agentvigil 1.0.0

package/dist/sessions/session-poller.js

@@ -0,0 +1,73 @@
+import { logger } from '../utils/logger.js';
+import { deleteSession, getAllSessions, getSession, updateSession, } from './session-manager.js';
+import { detectAgentProcesses, findSessionFileForCwd, isPidAlive } from './process-detector.js';
+export const PROCESS_POLL_INTERVAL_MS = 10_000;
+/**
+ * Reconciles the OS process table with the in-memory session store every
+ * PROCESS_POLL_INTERVAL_MS milliseconds.
+ *
+ * - Sessions whose process has died are removed immediately.
+ * - Running agent processes not yet in the store are added.
+ * - done/error sessions are left for cleanup() to expire.
+ *
+ * Runs the first poll synchronously (awaited) before returning so the store
+ * is fully populated when the caller proceeds.
+ */
+export async function startSessionPolling(onSessionAdded, onSessionRemoved, intervalMs = PROCESS_POLL_INTERVAL_MS) {
+    async function poll() {
+        try {
+            const liveProcs = await detectAgentProcesses();
+            // ── Remove dead sessions ──────────────────────────────────────────
+            for (const session of getAllSessions()) {
+                // done/error sessions are managed by cleanup() — leave them alone
+                if (session.state === 'done' || session.state === 'error')
+                    continue;
+                if (session.pid && !isPidAlive(session.pid)) {
+                    logger.info(`Session terminated (pid ${session.pid} dead): ${session.project_name}`);
+                    deleteSession(session.session_id);
+                    onSessionRemoved(session.session_id);
+                }
+            }
+            // ── Add new sessions ──────────────────────────────────────────────
+            for (const proc of liveProcs) {
+                // Already tracked by pid?
+                const byPid = getAllSessions().find(s => s.pid === proc.pid);
+                if (byPid)
+                    continue;
+                const fileInfo = await findSessionFileForCwd(proc.cwd);
+                if (!fileInfo) {
+                    // JSONL not written yet — session is just starting; next poll will catch it.
+                    continue;
+                }
+                // Already tracked by session_id (hook may have created it first)?
+                if (getSession(fileInfo.sessionId)) {
+                    const existing = getSession(fileInfo.sessionId);
+                    if (!existing.pid) {
+                        // Attach pid so future dead-process checks work.
+                        updateSession(fileInfo.sessionId, { pid: proc.pid });
+                    }
+                    continue;
+                }
+                const session = updateSession(fileInfo.sessionId, {
+                    cwd: proc.cwd,
+                    agent: proc.agentType,
+                    state: 'working',
+                    last_message: fileInfo.lastMessage,
+                    last_activity: new Date(),
+                    pid: proc.pid,
+                });
+                logger.info(`New session detected: ${session.project_name} (pid: ${proc.pid})`);
+                onSessionAdded(session);
+            }
+        }
+        catch (err) {
+            logger.warn('Session poll error', err);
+        }
+    }
+    await poll(); // first run awaited — store is populated when we return
+    const activeSessions = getAllSessions().filter(s => s.state === 'working' || s.state === 'blocked' || s.state === 'idle');
+    logger.info(`Session poll ready: ${activeSessions.length} active session(s)`);
+    const timer = setInterval(() => void poll(), intervalMs);
+    return { stop: () => clearInterval(timer) };
+}
+//# sourceMappingURL=session-poller.js.map

package/dist/sessions/session-poller.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"session-poller.js","sourceRoot":"","sources":["../../src/sessions/session-poller.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;AAC5C,OAAO,EACL,aAAa,EACb,cAAc,EACd,UAAU,EACV,aAAa,GAEd,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EAAE,oBAAoB,EAAE,qBAAqB,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC;AAEhG,MAAM,CAAC,MAAM,wBAAwB,GAAG,MAAM,CAAC;AAM/C;;;;;;;;;;GAUG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,cAA0C,EAC1C,gBAA6C,EAC7C,UAAU,GAAG,wBAAwB;IAErC,KAAK,UAAU,IAAI;QACjB,IAAI,CAAC;YACH,MAAM,SAAS,GAAG,MAAM,oBAAoB,EAAE,CAAC;YAE/C,qEAAqE;YACrE,KAAK,MAAM,OAAO,IAAI,cAAc,EAAE,EAAE,CAAC;gBACvC,kEAAkE;gBAClE,IAAI,OAAO,CAAC,KAAK,KAAK,MAAM,IAAI,OAAO,CAAC,KAAK,KAAK,OAAO;oBAAE,SAAS;gBAEpE,IAAI,OAAO,CAAC,GAAG,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;oBAC5C,MAAM,CAAC,IAAI,CAAC,2BAA2B,OAAO,CAAC,GAAG,WAAW,OAAO,CAAC,YAAY,EAAE,CAAC,CAAC;oBACrF,aAAa,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;oBAClC,gBAAgB,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;gBACvC,CAAC;YACH,CAAC;YAED,qEAAqE;YACrE,KAAK,MAAM,IAAI,IAAI,SAAS,EAAE,CAAC;gBAC7B,0BAA0B;gBAC1B,MAAM,KAAK,GAAG,cAAc,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK,IAAI,CAAC,GAAG,CAAC,CAAC;gBAC7D,IAAI,KAAK;oBAAE,SAAS;gBAEpB,MAAM,QAAQ,GAAG,MAAM,qBAAqB,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBACvD,IAAI,CAAC,QAAQ,EAAE,CAAC;oBACd,6EAA6E;oBAC7E,SAAS;gBACX,CAAC;gBAED,kEAAkE;gBAClE,IAAI,UAAU,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;oBACnC,MAAM,QAAQ,GAAG,UAAU,CAAC,QAAQ,CAAC,SAAS,CAAE,CAAC;oBACjD,IAAI,CAAC,QAAQ,CAAC,GAAG,EAAE,CAAC;wBAClB,iDAAiD;wBACjD,aAAa,CAAC,QAAQ,CAAC,SAAS,EAAE,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;oBACvD,CAAC;oBACD,SAAS;gBACX,CAAC;gBAED,MAAM,OAAO,GAAG,aAAa,CAAC,QAAQ,CAAC,SAAS,EAAE;oBAChD,GAAG,EAAE,IAAI,CAAC,GAAG;oBACb,KAAK,EAAE,IAAI,CAAC,SAAS;oBACrB,KAAK,EAAE,SAAS;oBAChB,YAAY,EAAE,QAAQ,CAAC,WAAW;oBAClC,aAAa,EAAE,IAAI,IAAI,EAAE;oBACzB,GAAG,EAAE,IAAI,CAAC,GAAG;iBACd,CAAC,CAAC;gBAEH,MAAM,CAAC,IAAI,CAAC,yBAAyB,OAAO,CAAC,YAAY,UAAU,IAAI,CAAC,GAAG,GAAG,CAAC,CAAC;gBAChF,cAAc,CAAC,OAAO,CAAC,CAAC;YAC1B,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,CAAC,IAAI,CAAC,oBAAoB,EAAE,GAAG,CAAC,CAAC;QACzC,CAAC;IACH,CAAC;IAED,MAAM,IAAI,EAAE,CAAC,CAAC,wDAAwD;IACtE,MAAM,cAAc,GAAG,cAAc,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,SAAS,IAAI,CAAC,CAAC,KAAK,KAAK,SAAS,IAAI,CAAC,CAAC,KAAK,KAAK,MAAM,CAAC,CAAC;IAC1H,MAAM,CAAC,IAAI,CAAC,uBAAuB,cAAc,CAAC,MAAM,oBAAoB,CAAC,CAAC;IAC9E,MAAM,KAAK,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC,KAAK,IAAI,EAAE,EAAE,UAAU,CAAC,CAAC;IACzD,OAAO,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC,aAAa,CAAC,KAAK,CAAC,EAAE,CAAC;AAC9C,CAAC"}

