAC,CAAC;IAChH,OAAO,CAAC,GAAG,CAAC,0CAA0C,CAAC,CAAC;IACxD,OAAO,CAAC,GAAG,CAAC,gDAAgD,CAAC,CAAC;AAChE,CAAC;AAID;;;GAGG;AACH,SAAS,iBAAiB,CAAC,IAAY;IACrC,OAAO,wBAAwB,CAAC,IAAI,CAAC,CAAC;AACxC,CAAC;AAED;;;;;;;;;;;GAWG;AACH,KAAK,UAAU,4BAA4B,CACzC,OAAgB,EAChB,UAAkB;IAElB,MAAM,QAAQ,GAAG,wBAAwB,CAAC,UAAU,CAAQ,CAAC;IAE7D,GAAG,CAAC,IAAI,CACN,iBAAiB,UAAU,WAAW,QAAQ,CAAC,EAAE,YAAY,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAE,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,CACjI,CAAC;IAEF,MAAM,KAAK,GAAG,MAAM,OAAO,CAAC,yBAAyB,EAAE,CAAC;IACxD,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,sBAAsB,CAAC,QAAQ,CAAC,CAAC;IAE5D,gDAAgD;IAChD,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACnC,MAAM,IAAI,KAAK,CAAC,uCAAuC,UAAU,sCAAsC,CAAC,CAAC;IAC3G,CAAC;IAED,MAAM,OAAO,GAAG,MAAM,CAAC,CAAC,CAAE,CAAC;IAE3B,yDAAyD;IACzD,IAAI,CAAC,OAAO,CAAC,YAAY,IAAI,OAAO,CAAC,YAAY,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC/D,MAAM,IAAI,KAAK,CAAC,gBAAgB,UAAU,kDAAkD,CAAC,CAAC;IAChG,CAAC;IAED,MAAM,SAAS,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC,CAAE,CAAC;IAC3C,GAAG,CAAC,IAAI,CAAC,aAAa,UAAU,MAAM,SAAS,EAAE,CAAC,CAAC;IACnD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,uBAAuB,CAAC,OAAgB,EAAE,KAAa;IACpE,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,KAAK,CAAC;IACf,CAAC;IACD,OAAO,4BAA4B,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;AACtD,CAAC;AAED,iDAAiD;AAEjD;;;;GAIG;AACH,KAAK,UAAU,UAAU,CAAC,OAAgB,EAAE,aAAqB;IAC/D,MAAM,KAAK,GAAG,MAAM,OAAO,CAAC,yBAAyB,EAAE,CAAC;IACxD,MAAM,OAAO,GAAG,MAAM,KAAK,CAAC,6BAA6B,CAAC,aAAa,CAAC,CAAC;IAEzE,uDAAuD;IACvD,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACrC,MAAM,IAAI,KAAK,CAAC,wCAAwC,aAAa,EAAE,CAAC,CAAC;IAC3E,CAAC;IAED,MAAM,IAAI,GAAG,OAAO,CAAC,CAAC,CAAE,CAAC;IACzB,qEAAqE;IACrE,OAAO,IAAI,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC,CAAC;AACtC,CAAC;AAED,gDAAgD;AAEhD,yEAAyE;AACzE,KAAK,UAAU,eAAe,CAAC,OAAgB,EAAE,SAA6B;IAC5E,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,+CAA+C,CAAC,CAAC;QAC/D,OAAO,CAAC,KAAK,CAAC,+DAA+D,CAAC,CAAC;QAC/E,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,qGAAqG;IACrG,IAAI,SAAU,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;QAClC,OAAO,CAAC,KAAK,CAAC,WAAW,SAAS,wDAAwD,CAAC,CAAC;QAC5F,OAAO,CAAC,KAAK,CAAC,8DAA8D,CAAC,CAAC;QAC9E,OAAO,CAAC,KAAK,CAAC,sEAAsE,CAAC,CAAC;QACtF,OAAO,CAAC,KAAK,CAAC,4BAA4B,CAAC,CAAC;QAC5C,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,sCAAsC;IACtC,MAAM,aAAa,GAAG,MAAM,uBAAuB,CAAC,OAAO,EAAE,SAAU,CAAC,CAAC;IAEzE,GAAG,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC;IACvC,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;IAExD,IAAI,MAAM,EAAE,CAAC;QACX,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;QACvC,OAAO,CAAC,GAAG,CAAC,4CAA4C,CAAC,CAAC;IAC5D,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC,CAAC;QACtC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAChB,OAAO,CAAC,GAAG,CAAC,8DAA8D,CAAC,CAAC;QAC5E,OAAO,CAAC,GAAG,CAAC,gBAAgB,OAAO,CAAC,aAAa,EAAE,4BAA4B,CAAC,CAAC;IACnF,CAAC;AACH,CAAC;AAED,sDAAsD;AACtD,KAAK,UAAU,UAAU,CAAC,OAAgB,EAAE,SAA6B;IACvE,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,+CAA+C,CAAC,CAAC;QAC/D,OAAO,CAAC,KAAK,CAAC,yDAAyD,CAAC,CAAC;QACzE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,gFAAgF;IAChF,IAAI,SAAU,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;QAClC,OAAO,CAAC,KAAK,CAAC,WAAW,SAAS,wDAAwD,CAAC,CAAC;QAC5F,OAAO,CAAC,KAAK,CAAC,8DAA8D,CAAC,CAAC;QAC9E,OAAO,CAAC,KAAK,CAAC,sEAAsE,CAAC,CAAC;QACtF,OAAO,CAAC,KAAK,CAAC,4BAA4B,CAAC,CAAC;QAC5C,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,sCAAsC;IACtC,MAAM,aAAa,GAAG,MAAM,uBAAuB,CAAC,OAAO,EAAE,SAAU,CAAC,CAAC;IAEzE,yEAAyE;IACzE,GAAG,CAAC,IAAI,CAAC,wCAAwC,CAAC,CAAC;IACnD,MAAM,SAAS,GAAG,MAAM,UAAU,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;IAC3D,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,oDAAoD,CAAC,CAAC;QACpE,OAAO,CAAC,KAAK,CAAC,8DAA8D,CAAC,CAAC;QAC9E,OAAO,CAAC,KAAK,CAAC,gBAAgB,OAAO,CAAC,aAAa,EAAE,0CAA0C,CAAC,CAAC;QACjG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,GAAG,CAAC,IAAI,CAAC,kCAAkC,CAAC,CAAC;IAE7C,MAAM,QAAQ,GAAG,OAAO,CAAC,UAAU,EAAE,CAAC;IAEtC,mEAAmE;IACnE,GAAG,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC;IAC1C,MAAM,KAAK,GAAG,MAAM,OAAO,CAAC,gBAAgB,EAAE,CAAC;IAC/C,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,kBAAkB,CAAC,aAAa,CAAC,CAAC;IAE7D,6DAA6D;IAC7D,IAAI,KAAK,IAAI,MAAM,EAAE,CAAC;QACpB,GAAG,CAAC,KAAK,CAAC,6BAA6B,CAAC,CAAC;QACzC,OAAO,CAAC,GAAG,CAAC,qBAAqB,MAAM,CAAC,GAAG,MAAM,CAAC,CAAC;QACnD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,uFAAuF;IACvF,MAAM,SAAS,GAAG,MAAM,CAAC,EAAE,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;IAElD,oBAAoB;IACpB,MAAM,GAAG,GAAG,6CAA6C,SAAS,EAAE,CAAC;IAErE,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,oCAAoC,CAAC,CAAC;IAClD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IACjB,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,qFAAqF,CAAC,CAAC;AACrG,CAAC;AAED,0DAA0D;AAE1D;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,GAAG,CAAC,OAAgB;IACxC,MAAM,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAEtC,IAAI,CAAC;QACH,QAAQ,OAAO,EAAE,CAAC;YAChB,KAAK,SAAS;gBACZ,MAAM,UAAU,CAAC,OAAO,EAAE,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;gBACjD,MAAM;YACR,KAAK,eAAe;gBAClB,MAAM,eAAe,CAAC,OAAO,EAAE,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;gBACtD,MAAM;YACR;gBACE,QAAQ,EAAE,CAAC;gBACX,IAAI,OAAO,EAAE,CAAC;oBACZ,OAAO,CAAC,KAAK,CAAC,sBAAsB,OAAO,EAAE,CAAC,CAAC;gBACjD,CAAC;gBACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACpB,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,GAAG,CAAC,KAAK,CAAC,qBAAqB,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QACnF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC"}

package/dist/cli.d.ts

@@ -13,7 +13,7 @@
  *   zcloak-ai bind <command> [args]       Agent-Owner binding
  *   zcloak-ai doc <command> [args]        Document tools
  *   zcloak-ai pow <base> <zeros>          PoW computation
- *   zcloak-ai vetkey <command> [args]     VetKey encryption/decryption and daemon
+ *   zcloak-ai vetkey <command> [args]     VetKey encryption/decryption
  *   zcloak-ai social <command> [args]     Social profile query
  *   zcloak-ai zmail <command> [args]      Encrypted mail (register, inbox, sent, ack)
  *   zcloak-ai pre-check                   Manually run the package/skill update pre-check

package/dist/cli.js

@@ -13,7 +13,7 @@
  *   zcloak-ai bind <command> [args]       Agent-Owner binding
  *   zcloak-ai doc <command> [args]        Document tools
  *   zcloak-ai pow <base> <zeros>          PoW computation
- *   zcloak-ai vetkey <command> [args]     VetKey encryption/decryption and daemon
+ *   zcloak-ai vetkey <command> [args]     VetKey encryption/decryption
