agent-pager 0.1.0

package/dist/src/hosted-service.js

@@ -0,0 +1,1038 @@
+import { randomBytes } from "node:crypto";
+import { nowIso, sha256, signText, stableJson } from "./crypto.js";
+const MESSAGE_MAX = 600;
+const DEFAULT_INVITE_TTL_HOURS = 24;
+const MAX_INVITE_TTL_HOURS = 168;
+const DEFAULT_PAIRING_TTL_MINUTES = 10;
+const MAX_PAIRING_TTL_MINUTES = 60;
+const RATE_LIMIT_WINDOW_MS = 60_000;
+const DEFAULT_RATE_LIMIT_MAX = 8;
+export class HostedAgentPagerService {
+    options;
+    constructor(options) {
+        this.options = options;
+    }
+    async createProfile(input) {
+        const username = cleanUsername(input.username);
+        const displayName = cleanText(input.displayName || username, 80);
+        if (!username)
+            throw new HostedAgentPagerError("username is required", 400);
+        const { data: profile, error } = await this.options.supabase
+            .from("profiles")
+            .upsert({
+            id: input.userId,
+            username,
+            display_name: displayName,
+            public_profile_enabled: true,
+            default_status: "offline"
+        }, { onConflict: "id" })
+            .select()
+            .single();
+        if (error)
+            throw fromSupabaseError(error);
+        const { error: settingsError } = await this.options.supabase
+            .from("user_settings")
+            .upsert({ user_id: input.userId }, { onConflict: "user_id" });
+        if (settingsError)
+            throw fromSupabaseError(settingsError);
+        await this.audit("profile.upsert", { actorUserId: profile.id, targetType: "profile", targetId: profile.id });
+        return profile;
+    }
+    async registerDevice(input) {
+        const name = cleanText(input.name, 100);
+        if (!name)
+            throw new HostedAgentPagerError("device name is required", 400);
+        if (!input.publicKeyPem.includes("PUBLIC KEY")) {
+            throw new HostedAgentPagerError("publicKeyPem is required", 400);
+        }
+        const { data: device, error } = await this.options.supabase
+            .from("devices")
+            .insert({
+            user_id: input.userId,
+            name,
+            public_key_pem: input.publicKeyPem,
+            public_key_fingerprint: sha256(input.publicKeyPem),
+            platform: input.platform || null,
+            app_version: input.appVersion || null,
+            last_seen_at: nowIso()
+        })
+            .select()
+            .single();
+        if (error)
+            throw fromSupabaseError(error);
+        await this.setPresence({
+            userId: input.userId,
+            deviceId: device.id,
+            status: "online",
+            reachable: true,
+            activeAdapter: "setup"
+        });
+        await this.audit("device.register", { actorUserId: input.userId, targetType: "device", targetId: device.id });
+        return device;
+    }
+    async revokeDevice(input) {
+        const { data: existing, error: existingError } = await this.options.supabase
+            .from("devices")
+            .select()
+            .eq("id", input.deviceId)
+            .eq("user_id", input.userId)
+            .maybeSingle();
+        if (existingError)
+            throw fromSupabaseError(existingError);
+        if (!existing)
+            throw new HostedAgentPagerError("device not found", 404);
+        if (existing.revoked_at)
+            return existing;
+        const revokedAt = nowIso();
+        const { data: device, error } = await this.options.supabase
+            .from("devices")
+            .update({ revoked_at: revokedAt })
+            .eq("id", input.deviceId)
+            .eq("user_id", input.userId)
+            .select()
+            .single();
+        if (error)
+            throw fromSupabaseError(error);
+        const { error: presenceError } = await this.options.supabase
+            .from("presence")
+            .update({
+            status: "offline",
+            reachable: false,
+            last_seen_at: revokedAt
+        })
+            .eq("device_id", input.deviceId)
+            .eq("user_id", input.userId);
+        if (presenceError)
+            throw fromSupabaseError(presenceError);
+        await this.audit("device.revoke", {
+            actorUserId: input.userId,
+            targetType: "device",
+            targetId: input.deviceId,
+            metadata: { self: input.actorDeviceId === input.deviceId }
+        });
+        return device;
+    }
+    async createDevicePairing(input) {
+        const name = cleanText(input.name, 100);
+        if (!name)
+            throw new HostedAgentPagerError("device name is required", 400);
+        if (!input.publicKeyPem.includes("PUBLIC KEY")) {
+            throw new HostedAgentPagerError("publicKeyPem is required", 400);
+        }
+        const ttlMinutes = Math.min(Math.max(input.ttlMinutes || DEFAULT_PAIRING_TTL_MINUTES, 1), MAX_PAIRING_TTL_MINUTES);
+        const pairingSecret = randomCode(32);
+        const { data: pairing, error } = await this.options.supabase
+            .from("device_pairing_codes")
+            .insert({
+            code: randomPairingCode(),
+            pairing_secret_hash: sha256(pairingSecret),
+            public_key_pem: input.publicKeyPem,
+            public_key_fingerprint: sha256(input.publicKeyPem),
+            device_name: name,
