agent-yes 1.120.0 → 1.121.0

package/ts/serve.ts

@@ -313,8 +313,9 @@ async function cmdServeDaemon(sub: string, args: string[]): Promise<number> {
       process.stdout.write(`  ay serve uninstall           # remove daemon\n`);
       if (webrtcish) {
         process.stdout.write(
-          `\nthe WebRTC share link is printed by the daemon — see: ay serve logs\n` +
-            `(the room persists in ~/.agent-yes/.share-room, so the link survives restarts)\n`,
+          `\nthe WebRTC share link carries a secret, so the daemon does NOT log it —\n` +
+            `read it from ~/.agent-yes/.share-link (mode 0600). The room persists in\n` +
+            `~/.agent-yes/.share-room, so the link survives restarts.\n`,
         );
       }
     }
@@ -1002,6 +1003,8 @@ export async function cmdServe(rest: string[]): Promise<number> {
       return serveUiFile("room-client.js", "text/javascript; charset=utf-8");
     if (req.method === "GET" && p === "/console-logic.js")
       return serveUiFile("console-logic.js", "text/javascript; charset=utf-8");
+    if (req.method === "GET" && p === "/e2e.js")
+      return serveUiFile("e2e.js", "text/javascript; charset=utf-8");
     if (req.method === "GET" && p === "/favicon.ico") return new Response(null, { status: 204 });
     return apiFetch(req);
   };
@@ -1063,18 +1066,37 @@ export async function cmdServe(rest: string[]): Promise<number> {
       const { startShare, loadOrCreateShareRoom } = await import("./share.ts");
       // No explicit webrtc:// URL → reuse the persisted room (minted once and
       // saved like the serve token), so the link is stable across restarts.
-      const { link, close } = await startShare({
+      const { room, link, close } = await startShare({
         url: explicitUrl ?? (await loadOrCreateShareRoom()),
         localFetch: apiFetch,
         apiToken: token,
       });
       closeShare = close;
-      process.stdout.write(
-        `${wantHttp ? "\n" : ""}shared over WebRTC — open this link (the token is eaten from the URL on open):\n  ${link}\n` +
-          (explicitUrl
-            ? "\n"
-            : `  (persistent room — same link across restarts; delete ~/.agent-yes/.share-room to rotate)\n\n`),
-      );
+      const persistNote = explicitUrl
+        ? "\n"
+        : `  (persistent room — same link across restarts; delete ~/.agent-yes/.share-room to rotate)\n\n`;
+      if (process.stdout.isTTY) {
+        process.stdout.write(
+          `${wantHttp ? "\n" : ""}shared over WebRTC — open this link (the token is eaten from the URL on open):\n  ${link}\n` +
+            persistNote,
+        );
+      } else {
+        // Non-TTY (daemon/journal/CI): the link embeds the room secret S, so never
+        // write it to a log stream. Stash it in a 0600 file and point there instead.
+        const linkFile = path.join(
+          process.env.AGENT_YES_HOME ?? path.join(homedir(), ".agent-yes"),
+          ".share-link",
+        );
+        try {
+          await writeFile(linkFile, link + "\n", { mode: 0o600 });
+        } catch {
+          /* best effort */
+        }
+        process.stdout.write(
+          `${wantHttp ? "\n" : ""}shared over WebRTC · room ${room} — the link carries a secret, so it is NOT logged.\n` +
+            `  read it from ${linkFile} (mode 0600); delete ~/.agent-yes/.share-room to rotate\n\n`,
+        );
+      }
     } catch (e) {
       process.stderr.write(`ay serve --webrtc failed: ${(e as Error).message}\n`);
       if (!wantHttp) return 1; // nothing else is running

package/ts/share.ts

@@ -8,10 +8,24 @@ import { randomBytes } from "crypto";
 import { mkdir, readFile, writeFile } from "fs/promises";
 import { homedir } from "os";
 import path from "path";
+import {
+  CONFIRM_TIMEOUT_MS,
+  FLAG_CONFIRM,
+  MARKER,
+  MAX_CHUNK,
+  computeTranscriptHash,
+  deriveAuthToken,
+  deriveDirKeys,
+  open as e2eOpen,
+  seal as e2eSeal,
+  packEnvelope,
+  parseSecret,
+  randomHex,
+  unpackEnvelope,
+} from "../lab/ui/e2e.js";
 