  *   zcloak-ai social <command> [args]     Social profile query
  *   zcloak-ai zmail <command> [args]      Encrypted mail (register, inbox, sent, ack)
  *   zcloak-ai pre-check                   Manually run the package/skill update pre-check
@@ -35,8 +35,11 @@ import path from 'path';
 import { fileURLToPath } from 'url';
 import { Session } from './session.js';
 import { preCheck } from './pre-check.js';
-import { ensureDaemonsBackground } from './vetkey.js';
 import { DEFAULT_PEM_PATH, loadIdentityFromPath } from './identity.js';
+import { STANDARD_DAEMON_KEY_NAMES, startDaemonBackground, stopAllDaemons } from './vetkey.js';
+import { isDaemonAlive } from './daemon.js';
+import * as log from './log.js';
+import { migrateLegacyRuntimeDir } from './compat.js';
 /** ESM equivalent of __dirname */
 const __dirname = path.dirname(fileURLToPath(import.meta.url));
 /** Supported modules and their corresponding script files (compiled in dist/ directory) */
@@ -69,9 +72,9 @@ function showHelp() {
     console.log('  delete      File deletion with 2FA verification (prepare, check, confirm)');
     console.log('  doc         Document tools (manifest, verify-manifest, hash, info)');
     console.log('  pow         PoW computation (<base_string> <zeros>)');
-    console.log('  vetkey      VetKey encryption/decryption (encrypt-sign, decrypt, serve, ...)');
+    console.log('  vetkey      VetKey encryption/decryption (encrypt-sign, decrypt, ...)');
     console.log('  social      Social profile query (get-profile)');
-    console.log('  zmail       Encrypted mail (register, inbox, sent, ack)');
+    console.log('  zmail       Encrypted mail (register, sync, inbox, sent, ack)');
     console.log('  pre-check   Manually run the package/skill update pre-check');
     console.log('');
     console.log('Global options:');
@@ -102,6 +105,9 @@ function showHelp() {
  * so the sub-script receives the same parsed arguments as before.
  */
 async function main() {
+    // Migrate legacy ~/.vetkey-tool/ → ~/.config/zcloak/run/ (backward compat).
+    // Safe to call every invocation; no-ops when already migrated.
+    migrateLegacyRuntimeDir();
     // Get module name (skip node and script path)
     const moduleName = process.argv[2];
     if (!moduleName || moduleName === '--help' || moduleName === '-h') {
@@ -110,11 +116,11 @@ async function main() {
     }
     if (moduleName === 'pre-check') {
         const checkResult = await preCheck();
-        if (checkResult.updated) {
-            console.error(checkResult.message);
+        if (checkResult.message) {
+            log.info(checkResult.message);
         }
         else {
-            console.log('[zcloak-ai] Pre-check complete. No updates were applied.');
+            log.info('Pre-check complete. No updates were applied.');
         }
         process.exit(0);
     }
@@ -132,9 +138,21 @@ async function main() {
     // stop so the caller can reload context and re-run on the updated bits.
     const checkResult = await preCheck();
     if (checkResult.updated) {
-        console.error(checkResult.message);
+        // Stop all running daemons after a successful upgrade — the background
+        // daemons still point at the old package bits. They will be auto-restarted
+        // on the next command invocation via the warm-up logic below.
