agent-yes 1.94.2 → 1.96.0

package/dist/SUPPORTED_CLIS-B2FAlgXF.js

@@ -0,0 +1,8 @@
+import { t as CLIS_CONFIG } from "./ts-DkjQJTcB.js";
+
+//#region ts/SUPPORTED_CLIS.ts
+const SUPPORTED_CLIS = Object.keys(CLIS_CONFIG);
+
+//#endregion
+export { SUPPORTED_CLIS as t };
+//# sourceMappingURL=SUPPORTED_CLIS-B2FAlgXF.js.map

package/dist/SUPPORTED_CLIS-G8izHOJP.js

@@ -0,0 +1,8 @@
+import "./ts-DkjQJTcB.js";
+import "./logger-B9h0djqx.js";
+import "./versionChecker-xqnqyGKE.js";
+import "./pidStore-DTzl6zeh.js";
+import "./globalPidIndex-yVd3mbsV.js";
+import { t as SUPPORTED_CLIS } from "./SUPPORTED_CLIS-B2FAlgXF.js";
+
+export { SUPPORTED_CLIS };

package/dist/cli.js

@@ -1,6 +1,6 @@
 #!/usr/bin/env bun
 import { n as logger } from "./logger-B9h0djqx.js";
-import { i as versionString, n as displayVersion, r as getInstalledPackage, t as checkAndAutoUpdate } from "./versionChecker-BY5g27iW.js";
+import { i as versionString, n as displayVersion, r as getInstalledPackage, t as checkAndAutoUpdate } from "./versionChecker-xqnqyGKE.js";
 import { argv } from "process";
 import { execFileSync, spawn } from "child_process";
 import ms from "ms";
@@ -482,7 +482,7 @@ function buildRustArgs(argv, cliFromScript, supportedClis) {
 {
 	const rawArg = process.argv[2];
 	const isHelpFlag = rawArg === "-h" || rawArg === "--help";
-	const { isSubcommand, runSubcommand, cmdHelp } = await import("./subcommands-DjrOWqD9.js");
+	const { isSubcommand, runSubcommand, cmdHelp } = await import("./subcommands-EieqoC9Z.js");
 	if (isHelpFlag && process.argv.length === 3) {
 		cmdHelp();
 		process.exit(0);
@@ -496,12 +496,12 @@ await checkAndAutoUpdate();
 logger.info(versionString());
 const config = parseCliArgs(process.argv);
 if (config.tray) {
-	const { startTray } = await import("./tray-DHuD0nEk.js");
+	const { startTray } = await import("./tray-D4cJA4UH.js");
 	await startTray();
 	await new Promise(() => {});
 }
 {
-	const { ensureTray } = await import("./tray-DHuD0nEk.js");
+	const { ensureTray } = await import("./tray-D4cJA4UH.js");
 	ensureTray();
 }
 if (config.useRust) {
@@ -515,7 +515,7 @@ if (config.useRust) {
 		}
 	}
 	if (rustBinary) {
-		const { SUPPORTED_CLIS } = await import("./SUPPORTED_CLIS-Bo4qbT_0.js");
+		const { SUPPORTED_CLIS } = await import("./SUPPORTED_CLIS-G8izHOJP.js");
 		const rustArgs = buildRustArgs(process.argv, config.cli, SUPPORTED_CLIS);
 		if (config.verbose) {
 			console.log(`[rust] Using binary: ${rustBinary}`);

package/dist/index.js

@@ -1,6 +1,6 @@
-import { a as removeControlCharacters, i as AgentContext, n as agentYes, r as config, t as CLIS_CONFIG } from "./ts-DtwVuD8n.js";
+import { a as removeControlCharacters, i as AgentContext, n as agentYes, r as config, t as CLIS_CONFIG } from "./ts-DkjQJTcB.js";
 import "./logger-B9h0djqx.js";
-import "./versionChecker-BY5g27iW.js";
+import "./versionChecker-xqnqyGKE.js";
 import "./pidStore-DTzl6zeh.js";
 import "./globalPidIndex-yVd3mbsV.js";
 

package/dist/{remotes-Bjp2GYPz.js → remotes-C3xPRtfg.js}

@@ -147,4 +147,4 @@ async function cmdRemote(rest) {
 
 //#endregion
 export { resolveRemoteSpec as a, readRemotes as i, deleteRemoteAlias as n, writeRemoteAlias as o, parseDirectRemoteSpec as r, cmdRemote as t };
-//# sourceMappingURL=remotes-Bjp2GYPz.js.map
+//# sourceMappingURL=remotes-C3xPRtfg.js.map

package/dist/{remotes-oNI1fR7_.js → remotes-C9WMt5PY.js}

@@ -1,3 +1,3 @@
-import { a as resolveRemoteSpec, i as readRemotes, n as deleteRemoteAlias, o as writeRemoteAlias, r as parseDirectRemoteSpec, t as cmdRemote } from "./remotes-Bjp2GYPz.js";
+import { a as resolveRemoteSpec, i as readRemotes, n as deleteRemoteAlias, o as writeRemoteAlias, r as parseDirectRemoteSpec, t as cmdRemote } from "./remotes-C3xPRtfg.js";
 
 export { cmdRemote };

package/dist/{serve-CixOwENN.js → serve-CuAPBK4y.js}

@@ -1,7 +1,11 @@
+import "./ts-DkjQJTcB.js";
 import "./logger-B9h0djqx.js";
+import "./versionChecker-xqnqyGKE.js";
+import "./pidStore-DTzl6zeh.js";
 import "./globalPidIndex-yVd3mbsV.js";
-import "./remotes-Bjp2GYPz.js";
-import { c as readNotes, f as snapshotStatus, l as renderRawLog, m as writeToIpc, o as listRecords, r as controlCodeFromName, u as resolveOne } from "./subcommands-D9wmaZ3U.js";
+import { t as SUPPORTED_CLIS } from "./SUPPORTED_CLIS-B2FAlgXF.js";
+import "./remotes-C3xPRtfg.js";
+import { c as readNotes, f as snapshotStatus, l as renderRawLog, m as writeToIpc, o as listRecords, r as controlCodeFromName, u as resolveOne } from "./subcommands-CcOYsLYD.js";
 import yargs from "yargs";
 import { mkdir, readFile, writeFile } from "fs/promises";
 import { homedir } from "os";
@@ -107,7 +111,7 @@ async function cmdServe(rest) {
 Start an HTTP API server so remote machines can list/tail/send agents.
 