 const SUB = "ay-signal-1";
 const ICE = [{ urls: "stun:stun.l.google.com:19302" }];
-const MAX_CHUNK = 15_000; // keep DataChannel messages under the SCTP limit
 const DEFAULT_SIGHOST = "s.agent-yes.com";
 
 export interface ShareOpts {
@@ -38,13 +52,20 @@ function shareRoomPath(): string {
 export async function loadOrCreateShareRoom(sighost = DEFAULT_SIGHOST): Promise<string> {
   try {
     const url = (await readFile(shareRoomPath(), "utf-8")).trim();
-    if (url.startsWith("webrtc://")) return url;
+    if (url.startsWith("webrtc://")) {
+      // A v2 (encrypted) room carries the e1. marker on its secret — reuse it.
+      // A legacy markerless room is rotated to a fresh encrypted room below: the
+      // signaling DO has pinned the old room to its plaintext token, so we must
+      // mint a NEW room name. This is a one-time, deliberate security upgrade —
+      // old share links stop working; re-open the new printed link.
+      if (parseShareUrl(url).token.startsWith(MARKER)) return url;
+    }
   } catch {
     /* not yet minted */
   }
   const room = "r" + randomBytes(3).toString("hex");
-  const token = randomBytes(32).toString("hex");
-  const url = `webrtc://${room}:${token}@${sighost}`;
+  const s = randomBytes(32).toString("hex");
+  const url = `webrtc://${room}:${MARKER}${s}@${sighost}`;
   await mkdir(path.dirname(shareRoomPath()), { recursive: true });
   await writeFile(shareRoomPath(), url, { mode: 0o600 });
   return url;
@@ -146,17 +167,46 @@ export async function startShare(
     ? parseShareUrl(opts.url)
     : {
         room: "r" + randomBytes(3).toString("hex"),
-        token: randomBytes(32).toString("hex"),
+        token: `${MARKER}${randomBytes(32).toString("hex")}`,
         host: sighost,
       };
 
+  // E2E: the URL secret S splits into authToken (the only value the server sees,
+  // for room matching) and per-connection AES keys the server never sees. We
+  // refuse to host a legacy plaintext room — old rooms are auto-rotated to v2 by
+  // loadOrCreateShareRoom (delete ~/.agent-yes/.share-room to force a rotation).
+  const { s: S, v2 } = parseSecret(token);
+  if (!v2) {
+    throw new Error(
+      "refusing to host an unencrypted room — delete ~/.agent-yes/.share-room to rotate to an encrypted link",
+    );
+  }
+  const authToken = await deriveAuthToken(S, room, host);
+
   const RTCPeerConnection = await importRTC();
   const wsScheme = host.startsWith("localhost") || host.startsWith("127.") ? "ws" : "wss";
   const ui = host === "s.agent-yes.com" ? "https://agent-yes.com" : "http://localhost:7778";
   const suffix = host === "s.agent-yes.com" ? "" : "@" + host;
-  const link = `${ui}/#${room}:${token}${suffix}`;
+  const link = `${ui}/#${room}:${MARKER}${S}${suffix}`;
 