package/dist/sessions/session-watcher.d.ts

@@ -0,0 +1,20 @@
+import { type FSWatcher } from 'chokidar';
+export declare const SESSION_BLOCKLIST: string[];
+/** Returns true when the basename of `cwd` exactly matches a blocklisted tool/meta directory. */
+export declare function isBlocklisted(cwd: string): boolean;
+export interface SessionUpdate {
+    session_id: string;
+    cwd: string;
+    last_message?: string;
+    last_activity: Date;
+}
+export declare function readLastLine(filePath: string): Promise<string | undefined>;
+export declare function extractCwdFromPath(filePath: string): string;
+export declare function processTranscriptFile(filePath: string, onUpdate: (update: SessionUpdate) => void): Promise<void>;
+/**
+ * Watches JSONL transcripts for live last_message updates on existing sessions.
+ * Session creation and deletion is owned by the process poller — this watcher
+ * only fires on 'change' events (ignoreInitial) to keep last_message current.
+ */
+export declare function watchSessions(onUpdate: (update: SessionUpdate) => void): FSWatcher;
+//# sourceMappingURL=session-watcher.d.ts.map

package/dist/sessions/session-watcher.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"session-watcher.d.ts","sourceRoot":"","sources":["../../src/sessions/session-watcher.ts"],"names":[],"mappings":"AAGA,OAAiB,EAAE,KAAK,SAAS,EAAE,MAAM,UAAU,CAAC;AAEpD,eAAO,MAAM,iBAAiB,UAK7B,CAAC;AAEF,iGAAiG;AACjG,wBAAgB,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAGlD;AAED,MAAM,WAAW,aAAa;IAC5B,UAAU,EAAE,MAAM,CAAC;IACnB,GAAG,EAAE,MAAM,CAAC;IACZ,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,aAAa,EAAE,IAAI,CAAC;CACrB;AAED,wBAAsB,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,CAIhF;AAKD,wBAAgB,kBAAkB,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,CAG3D;AAED,wBAAsB,qBAAqB,CACzC,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,CAAC,MAAM,EAAE,aAAa,KAAK,IAAI,GACxC,OAAO,CAAC,IAAI,CAAC,CAyBf;AAED;;;;GAIG;AACH,wBAAgB,aAAa,CAC3B,QAAQ,EAAE,CAAC,MAAM,EAAE,aAAa,KAAK,IAAI,GACxC,SAAS,CAaX"}

package/dist/sessions/session-watcher.js

@@ -0,0 +1,71 @@
+import fs from 'node:fs/promises';
+import os from 'node:os';
+import path from 'node:path';
+import chokidar from 'chokidar';
+export const SESSION_BLOCKLIST = [
+    'agentvigil-mac', // Mac companion — never a monitored session
+    'node_modules',
+    '.claude',
+    '.agentvigil',
+];
+/** Returns true when the basename of `cwd` exactly matches a blocklisted tool/meta directory. */
+export function isBlocklisted(cwd) {
+    const basename = path.basename(cwd).toLowerCase();
+    return SESSION_BLOCKLIST.includes(basename);
+}
+export async function readLastLine(filePath) {
+    const content = await fs.readFile(filePath, 'utf8');
+    const lines = content.split('\n').map((line) => line.trim()).filter(Boolean);
+    return lines.at(-1);
+}
+// Claude Code project directory names are the cwd with '/' replaced by '-'.
+// That's lossy for paths containing dashes, so this is only a fallback for
+// when a transcript entry doesn't carry its own `cwd` field.
+export function extractCwdFromPath(filePath) {
+    const projectDir = path.basename(path.dirname(filePath));
+    return projectDir.replace(/-/g, '/');
+}
+export async function processTranscriptFile(filePath, onUpdate) {
+    try {
+        const lastLine = await readLastLine(filePath);
+        if (!lastLine)
+            return;
+        const entry = JSON.parse(lastLine);
+        // Skip sessions that have already ended — they show up in the initial
+        // chokidar scan but should not appear as active sessions on startup.
+        const hookEvent = typeof entry.hook_event_name === 'string' ? entry.hook_event_name : '';
+        if (hookEvent === 'Stop' || hookEvent === 'SubagentStop')
+            return;
+        if (typeof entry.state === 'string' && entry.state === 'done')
+            return;
+        const cwd = typeof entry.cwd === 'string' ? entry.cwd : extractCwdFromPath(filePath);
+        if (isBlocklisted(cwd))
+            return;
+        onUpdate({
+            session_id: path.basename(filePath, '.jsonl'),
+            cwd,
+            last_message: typeof entry.message === 'string' ? entry.message : undefined,
+            last_activity: new Date(),
+        });
+    }
+    catch {
+        // Malformed line or unreadable file — skip it, the watcher keeps running.
+    }
+}
+/**
+ * Watches JSONL transcripts for live last_message updates on existing sessions.
+ * Session creation and deletion is owned by the process poller — this watcher
+ * only fires on 'change' events (ignoreInitial) to keep last_message current.
+ */
+export function watchSessions(onUpdate) {
+    const projectsDir = path.join(os.homedir(), '.claude', 'projects');
+    const watcher = chokidar.watch(`${projectsDir}/**/*.jsonl`, {
+        ignoreInitial: true, // poller owns detection; watcher is supplementary only
+        awaitWriteFinish: { stabilityThreshold: 100, pollInterval: 50 },
+    });
+    watcher.on('change', (filePath) => {
+        void processTranscriptFile(filePath, onUpdate);
+    });
+    return watcher;
+}
+//# sourceMappingURL=session-watcher.js.map