 Options:
-  --port N          Port to listen on (default: ${DEFAULT_PORT})\n  --host HOST       Interface to bind (default: 127.0.0.1; use 0.0.0.0 to expose)\n  --token TOKEN     Auth token (auto-generated and saved if omitted)\n  --tls-cert FILE   TLS certificate PEM\n  --tls-key  FILE   TLS private key PEM\n\nSubcommands:\n  ay serve install    install as background daemon via oxmgr\n  ay serve uninstall  remove daemon\n  ay serve logs       view daemon logs\n\nOnce running, connect from another machine:\n  ay ls   <token>@<host>:${DEFAULT_PORT}\n  ay remote add <alias> http://<token>@<host>:${DEFAULT_PORT}\n`);
+  --port N          Port to listen on (default: ${DEFAULT_PORT})\n  --host HOST       Interface to bind (default: 127.0.0.1; use 0.0.0.0 to expose)\n  --token TOKEN     Auth token (auto-generated and saved if omitted)\n  --share [URL]     Share over WebRTC to agent-yes.com (bare flag mints a room+link)\n  --allow-spawn     Let the shared console launch new agents (asks y/N per request)\n  --tls-cert FILE   TLS certificate PEM\n  --tls-key  FILE   TLS private key PEM\n\nSubcommands:\n  ay serve install    install as background daemon via oxmgr\n  ay serve uninstall  remove daemon\n  ay serve logs       view daemon logs\n\nOnce running, connect from another machine:\n  ay ls   <token>@<host>:${DEFAULT_PORT}\n  ay remote add <alias> http://<token>@<host>:${DEFAULT_PORT}\n`);
 		return 0;
 	}
 	const sub = rest[0];
@@ -129,6 +133,13 @@ Options:
 	}).option("tls-key", {
 		type: "string",
 		description: "TLS private key file (PEM)"
+	}).option("share", {
+		type: "string",
+		description: "Share over WebRTC: bare flag mints a room+link, or pass webrtc://room:token@host"
+	}).option("allow-spawn", {
+		type: "boolean",
+		default: false,
+		description: "Allow the shared console to spawn new agents (asks y/N per request on a TTY)"
 	}).help(false).version(false).exitProcess(false).parseAsync();
 	const port = argv.port ?? DEFAULT_PORT;
 	const host = argv.host ?? "127.0.0.1";
@@ -143,6 +154,20 @@ Options:
 	const scheme = useHttps ? "https" : "http";
 	if (host !== "127.0.0.1" && host !== "localhost") process.stderr.write("ay serve: warning: binding to non-loopback — ensure your network is trusted or use Tailscale/VPN\n");
 	const token = await loadOrCreateToken(tokenFlag);
+	const allowSpawn = argv["allow-spawn"] === true;
+	const spawnQueue = [];
+	let stdinWired = false;
+	const confirmSpawn = (cli, cwd, prompt) => {
+		if (!process.stdin.isTTY) return Promise.resolve(true);
+		if (!stdinWired) {
+			stdinWired = true;
+			process.stdin.setEncoding("utf8");
+			process.stdin.on("data", (d) => spawnQueue.shift()?.(/^y/i.test(d.trim())));
+			process.stdin.resume();
+		}
+		process.stdout.write(`\n⚠ console requests spawn:  ay ${cli}${prompt ? ` -- "${prompt.slice(0, 60)}"` : ""}\n   cwd: ${cwd}\n   allow? [y/N] `);
+		return new Promise((res) => spawnQueue.push(res));
+	};
 	const serverOpts = {
 		hostname: host,
 		port,
@@ -197,6 +222,7 @@ Options:
 			const tailM = /^\/api\/tail\/(.+)$/.exec(p);
 			if (req.method === "GET" && tailM) {
 				const keyword = decodeURIComponent(tailM[1]);
+				const raw = url.searchParams.get("raw") === "1";
 				try {
 					const record = await resolveOne(keyword, defaultOpts());
 					if (!record.log_file) return new Response(`pid ${record.pid}: no log_file`, { status: 404 });
@@ -206,7 +232,8 @@ Options:
 						const send = (text) => ctrl.enqueue(enc.encode(`data: ${JSON.stringify(text)}\n\n`));
 						const ping = () => ctrl.enqueue(enc.encode(": ping\n\n"));
 						const initBuf = await readFile(logPath).catch(() => Buffer.alloc(0));
-						send(await renderRawLog(initBuf, {
+						if (raw) send(new TextDecoder().decode(initBuf.slice(Math.max(0, initBuf.length - 65536))));
+						else send(await renderRawLog(initBuf, {
 							mode: "tail",
 							n: 96
 						}));
@@ -231,8 +258,11 @@ Options:
 								if (full.length <= offset) return;
 								const chunk = full.slice(offset);
 								offset = full.length;
-								const text = new TextDecoder().decode(chunk).replace(ansiRe, "").replace(ctrlRe, "");
-								if (text.trim()) send(text.trimStart());
+								if (raw) send(new TextDecoder().decode(chunk));
+								else {
+									const text = new TextDecoder().decode(chunk).replace(ansiRe, "").replace(ctrlRe, "");
+									if (text.trim()) send(text.trimStart());
+								}
 							} catch {}
 						}, 300);
 						req.signal.addEventListener("abort", () => {
@@ -279,6 +309,72 @@ Options:
 					return new Response(e.message, { status: 404 });
 				}
 			}
+			const resizeM = /^\/api\/resize\/(.+)$/.exec(p);
+			if (req.method === "POST" && resizeM) {
+				const keyword = decodeURIComponent(resizeM[1]);
+				let body;
+				try {
+					body = await req.json();
+				} catch {
+					return new Response("invalid JSON body", { status: 400 });
+				}
+				const cols = Math.max(1, Math.floor(Number(body.cols) || 0));
+				const rows = Math.max(1, Math.floor(Number(body.rows) || 0));
+				if (!cols || !rows) return new Response("missing cols/rows", { status: 400 });
+				try {
+					const record = await resolveOne(keyword, defaultOpts());
+					const ayHome = process.env.AGENT_YES_HOME ?? path.join(homedir(), ".agent-yes");
+					const winsizeDir = path.join(ayHome, "winsize");
+					await mkdir(winsizeDir, { recursive: true });
+					await writeFile(path.join(winsizeDir, String(record.pid)), `${cols} ${rows} ${Date.now()}\n`);
+					try {
+						process.kill(record.pid, "SIGWINCH");
+					} catch {}
+					return Response.json({
+						ok: true,
+						pid: record.pid,
+						cols,
+						rows
+					});
+				} catch (e) {
+					return new Response(e.message, { status: 404 });
+				}
+			}
+			if (req.method === "POST" && p === "/api/spawn") {
+				if (!allowSpawn) return new Response("spawning disabled — start: ay serve --share --allow-spawn", { status: 403 });
+				let body;
+				try {
+					body = await req.json();
+				} catch {
+					return new Response("invalid JSON body", { status: 400 });
+				}
+				const cli = String(body.cli ?? "claude");
+				if (!SUPPORTED_CLIS.includes(cli)) return new Response(`unsupported cli: ${cli}`, { status: 400 });
+				const cwd = typeof body.cwd === "string" && body.cwd ? body.cwd : process.cwd();
+				const prompt = String(body.prompt ?? "");
+				if (!await confirmSpawn(cli, cwd, prompt)) return new Response("denied by host", { status: 403 });
+				try {
+					const child = Bun.spawn([
+						"ay",
+						cli,
+						...prompt ? ["--", prompt] : []
+					], {
+						cwd,
+						stdin: "ignore",
+						stdout: "ignore",
+						stderr: "ignore"
+					});
+					child.unref();
+					return Response.json({
+						ok: true,
+						pid: child.pid,
+						cli,
+						cwd
+					});
+				} catch (e) {
+					return new Response(e.message, { status: 500 });
+				}
+			}
 			return new Response("Not Found", { status: 404 });
 		}
 	};
@@ -296,6 +392,20 @@ Options:
 	process.stdout.write(`save as alias:\n`);
 	process.stdout.write(`  ay remote add <alias> ${scheme}://${token}@<host>:${port}\n\n`);
 	if (!useHttps) process.stdout.write("for HTTPS: ay serve --tls-cert cert.pem --tls-key key.pem\n  openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 365 -nodes -subj '/CN=localhost'\n\n");
+	if (argv.share !== void 0) {
+		const shareUrl = typeof argv.share === "string" && argv.share.startsWith("webrtc://") ? argv.share : void 0;
+		try {
+			const { startShare } = await import("./share-DUhUA1Pi.js");
+			const { link } = await startShare({
+				url: shareUrl,
+				apiUrl: `http://127.0.0.1:${port}`,
+				apiToken: token
+			});
+			process.stdout.write(`\nshared over WebRTC — open this link (the token is eaten from the URL on open):\n  ${link}\n\n`);
+		} catch (e) {
+			process.stderr.write(`ay serve --share failed: ${e.message}\n`);
+		}
+	}
 	process.stdout.write(`(Ctrl-C to stop)\n`);
 	await new Promise((resolve) => {
 		process.on("SIGINT", () => {
@@ -312,4 +422,4 @@ Options:
 