+            platform: input.platform || null,
+            app_version: input.appVersion || null,
+            expires_at: new Date(Date.now() + ttlMinutes * 60_000).toISOString()
+        })
+            .select()
+            .single();
+        if (error)
+            throw fromSupabaseError(error);
+        await this.audit("device_pairing.create", { targetType: "device_pairing", targetId: pairing.code });
+        return { pairing, pairingSecret };
+    }
+    async approveDevicePairing(input) {
+        const pairing = await this.getValidPairing(input.code);
+        if (pairing.approved_by_user_id || pairing.approved_at || pairing.device_id) {
+            throw new HostedAgentPagerError("device pairing has already been approved", 400);
+        }
+        const device = await this.registerDevice({
+            userId: input.userId,
+            name: pairing.device_name,
+            publicKeyPem: pairing.public_key_pem,
+            platform: pairing.platform || undefined,
+            appVersion: pairing.app_version || undefined
+        });
+        const { data: approved, error } = await this.options.supabase
+            .from("device_pairing_codes")
+            .update({
+            approved_by_user_id: input.userId,
+            approved_at: nowIso(),
+            device_id: device.id
+        })
+            .eq("code", pairing.code)
+            .select()
+            .single();
+        if (error)
+            throw fromSupabaseError(error);
+        await this.audit("device_pairing.approve", {
+            actorUserId: input.userId,
+            targetType: "device_pairing",
+            targetId: pairing.code
+        });
+        return { pairing: approved, device };
+    }
+    async claimDevicePairing(input) {
+        const pairing = await this.getValidPairing(input.code);
+        if (pairing.pairing_secret_hash !== sha256(input.pairingSecret)) {
+            throw new HostedAgentPagerError("device pairing secret is invalid", 401);
+        }
+        if (!pairing.approved_by_user_id || !pairing.device_id) {
+            throw new HostedAgentPagerError("device pairing is not approved yet", 202);
+        }
+        const [profile, device] = await Promise.all([
+            this.profileById(pairing.approved_by_user_id),
+            this.deviceById(pairing.device_id)
+        ]);
+        if (!profile || !device)
+            throw new HostedAgentPagerError("approved device pairing is incomplete", 500);
+        if (!pairing.consumed_at) {
+            await this.options.supabase
+                .from("device_pairing_codes")
+                .update({ consumed_at: nowIso() })
+                .eq("code", pairing.code);
+        }
+        await this.audit("device_pairing.claim", {
+            actorUserId: profile.id,
+            targetType: "device",
+            targetId: device.id
+        });
+        return { pairing, profile, device };
+    }
+    async setPresence(input) {
+        const { error } = await this.options.supabase
+            .from("presence")
+            .upsert({
+            user_id: input.userId,
+            device_id: input.deviceId,
+            status: input.status,
+            reachable: input.reachable,
+            active_adapter: input.activeAdapter || null,
+            last_seen_at: nowIso()
+        }, { onConflict: "user_id,device_id" });
+        if (error)
+            throw fromSupabaseError(error);
+    }
+    async getSettings(userId) {
+        const { data: existing, error } = await this.options.supabase
+            .from("user_settings")
+            .select()
+            .eq("user_id", userId)
+            .maybeSingle();
+        if (error)
+            throw fromSupabaseError(error);
+        if (existing)
+            return existing;
+        const { data, error: insertError } = await this.options.supabase
+            .from("user_settings")
+            .insert({ user_id: userId })
+            .select()
+            .single();
+        if (insertError)
+            throw fromSupabaseError(insertError);
+        return data;
+    }
+    async updateSettings(input) {
+        const patch = {};
+        if (input.presenceVisibility !== undefined) {
+            patch.presence_visibility = normalizeOneOf(input.presenceVisibility, ["private", "friends", "public"], "presenceVisibility");
+        }
+        if (input.defaultDeliveryMode !== undefined) {
+            patch.default_delivery_mode = normalizeOneOf(input.defaultDeliveryMode, ["active-or-recent", "pinned-device", "notify-only"], "defaultDeliveryMode");
+        }
+        if (input.quietHours !== undefined) {
+            patch.quiet_hours = normalizeQuietHours(input.quietHours);
+        }
+        if (input.maxPagesPerFriendPerMinute !== undefined) {
+            const max = Math.trunc(Number(input.maxPagesPerFriendPerMinute));
+            if (!Number.isFinite(max) || max < 1 || max > 30) {
+                throw new HostedAgentPagerError("maxPagesPerFriendPerMinute must be between 1 and 30", 400);
+            }
+            patch.max_pages_per_friend_per_minute = max;
+        }
+        const { data, error } = await this.options.supabase
+            .from("user_settings")
+            .upsert({ user_id: input.userId, ...patch }, { onConflict: "user_id" })
+            .select()
+            .single();
+        if (error)
+            throw fromSupabaseError(error);