package/dist/sessions/session-watcher.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"session-watcher.js","sourceRoot":"","sources":["../../src/sessions/session-watcher.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,kBAAkB,CAAC;AAClC,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,QAA4B,MAAM,UAAU,CAAC;AAEpD,MAAM,CAAC,MAAM,iBAAiB,GAAG;IAC/B,gBAAgB,EAAI,4CAA4C;IAChE,cAAc;IACd,SAAS;IACT,aAAa;CACd,CAAC;AAEF,iGAAiG;AACjG,MAAM,UAAU,aAAa,CAAC,GAAW;IACvC,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,WAAW,EAAE,CAAC;IAClD,OAAO,iBAAiB,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;AAC9C,CAAC;AASD,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,QAAgB;IACjD,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IACpD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAC7E,OAAO,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;AACtB,CAAC;AAED,4EAA4E;AAC5E,2EAA2E;AAC3E,6DAA6D;AAC7D,MAAM,UAAU,kBAAkB,CAAC,QAAgB;IACjD,MAAM,UAAU,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC;IACzD,OAAO,UAAU,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;AACvC,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,qBAAqB,CACzC,QAAgB,EAChB,QAAyC;IAEzC,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,YAAY,CAAC,QAAQ,CAAC,CAAC;QAC9C,IAAI,CAAC,QAAQ;YAAE,OAAO;QAEtB,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;QAEnC,sEAAsE;QACtE,qEAAqE;QACrE,MAAM,SAAS,GAAG,OAAO,KAAK,CAAC,eAAe,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC,CAAC,EAAE,CAAC;QACzF,IAAI,SAAS,KAAK,MAAM,IAAI,SAAS,KAAK,cAAc;YAAE,OAAO;QACjE,IAAI,OAAO,KAAK,CAAC,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,KAAK,KAAK,MAAM;YAAE,OAAO;QAEtE,MAAM,GAAG,GAAG,OAAO,KAAK,CAAC,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,kBAAkB,CAAC,QAAQ,CAAC,CAAC;QACrF,IAAI,aAAa,CAAC,GAAG,CAAC;YAAE,OAAO;QAE/B,QAAQ,CAAC;YACP,UAAU,EAAE,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,QAAQ,CAAC;YAC7C,GAAG;YACH,YAAY,EAAE,OAAO,KAAK,CAAC,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS;YAC3E,aAAa,EAAE,IAAI,IAAI,EAAE;SAC1B,CAAC,CAAC;IACL,CAAC;IAAC,MAAM,CAAC;QACP,0EAA0E;IAC5E,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,aAAa,CAC3B,QAAyC;IAEzC,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,UAAU,CAAC,CAAC;IAEnE,MAAM,OAAO,GAAG,QAAQ,CAAC,KAAK,CAAC,GAAG,WAAW,aAAa,EAAE;QAC1D,aAAa,EAAE,IAAI,EAAE,uDAAuD;QAC5E,gBAAgB,EAAE,EAAE,kBAAkB,EAAE,GAAG,EAAE,YAAY,EAAE,EAAE,EAAE;KAChE,CAAC,CAAC;IAEH,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,EAAE,EAAE;QAChC,KAAK,qBAAqB,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IACjD,CAAC,CAAC,CAAC;IAEH,OAAO,OAAO,CAAC;AACjB,CAAC"}

package/dist/sessions/tmux-bridge.d.ts

@@ -0,0 +1,11 @@
+export interface TmuxPane {
+    pane_id: string;
+    pid: string;
+    command: string;
+    cwd: string;
+}
+export declare function isPidAlive(pid: string): boolean;
+export declare function enumerateTmuxSessions(): Promise<TmuxPane[]>;
+export declare function findTmuxPaneForSession(cwd: string, panes: TmuxPane[]): TmuxPane | undefined;
+export declare function sendMacNotification(title: string, message: string): Promise<void>;
+//# sourceMappingURL=tmux-bridge.d.ts.map

package/dist/sessions/tmux-bridge.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"tmux-bridge.d.ts","sourceRoot":"","sources":["../../src/sessions/tmux-bridge.ts"],"names":[],"mappings":"AAMA,MAAM,WAAW,QAAQ;IACvB,OAAO,EAAE,MAAM,CAAC;IAChB,GAAG,EAAE,MAAM,CAAC;IACZ,OAAO,EAAE,MAAM,CAAC;IAChB,GAAG,EAAE,MAAM,CAAC;CACb;AAED,wBAAgB,UAAU,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAO/C;AAWD,wBAAsB,qBAAqB,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC,CAwBjE;AAED,wBAAgB,sBAAsB,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,GAAG,QAAQ,GAAG,SAAS,CAK3F;AAMD,wBAAsB,mBAAmB,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAOvF"}