 //#endregion
 export { cmdServe };
-//# sourceMappingURL=serve-CixOwENN.js.map
+//# sourceMappingURL=serve-CuAPBK4y.js.map

package/dist/share-DUhUA1Pi.js

@@ -0,0 +1,184 @@
+import { randomBytes } from "crypto";
+
+//#region ts/share.ts
+const SUB = "ay-signal-1";
+const ICE = [{ urls: "stun:stun.l.google.com:19302" }];
+const MAX_CHUNK = 15e3;
+const DEFAULT_SIGHOST = "s.agent-yes.com";
+function parseShareUrl(s) {
+	const m = /^webrtc:\/\/([^:@/]+):([^@/]+)@(.+)$/.exec(s);
+	if (!m) throw new Error(`bad --share url: ${s} (want webrtc://room:token@host)`);
+	return {
+		room: m[1],
+		token: m[2],
+		host: m[3]
+	};
+}
+async function importRTC() {
+	try {
+		return (await import("node-datachannel/polyfill")).RTCPeerConnection;
+	} catch {
+		try {
+			const { existsSync, symlinkSync, mkdirSync, readdirSync } = await import("fs");
+			const path = (await import("path")).default;
+			const { createRequire } = await import("module");
+			const require = createRequire(import.meta.url);
+			const pkg = path.dirname(require.resolve("node-datachannel/package.json"));
+			const bin = path.join(pkg, "build", "Release", "node_datachannel.node");
+			const cacheRoot = path.join((await import("os")).homedir(), ".bun", "install", "cache");
+			if (existsSync(bin) && existsSync(cacheRoot)) for (const d of readdirSync(cacheRoot)) {
+				if (!d.startsWith("node-datachannel@")) continue;
+				const dst = path.join(cacheRoot, d, "build", "Release");
+				mkdirSync(dst, { recursive: true });
+				const link = path.join(dst, "node_datachannel.node");
+				if (!existsSync(link)) symlinkSync(bin, link);
+			}
+		} catch {}
+		return (await import("node-datachannel/polyfill")).RTCPeerConnection;
+	}
+}
+/** Start the share bridge. Resolves once signaling is connected; runs until the
+*  process exits, reconnecting signaling on drop. Returns the shareable link. */
+async function startShare(opts) {
+	opts.url;
+	const sighost = opts.sighost ?? DEFAULT_SIGHOST;
+	const { room, token, host } = opts.url ? parseShareUrl(opts.url) : {
+		room: "r" + randomBytes(3).toString("hex"),
+		token: randomBytes(32).toString("hex"),
+		host: sighost
+	};
+	const RTCPeerConnection = await importRTC();
+	const wsScheme = host.startsWith("localhost") || host.startsWith("127.") ? "ws" : "wss";
+	const link = `${host === "s.agent-yes.com" ? "https://agent-yes.com" : "http://localhost:7778"}/#${room}:${token}${host === "s.agent-yes.com" ? "" : "@" + host}`;
+	const peers = /* @__PURE__ */ new Map();
+	const connectSignaling = (onReady) => {
+		const ws = new WebSocket(`${wsScheme}://${host}/${room}`, [SUB]);
+		let ready = false;
+		ws.onopen = () => {
+			ws.send(JSON.stringify({
+				type: "hello",
+				role: "host",
+				token
+			}));
+			ready = true;
+			onReady();
+		};
+		ws.onmessage = async (ev) => {
+			const m = JSON.parse(ev.data);
+			if (m.type === "peer-join") startPeer(ws, m.peer);
+			else if (m.type === "answer") await peers.get(m.from)?.pc.setRemoteDescription({
+				type: "answer",
+				sdp: m.sdp
+			});
+			else if (m.type === "candidate") await peers.get(m.from)?.pc.addIceCandidate(m.candidate).catch(() => {});
+			else if (m.type === "peer-leave") closePeer(m.peer);
+		};
+		ws.onclose = () => {
+			setTimeout(() => connectSignaling(() => {}), ready ? 1500 : 4e3);
+		};
+		ws.onerror = () => {};
+		return ws;
+	};
+	function startPeer(ws, peerId) {
+		const pc = new RTCPeerConnection({ iceServers: ICE });
+		const aborts = /* @__PURE__ */ new Map();
+		peers.set(peerId, {
+			pc,
+			aborts
+		});
+		pc.onicecandidate = (e) => {
+			if (e.candidate) ws.send(JSON.stringify({
+				type: "candidate",
+				to: peerId,
+				candidate: e.candidate
+			}));
+		};
+		pc.onconnectionstatechange = () => {
+			if ([
+				"failed",
+				"closed",
+				"disconnected"
+			].includes(pc.connectionState)) closePeer(peerId);
+		};
+		const dc = pc.createDataChannel("api");
+		dc.onmessage = (e) => onReq(dc, aborts, JSON.parse(e.data));
+		pc.createOffer().then((o) => pc.setLocalDescription(o)).then(() => ws.send(JSON.stringify({
+			type: "offer",
+			to: peerId,
+			sdp: pc.localDescription.sdp
+		})));
+	}
+	function closePeer(peerId) {
+		const p = peers.get(peerId);
+		if (!p) return;
+		for (const a of p.aborts.values()) a.abort();
+		try {
+			p.pc.close();
+		} catch {}
+		peers.delete(peerId);
+	}
+	function send(dc, obj) {
+		if (dc.readyState === "open") dc.send(JSON.stringify(obj));
+	}
+	async function onReq(dc, aborts, req) {
+		if (req.t === "abort") {
+			aborts.get(req.id)?.abort();
+			aborts.delete(req.id);
+			return;
+		}
+		if (req.t !== "req") return;
+		const { id, method, path: p, body } = req;
+		const ac = new AbortController();
+		aborts.set(id, ac);
+		try {
+			const res = await fetch(opts.apiUrl + p, {
+				method,
+				headers: {
+					Authorization: `Bearer ${opts.apiToken}`,
+					...body ? { "Content-Type": "application/json" } : {}
+				},
+				body: body ?? void 0,
+				signal: ac.signal
+			});
+			send(dc, {
+				t: "res",
+				id,
+				status: res.status,
+				ct: res.headers.get("content-type") ?? ""
+			});
+			const reader = res.body.getReader();
+			const dec = new TextDecoder();
+			for (;;) {
+				const { done, value } = await reader.read();
+				if (done) break;
+				const text = dec.decode(value, { stream: true });
+				for (let i = 0; i < text.length; i += MAX_CHUNK) send(dc, {
+					t: "data",
+					id,
+					chunk: text.slice(i, i + MAX_CHUNK)
+				});
+			}
+			send(dc, {
+				t: "end",
+				id
+			});
+		} catch (e) {
+			if (e.name !== "AbortError") send(dc, {
+				t: "end",
+				id,
+				error: String(e)
+			});
+		} finally {
+			aborts.delete(id);
+		}
+	}
+	await new Promise((resolve) => connectSignaling(resolve));
+	return {
+		room,
+		link
+	};
+}
+
+//#endregion
+export { startShare };
+//# sourceMappingURL=share-DUhUA1Pi.js.map