+        await this.audit("settings.update", {
+            actorUserId: input.userId,
+            targetType: "user_settings",
+            targetId: input.userId,
+            metadata: Object.keys(patch).reduce((out, key) => {
+                out[key] = true;
+                return out;
+            }, {})
+        });
+        return data;
+    }
+    async createAbuseReport(input) {
+        const reason = cleanText(input.reason, 120);
+        const details = cleanText(input.details || "", 1000);
+        if (!reason)
+            throw new HostedAgentPagerError("reason is required", 400);
+        const [reporter, reportedUser, page] = await Promise.all([
+            this.profileById(input.reporterUserId),
+            input.reportedUsername ? this.profileByUsername(input.reportedUsername) : Promise.resolve(null),
+            input.pageId ? this.pageForReport(input.reporterUserId, input.pageId) : Promise.resolve(null)
+        ]);
+        if (!reporter)
+            throw new HostedAgentPagerError("reporter not found", 404);
+        if (input.reportedUsername && !reportedUser)
+            throw new HostedAgentPagerError("reported user not found", 404);
+        if (input.pageId && !page)
+            throw new HostedAgentPagerError("page not found", 404);
+        const reportedUserId = reportedUser?.id || (page
+            ? page.from_user_id === input.reporterUserId ? page.to_user_id : page.from_user_id
+            : null);
+        if (!reportedUserId && !page)
+            throw new HostedAgentPagerError("reported user or page id is required", 400);
+        if (reportedUserId === input.reporterUserId && !page) {
+            throw new HostedAgentPagerError("cannot report yourself", 400);
+        }
+        const { data, error } = await this.options.supabase
+            .from("abuse_reports")
+            .insert({
+            reporter_user_id: input.reporterUserId,
+            reported_user_id: reportedUserId,
+            page_id: page?.id || null,
+            reason,
+            details
+        })
+            .select()
+            .single();
+        if (error)
+            throw fromSupabaseError(error);
+        await this.audit("abuse.report", {
+            actorUserId: input.reporterUserId,
+            targetUserId: reportedUserId || undefined,
+            targetType: "abuse_report",
+            targetId: data.id,
+            metadata: { reason, pageId: page?.id || null }
+        });
+        return data;
+    }
+    async createInvite(input) {
+        const ttlHours = Math.min(Math.max(input.ttlHours || DEFAULT_INVITE_TTL_HOURS, 1), MAX_INVITE_TTL_HOURS);
+        const invite = {
+            code: randomCode(),
+            created_by_user_id: input.userId,
+            expires_at: new Date(Date.now() + ttlHours * 3600_000).toISOString()
+        };
+        const { data, error } = await this.options.supabase
+            .from("friend_invites")
+            .insert(invite)
+            .select()
+            .single();
+        if (error)
+            throw fromSupabaseError(error);
+        await this.audit("invite.create", { actorUserId: input.userId, targetType: "friend_invite", targetId: data.code });
+        return data;
+    }
+    async revokeInvite(input) {
+        const { data: existing, error: existingError } = await this.options.supabase
+            .from("friend_invites")
+            .select()
+            .eq("code", cleanInviteCode(input.code))
+            .eq("created_by_user_id", input.userId)
+            .maybeSingle();
+        if (existingError)
+            throw fromSupabaseError(existingError);
+        if (!existing)
+            throw new HostedAgentPagerError("invite not found", 404);
+        if (existing.revoked_at || existing.accepted_by_user_id || existing.use_count >= existing.max_uses)
+            return existing;
+        const { data: invite, error } = await this.options.supabase
+            .from("friend_invites")
+            .update({ revoked_at: nowIso() })
+            .eq("code", existing.code)
+            .eq("created_by_user_id", input.userId)
+            .select()
+            .single();
+        if (error)
+            throw fromSupabaseError(error);
+        await this.audit("invite.revoke", {
+            actorUserId: input.userId,
+            targetType: "friend_invite",
+            targetId: invite.code
+        });
+        return invite;
+    }
+    async acceptInvite(input) {
+        const { data: invite, error } = await this.options.supabase
+            .from("friend_invites")
+            .select()
+            .eq("code", cleanInviteCode(input.code))
+            .maybeSingle();
+        if (error)
+            throw fromSupabaseError(error);
+        if (!invite ||
+            invite.revoked_at ||
+            invite.accepted_by_user_id ||
+            invite.use_count >= invite.max_uses ||
+            Date.parse(invite.expires_at) < Date.now()) {
+            throw new HostedAgentPagerError("invite is invalid or expired", 400);
+        }
+        if (invite.created_by_user_id === input.userId) {
+            throw new HostedAgentPagerError("cannot accept your own invite", 400);
+        }
+        await this.assertNotBlocked(input.userId, invite.created_by_user_id);
+        const { data: request, error: requestError } = await this.options.supabase