package/dist/sessions/tmux-bridge.js

@@ -0,0 +1,67 @@
+import { execFile } from 'node:child_process';
+import { logger } from '../utils/logger.js';
+import { isBlocklisted } from './session-watcher.js';
+const AGENT_COMMANDS = ['claude', 'codex', 'amp'];
+export function isPidAlive(pid) {
+    try {
+        process.kill(parseInt(pid, 10), 0);
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+function runCommand(command, args) {
+    return new Promise((resolve, reject) => {
+        execFile(command, args, (error, stdout) => {
+            if (error)
+                reject(error);
+            else
+                resolve(stdout.toString());
+        });
+    });
+}
+export async function enumerateTmuxSessions() {
+    try {
+        const stdout = await runCommand('tmux', [
+            'list-panes',
+            '-a',
+            '-F',
+            '#{pane_id}|#{pane_pid}|#{pane_current_command}|#{pane_current_path}',
+        ]);
+        return stdout
+            .trim()
+            .split('\n')
+            .filter(Boolean)
+            .map((line) => {
+            const [pane_id, pid, command, cwd] = line.split('|');
+            return { pane_id, pid, command, cwd };
+        })
+            .filter((pane) => AGENT_COMMANDS.some((agent) => pane.command.includes(agent)))
+            .filter((pane) => isPidAlive(pane.pid))
+            .filter((pane) => !isBlocklisted(pane.cwd));
+    }
+    catch {
+        // tmux not running or not installed
+        return [];
+    }
+}
+export function findTmuxPaneForSession(cwd, panes) {
+    // Prefer the most specific match so a nested-directory session binds to its
+    // own pane rather than a parent directory's (e.g. monorepo sub-packages).
+    const candidates = panes.filter((pane) => pane.cwd === cwd || cwd.startsWith(`${pane.cwd}/`));
+    return candidates.sort((a, b) => b.cwd.length - a.cwd.length)[0];
+}
+function appleScriptString(value) {
+    return `"${value.replace(/\\/g, '\\\\').replace(/"/g, '\\"')}"`;
+}
+export async function sendMacNotification(title, message) {
+    const script = `display notification ${appleScriptString(message)} with title ${appleScriptString(title)} sound name "Funk"`;
+    try {
+        await runCommand('osascript', ['-e', script]);
+    }
+    catch (err) {
+        logger.warn('Failed to display Mac notification', err);
+    }
+}
+//# sourceMappingURL=tmux-bridge.js.map

package/dist/sessions/tmux-bridge.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"tmux-bridge.js","sourceRoot":"","sources":["../../src/sessions/tmux-bridge.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAC9C,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;AAC5C,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AAErD,MAAM,cAAc,GAAG,CAAC,QAAQ,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC;AASlD,MAAM,UAAU,UAAU,CAAC,GAAW;IACpC,IAAI,CAAC;QACH,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,EAAE,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC;QACnC,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,SAAS,UAAU,CAAC,OAAe,EAAE,IAAc;IACjD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,QAAQ,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;YACxC,IAAI,KAAK;gBAAE,MAAM,CAAC,KAAK,CAAC,CAAC;;gBACpB,OAAO,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC;QAClC,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,qBAAqB;IACzC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,MAAM,EAAE;YACtC,YAAY;YACZ,IAAI;YACJ,IAAI;YACJ,qEAAqE;SACtE,CAAC,CAAC;QAEH,OAAO,MAAM;aACV,IAAI,EAAE;aACN,KAAK,CAAC,IAAI,CAAC;aACX,MAAM,CAAC,OAAO,CAAC;aACf,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE;YACZ,MAAM,CAAC,OAAO,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YACrD,OAAO,EAAE,OAAO,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC;QACxC,CAAC,CAAC;aACD,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC;aAC9E,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;aACtC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IAChD,CAAC;IAAC,MAAM,CAAC;QACP,oCAAoC;QACpC,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED,MAAM,UAAU,sBAAsB,CAAC,GAAW,EAAE,KAAiB;IACnE,4EAA4E;IAC5E,0EAA0E;IAC1E,MAAM,UAAU,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,GAAG,KAAK,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,GAAG,IAAI,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC;IAC9F,OAAO,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;AACnE,CAAC;AAED,SAAS,iBAAiB,CAAC,KAAa;IACtC,OAAO,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,GAAG,CAAC;AAClE,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,mBAAmB,CAAC,KAAa,EAAE,OAAe;IACtE,MAAM,MAAM,GAAG,wBAAwB,iBAAiB,CAAC,OAAO,CAAC,eAAe,iBAAiB,CAAC,KAAK,CAAC,oBAAoB,CAAC;IAC7H,IAAI,CAAC;QACH,MAAM,UAAU,CAAC,WAAW,EAAE,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,CAAC;IAChD,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,CAAC,IAAI,CAAC,oCAAoC,EAAE,GAAG,CAAC,CAAC;IACzD,CAAC;AACH,CAAC"}

package/dist/tunnel/tunnel-manager.d.ts

@@ -0,0 +1,8 @@
+export declare class TunnelManager {
+    private process;
+    private tunnelUrl;
+    start(port: number): Promise<string>;
+    getTunnelUrl(): string | null;
+    stop(): void;
+}
+//# sourceMappingURL=tunnel-manager.d.ts.map

package/dist/tunnel/tunnel-manager.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"tunnel-manager.d.ts","sourceRoot":"","sources":["../../src/tunnel/tunnel-manager.ts"],"names":[],"mappings":"AAMA,qBAAa,aAAa;IACxB,OAAO,CAAC,OAAO,CAA6B;IAC5C,OAAO,CAAC,SAAS,CAAuB;IAElC,KAAK,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IA8C1C,YAAY,IAAI,MAAM,GAAG,IAAI;IAI7B,IAAI,IAAI,IAAI;CAKb"}