package/dist/{subcommands-D9wmaZ3U.js → subcommands-CcOYsLYD.js}

@@ -1,5 +1,5 @@
 import { i as readGlobalPids } from "./globalPidIndex-yVd3mbsV.js";
-import { a as resolveRemoteSpec, i as readRemotes } from "./remotes-Bjp2GYPz.js";
+import { a as resolveRemoteSpec, i as readRemotes } from "./remotes-C3xPRtfg.js";
 import ms from "ms";
 import yargs from "yargs";
 import { appendFile, mkdir, open, readFile, stat, writeFile } from "fs/promises";
@@ -162,11 +162,11 @@ async function runSubcommand(argv) {
 			case "restart": return await cmdRestart(rest);
 			case "note": return await cmdNote(rest);
 			case "serve": {
-				const { cmdServe } = await import("./serve-CixOwENN.js");
+				const { cmdServe } = await import("./serve-CuAPBK4y.js");
 				return cmdServe(rest);
 			}
 			case "remote": {
-				const { cmdRemote } = await import("./remotes-oNI1fR7_.js");
+				const { cmdRemote } = await import("./remotes-C9WMt5PY.js");
 				return cmdRemote(rest);
 			}
 			case "help": return cmdHelp();
@@ -1447,4 +1447,4 @@ async function cmdStatus(rest) {
 
 //#endregion
 export { isSubcommand as a, readNotes as c, runSubcommand as d, snapshotStatus as f, isPidAlive as i, renderRawLog as l, writeToIpc as m, cmdHelp as n, listRecords as o, stopTipForCli as p, controlCodeFromName as r, matchKeyword as s, GRACEFUL_EXIT_COMMANDS as t, resolveOne as u };
-//# sourceMappingURL=subcommands-D9wmaZ3U.js.map
+//# sourceMappingURL=subcommands-CcOYsLYD.js.map

package/dist/{subcommands-DjrOWqD9.js → subcommands-EieqoC9Z.js}

@@ -1,6 +1,6 @@
 import "./logger-B9h0djqx.js";
 import "./globalPidIndex-yVd3mbsV.js";
-import "./remotes-Bjp2GYPz.js";
-import { a as isSubcommand, c as readNotes, d as runSubcommand, f as snapshotStatus, i as isPidAlive, l as renderRawLog, m as writeToIpc, n as cmdHelp, o as listRecords, p as stopTipForCli, r as controlCodeFromName, s as matchKeyword, t as GRACEFUL_EXIT_COMMANDS, u as resolveOne } from "./subcommands-D9wmaZ3U.js";
+import "./remotes-C3xPRtfg.js";
+import { a as isSubcommand, c as readNotes, d as runSubcommand, f as snapshotStatus, i as isPidAlive, l as renderRawLog, m as writeToIpc, n as cmdHelp, o as listRecords, p as stopTipForCli, r as controlCodeFromName, s as matchKeyword, t as GRACEFUL_EXIT_COMMANDS, u as resolveOne } from "./subcommands-CcOYsLYD.js";
 
 export { cmdHelp, isSubcommand, runSubcommand };

package/dist/{tray-DHuD0nEk.js → tray-D4cJA4UH.js}

@@ -175,4 +175,4 @@ async function startTray() {
 
 //#endregion
 export { ensureTray, startTray };
-//# sourceMappingURL=tray-DHuD0nEk.js.map
+//# sourceMappingURL=tray-D4cJA4UH.js.map

package/dist/{ts-DtwVuD8n.js → ts-DkjQJTcB.js}

@@ -1,5 +1,5 @@
 import { n as logger, t as addTransport } from "./logger-B9h0djqx.js";
-import { r as getInstalledPackage } from "./versionChecker-BY5g27iW.js";
+import { r as getInstalledPackage } from "./versionChecker-xqnqyGKE.js";
 import { i as shouldUseLock, r as releaseLock, t as acquireLock } from "./runningLock-C22d9SRJ.js";
 import { t as PidStore } from "./pidStore-DTzl6zeh.js";
 import { i as readGlobalPids } from "./globalPidIndex-yVd3mbsV.js";
@@ -1705,4 +1705,4 @@ function sleep(ms) {
 
 //#endregion
 export { removeControlCharacters as a, AgentContext as i, agentYes as n, config as r, CLIS_CONFIG as t };
-//# sourceMappingURL=ts-DtwVuD8n.js.map
+//# sourceMappingURL=ts-DkjQJTcB.js.map

package/dist/{versionChecker-BY5g27iW.js → versionChecker-xqnqyGKE.js}

@@ -7,7 +7,7 @@ import { fileURLToPath } from "url";
 
 //#region package.json
 var name = "agent-yes";
-var version = "1.94.2";
+var version = "1.96.0";
 
 //#endregion
 //#region ts/versionChecker.ts
@@ -221,4 +221,4 @@ async function displayVersion() {
 