+            .from("friend_requests")
+            .insert({
+            from_user_id: input.userId,
+            to_user_id: invite.created_by_user_id,
+            invite_code: invite.code,
+            note: cleanText(input.note || "", 280),
+            status: "approved",
+            resolved_at: nowIso()
+        })
+            .select()
+            .single();
+        if (requestError)
+            throw fromSupabaseError(requestError);
+        const [userA, userB] = orderedUsers(input.userId, invite.created_by_user_id);
+        const { data: friendship, error: friendshipError } = await this.options.supabase
+            .from("friendships")
+            .upsert({
+            user_a_id: userA,
+            user_b_id: userB,
+            created_by_request_id: request.id,
+            revoked_at: null
+        }, { onConflict: "user_a_id,user_b_id" })
+            .select()
+            .single();
+        if (friendshipError)
+            throw fromSupabaseError(friendshipError);
+        const { error: inviteError } = await this.options.supabase
+            .from("friend_invites")
+            .update({
+            accepted_by_user_id: input.userId,
+            accepted_at: nowIso(),
+            use_count: invite.use_count + 1
+        })
+            .eq("code", invite.code);
+        if (inviteError)
+            throw fromSupabaseError(inviteError);
+        await this.audit("invite.accept", {
+            actorUserId: input.userId,
+            targetUserId: invite.created_by_user_id,
+            targetType: "friend_invite",
+            targetId: invite.code
+        });
+        return friendship;
+    }
+    async createFriendRequest(input) {
+        const [sender, recipient] = await Promise.all([
+            this.profileById(input.fromUserId),
+            this.profileByUsername(input.toUsername)
+        ]);
+        if (!sender)
+            throw new HostedAgentPagerError("sender not found", 404);
+        if (!recipient || !recipient.public_profile_enabled)
+            throw new HostedAgentPagerError("profile not found", 404);
+        if (sender.id === recipient.id)
+            throw new HostedAgentPagerError("cannot request yourself", 400);
+        await this.assertNotBlocked(sender.id, recipient.id);
+        const { data: friends, error: friendsError } = await this.options.supabase.rpc("are_friends", {
+            left_user_id: sender.id,
+            right_user_id: recipient.id
+        });
+        if (friendsError)
+            throw fromSupabaseError(friendsError);
+        if (friends)
+            throw new HostedAgentPagerError("already friends", 409);
+        const { data: request, error } = await this.options.supabase
+            .from("friend_requests")
+            .insert({
+            from_user_id: sender.id,
+            to_user_id: recipient.id,
+            note: cleanText(input.note || "", 280),
+            status: "pending"
+        })
+            .select()
+            .single();
+        if (error)
+            throw fromSupabaseError(error);
+        await this.audit("friend_request.create", {
+            actorUserId: sender.id,
+            targetUserId: recipient.id,
+            targetType: "friend_request",
+            targetId: request.id
+        });
+        return request;
+    }
+    async resolveFriendRequest(input) {
+        const { data: existing, error } = await this.options.supabase
+            .from("friend_requests")
+            .select()
+            .eq("id", input.requestId)
+            .maybeSingle();
+        if (error)
+            throw fromSupabaseError(error);
+        if (!existing)
+            throw new HostedAgentPagerError("friend request not found", 404);
+        if (existing.status !== "pending")
+            throw new HostedAgentPagerError("friend request already resolved", 400);
+        const canResolve = input.decision === "canceled"
+            ? existing.from_user_id === input.userId
+            : existing.to_user_id === input.userId;
+        if (!canResolve)
+            throw new HostedAgentPagerError("not allowed to resolve this friend request", 403);
+        const { data: request, error: updateError } = await this.options.supabase
+            .from("friend_requests")
+            .update({
+            status: input.decision,
+            resolved_at: nowIso()
+        })
+            .eq("id", existing.id)
+            .select()
+            .single();
+        if (updateError)
+            throw fromSupabaseError(updateError);
+        let friendship;
+        if (input.decision === "approved") {
+            await this.assertNotBlocked(existing.from_user_id, existing.to_user_id);
+            const [userA, userB] = orderedUsers(existing.from_user_id, existing.to_user_id);
+            const { data, error: friendshipError } = await this.options.supabase
+                .from("friendships")
+                .upsert({
+                user_a_id: userA,
+                user_b_id: userB,
+                created_by_request_id: existing.id,
+                revoked_at: null
+            }, { onConflict: "user_a_id,user_b_id" })
+                .select()
+                .single();
+            if (friendshipError)
+                throw fromSupabaseError(friendshipError);
+            friendship = data;
+        }
+        await this.audit(`friend_request.${input.decision}`, {