+        try {
+            await stopAllDaemons();
+        }
+        catch {
+            // Best-effort — don't block upgrade on daemon stop failure
+        }
+        log.info(checkResult.message);
         process.exit(0);
     }
+    if (checkResult.message) {
+        log.warn(checkResult.message);
+    }
     // Construct sub-argv without mutating process.argv.
     // Format: [node_binary, script_path, ...remaining_args]
     // This preserves the same index layout that parseArgs() expects (skips first 2 elements).
@@ -142,45 +160,51 @@ async function main() {
     const subArgv = [process.argv[0], scriptPath, ...process.argv.slice(3)];
     // Create a Session from the constructed argv
     const session = new Session(subArgv);
-    // Daemon health check (fire-and-forget): if the user already has a PEM identity,
-    // ensure both standard daemons ("default" and "Mail") are alive in the background.
-    // This is non-blocking — daemons are spawned but we don't wait for them to be ready.
-    // Commands that actually need a daemon (e.g. recv-msg) will wait synchronously.
-    //
-    // Skip conditions:
-    //   - `vetkey serve`: manages its own daemon lifecycle via DaemonRuntime.create(),
-    //     a background spawn would race with it causing "Daemon already running".
-    //   - `identity generate`: may overwrite the PEM file; starting daemons with the
-    //     old principal would create orphan processes unreachable by the new identity.
-    const isVetkeyServe = moduleName === 'vetkey' && process.argv[3] === 'serve';
-    const isIdentityGenerate = moduleName === 'identity' && process.argv[3] === 'generate';
-    if (!isVetkeyServe && !isIdentityGenerate) {
+    // ── Daemon warm-up (best-effort, never blocks main command) ──────
+    // Each step is independent: fail at any step → skip the rest silently.
+    (() => {
+        // Step 1: Skip commands that conflict with daemon warm-up
+        const skipWarmUp = (moduleName === 'vetkey' && process.argv[3] === 'serve') ||
+            (moduleName === 'identity' && process.argv[3] === 'generate');
+        if (skipWarmUp)
+            return;
+        // Step 2: Resolve PEM path
+        const identityArg = process.argv.find(a => a.startsWith('--identity='));
+        const pemPath = identityArg
+            ? identityArg.split('=').slice(1).join('=')
+            : DEFAULT_PEM_PATH;
+        // Step 3: PEM file must exist (no identity → no daemon)
+        if (!fs.existsSync(pemPath))
+            return;
+        // Step 4: Load identity and extract principal
+        let principal;
         try {
-            // Resolve which PEM to use: respect --identity=<path> if provided,
-            // otherwise fall back to DEFAULT_PEM_PATH. We do NOT call getPemPath()
-            // because it auto-creates the default PEM — we only want to start
-            // daemons when the user already has an identity.
-            const identityArg = process.argv.find(a => a.startsWith('--identity='));
-            const pemPath = identityArg
-                ? identityArg.split('=').slice(1).join('=') // support paths containing '='
-                : DEFAULT_PEM_PATH;
-            if (fs.existsSync(pemPath)) {
-                const identity = loadIdentityFromPath(pemPath);
-                const principal = identity.getPrincipal().toText();
-                ensureDaemonsBackground(pemPath, principal);
-            }
+            const identity = loadIdentityFromPath(pemPath);
+            principal = identity.getPrincipal().toText();
         }
         catch {
-            // Silently ignore — daemon health check must never block the main command
+            return; // Identity load failed — skip warm-up
         }
-    }
+        // Step 5: Check each standard daemon, start if not running
+        for (const keyName of STANDARD_DAEMON_KEY_NAMES) {
+            const derivationId = `${principal}:${keyName}`;
+            if (isDaemonAlive(derivationId))
+                continue;
+            try {
+                startDaemonBackground(pemPath, keyName);
+            }
+            catch {
+                // Best-effort — ignore spawn failures
+            }
+        }
+    })();
     // Load and execute sub-script's run() function.
     // After compilation, __dirname points to dist/, sub-scripts are in the same directory.
     const mod = await import(scriptPath);
     await mod.run(session);
 }
 main().catch((err) => {
-    console.error(`Error: ${err instanceof Error ? err.message : String(err)}`);
+    log.error(`Error: ${err instanceof Error ? err.message : String(err)}`);
     process.exit(1);
 });
 //# sourceMappingURL=cli.js.map