 //#endregion
 export { versionString as i, displayVersion as n, getInstalledPackage as r, checkAndAutoUpdate as t };
-//# sourceMappingURL=versionChecker-BY5g27iW.js.map
+//# sourceMappingURL=versionChecker-xqnqyGKE.js.map

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "agent-yes",
-  "version": "1.94.2",
+  "version": "1.96.0",
   "description": "A wrapper tool that automates interactions with various AI CLI tools by automatically handling common prompts and responses.",
   "keywords": [
     "ai",
@@ -69,6 +69,7 @@
   },
   "scripts": {
     "build": "tsdown",
+    "cf": "bun scripts/cf.ts",
     "build:rs": "cargo install --path rs --features swarm",
     "postbuild": "bun ./ts/postbuild.ts",
     "demo": "bun run build && bun link && claude-yes -- demo",
@@ -92,6 +93,7 @@
     "execa": "^9.6.1",
     "from-node-stream": "^0.2.0",
     "ms": "^2.1.3",
+    "node-datachannel": "^0.32.3",
     "phpdie": "^1.7.0",
     "proper-lockfile": "^4.1.2",
     "sflow": "^1.27.0",
@@ -142,5 +144,7 @@
   "engines": {
     "node": ">=22.0.0"
   },
-  "trustedDependencies": []
+  "trustedDependencies": [
+    "node-datachannel"
+  ]
 }

package/scripts/cf.ts

@@ -0,0 +1,51 @@
+#!/usr/bin/env bun
+// Thin wrapper that runs `wrangler` against the SNOLAB Cloudflare account using
+// the API token saved in .env.local — so we never depend on `wrangler login`
+// state (which points at a different account) and never pass the token on the
+// CLI. Usage:  bun scripts/cf.ts <wrangler args...>
+//   e.g.  bun scripts/cf.ts whoami
+//         bun scripts/cf.ts pages deploy ./dist --project-name agent-yes
+import { spawnSync } from "node:child_process";
+import { existsSync, readFileSync, renameSync, rmSync } from "node:fs";
+import { homedir } from "node:os";
+import path from "node:path";
+
+// SNOLAB account — agent-yes.com lives here. Account id is not a secret.
+const SNOLAB_ACCOUNT_ID = "0beef4cd2d2da6befa47d8d149d6e157";
+
+const root = path.join(import.meta.dir, "..");
+const env: Record<string, string | undefined> = { ...process.env };
+
+// Load .env.local (bun also auto-loads it, but be explicit so this works from
+// any cwd and is obvious to a reader).
+try {
+  for (const line of readFileSync(path.join(root, ".env.local"), "utf8").split("\n")) {
+    const m = line.match(/^\s*([A-Z0-9_]+)\s*=\s*(.*?)\s*$/);
+    if (m && !(m[1] in env)) env[m[1]] = m[2];
+  }
+} catch {
+  /* no .env.local — fall through to the check below */
+}
+
+if (!env.CLOUDFLARE_API_TOKEN) {
+  console.error("CLOUDFLARE_API_TOKEN is missing — add it to .env.local (see scripts/cf.ts).");
+  process.exit(1);
+}
+env.CLOUDFLARE_ACCOUNT_ID = SNOLAB_ACCOUNT_ID;
+
+// wrangler otherwise prefers a stored OAuth login over CLOUDFLARE_API_TOKEN and
+// pins the OAuth account (Axon), ignoring CLOUDFLARE_ACCOUNT_ID. Two sources to
+// neutralise: the global OAuth config (~/.wrangler) and a project-level account
+// cache (.wrangler/wrangler-account.json) that pins whatever account first
+// deployed. Drop the cache, move the OAuth config aside for the run, restore it.
+rmSync(path.join(root, ".wrangler/wrangler-account.json"), { force: true });
+const oauthCfg = path.join(homedir(), ".wrangler/config/default.toml");
+const oauthBak = oauthCfg + ".cf-bak";
+const hadOauth = existsSync(oauthCfg);
+if (hadOauth) renameSync(oauthCfg, oauthBak);
+try {
+  const r = spawnSync("bunx", ["wrangler", ...process.argv.slice(2)], { stdio: "inherit", env });
+  process.exitCode = r.status ?? 1;
+} finally {
+  if (hadOauth && existsSync(oauthBak)) renameSync(oauthBak, oauthCfg);
+}

package/ts/rustBinary.ts

@@ -41,10 +41,7 @@ export function getBinaryName(): string {
  */
 export function getBinDir(): string {
   // First check for binaries in the npm package
-  const packageBinDir = path.resolve(
-    import.meta.dirname ?? import.meta.dir,
-    "../bin",
-  );
+  const packageBinDir = path.resolve(import.meta.dirname ?? import.meta.dir, "../bin");
   if (existsSync(packageBinDir)) {
     return packageBinDir;
   }
@@ -61,8 +58,7 @@ export function getBinDir(): string {
   const cacheDir =
     process.env.AGENT_YES_CACHE_DIR ||
     path.join(
-      process.env.XDG_CACHE_HOME ||
-        path.join(process.env.HOME || "/tmp", ".cache"),
+      process.env.XDG_CACHE_HOME || path.join(process.env.HOME || "/tmp", ".cache"),
       "agent-yes",
     );
 
@@ -78,14 +74,8 @@ export function findRustBinary(verbose = false): string | undefined {
   const ext = process.platform === "win32" ? ".exe" : "";
   const searchPaths = [
     // 1. Check relative to this script (in the repo during development)
-    path.resolve(
-      import.meta.dirname ?? import.meta.dir,
-      `../rs/target/release/agent-yes${ext}`,
-    ),
-    path.resolve(
-      import.meta.dirname ?? import.meta.dir,
-      `../rs/target/debug/agent-yes${ext}`,
-    ),
+    path.resolve(import.meta.dirname ?? import.meta.dir, `../rs/target/release/agent-yes${ext}`),
+    path.resolve(import.meta.dirname ?? import.meta.dir, `../rs/target/debug/agent-yes${ext}`),
 
     // 2. Check in npm package bin directory
     path.join(getBinDir(), binaryName),
@@ -149,9 +139,7 @@ export async function downloadBinary(verbose = false): Promise<string> {
 
   const response = await fetch(url);
   if (!response.ok) {
-    throw new Error(
-      `Failed to download binary: ${response.status} ${response.statusText}`,
-    );
+    throw new Error(`Failed to download binary: ${response.status} ${response.statusText}`);
   }
 
   const isWindows = process.platform === "win32";
@@ -243,19 +231,14 @@ function getRustBinaryVersion(binaryPath: string): string | null {
  */
 function autoRebuildIfOutdated(binaryPath: string, verbose: boolean): boolean {
   // Only auto-rebuild for local dev builds (target/release or target/debug)
-  if (
-    !binaryPath.includes("/target/release") &&
-    !binaryPath.includes("/target/debug")
-  ) {
+  if (!binaryPath.includes("/target/release") && !binaryPath.includes("/target/debug")) {
     return true; // not a dev build, skip
   }
 
   const binaryVersion = getRustBinaryVersion(binaryPath);
   const pkgVersion = getInstalledPackage().version;
   if (verbose) {
-    console.log(
-      `[rust] Binary version: ${binaryVersion}, package version: ${pkgVersion}`,
-    );
+    console.log(`[rust] Binary version: ${binaryVersion}, package version: ${pkgVersion}`);
   }
 
   if (binaryVersion === pkgVersion) {
@@ -263,15 +246,9 @@ function autoRebuildIfOutdated(binaryPath: string, verbose: boolean): boolean {
   }
 