+            actorUserId: input.userId,
+            targetUserId: input.decision === "canceled" ? existing.to_user_id : existing.from_user_id,
+            targetType: "friend_request",
+            targetId: existing.id
+        });
+        return { request, friendship };
+    }
+    async sendPage(input) {
+        const message = cleanText(input.message, MESSAGE_MAX);
+        if (!message)
+            throw new HostedAgentPagerError("message is required", 400);
+        const [sender, recipient] = await Promise.all([
+            this.profileById(input.fromUserId),
+            this.profileByUsername(input.toUsername)
+        ]);
+        if (!sender)
+            throw new HostedAgentPagerError("sender not found", 404);
+        if (!recipient)
+            throw new HostedAgentPagerError("recipient not found", 404);
+        if (sender.id === recipient.id)
+            throw new HostedAgentPagerError("cannot page yourself", 400);
+        await this.assertCanPage(sender.id, recipient.id);
+        await this.assertOutsideQuietHours(sender.id, recipient.id);
+        await this.assertWithinRateLimit(sender.id, recipient.id);
+        const { data: page, error: pageError } = await this.options.supabase
+            .from("pages")
+            .insert({
+            from_user_id: sender.id,
+            to_user_id: recipient.id,
+            message,
+            urgency: normalizeUrgency(input.urgency),
+            reply_to_page_id: input.replyToPageId || null
+        })
+            .select()
+            .single();
+        if (pageError)
+            throw fromSupabaseError(pageError);
+        const envelope = {
+            type: "agent-pager.page.v1",
+            page: {
+                ...page,
+                fromUsername: sender.username,
+                toUsername: recipient.username
+            },
+            serverTime: nowIso(),
+            nonce: randomCode(24)
+        };
+        const signature = signText(this.options.serverPrivateKeyPem, stableJson(envelope));
+        const devices = await this.activeDevicesForUser(recipient.id);
+        const deliveryRows = (devices.length ? devices : [null]).map((device) => ({
+            page_id: page.id,
+            recipient_user_id: recipient.id,
+            device_id: device?.id || null,
+            envelope: envelope,
+            server_signature: signature,
+            status: "pending"
+        }));
+        const { data: deliveries, error: deliveryError } = await this.options.supabase
+            .from("page_deliveries")
+            .insert(deliveryRows)
+            .select();
+        if (deliveryError)
+            throw fromSupabaseError(deliveryError);
+        await this.options.supabase
+            .from("rate_limit_events")
+            .insert({
+            actor_user_id: sender.id,
+            target_user_id: recipient.id,
+            action: "page.send"
+        });
+        await this.audit("page.send", {
+            actorUserId: sender.id,
+            targetUserId: recipient.id,
+            targetType: "page",
+            targetId: page.id,
+            metadata: { urgency: page.urgency, deliveries: deliveries.length }
+        });
+        return { page, deliveries, envelope, signature };
+    }
+    async ackDelivery(input) {
+        let query = this.options.supabase
+            .from("page_deliveries")
+            .update({ status: "acked", acked_at: nowIso() })
+            .eq("id", input.deliveryId)
+            .eq("recipient_user_id", input.userId);
+        if (input.deviceId)
+            query = query.eq("device_id", input.deviceId);
+        const { error } = await query;
+        if (error)
+            throw fromSupabaseError(error);
+    }
+    async muteFriend(input) {
+        const [owner, mutedUser] = await Promise.all([
+            this.profileById(input.ownerUserId),
+            this.profileByUsername(input.mutedUsername)
+        ]);
+        if (!owner)
+            throw new HostedAgentPagerError("owner not found", 404);
+        if (!mutedUser)
+            throw new HostedAgentPagerError("friend not found", 404);
+        if (owner.id === mutedUser.id)
+            throw new HostedAgentPagerError("cannot mute yourself", 400);
+        const { data: friends, error } = await this.options.supabase.rpc("are_friends", {
+            left_user_id: owner.id,
+            right_user_id: mutedUser.id
+        });
+        if (error)
+            throw fromSupabaseError(error);
+        if (!friends)
+            throw new HostedAgentPagerError("can only mute approved friends", 403);
+        const mutedUntil = input.durationMs === null || input.durationMs === undefined
+            ? null
+            : new Date(Date.now() + Math.max(input.durationMs, 60_000)).toISOString();
+        const { error: muteError } = await this.options.supabase
+            .from("mutes")
+            .upsert({
+            owner_user_id: owner.id,
+            muted_user_id: mutedUser.id,
+            muted_until: mutedUntil,
+            reason: cleanText(input.reason || "", 160) || null
+        }, { onConflict: "owner_user_id,muted_user_id" });
+        if (muteError)
+            throw fromSupabaseError(muteError);
+        await this.audit("friend.mute", {
+            actorUserId: owner.id,
+            targetUserId: mutedUser.id,
+            targetType: "mute",
+            targetId: mutedUser.id,