-  type Peer = { pc: any; aborts: Map<number, AbortController> };
+  type Peer = {
+    pc: any;
+    aborts: Map<string, AbortController>;
+    send: { sendCtr: bigint };
+    recv: { lastSeen: bigint };
+    th?: Uint8Array;
+    keyH2C?: CryptoKey; // host encrypts with H2C, decrypts with C2H
+    keyC2H?: CryptoKey;
+    keysReady: Promise<void>;
+    resolveKeys: () => void;
+    myNonce: string;
+    confirmedIn: boolean; // peer echoed our nonce
+    confirmedOut: boolean; // we echoed peer's nonce
+    confirmed: boolean;
+    confirmTimer?: ReturnType<typeof setTimeout>;
+    recvChain: Promise<void>; // serialize decrypts so the replay counter stays ordered
+    sendChain: Promise<void>; // serialize seals so wire order == counter order
+  };
   const peers = new Map<string, Peer>();
   let closed = false; // set by close(); stops signaling reconnect + new peers
   let currentWs: WebSocket | undefined; // the live rendezvous socket, for close()
@@ -167,7 +217,7 @@ export async function startShare(
     currentWs = ws;
     let ready = false;
     ws.onopen = () => {
-      ws.send(JSON.stringify({ type: "hello", role: "host", token }));
+      ws.send(JSON.stringify({ type: "hello", role: "host", v: 2, token: authToken }));
       ready = true;
       onReady();
     };
@@ -175,17 +225,44 @@ export async function startShare(
       if (closed) return;
       const m = JSON.parse(ev.data as string);
       if (m.type === "peer-join") startPeer(ws, m.peer);
-      else if (m.type === "answer")
-        await peers.get(m.from)?.pc.setRemoteDescription({ type: "answer", sdp: m.sdp });
-      else if (m.type === "candidate")
+      else if (m.type === "answer") {
+        const peer = peers.get(m.from);
+        if (!peer) return;
+        try {
+          await peer.pc.setRemoteDescription({ type: "answer", sdp: m.sdp });
+          // Derive per-connection keys the moment both descriptions are stable —
+          // before the DataChannel can open and deliver a frame. Host's offer is
+          // local, the browser's answer is remote.
+          peer.th = await computeTranscriptHash(
+            peer.pc.localDescription.sdp,
+            peer.pc.remoteDescription.sdp,
+          );
+          const { keyH2C, keyC2H } = await deriveDirKeys(S, peer.th);
+          peer.keyH2C = keyH2C;
+          peer.keyC2H = keyC2H;
+          peer.resolveKeys();
+        } catch {
+          closePeer(m.from);
+        }
+      } else if (m.type === "candidate")
         await peers
           .get(m.from)
           ?.pc.addIceCandidate(m.candidate)
           .catch(() => {});
       else if (m.type === "peer-leave") closePeer(m.peer);
     };
-    ws.onclose = () => {
+    ws.onclose = (ev: any) => {
       if (closed) return; // shutting down — don't resurrect the rendezvous
+      // The signaling server pins a room to its first host's authToken. A 1008
+      // means a different generation already owns this room — don't hot-loop;
+      // tell the operator to rotate. (Secret-free message.)
+      if (ev?.code === 1008) {
+        closed = true;
+        process.stderr.write(
+          "[share] room rejected by signaling server — delete ~/.agent-yes/.share-room to rotate the room\n",
+        );
+        return;
+      }
       // Keep established WebRTC peers; just re-establish the rendezvous so new
       // browsers can still join. Backoff a little to avoid hot-looping.
       setTimeout(() => connectSignaling(() => {}), ready ? 1500 : 4000);
@@ -196,8 +273,23 @@ export async function startShare(
 
   function startPeer(ws: WebSocket, peerId: string) {
     const pc = new RTCPeerConnection({ iceServers: ICE });
-    const aborts = new Map<number, AbortController>();
-    peers.set(peerId, { pc, aborts });
+    let resolveKeys!: () => void;
+    const keysReady = new Promise<void>((r) => (resolveKeys = r));
+    const peer: Peer = {
+      pc,
+      aborts: new Map<string, AbortController>(),
+      send: { sendCtr: 0n },
+      recv: { lastSeen: -1n },
+      keysReady,
+      resolveKeys,
+      myNonce: randomHex(16),
+      confirmedIn: false,
+      confirmedOut: false,
+      confirmed: false,
+      recvChain: Promise.resolve(),
+      sendChain: Promise.resolve(),
+    };
+    peers.set(peerId, peer);
     pc.onicecandidate = (e: any) => {
       if (e.candidate)
         ws.send(JSON.stringify({ type: "candidate", to: peerId, candidate: e.candidate }));
@@ -206,7 +298,26 @@ export async function startShare(
       if (["failed", "closed", "disconnected"].includes(pc.connectionState)) closePeer(peerId);
     };
     const dc = pc.createDataChannel("api");
-    dc.onmessage = (e: any) => onReq(dc, aborts, JSON.parse(e.data));
+    dc.binaryType = "arraybuffer";
+    dc.onopen = async () => {
+      try {
+        await peer.keysReady; // keys derived in the answer handler
+        // Open the mandatory bidirectional key-confirmation handshake. Nothing
+        // the peer sends is acted on until BOTH directions confirm (see onFrame).
+        enqueueSeal(peerId, dc, peer, FLAG_CONFIRM, { t: "confirm", nonce: peer.myNonce });
+        peer.confirmTimer = setTimeout(() => {
+          if (!peer.confirmed) closePeer(peerId);
+        }, CONFIRM_TIMEOUT_MS);
+      } catch {
+        closePeer(peerId);
+      }
+    };
+    // Serialize decrypts: WebCrypto open() is async, and a reliable+ordered
+    // channel must be processed in order or the monotonic replay check would
+    // spuriously reject a reordered await.
+    dc.onmessage = (e: any) => {
+      peer.recvChain = peer.recvChain.then(() => onFrame(peerId, dc, peer, e.data)).catch(() => {});
+    };
     pc.createOffer()
       .then((o: any) => pc.setLocalDescription(o))
       .then(() =>
@@ -217,6 +328,7 @@ export async function startShare(
   function closePeer(peerId: string) {
     const p = peers.get(peerId);
     if (!p) return;
+    if (p.confirmTimer) clearTimeout(p.confirmTimer);
     for (const a of p.aborts.values()) a.abort();
     try {
       p.pc.close();
@@ -226,29 +338,72 @@ export async function startShare(
     peers.delete(peerId);
   }
 