   // Find the rs/ directory relative to the binary (binary is at rs/target/release/agent-yes)
-  const rsDir = binaryPath.replace(
-    /\/target\/(release|debug)\/agent-yes.*$/,
-    "",
-  );
+  const rsDir = binaryPath.replace(/\/target\/(release|debug)\/agent-yes.*$/, "");
   if (!existsSync(path.join(rsDir, "Cargo.toml"))) {
-    if (verbose)
-      console.log(
-        `[rust] Cannot find Cargo.toml at ${rsDir}, skipping rebuild`,
-      );
+    if (verbose) console.log(`[rust] Cannot find Cargo.toml at ${rsDir}, skipping rebuild`);
     return true; // can't rebuild, use as-is
   }
 
@@ -299,9 +276,7 @@ function autoRebuildIfOutdated(binaryPath: string, verbose: boolean): boolean {
     process.stderr.write(`\x1b[32m[rust] Rebuild complete\x1b[0m\n`);
     return true;
   } catch {
-    process.stderr.write(
-      `\x1b[31m[rust] Auto-rebuild failed, using outdated binary\x1b[0m\n`,
-    );
+    process.stderr.write(`\x1b[31m[rust] Auto-rebuild failed, using outdated binary\x1b[0m\n`);
     return true; // still usable, just old
   }
 }

package/ts/serve.ts

@@ -13,6 +13,7 @@ import {
   writeToIpc,
   type CommonOpts,
 } from "./subcommands.ts";
+import { SUPPORTED_CLIS } from "./SUPPORTED_CLIS.ts";
 
 const DEFAULT_PORT = 7432;
 
@@ -123,6 +124,8 @@ export async function cmdServe(rest: string[]): Promise<number> {
         `  --port N          Port to listen on (default: ${DEFAULT_PORT})\n` +
         `  --host HOST       Interface to bind (default: 127.0.0.1; use 0.0.0.0 to expose)\n` +
         `  --token TOKEN     Auth token (auto-generated and saved if omitted)\n` +
+        `  --share [URL]     Share over WebRTC to agent-yes.com (bare flag mints a room+link)\n` +
+        `  --allow-spawn     Let the shared console launch new agents (asks y/N per request)\n` +
         `  --tls-cert FILE   TLS certificate PEM\n` +
         `  --tls-key  FILE   TLS private key PEM\n\n` +
         `Subcommands:\n` +
@@ -153,6 +156,16 @@ export async function cmdServe(rest: string[]): Promise<number> {
     .option("token", { type: "string", description: "Auth token (auto-generated if omitted)" })
     .option("tls-cert", { type: "string", description: "TLS certificate file (PEM)" })
     .option("tls-key", { type: "string", description: "TLS private key file (PEM)" })
+    .option("share", {
+      type: "string",
+      description:
+        "Share over WebRTC: bare flag mints a room+link, or pass webrtc://room:token@host",
+    })
+    .option("allow-spawn", {
+      type: "boolean",
+      default: false,
+      description: "Allow the shared console to spawn new agents (asks y/N per request on a TTY)",
+    })
     .help(false)
     .version(false)
     .exitProcess(false);
@@ -178,6 +191,26 @@ export async function cmdServe(rest: string[]): Promise<number> {
   }
 
   const token = await loadOrCreateToken(tokenFlag);
+  const allowSpawn = argv["allow-spawn"] === true;
+
+  // Spawn confirmation: launch requests are gated by --allow-spawn AND, on a TTY,
+  // an interactive y/N per request (a leaked launch link can't silently spawn).
+  const spawnQueue: Array<(ok: boolean) => void> = [];
+  let stdinWired = false;
+  const confirmSpawn = (cli: string, cwd: string, prompt: string): Promise<boolean> => {
+    if (!process.stdin.isTTY) return Promise.resolve(true); // flag is the consent when headless
+    if (!stdinWired) {
+      stdinWired = true;
+      process.stdin.setEncoding("utf8");
+      process.stdin.on("data", (d: string) => spawnQueue.shift()?.(/^y/i.test(d.trim())));
+      process.stdin.resume();
+    }
+    process.stdout.write(
+      `\n⚠ console requests spawn:  ay ${cli}${prompt ? ` -- "${prompt.slice(0, 60)}"` : ""}\n` +
+        `   cwd: ${cwd}\n   allow? [y/N] `,
+    );
+    return new Promise((res) => spawnQueue.push(res));
+  };
 
   const serverOpts: any = {
     hostname: host,
@@ -246,6 +279,9 @@ export async function cmdServe(rest: string[]): Promise<number> {
       const tailM = /^\/api\/tail\/(.+)$/.exec(p);
       if (req.method === "GET" && tailM) {
         const keyword = decodeURIComponent(tailM[1]!);
+        // raw=1 streams the unmodified PTY bytes (ANSI/cursor control intact) so a
+        // browser xterm.js can render the real terminal; default stays ANSI-stripped.
+        const raw = url.searchParams.get("raw") === "1";
         try {
           const record = await resolveOne(keyword, defaultOpts());
           if (!record.log_file)
@@ -259,10 +295,12 @@ export async function cmdServe(rest: string[]): Promise<number> {
                 ctrl.enqueue(enc.encode(`data: ${JSON.stringify(text)}\n\n`));
               const ping = () => ctrl.enqueue(enc.encode(": ping\n\n"));
 
-              // Initial tail
+              // Initial tail. Raw: replay the last ~64 KB of PTY bytes (enough to
+              // contain a recent full-screen redraw so xterm converges fast).
               const initBuf = await readFile(logPath).catch(() => Buffer.alloc(0));
-              const initText = await renderRawLog(initBuf, { mode: "tail", n: 96 });
-              send(initText);
+              if (raw)
+                send(new TextDecoder().decode(initBuf.slice(Math.max(0, initBuf.length - 65536))));
+              else send(await renderRawLog(initBuf, { mode: "tail", n: 96 }));
 
               let offset = initBuf.length;
               let closed = false;
@@ -291,11 +329,15 @@ export async function cmdServe(rest: string[]): Promise<number> {
                   if (full.length <= offset) return;
                   const chunk = full.slice(offset);
                   offset = full.length;
-                  const text = new TextDecoder()
-                    .decode(chunk)
-                    .replace(ansiRe, "")
-                    .replace(ctrlRe, "");
-                  if (text.trim()) send(text.trimStart());
+                  if (raw) {
+                    send(new TextDecoder().decode(chunk));
+                  } else {
+                    const text = new TextDecoder()
+                      .decode(chunk)
+                      .replace(ansiRe, "")
+                      .replace(ctrlRe, "");
+                    if (text.trim()) send(text.trimStart());
+                  }
                 } catch {
                   /* log gone */
                 }
@@ -356,6 +398,74 @@ export async function cmdServe(rest: string[]): Promise<number> {
         }
       }
 