+            metadata: { mutedUntil }
+        });
+        return { mutedUntil, mutedUser };
+    }
+    async unmuteFriend(input) {
+        const [owner, mutedUser] = await Promise.all([
+            this.profileById(input.ownerUserId),
+            this.profileByUsername(input.mutedUsername)
+        ]);
+        if (!owner)
+            throw new HostedAgentPagerError("owner not found", 404);
+        if (!mutedUser)
+            throw new HostedAgentPagerError("friend not found", 404);
+        if (owner.id === mutedUser.id)
+            throw new HostedAgentPagerError("cannot unmute yourself", 400);
+        const { error } = await this.options.supabase
+            .from("mutes")
+            .delete()
+            .eq("owner_user_id", owner.id)
+            .eq("muted_user_id", mutedUser.id);
+        if (error)
+            throw fromSupabaseError(error);
+        await this.audit("friend.unmute", {
+            actorUserId: owner.id,
+            targetUserId: mutedUser.id,
+            targetType: "mute",
+            targetId: mutedUser.id
+        });
+        return { unmutedUser: mutedUser };
+    }
+    async removeFriend(input) {
+        const [owner, friend] = await Promise.all([
+            this.profileById(input.ownerUserId),
+            this.profileByUsername(input.friendUsername)
+        ]);
+        if (!owner)
+            throw new HostedAgentPagerError("owner not found", 404);
+        if (!friend)
+            throw new HostedAgentPagerError("friend not found", 404);
+        if (owner.id === friend.id)
+            throw new HostedAgentPagerError("cannot remove yourself", 400);
+        const [userA, userB] = orderedUsers(owner.id, friend.id);
+        const { data: existing, error: existingError } = await this.options.supabase
+            .from("friendships")
+            .select()
+            .eq("user_a_id", userA)
+            .eq("user_b_id", userB)
+            .is("revoked_at", null)
+            .maybeSingle();
+        if (existingError)
+            throw fromSupabaseError(existingError);
+        if (!existing)
+            throw new HostedAgentPagerError("friendship not found", 404);
+        const revokedAt = nowIso();
+        const { data: friendship, error } = await this.options.supabase
+            .from("friendships")
+            .update({ revoked_at: revokedAt })
+            .eq("id", existing.id)
+            .select()
+            .single();
+        if (error)
+            throw fromSupabaseError(error);
+        const { error: muteError } = await this.options.supabase
+            .from("mutes")
+            .delete()
+            .or(`and(owner_user_id.eq.${owner.id},muted_user_id.eq.${friend.id}),and(owner_user_id.eq.${friend.id},muted_user_id.eq.${owner.id})`);
+        if (muteError)
+            throw fromSupabaseError(muteError);
+        await this.audit("friend.remove", {
+            actorUserId: owner.id,
+            targetUserId: friend.id,
+            targetType: "friendship",
+            targetId: friendship.id,
+            metadata: { revokedAt }
+        });
+        return { removedFriend: friend, friendship };
+    }
+    async blockUser(input) {
+        const [owner, blockedUser] = await Promise.all([
+            this.profileById(input.ownerUserId),
+            this.profileByUsername(input.blockedUsername)
+        ]);
+        if (!owner)
+            throw new HostedAgentPagerError("owner not found", 404);
+        if (!blockedUser)
+            throw new HostedAgentPagerError("profile not found", 404);
+        if (owner.id === blockedUser.id)
+            throw new HostedAgentPagerError("cannot block yourself", 400);
+        const { error } = await this.options.supabase
+            .from("blocks")
+            .upsert({
+            owner_user_id: owner.id,
+            blocked_user_id: blockedUser.id
+        }, { onConflict: "owner_user_id,blocked_user_id" });
+        if (error)
+            throw fromSupabaseError(error);
+        const { error: requestError } = await this.options.supabase
+            .from("friend_requests")
+            .update({ status: "denied", resolved_at: nowIso() })
+            .eq("status", "pending")
+            .or(`and(from_user_id.eq.${owner.id},to_user_id.eq.${blockedUser.id}),and(from_user_id.eq.${blockedUser.id},to_user_id.eq.${owner.id})`);
+        if (requestError)
+            throw fromSupabaseError(requestError);
+        await this.audit("friend.block", {
+            actorUserId: owner.id,
+            targetUserId: blockedUser.id,
+            targetType: "block",
+            targetId: blockedUser.id
+        });
+        return { blockedUser };
+    }
+    async unblockUser(input) {
+        const [owner, blockedUser] = await Promise.all([
+            this.profileById(input.ownerUserId),
+            this.profileByUsername(input.blockedUsername)
+        ]);
+        if (!owner)
+            throw new HostedAgentPagerError("owner not found", 404);
+        if (!blockedUser)
+            throw new HostedAgentPagerError("profile not found", 404);
+        if (owner.id === blockedUser.id)
+            throw new HostedAgentPagerError("cannot unblock yourself", 400);
+        const { error } = await this.options.supabase
+            .from("blocks")
+            .delete()
+            .eq("owner_user_id", owner.id)
+            .eq("blocked_user_id", blockedUser.id);