-  function send(dc: any, obj: object) {
-    // readyState alone is racy: node-datachannel can still report "open" for a
-    // tick after a dropped peer's channel is torn down underneath, so dc.send()
-    // throws "DataChannel is closed". Swallow it — the frame is for a peer that's
-    // already gone (closePeer aborts its in-flight requests right behind this).
-    if (dc.readyState !== "open") return;
+  // Seal an envelope and send it, serialized per peer so the wire order matches
+  // the nonce-counter order (so the receiver's monotonic check never trips).
+  function enqueueSeal(peerId: string, dc: any, peer: Peer, flags: number, obj: object) {
+    peer.sendChain = peer.sendChain.then(async () => {
+      if (dc.readyState !== "open" || !peer.keyH2C || !peer.th) return;
+      let frame: ArrayBuffer;
+      try {
+        frame = await e2eSeal(peer.keyH2C, peer.send, flags, peer.th, packEnvelope(obj));
+      } catch {
+        closePeer(peerId); // counter overflow — fail closed
+        return;
+      }
+      try {
+        dc.send(frame);
+      } catch {
+        /* peer vanished mid-send; dropping the frame is correct */
+      }
+    });
+    return peer.sendChain;
+  }
+
+  // Decrypt + route one inbound frame. Fail-closed: any decryption failure,
+  // replay, pre-confirmation app frame, or string frame closes the peer.
+  async function onFrame(peerId: string, dc: any, peer: Peer, data: any) {
+    if (!peers.has(peerId)) return;
+    if (typeof data === "string" || !peer.keyC2H || !peer.th) return closePeer(peerId);
+    let env: any;
     try {
-      dc.send(JSON.stringify(obj));
+      const { plaintext } = await e2eOpen(peer.keyC2H, data, peer.th, peer.recv);
+      env = unpackEnvelope(plaintext);
     } catch {
-      /* peer vanished mid-send; dropping the frame is correct */
+      return closePeer(peerId); // bad version/epoch/tag/AAD or replay
+    }
+    if (!peer.confirmed) {
+      if (!env || env.t !== "confirm") return closePeer(peerId);
+      if (typeof env.nonce === "string" && !peer.confirmedOut) {
+        // Flush our echo before marking confirmed-out (so no app frame is acted on
+        // until the peer can also complete its side).
+        await enqueueSeal(peerId, dc, peer, FLAG_CONFIRM, {
+          t: "confirm",
+          nonce: peer.myNonce,
+          echo: env.nonce,
+        });
+        peer.confirmedOut = true;
+      }
+      if (env.echo && env.echo === peer.myNonce) peer.confirmedIn = true;
+      if (peer.confirmedIn && peer.confirmedOut) {
+        peer.confirmed = true;
+        if (peer.confirmTimer) clearTimeout(peer.confirmTimer);
+      }
+      return;
     }
+    if (!env || env.t === "confirm") return; // stray confirm after handshake — ignore
+    onReq(peerId, dc, peer, env);
   }
 