package/dist/tunnel/tunnel-manager.js

@@ -0,0 +1,57 @@
+import { spawn } from 'node:child_process';
+import { logger } from '../utils/logger.js';
+const TUNNEL_URL_PATTERN = /https:\/\/[a-z0-9-]+\.trycloudflare\.com/;
+const TUNNEL_URL_TIMEOUT_MS = 30_000;
+export class TunnelManager {
+    process = null;
+    tunnelUrl = null;
+    async start(port) {
+        return new Promise((resolve, reject) => {
+            let settled = false;
+            let timeoutHandle;
+            const settle = (action) => {
+                if (settled)
+                    return;
+                settled = true;
+                clearTimeout(timeoutHandle);
+                action();
+            };
+            this.process = spawn('cloudflared', [
+                'tunnel',
+                '--url',
+                `http://localhost:${port}`,
+                '--no-autoupdate',
+                '--logfile',
+                '/dev/null',
+            ]);
+            this.process.stderr?.on('data', (data) => {
+                const match = data.toString().match(TUNNEL_URL_PATTERN);
+                if (match && !this.tunnelUrl) {
+                    this.tunnelUrl = match[0].replace('https://', 'wss://');
+                    logger.success(`Tunnel established: ${this.tunnelUrl}`);
+                    settle(() => resolve(this.tunnelUrl));
+                }
+            });
+            this.process.on('exit', (code) => {
+                if (!this.tunnelUrl) {
+                    settle(() => reject(new Error(`cloudflared exited with code ${code}`)));
+                }
+            });
+            this.process.on('error', (err) => {
+                settle(() => reject(err));
+            });
+            timeoutHandle = setTimeout(() => {
+                settle(() => reject(new Error('Tunnel URL not received within 30s')));
+            }, TUNNEL_URL_TIMEOUT_MS);
+        });
+    }
+    getTunnelUrl() {
+        return this.tunnelUrl;
+    }
+    stop() {
+        this.process?.kill();
+        this.process = null;
+        this.tunnelUrl = null;
+    }
+}
+//# sourceMappingURL=tunnel-manager.js.map

package/dist/tunnel/tunnel-manager.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"tunnel-manager.js","sourceRoot":"","sources":["../../src/tunnel/tunnel-manager.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAqB,MAAM,oBAAoB,CAAC;AAC9D,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;AAE5C,MAAM,kBAAkB,GAAG,0CAA0C,CAAC;AACtE,MAAM,qBAAqB,GAAG,MAAM,CAAC;AAErC,MAAM,OAAO,aAAa;IAChB,OAAO,GAAwB,IAAI,CAAC;IACpC,SAAS,GAAkB,IAAI,CAAC;IAExC,KAAK,CAAC,KAAK,CAAC,IAAY;QACtB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,IAAI,OAAO,GAAG,KAAK,CAAC;YACpB,IAAI,aAA4C,CAAC;YAEjD,MAAM,MAAM,GAAG,CAAC,MAAkB,EAAE,EAAE;gBACpC,IAAI,OAAO;oBAAE,OAAO;gBACpB,OAAO,GAAG,IAAI,CAAC;gBACf,YAAY,CAAC,aAAa,CAAC,CAAC;gBAC5B,MAAM,EAAE,CAAC;YACX,CAAC,CAAC;YAEF,IAAI,CAAC,OAAO,GAAG,KAAK,CAAC,aAAa,EAAE;gBAClC,QAAQ;gBACR,OAAO;gBACP,oBAAoB,IAAI,EAAE;gBAC1B,iBAAiB;gBACjB,WAAW;gBACX,WAAW;aACZ,CAAC,CAAC;YAEH,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,IAAY,EAAE,EAAE;gBAC/C,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC;gBACxD,IAAI,KAAK,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;oBAC7B,IAAI,CAAC,SAAS,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;oBACxD,MAAM,CAAC,OAAO,CAAC,uBAAuB,IAAI,CAAC,SAAS,EAAE,CAAC,CAAC;oBACxD,MAAM,CAAC,GAAG,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,SAAU,CAAC,CAAC,CAAC;gBACzC,CAAC;YACH,CAAC,CAAC,CAAC;YAEH,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;gBAC/B,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;oBACpB,MAAM,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,gCAAgC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;gBAC1E,CAAC;YACH,CAAC,CAAC,CAAC;YAEH,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;gBAC/B,MAAM,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;YAC5B,CAAC,CAAC,CAAC;YAEH,aAAa,GAAG,UAAU,CAAC,GAAG,EAAE;gBAC9B,MAAM,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC,CAAC,CAAC;YACxE,CAAC,EAAE,qBAAqB,CAAC,CAAC;QAC5B,CAAC,CAAC,CAAC;IACL,CAAC;IAED,YAAY;QACV,OAAO,IAAI,CAAC,SAAS,CAAC;IACxB,CAAC;IAED,IAAI;QACF,IAAI,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC;QACrB,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC;QACpB,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC;IACxB,CAAC;CACF"}

package/dist/tunnel/websocket-server.d.ts

@@ -0,0 +1,48 @@
+import { WebSocket } from 'ws';
+import type { AgentEvent, PhoneCommand } from '../types.js';
+export interface PairRequest {
+    type: 'pair';
+    pub_key: string;
+    device_name: string;
+}
+export interface AgentVigilWsServerOptions {
+    /** The phone's first message after scanning the QR arrives unencrypted as this. */
+    onPairRequest?: (request: PairRequest, socket: WebSocket) => void;
+    /** Decrypted phone commands (approve/deny/send_prompt), once a shared secret is known. */
+    onCommand?: (command: PhoneCommand) => void;
+    /** Supplies the current session list for the full_sync sent on connect. */
+    getSessions?: () => AgentEvent[];
+    /**
+     * AgentEvents forwarded in-process by short-lived `agentvigil hook` CLI
+     * invocations (see hook-handler.ts) — the only way they can reach the live
+     * phone connection the daemon is holding. Requires a matching `localToken`.
+     */
+    onHookEvent?: (event: AgentEvent) => void;
+    /** Shared secret only the Mac's own processes know (its X25519 secret key) — authenticates `hook_event` messages so the tunnel-exposed phone can't forge them. */
+    localToken?: string;
+}
+export declare class AgentVigilWsServer {
+    private readonly port;
+    private readonly wss;
+    private readonly getSessions;
+    private readonly onPairRequest?;
+    private readonly onCommand?;
+    private readonly onHookEvent?;
+    private readonly localToken?;
+    private phoneSocket;
+    private sharedSecret;
+    private heartbeatTimer;
+    constructor(port?: number, options?: AgentVigilWsServerOptions);
+    start(): void;
+    /** Records the shared secret derived for the currently-paired device (or clears it). */
+    setSharedSecret(secret: string | undefined): void;
+    /** The NaCl shared secret for the paired phone, or undefined if not yet paired. */
+    getSharedSecret(): string | undefined;
+    onMessage(raw: string): void;
+    sendEvent(event: AgentEvent): void;
+    sendFullSync(): void;
+    get isPhoneConnected(): boolean;
+    stop(): void;
+    private sendHeartbeat;
+}
+//# sourceMappingURL=websocket-server.d.ts.map