+        if (error)
+            throw fromSupabaseError(error);
+        await this.audit("friend.unblock", {
+            actorUserId: owner.id,
+            targetUserId: blockedUser.id,
+            targetType: "block",
+            targetId: blockedUser.id
+        });
+        return { unblockedUser: blockedUser };
+    }
+    async profileById(id) {
+        const { data, error } = await this.options.supabase
+            .from("profiles")
+            .select()
+            .eq("id", id)
+            .maybeSingle();
+        if (error)
+            throw fromSupabaseError(error);
+        return data;
+    }
+    async profileByUsername(username) {
+        const { data, error } = await this.options.supabase
+            .from("profiles")
+            .select()
+            .eq("username", cleanUsername(username))
+            .maybeSingle();
+        if (error)
+            throw fromSupabaseError(error);
+        return data;
+    }
+    async pageForReport(userId, pageId) {
+        const { data, error } = await this.options.supabase
+            .from("pages")
+            .select()
+            .eq("id", pageId)
+            .or(`from_user_id.eq.${userId},to_user_id.eq.${userId}`)
+            .maybeSingle();
+        if (error)
+            throw fromSupabaseError(error);
+        return data;
+    }
+    async activeDevicesForUser(userId) {
+        const { data, error } = await this.options.supabase
+            .from("devices")
+            .select()
+            .eq("user_id", userId)
+            .is("revoked_at", null);
+        if (error)
+            throw fromSupabaseError(error);
+        return data;
+    }
+    async getValidPairing(code) {
+        const { data: pairing, error } = await this.options.supabase
+            .from("device_pairing_codes")
+            .select()
+            .eq("code", cleanPairingCode(code))
+            .maybeSingle();
+        if (error)
+            throw fromSupabaseError(error);
+        if (!pairing || pairing.revoked_at || Date.parse(pairing.expires_at) < Date.now()) {
+            throw new HostedAgentPagerError("device pairing is invalid or expired", 400);
+        }
+        return pairing;
+    }
+    async deviceById(id) {
+        const { data, error } = await this.options.supabase
+            .from("devices")
+            .select()
+            .eq("id", id)
+            .is("revoked_at", null)
+            .maybeSingle();
+        if (error)
+            throw fromSupabaseError(error);
+        return data;
+    }
+    async assertCanPage(senderId, recipientId) {
+        const { data: friends, error } = await this.options.supabase.rpc("are_friends", {
+            left_user_id: senderId,
+            right_user_id: recipientId
+        });
+        if (error)
+            throw fromSupabaseError(error);
+        if (!friends)
+            throw new HostedAgentPagerError("recipient is not an approved friend", 403);
+        await this.assertNotBlocked(senderId, recipientId);
+        const { data: mutes, error: muteError } = await this.options.supabase
+            .from("mutes")
+            .select("muted_until")
+            .eq("owner_user_id", recipientId)
+            .eq("muted_user_id", senderId);
+        if (muteError)
+            throw fromSupabaseError(muteError);
+        const activeMute = mutes.some((mute) => !mute.muted_until || Date.parse(mute.muted_until) > Date.now());
+        if (activeMute)
+            throw new HostedAgentPagerError("recipient has muted this friend", 403);
+    }
+    async assertNotBlocked(leftUserId, rightUserId) {
+        const { data: blocks, error: blockError } = await this.options.supabase
+            .from("blocks")
+            .select("owner_user_id")
+            .or(`and(owner_user_id.eq.${leftUserId},blocked_user_id.eq.${rightUserId}),and(owner_user_id.eq.${rightUserId},blocked_user_id.eq.${leftUserId})`);
+        if (blockError)
+            throw fromSupabaseError(blockError);
+        if (blocks.length)
+            throw new HostedAgentPagerError("friendship is blocked", 403);
+    }
+    async assertWithinRateLimit(senderId, recipientId) {
+        const since = new Date(Date.now() - RATE_LIMIT_WINDOW_MS).toISOString();
+        const { data: settings, error: settingsError } = await this.options.supabase
+            .from("user_settings")
+            .select("max_pages_per_friend_per_minute")
+            .eq("user_id", recipientId)
+            .maybeSingle();
+        if (settingsError)
+            throw fromSupabaseError(settingsError);
+        const max = settings?.max_pages_per_friend_per_minute || DEFAULT_RATE_LIMIT_MAX;
+        const { count, error } = await this.options.supabase
+            .from("rate_limit_events")
+            .select("id", { count: "exact", head: true })
+            .eq("actor_user_id", senderId)
+            .eq("target_user_id", recipientId)
+            .eq("action", "page.send")
+            .gte("created_at", since);
+        if (error)
+            throw fromSupabaseError(error);
+        if ((count || 0) >= max)
+            throw new HostedAgentPagerError("rate limited for this friend", 429);
+    }
+    async assertOutsideQuietHours(senderId, recipientId) {
+        const { data: settings, error } = await this.options.supabase
+            .from("user_settings")
+            .select("quiet_hours")