-  async function onReq(dc: any, aborts: Map<number, AbortController>, req: any) {
+  async function onReq(peerId: string, dc: any, peer: Peer, req: any) {
     if (req.t === "abort") {
-      aborts.get(req.id)?.abort();
-      aborts.delete(req.id);
+      peer.aborts.get(req.id)?.abort();
+      peer.aborts.delete(req.id);
       return;
     }
     if (req.t !== "req") return;
     const { id, method, path: p, body } = req;
     const ac = new AbortController();
-    aborts.set(id, ac);
+    peer.aborts.set(id, ac);
     try {
       // The host part is a placeholder — the handler only routes on the path.
       const res = await opts.localFetch(
@@ -262,21 +417,39 @@ export async function startShare(
           signal: ac.signal,
         }),
       );
-      send(dc, { t: "res", id, status: res.status, ct: res.headers.get("content-type") ?? "" });
+      enqueueSeal(peerId, dc, peer, 0, {
+        t: "res",
+        id,
+        status: res.status,
+        ct: res.headers.get("content-type") ?? "",
+      });
       const reader = res.body!.getReader();
       const dec = new TextDecoder();
+      let seq = 0;
       for (;;) {
         const { done, value } = await reader.read();
         if (done) break;
         const text = dec.decode(value, { stream: true });
+        // Slice on UTF-16 boundaries: JSON round-trips lone surrogates as \uXXXX,
+        // so the receiver reassembles the exact text by concatenating in seq order.
         for (let i = 0; i < text.length; i += MAX_CHUNK)
-          send(dc, { t: "data", id, chunk: text.slice(i, i + MAX_CHUNK) });
+          enqueueSeal(peerId, dc, peer, 0, {
+            t: "data",
+            id,
+            seq: seq++,
+            chunk: text.slice(i, i + MAX_CHUNK),
+          });
       }
-      send(dc, { t: "end", id });
+      enqueueSeal(peerId, dc, peer, 0, { t: "end", id, seq });
     } catch (e) {
-      if ((e as Error).name !== "AbortError") send(dc, { t: "end", id, error: String(e) });
+      if ((e as Error).name !== "AbortError")
+        enqueueSeal(peerId, dc, peer, 0, {
+          t: "end",
+          id,
+          error: String((e as Error).message ?? e),
+        });
     } finally {
-      aborts.delete(id);
+      peer.aborts.delete(id);
     }
   }
 

package/dist/SUPPORTED_CLIS-CoYWGWbP.js

@@ -1,8 +0,0 @@
-import "./ts-C78N0K4F.js";
-import "./logger-B9h0djqx.js";
-import "./versionChecker-CYZtJKMG.js";
-import "./pidStore-B5vBu8Px.js";
-import "./globalPidIndex-gZuTvTBs.js";
-import { t as SUPPORTED_CLIS } from "./SUPPORTED_CLIS-BD8zWc7O.js";
-
-export { SUPPORTED_CLIS };