package/dist/tunnel/websocket-server.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"websocket-server.d.ts","sourceRoot":"","sources":["../../src/tunnel/websocket-server.ts"],"names":[],"mappings":"AACA,OAAO,EAAmB,SAAS,EAAgB,MAAM,IAAI,CAAC;AAG9D,OAAO,KAAK,EAAE,UAAU,EAAiB,YAAY,EAAE,MAAM,aAAa,CAAC;AAI3E,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,yBAAyB;IACxC,mFAAmF;IACnF,aAAa,CAAC,EAAE,CAAC,OAAO,EAAE,WAAW,EAAE,MAAM,EAAE,SAAS,KAAK,IAAI,CAAC;IAClE,0FAA0F;IAC1F,SAAS,CAAC,EAAE,CAAC,OAAO,EAAE,YAAY,KAAK,IAAI,CAAC;IAC5C,2EAA2E;IAC3E,WAAW,CAAC,EAAE,MAAM,UAAU,EAAE,CAAC;IACjC;;;;OAIG;IACH,WAAW,CAAC,EAAE,CAAC,KAAK,EAAE,UAAU,KAAK,IAAI,CAAC;IAC1C,kKAAkK;IAClK,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,qBAAa,kBAAkB;IAYjB,OAAO,CAAC,QAAQ,CAAC,IAAI;IAXjC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAkB;IACtC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAqB;IACjD,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAoD;IACnF,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAkC;IAC7D,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,CAA8B;IAC3D,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAS;IAErC,OAAO,CAAC,WAAW,CAA0B;IAC7C,OAAO,CAAC,YAAY,CAAqB;IACzC,OAAO,CAAC,cAAc,CAA+C;gBAExC,IAAI,GAAE,MAAa,EAAE,OAAO,GAAE,yBAA8B;IASzF,KAAK,IAAI,IAAI;IAyCb,wFAAwF;IACxF,eAAe,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,GAAG,IAAI;IAIjD,mFAAmF;IACnF,eAAe,IAAI,MAAM,GAAG,SAAS;IAIrC,SAAS,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI;IA2D5B,SAAS,CAAC,KAAK,EAAE,UAAU,GAAG,IAAI;IAMlC,YAAY,IAAI,IAAI;IAepB,IAAI,gBAAgB,IAAI,OAAO,CAE9B;IAED,IAAI,IAAI,IAAI;IAUZ,OAAO,CAAC,aAAa;CAYtB"}