+      // POST /api/resize/:keyword  body {cols, rows} — drive the agent's PTY size.
+      // Mirrors `ay attach`: write ~/.agent-yes/winsize/<pid> then SIGWINCH; the
+      // agent's resize listener picks it up and reflows its TUI to that width.
+      const resizeM = /^\/api\/resize\/(.+)$/.exec(p);
+      if (req.method === "POST" && resizeM) {
+        const keyword = decodeURIComponent(resizeM[1]!);
+        let body: { cols?: number; rows?: number };
+        try {
+          body = await req.json();
+        } catch {
+          return new Response("invalid JSON body", { status: 400 });
+        }
+        const cols = Math.max(1, Math.floor(Number(body.cols) || 0));
+        const rows = Math.max(1, Math.floor(Number(body.rows) || 0));
+        if (!cols || !rows) return new Response("missing cols/rows", { status: 400 });
+        try {
+          const record = await resolveOne(keyword, defaultOpts());
+          const ayHome = process.env.AGENT_YES_HOME ?? path.join(homedir(), ".agent-yes");
+          const winsizeDir = path.join(ayHome, "winsize");
+          await mkdir(winsizeDir, { recursive: true });
+          await writeFile(
+            path.join(winsizeDir, String(record.pid)),
+            `${cols} ${rows} ${Date.now()}\n`,
+          );
+          try {
+            process.kill(record.pid, "SIGWINCH");
+          } catch {
+            /* agent gone */
+          }
+          return Response.json({ ok: true, pid: record.pid, cols, rows });
+        } catch (e) {
+          return new Response((e as Error).message, { status: 404 });
+        }
+      }
+
+      // POST /api/spawn  body {cli, cwd, prompt} — launch a new agent (gated)
+      if (req.method === "POST" && p === "/api/spawn") {
+        if (!allowSpawn)
+          return new Response("spawning disabled — start: ay serve --share --allow-spawn", {
+            status: 403,
+          });
+        let body: { cli?: string; cwd?: string; prompt?: string };
+        try {
+          body = await req.json();
+        } catch {
+          return new Response("invalid JSON body", { status: 400 });
+        }
+        const cli = String(body.cli ?? "claude");
+        if (!SUPPORTED_CLIS.includes(cli as never))
+          return new Response(`unsupported cli: ${cli}`, { status: 400 });
+        const cwd = typeof body.cwd === "string" && body.cwd ? body.cwd : process.cwd();
+        const prompt = String(body.prompt ?? "");
+        if (!(await confirmSpawn(cli, cwd, prompt)))
+          return new Response("denied by host", { status: 403 });
+        try {
+          const child = Bun.spawn(["ay", cli, ...(prompt ? ["--", prompt] : [])], {
+            cwd,
+            stdin: "ignore",
+            stdout: "ignore",
+            stderr: "ignore",
+          });
+          child.unref();
+          return Response.json({ ok: true, pid: child.pid, cli, cwd });
+        } catch (e) {
+          return new Response((e as Error).message, { status: 500 });
+        }
+      }
+
       return new Response("Not Found", { status: 404 });
     },
   };
@@ -380,6 +490,27 @@ export async function cmdServe(rest: string[]): Promise<number> {
         `  openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 365 -nodes -subj '/CN=localhost'\n\n`,
     );
   }
+  // --share: bridge this local server to a WebRTC room so the agent-yes.com
+  // console can reach it peer-to-peer. Bare flag mints a room; a webrtc:// value
+  // joins an explicit one.
+  if (argv.share !== undefined) {
+    const shareUrl =
+      typeof argv.share === "string" && argv.share.startsWith("webrtc://") ? argv.share : undefined;
+    try {
+      const { startShare } = await import("./share.ts");
+      const { link } = await startShare({
+        url: shareUrl,
+        apiUrl: `http://127.0.0.1:${port}`,
+        apiToken: token,
+      });
+      process.stdout.write(
+        `\nshared over WebRTC — open this link (the token is eaten from the URL on open):\n  ${link}\n\n`,
+      );
+    } catch (e) {
+      process.stderr.write(`ay serve --share failed: ${(e as Error).message}\n`);
+    }
+  }
+
   process.stdout.write(`(Ctrl-C to stop)\n`);
 