package/dist/share-B7J79Wq9.js

@@ -1,254 +0,0 @@
-import { mkdir, readFile, writeFile } from "fs/promises";
-import { homedir } from "os";
-import path from "path";
-import { randomBytes } from "crypto";
-
-//#region ts/share.ts
-const SUB = "ay-signal-1";
-const ICE = [{ urls: "stun:stun.l.google.com:19302" }];
-const MAX_CHUNK = 15e3;
-const DEFAULT_SIGHOST = "s.agent-yes.com";
-function shareRoomPath() {
-	const home = process.env.AGENT_YES_HOME ?? path.join(homedir(), ".agent-yes");
-	return path.join(home, ".share-room");
-}
-async function loadOrCreateShareRoom(sighost = DEFAULT_SIGHOST) {
-	try {
-		const url = (await readFile(shareRoomPath(), "utf-8")).trim();
-		if (url.startsWith("webrtc://")) return url;
-	} catch {}
-	const url = `webrtc://${"r" + randomBytes(3).toString("hex")}:${randomBytes(32).toString("hex")}@${sighost}`;
-	await mkdir(path.dirname(shareRoomPath()), { recursive: true });
-	await writeFile(shareRoomPath(), url, { mode: 384 });
-	return url;
-}
-function parseShareUrl(s) {
-	const m = /^webrtc:\/\/([^:@/]+):([^@/]+)@(.+)$/.exec(s);
-	if (!m) throw new Error(`bad --share url: ${s} (want webrtc://room:token@host)`);
-	return {
-		room: m[1],
-		token: m[2],
-		host: m[3]
-	};
-}
-async function linkFromBunCache() {
-	const { existsSync, symlinkSync, mkdirSync, readdirSync } = await import("fs");
-	const path = (await import("path")).default;
-	const { createRequire } = await import("module");
-	const require = createRequire(import.meta.url);
-	const pkg = path.dirname(require.resolve("node-datachannel/package.json"));
-	const bin = path.join(pkg, "build", "Release", "node_datachannel.node");
-	const cacheRoot = path.join((await import("os")).homedir(), ".bun", "install", "cache");
-	if (existsSync(bin) && existsSync(cacheRoot)) for (const d of readdirSync(cacheRoot)) {
-		if (!d.startsWith("node-datachannel@")) continue;
-		const dst = path.join(cacheRoot, d, "build", "Release");
-		mkdirSync(dst, { recursive: true });
-		const link = path.join(dst, "node_datachannel.node");
-		if (!existsSync(link)) symlinkSync(bin, link);
-	}
-}
-async function ndPackageDir() {
-	try {
-		const path = (await import("path")).default;
-		const { createRequire } = await import("module");
-		const require = createRequire(import.meta.url);
-		return path.dirname(require.resolve("node-datachannel/package.json"));
-	} catch {
-		return null;
-	}
-}
-async function ensureAddon(ndDir) {
-	const { existsSync } = await import("fs");
-	const path = (await import("path")).default;
-	if (existsSync(path.join(ndDir, "build", "Release", "node_datachannel.node"))) return;
-	try {
-		const { createRequire } = await import("module");
-		const binJs = createRequire(import.meta.url).resolve("prebuild-install/bin.js", { paths: [ndDir] });
-		const { spawnSync } = await import("child_process");
-		process.stderr.write("fetching node-datachannel prebuilt binary (one-time)…\n");
-		spawnSync(process.execPath, [
-			binJs,
-			"-r",
-			"napi"
-		], {
-			cwd: ndDir,
-			stdio: "ignore"
-		});
-	} catch {}
-}
-async function importRTC() {
-	const ndDir = await ndPackageDir();
-	if (ndDir) await ensureAddon(ndDir);
-	try {
-		return (await import("node-datachannel/polyfill")).RTCPeerConnection;
-	} catch (firstErr) {
-		await linkFromBunCache().catch(() => {});
-		try {
-			return (await import("node-datachannel/polyfill")).RTCPeerConnection;
-		} catch {
-			throw firstErr;
-		}
-	}
-}
-/** Start the share bridge. Resolves once signaling is connected; runs until the
-*  process exits, reconnecting signaling on drop. Returns the shareable link. */
-async function startShare(opts) {
-	opts.url;
-	const sighost = opts.sighost ?? DEFAULT_SIGHOST;
-	const { room, token, host } = opts.url ? parseShareUrl(opts.url) : {
-		room: "r" + randomBytes(3).toString("hex"),
-		token: randomBytes(32).toString("hex"),
-		host: sighost
-	};
-	const RTCPeerConnection = await importRTC();
-	const wsScheme = host.startsWith("localhost") || host.startsWith("127.") ? "ws" : "wss";