+            .eq("user_id", recipientId)
+            .maybeSingle();
+        if (error)
+            throw fromSupabaseError(error);
+        if (!settings || !isQuietHoursActive(settings.quiet_hours))
+            return;
+        await this.audit("page.quiet_hours_block", {
+            actorUserId: senderId,
+            targetUserId: recipientId,
+            targetType: "user_settings",
+            targetId: recipientId
+        });
+        throw new HostedAgentPagerError("recipient is in quiet hours", 403);
+    }
+    async audit(action, input) {
+        const { error } = await this.options.supabase.from("audit_events").insert({
+            action,
+            actor_user_id: input.actorUserId || null,
+            target_user_id: input.targetUserId || null,
+            target_type: input.targetType || null,
+            target_id: input.targetId || null,
+            metadata: (input.metadata || {})
+        });
+        if (error)
+            throw fromSupabaseError(error);
+    }
+}
+export class HostedAgentPagerError extends Error {
+    status;
+    constructor(message, status = 500) {
+        super(message);
+        this.status = status;
+    }
+}
+function fromSupabaseError(error) {
+    const status = error.code === "23505" ? 409 : error.code === "23514" ? 400 : 500;
+    return new HostedAgentPagerError(error.message, status);
+}
+function cleanUsername(value) {
+    return String(value || "").trim().toLowerCase().replace(/[^a-z0-9_-]/g, "").slice(0, 31);
+}
+function cleanText(value, max) {
+    return String(value || "").trim().replace(/\s+/g, " ").slice(0, max);
+}
+function normalizeOneOf(value, allowed, label) {
+    if (allowed.includes(value))
+        return value;
+    throw new HostedAgentPagerError(`${label} is invalid`, 400);
+}
+function normalizeQuietHours(value) {
+    if (!value || typeof value !== "object" || Array.isArray(value)) {
+        throw new HostedAgentPagerError("quietHours must be an object", 400);
+    }
+    const input = value;
+    const enabled = Boolean(input.enabled);
+    const start = typeof input.start === "string" && input.start ? input.start : "22:00";
+    const end = typeof input.end === "string" && input.end ? input.end : "08:00";
+    const timezone = typeof input.timezone === "string" && input.timezone ? cleanText(input.timezone, 80) : "UTC";
+    assertClockTime(start, "quietHours.start");
+    assertClockTime(end, "quietHours.end");
+    assertTimeZone(timezone);
+    return { enabled, start, end, timezone };
+}
+function quietHoursFromJson(value) {
+    if (!value || typeof value !== "object" || Array.isArray(value))
+        return null;
+    const input = value;
+    const enabled = input.enabled === true;
+    const start = typeof input.start === "string" ? input.start : "";
+    const end = typeof input.end === "string" ? input.end : "";
+    const timezone = typeof input.timezone === "string" ? input.timezone : "UTC";
+    if (!enabled || !isClockTime(start) || !isClockTime(end) || !isValidTimeZone(timezone))
+        return null;
+    return { enabled, start, end, timezone };
+}
+function isQuietHoursActive(value) {
+    const quietHours = quietHoursFromJson(value);
+    if (!quietHours)
+        return false;
+    const start = minutesFromClockTime(quietHours.start);
+    const end = minutesFromClockTime(quietHours.end);
+    if (start === end)
+        return false;
+    const now = localMinutesInTimeZone(quietHours.timezone);
+    return start < end ? now >= start && now < end : now >= start || now < end;
+}
+function assertClockTime(value, label) {
+    if (!isClockTime(value))
+        throw new HostedAgentPagerError(`${label} must be HH:MM`, 400);
+}
+function isClockTime(value) {
+    return /^([01]\d|2[0-3]):[0-5]\d$/.test(value);
+}
+function minutesFromClockTime(value) {
+    const [hours, minutes] = value.split(":").map(Number);
+    return hours * 60 + minutes;
+}
+function assertTimeZone(value) {
+    if (!isValidTimeZone(value))
+        throw new HostedAgentPagerError("quietHours.timezone is invalid", 400);
+}
+function isValidTimeZone(value) {
+    try {
+        new Intl.DateTimeFormat("en-US", { timeZone: value }).format(new Date());
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+function localMinutesInTimeZone(timeZone) {
+    const parts = new Intl.DateTimeFormat("en-GB", {
+        timeZone,
+        hour: "2-digit",
+        minute: "2-digit",
+        hour12: false
+    }).formatToParts(new Date());
+    const hour = Number(parts.find((part) => part.type === "hour")?.value || 0) % 24;
+    const minute = Number(parts.find((part) => part.type === "minute")?.value || 0);
+    return hour * 60 + minute;
+}
+function randomCode(bytes = 18) {
+    return randomBytes(bytes).toString("base64url");
+}
+function randomPairingCode() {
+    return randomBytes(5).toString("hex").toUpperCase();
+}
+function cleanPairingCode(value) {
+    return String(value || "").trim().toUpperCase().replace(/[^A-Z0-9]/g, "").slice(0, 16);
+}
+function cleanInviteCode(value) {
+    return String(value || "").trim().replace(/[^A-Za-z0-9_-]/g, "").slice(0, 96);
+}
+function orderedUsers(left, right) {
+    return left < right ? [left, right] : [right, left];
+}
+function normalizeUrgency(urgency) {
+    return urgency && ["gentle", "normal", "firm", "professionally-dramatic"].includes(urgency) ? urgency : "normal";
+}