package/dist/tunnel/websocket-server.js

@@ -0,0 +1,173 @@
+import { WebSocketServer, WebSocket } from 'ws';
+import { logger } from '../utils/logger.js';
+import { decrypt, encrypt } from '../crypto/encryption.js';
+const HEARTBEAT_INTERVAL_MS = 30_000;
+export class AgentVigilWsServer {
+    port;
+    wss;
+    getSessions;
+    onPairRequest;
+    onCommand;
+    onHookEvent;
+    localToken;
+    phoneSocket = null;
+    sharedSecret;
+    heartbeatTimer = null;
+    constructor(port = 3847, options = {}) {
+        this.port = port;
+        this.wss = new WebSocketServer({ port });
+        this.getSessions = options.getSessions ?? (() => []);
+        this.onPairRequest = options.onPairRequest;
+        this.onCommand = options.onCommand;
+        this.onHookEvent = options.onHookEvent;
+        this.localToken = options.localToken;
+    }
+    start() {
+        this.wss.on('connection', (ws, request) => {
+            // Short-lived connections forwarded by `agentvigil hook` CLI invocations
+            // (see hook-handler.ts) hit a dedicated path so they're never mistaken
+            // for the phone — otherwise they'd overwrite `phoneSocket` and the real
+            // phone connection would be silently orphaned when the hook's socket closes.
+            if (request?.url?.startsWith('/hook')) {
+                ws.on('message', (data) => {
+                    try {
+                        this.onMessage(data.toString());
+                    }
+                    catch (err) {
+                        logger.error('Error handling hook_event message', err);
+                    }
+                });
+                ws.on('error', (err) => logger.error('Hook connection WS error', err));
+                return;
+            }
+            logger.info('Phone connected via tunnel');
+            this.phoneSocket = ws;
+            ws.on('message', (data) => {
+                try {
+                    this.onMessage(data.toString());
+                }
+                catch (err) {
+                    logger.error('Error handling phone message — keeping socket open', err);
+                }
+            });
+            ws.on('close', () => {
+                logger.warn('Phone disconnected');
+                if (this.phoneSocket === ws)
+                    this.phoneSocket = null;
+            });
+            ws.on('error', (err) => logger.error('WS error', err));
+            this.sendFullSync();
+        });
+        this.heartbeatTimer = setInterval(() => this.sendHeartbeat(), HEARTBEAT_INTERVAL_MS);
+        logger.success(`WS server listening on port ${this.port}`);
+    }
+    /** Records the shared secret derived for the currently-paired device (or clears it). */
+    setSharedSecret(secret) {
+        this.sharedSecret = secret;
+    }
+    /** The NaCl shared secret for the paired phone, or undefined if not yet paired. */
+    getSharedSecret() {
+        return this.sharedSecret;
+    }
+    onMessage(raw) {
+        let parsed;
+        try {
+            parsed = JSON.parse(raw);
+        }
+        catch {
+            logger.warn('Received a malformed WS message — ignoring');
+            return;
+        }
+        // Forwarded by a short-lived `agentvigil hook` CLI process — authenticated
+        // with a local-only token (the Mac's own secret key) rather than the
+        // phone's shared secret, since the hook process isn't "paired".
+        if (parsed?.type === 'hook_event') {
+            if (this.localToken && parsed.token === this.localToken) {
+                this.onHookEvent?.(parsed.event);
+            }
+            else {
+                logger.warn('Rejected hook_event message with an invalid local token');
+            }
+            return;
+        }
+        // The pairing handshake is the one message that travels unencrypted.
+        if (parsed?.type === 'pair') {
+            if (this.phoneSocket) {
+                try {
+                    this.onPairRequest?.({ type: 'pair', pub_key: parsed.pub_key, device_name: parsed.device_name }, this.phoneSocket);
+                }
+                catch (err) {
+                    logger.error('Pairing handshake failed', err);
+                    this.phoneSocket.send(JSON.stringify({ type: 'pairing_error', message: String(err) }));
+                    // DO NOT close the socket — let the phone retry
+                }
+            }
+            return;
+        }
+        if (!this.sharedSecret) {
+            logger.warn('Received a message before pairing was established — ignoring');
+            return;
+        }
+        try {
+            const decrypted = decrypt(parsed.payload, this.sharedSecret);
+            const command = JSON.parse(decrypted);
+            // full_sync_request is a WS-layer concern — respond immediately with
+            // the current session snapshot rather than forwarding to the relay.
+            if (command.type === 'full_sync_request') {
+                logger.dim('full_sync_request from phone — sending snapshot');
+                this.sendFullSync();
+                return;
+            }
+            this.onCommand?.(command);
+        }
+        catch (err) {
+            logger.error('Failed to decrypt phone message', err);
+        }
+    }
+    sendEvent(event) {
+        if (!this.isPhoneConnected || !this.sharedSecret)
+            return;
+        const encrypted = encrypt(JSON.stringify(event), this.sharedSecret);
+        this.phoneSocket.send(JSON.stringify({ payload: encrypted }));
+    }
+    sendFullSync() {
+        const sessions = this.getSessions();
+        const event = {
+            type: 'full_sync',
+            session_id: 'full_sync',
+            project_name: 'AgentVigil',
+            cwd: '',
+            agent: 'claude-code',
+            message: `${sessions.length} active session(s)`,
+            timestamp: new Date().toISOString(),
+            sessions,
+        };
+        this.sendEvent(event);
+    }
+    get isPhoneConnected() {
+        return this.phoneSocket?.readyState === WebSocket.OPEN;
+    }
+    stop() {
+        if (this.heartbeatTimer) {
+            clearInterval(this.heartbeatTimer);
+            this.heartbeatTimer = null;
+        }
+        this.phoneSocket?.close();
+        this.phoneSocket = null;
+        this.wss.close();
+    }
+    sendHeartbeat() {
+        if (!this.isPhoneConnected)
+            return;
+        this.sendEvent({
+            type: 'heartbeat',
+            session_id: 'heartbeat',
+            project_name: 'AgentVigil',
+            cwd: '',
+            agent: 'claude-code',
+            message: 'heartbeat',
+            timestamp: new Date().toISOString(),
+        });
+    }
+}
+//# sourceMappingURL=websocket-server.js.map