-	const link = `${host === "s.agent-yes.com" ? "https://agent-yes.com" : "http://localhost:7778"}/#${room}:${token}${host === "s.agent-yes.com" ? "" : "@" + host}`;
-	const peers = /* @__PURE__ */ new Map();
-	let closed = false;
-	let currentWs;
-	const connectSignaling = (onReady) => {
-		if (closed) return;
-		const ws = new WebSocket(`${wsScheme}://${host}/${room}`, [SUB]);
-		currentWs = ws;
-		let ready = false;
-		ws.onopen = () => {
-			ws.send(JSON.stringify({
-				type: "hello",
-				role: "host",
-				token
-			}));
-			ready = true;
-			onReady();
-		};
-		ws.onmessage = async (ev) => {
-			if (closed) return;
-			const m = JSON.parse(ev.data);
-			if (m.type === "peer-join") startPeer(ws, m.peer);
-			else if (m.type === "answer") await peers.get(m.from)?.pc.setRemoteDescription({
-				type: "answer",
-				sdp: m.sdp
-			});
-			else if (m.type === "candidate") await peers.get(m.from)?.pc.addIceCandidate(m.candidate).catch(() => {});
-			else if (m.type === "peer-leave") closePeer(m.peer);
-		};
-		ws.onclose = () => {
-			if (closed) return;
-			setTimeout(() => connectSignaling(() => {}), ready ? 1500 : 4e3);
-		};
-		ws.onerror = () => {};
-		return ws;
-	};
-	function startPeer(ws, peerId) {
-		const pc = new RTCPeerConnection({ iceServers: ICE });
-		const aborts = /* @__PURE__ */ new Map();
-		peers.set(peerId, {
-			pc,
-			aborts
-		});
-		pc.onicecandidate = (e) => {
-			if (e.candidate) ws.send(JSON.stringify({
-				type: "candidate",
-				to: peerId,
-				candidate: e.candidate
-			}));
-		};
-		pc.onconnectionstatechange = () => {
-			if ([
-				"failed",
-				"closed",
-				"disconnected"
-			].includes(pc.connectionState)) closePeer(peerId);
-		};
-		const dc = pc.createDataChannel("api");
-		dc.onmessage = (e) => onReq(dc, aborts, JSON.parse(e.data));
-		pc.createOffer().then((o) => pc.setLocalDescription(o)).then(() => ws.send(JSON.stringify({
-			type: "offer",
-			to: peerId,
-			sdp: pc.localDescription.sdp
-		})));
-	}
-	function closePeer(peerId) {
-		const p = peers.get(peerId);
-		if (!p) return;
-		for (const a of p.aborts.values()) a.abort();
-		try {
-			p.pc.close();
-		} catch {}
-		peers.delete(peerId);
-	}
-	function send(dc, obj) {
-		if (dc.readyState !== "open") return;
-		try {
-			dc.send(JSON.stringify(obj));
-		} catch {}
-	}
-	async function onReq(dc, aborts, req) {
-		if (req.t === "abort") {
-			aborts.get(req.id)?.abort();
-			aborts.delete(req.id);
-			return;
-		}
-		if (req.t !== "req") return;
-		const { id, method, path: p, body } = req;
-		const ac = new AbortController();
-		aborts.set(id, ac);
-		try {
-			const res = await opts.localFetch(new Request(`http://ay.local${p}`, {
-				method,
-				headers: {
-					Authorization: `Bearer ${opts.apiToken}`,
-					...body ? { "Content-Type": "application/json" } : {}
-				},
-				body: body ?? void 0,
-				signal: ac.signal
-			}));
-			send(dc, {
-				t: "res",
-				id,
-				status: res.status,
-				ct: res.headers.get("content-type") ?? ""
-			});
-			const reader = res.body.getReader();
-			const dec = new TextDecoder();
-			for (;;) {
-				const { done, value } = await reader.read();
-				if (done) break;
-				const text = dec.decode(value, { stream: true });
-				for (let i = 0; i < text.length; i += MAX_CHUNK) send(dc, {
-					t: "data",
-					id,
-					chunk: text.slice(i, i + MAX_CHUNK)
-				});
-			}
-			send(dc, {
-				t: "end",
-				id
-			});
-		} catch (e) {
-			if (e.name !== "AbortError") send(dc, {
-				t: "end",
-				id,
-				error: String(e)
-			});
-		} finally {
-			aborts.delete(id);
-		}
-	}
-	await new Promise((resolve) => connectSignaling(resolve));
-	const close = () => {
-		closed = true;
-		try {
-			currentWs?.close();
-		} catch {}
-		for (const peerId of [...peers.keys()]) closePeer(peerId);
-	};
-	return {
-		room,
-		link,
-		close
-	};
-}
-
-//#endregion
-export { loadOrCreateShareRoom, startShare };
-//# sourceMappingURL=share-B7J79Wq9.js.map