   await new Promise<void>((resolve) => {

package/ts/share.ts

@@ -0,0 +1,190 @@
+// `ay serve --share` host peer: connect to the signaling server as a room host
+// and bridge each browser peer's WebRTC DataChannel to this machine's local
+// `ay serve` HTTP API. The browser (agent-yes.com) thus reaches local agents
+// peer-to-peer — no public port, no tunnel. See lab/ui/cf/worker.ts for the
+// signaling protocol and lab/ui/index.html for the browser side.
+import { randomBytes } from "crypto";
+
+const SUB = "ay-signal-1";
+const ICE = [{ urls: "stun:stun.l.google.com:19302" }];
+const MAX_CHUNK = 15_000; // keep DataChannel messages under the SCTP limit
+const DEFAULT_SIGHOST = "s.agent-yes.com";
+
+export interface ShareOpts {
+  /** webrtc://room:token@host, or undefined to mint a fresh room+token */
+  url?: string;
+  /** signaling host when minting (default s.agent-yes.com) */
+  sighost?: string;
+  /** local ay-serve base URL the channel bridges to */
+  apiUrl: string;
+  /** bearer token for the local ay-serve API */
+  apiToken: string;
+}
+
+function parseShareUrl(s: string): { room: string; token: string; host: string } {
+  const m = /^webrtc:\/\/([^:@/]+):([^@/]+)@(.+)$/.exec(s);
+  if (!m) throw new Error(`bad --share url: ${s} (want webrtc://room:token@host)`);
+  return { room: m[1]!, token: m[2]!, host: m[3]! };
+}
+
+// node-datachannel ships a native addon. Under Bun the module sometimes resolves
+// from the global cache where the prebuilt .node isn't linked; this best-effort
+// shim symlinks it in before we import. In a normal npm/bunx install the binary
+// resolves from node_modules and the first import just works.
+async function importRTC(): Promise<any> {
+  try {
+    return (await import("node-datachannel/polyfill")).RTCPeerConnection;
+  } catch {
+    try {
+      const { existsSync, symlinkSync, mkdirSync, readdirSync } = await import("fs");
+      const path = (await import("path")).default;
+      const { createRequire } = await import("module");
+      const require = createRequire(import.meta.url);
+      const pkg = path.dirname(require.resolve("node-datachannel/package.json"));
+      const bin = path.join(pkg, "build", "Release", "node_datachannel.node");
+      const cacheRoot = path.join((await import("os")).homedir(), ".bun", "install", "cache");
+      if (existsSync(bin) && existsSync(cacheRoot)) {
+        for (const d of readdirSync(cacheRoot)) {
+          if (!d.startsWith("node-datachannel@")) continue;
+          const dst = path.join(cacheRoot, d, "build", "Release");
+          mkdirSync(dst, { recursive: true });
+          const link = path.join(dst, "node_datachannel.node");
+          if (!existsSync(link)) symlinkSync(bin, link);
+        }
+      }
+    } catch {
+      /* fall through — rethrow the original import error below */
+    }
+    return (await import("node-datachannel/polyfill")).RTCPeerConnection;
+  }
+}
+
+/** Start the share bridge. Resolves once signaling is connected; runs until the
+ *  process exits, reconnecting signaling on drop. Returns the shareable link. */
+export async function startShare(opts: ShareOpts): Promise<{ room: string; link: string }> {
+  const minted = !opts.url;
+  const sighost = opts.sighost ?? DEFAULT_SIGHOST;
+  const { room, token, host } = opts.url
+    ? parseShareUrl(opts.url)
+    : {
+        room: "r" + randomBytes(3).toString("hex"),
+        token: randomBytes(32).toString("hex"),
+        host: sighost,
+      };
+
+  const RTCPeerConnection = await importRTC();
+  const wsScheme = host.startsWith("localhost") || host.startsWith("127.") ? "ws" : "wss";
+  const ui = host === "s.agent-yes.com" ? "https://agent-yes.com" : "http://localhost:7778";
+  const suffix = host === "s.agent-yes.com" ? "" : "@" + host;
+  const link = `${ui}/#${room}:${token}${suffix}`;
+
+  type Peer = { pc: any; aborts: Map<number, AbortController> };
+  const peers = new Map<string, Peer>();
+
+  const connectSignaling = (onReady: () => void) => {
+    const ws = new WebSocket(`${wsScheme}://${host}/${room}`, [SUB]);
+    let ready = false;
+    ws.onopen = () => {
+      ws.send(JSON.stringify({ type: "hello", role: "host", token }));
+      ready = true;
+      onReady();
+    };
+    ws.onmessage = async (ev) => {
+      const m = JSON.parse(ev.data as string);
+      if (m.type === "peer-join") startPeer(ws, m.peer);
+      else if (m.type === "answer")
+        await peers.get(m.from)?.pc.setRemoteDescription({ type: "answer", sdp: m.sdp });
+      else if (m.type === "candidate")
+        await peers
+          .get(m.from)
+          ?.pc.addIceCandidate(m.candidate)
+          .catch(() => {});
+      else if (m.type === "peer-leave") closePeer(m.peer);
+    };
+    ws.onclose = () => {
+      // Keep established WebRTC peers; just re-establish the rendezvous so new
+      // browsers can still join. Backoff a little to avoid hot-looping.
+      setTimeout(() => connectSignaling(() => {}), ready ? 1500 : 4000);
+    };
+    ws.onerror = () => {};
+    return ws;
+  };
+
+  function startPeer(ws: WebSocket, peerId: string) {
+    const pc = new RTCPeerConnection({ iceServers: ICE });
+    const aborts = new Map<number, AbortController>();
+    peers.set(peerId, { pc, aborts });
+    pc.onicecandidate = (e: any) => {
+      if (e.candidate)
+        ws.send(JSON.stringify({ type: "candidate", to: peerId, candidate: e.candidate }));
+    };
+    pc.onconnectionstatechange = () => {
+      if (["failed", "closed", "disconnected"].includes(pc.connectionState)) closePeer(peerId);
+    };
+    const dc = pc.createDataChannel("api");
+    dc.onmessage = (e: any) => onReq(dc, aborts, JSON.parse(e.data));
+    pc.createOffer()
+      .then((o: any) => pc.setLocalDescription(o))
+      .then(() =>
+        ws.send(JSON.stringify({ type: "offer", to: peerId, sdp: pc.localDescription.sdp })),
+      );
+  }
+
+  function closePeer(peerId: string) {
+    const p = peers.get(peerId);
+    if (!p) return;
+    for (const a of p.aborts.values()) a.abort();
+    try {
+      p.pc.close();
+    } catch {
+      /* already closed */
+    }
+    peers.delete(peerId);
+  }
+
+  function send(dc: any, obj: object) {
+    if (dc.readyState === "open") dc.send(JSON.stringify(obj));
+  }
+
+  async function onReq(dc: any, aborts: Map<number, AbortController>, req: any) {
+    if (req.t === "abort") {
+      aborts.get(req.id)?.abort();
+      aborts.delete(req.id);
+      return;
+    }
+    if (req.t !== "req") return;
+    const { id, method, path: p, body } = req;
+    const ac = new AbortController();
+    aborts.set(id, ac);
+    try {
+      const res = await fetch(opts.apiUrl + p, {
+        method,
+        headers: {
+          Authorization: `Bearer ${opts.apiToken}`,
+          ...(body ? { "Content-Type": "application/json" } : {}),
+        },
+        body: body ?? undefined,
+        signal: ac.signal,
+      });
+      send(dc, { t: "res", id, status: res.status, ct: res.headers.get("content-type") ?? "" });
+      const reader = res.body!.getReader();
+      const dec = new TextDecoder();
+      for (;;) {
+        const { done, value } = await reader.read();
+        if (done) break;
+        const text = dec.decode(value, { stream: true });
+        for (let i = 0; i < text.length; i += MAX_CHUNK)
+          send(dc, { t: "data", id, chunk: text.slice(i, i + MAX_CHUNK) });
+      }
+      send(dc, { t: "end", id });
+    } catch (e) {
+      if ((e as Error).name !== "AbortError") send(dc, { t: "end", id, error: String(e) });
+    } finally {
+      aborts.delete(id);
+    }
+  }
+
+  await new Promise<void>((resolve) => connectSignaling(resolve));
+  void minted; // (informational) caller decides how to surface the link
+  return { room, link };
+}

package/dist/SUPPORTED_CLIS-Bo4qbT_0.js

@@ -1,12 +0,0 @@
-import { t as CLIS_CONFIG } from "./ts-DtwVuD8n.js";
-import "./logger-B9h0djqx.js";
-import "./versionChecker-BY5g27iW.js";
-import "./pidStore-DTzl6zeh.js";
-import "./globalPidIndex-yVd3mbsV.js";
-
-//#region ts/SUPPORTED_CLIS.ts
-const SUPPORTED_CLIS = Object.keys(CLIS_CONFIG);
-
-//#endregion
-export { SUPPORTED_CLIS };
-//# sourceMappingURL=SUPPORTED_CLIS-Bo4qbT_0.js.map