package/dist/tunnel/websocket-server.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"websocket-server.js","sourceRoot":"","sources":["../../src/tunnel/websocket-server.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,eAAe,EAAE,SAAS,EAAgB,MAAM,IAAI,CAAC;AAC9D,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;AAC5C,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,yBAAyB,CAAC;AAG3D,MAAM,qBAAqB,GAAG,MAAM,CAAC;AAyBrC,MAAM,OAAO,kBAAkB;IAYA;IAXZ,GAAG,CAAkB;IACrB,WAAW,CAAqB;IAChC,aAAa,CAAqD;IAClE,SAAS,CAAmC;IAC5C,WAAW,CAA+B;IAC1C,UAAU,CAAU;IAE7B,WAAW,GAAqB,IAAI,CAAC;IACrC,YAAY,CAAqB;IACjC,cAAc,GAA0C,IAAI,CAAC;IAErE,YAA6B,OAAe,IAAI,EAAE,UAAqC,EAAE;QAA5D,SAAI,GAAJ,IAAI,CAAe;QAC9C,IAAI,CAAC,GAAG,GAAG,IAAI,eAAe,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC;QACzC,IAAI,CAAC,WAAW,GAAG,OAAO,CAAC,WAAW,IAAI,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;QACrD,IAAI,CAAC,aAAa,GAAG,OAAO,CAAC,aAAa,CAAC;QAC3C,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC,SAAS,CAAC;QACnC,IAAI,CAAC,WAAW,GAAG,OAAO,CAAC,WAAW,CAAC;QACvC,IAAI,CAAC,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;IACvC,CAAC;IAED,KAAK;QACH,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,YAAY,EAAE,CAAC,EAAa,EAAE,OAAyB,EAAE,EAAE;YACrE,yEAAyE;YACzE,uEAAuE;YACvE,wEAAwE;YACxE,6EAA6E;YAC7E,IAAI,OAAO,EAAE,GAAG,EAAE,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;gBACtC,EAAE,CAAC,EAAE,CAAC,SAAS,EAAE,CAAC,IAAa,EAAE,EAAE;oBACjC,IAAI,CAAC;wBACH,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;oBAClC,CAAC;oBAAC,OAAO,GAAG,EAAE,CAAC;wBACb,MAAM,CAAC,KAAK,CAAC,mCAAmC,EAAE,GAAG,CAAC,CAAC;oBACzD,CAAC;gBACH,CAAC,CAAC,CAAC;gBACH,EAAE,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,0BAA0B,EAAE,GAAG,CAAC,CAAC,CAAC;gBACvE,OAAO;YACT,CAAC;YAED,MAAM,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC;YAC1C,IAAI,CAAC,WAAW,GAAG,EAAE,CAAC;YAEtB,EAAE,CAAC,EAAE,CAAC,SAAS,EAAE,CAAC,IAAa,EAAE,EAAE;gBACjC,IAAI,CAAC;oBACH,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;gBAClC,CAAC;gBAAC,OAAO,GAAG,EAAE,CAAC;oBACb,MAAM,CAAC,KAAK,CAAC,oDAAoD,EAAE,GAAG,CAAC,CAAC;gBAC1E,CAAC;YACH,CAAC,CAAC,CAAC;YACH,EAAE,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE;gBAClB,MAAM,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;gBAClC,IAAI,IAAI,CAAC,WAAW,KAAK,EAAE;oBAAE,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;YACvD,CAAC,CAAC,CAAC;YACH,EAAE,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC,CAAC;YAEvD,IAAI,CAAC,YAAY,EAAE,CAAC;QACtB,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,cAAc,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,aAAa,EAAE,EAAE,qBAAqB,CAAC,CAAC;QACrF,MAAM,CAAC,OAAO,CAAC,+BAA+B,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;IAC7D,CAAC;IAED,wFAAwF;IACxF,eAAe,CAAC,MAA0B;QACxC,IAAI,CAAC,YAAY,GAAG,MAAM,CAAC;IAC7B,CAAC;IAED,mFAAmF;IACnF,eAAe;QACb,OAAO,IAAI,CAAC,YAAY,CAAC;IAC3B,CAAC;IAED,SAAS,CAAC,GAAW;QACnB,IAAI,MAAW,CAAC;QAChB,IAAI,CAAC;YACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC3B,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,CAAC,IAAI,CAAC,4CAA4C,CAAC,CAAC;YAC1D,OAAO;QACT,CAAC;QAED,2EAA2E;QAC3E,qEAAqE;QACrE,gEAAgE;QAChE,IAAI,MAAM,EAAE,IAAI,KAAK,YAAY,EAAE,CAAC;YAClC,IAAI,IAAI,CAAC,UAAU,IAAI,MAAM,CAAC,KAAK,KAAK,IAAI,CAAC,UAAU,EAAE,CAAC;gBACxD,IAAI,CAAC,WAAW,EAAE,CAAC,MAAM,CAAC,KAAmB,CAAC,CAAC;YACjD,CAAC;iBAAM,CAAC;gBACN,MAAM,CAAC,IAAI,CAAC,yDAAyD,CAAC,CAAC;YACzE,CAAC;YACD,OAAO;QACT,CAAC;QAED,qEAAqE;QACrE,IAAI,MAAM,EAAE,IAAI,KAAK,MAAM,EAAE,CAAC;YAC5B,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;gBACrB,IAAI,CAAC;oBACH,IAAI,CAAC,aAAa,EAAE,CAClB,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,CAAC,OAAO,EAAE,WAAW,EAAE,MAAM,CAAC,WAAW,EAAE,EAC1E,IAAI,CAAC,WAAW,CACjB,CAAC;gBACJ,CAAC;gBAAC,OAAO,GAAG,EAAE,CAAC;oBACb,MAAM,CAAC,KAAK,CAAC,0BAA0B,EAAE,GAAG,CAAC,CAAC;oBAC9C,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,eAAe,EAAE,OAAO,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;oBACvF,gDAAgD;gBAClD,CAAC;YACH,CAAC;YACD,OAAO;QACT,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC;YACvB,MAAM,CAAC,IAAI,CAAC,8DAA8D,CAAC,CAAC;YAC5E,OAAO;QACT,CAAC;QAED,IAAI,CAAC;YACH,MAAM,SAAS,GAAG,OAAO,CAAC,MAAM,CAAC,OAAO,EAAE,IAAI,CAAC,YAAY,CAAC,CAAC;YAC7D,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAA2D,CAAC;YAChG,qEAAqE;YACrE,oEAAoE;YACpE,IAAI,OAAO,CAAC,IAAI,KAAK,mBAAmB,EAAE,CAAC;gBACzC,MAAM,CAAC,GAAG,CAAC,iDAAiD,CAAC,CAAC;gBAC9D,IAAI,CAAC,YAAY,EAAE,CAAC;gBACpB,OAAO;YACT,CAAC;YACD,IAAI,CAAC,SAAS,EAAE,CAAC,OAAuB,CAAC,CAAC;QAC5C,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,CAAC,KAAK,CAAC,iCAAiC,EAAE,GAAG,CAAC,CAAC;QACvD,CAAC;IACH,CAAC;IAED,SAAS,CAAC,KAAiB;QACzB,IAAI,CAAC,IAAI,CAAC,gBAAgB,IAAI,CAAC,IAAI,CAAC,YAAY;YAAE,OAAO;QACzD,MAAM,SAAS,GAAG,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,EAAE,IAAI,CAAC,YAAY,CAAC,CAAC;QACpE,IAAI,CAAC,WAAY,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC;IACjE,CAAC;IAED,YAAY;QACV,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;QACpC,MAAM,KAAK,GAAkB;YAC3B,IAAI,EAAE,WAAW;YACjB,UAAU,EAAE,WAAW;YACvB,YAAY,EAAE,YAAY;YAC1B,GAAG,EAAE,EAAE;YACP,KAAK,EAAE,aAAa;YACpB,OAAO,EAAE,GAAG,QAAQ,CAAC,MAAM,oBAAoB;YAC/C,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,QAAQ;SACT,CAAC;QACF,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;IACxB,CAAC;IAED,IAAI,gBAAgB;QAClB,OAAO,IAAI,CAAC,WAAW,EAAE,UAAU,KAAK,SAAS,CAAC,IAAI,CAAC;IACzD,CAAC;IAED,IAAI;QACF,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;YACxB,aAAa,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;YACnC,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC;QAC7B,CAAC;QACD,IAAI,CAAC,WAAW,EAAE,KAAK,EAAE,CAAC;QAC1B,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;QACxB,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC;IACnB,CAAC;IAEO,aAAa;QACnB,IAAI,CAAC,IAAI,CAAC,gBAAgB;YAAE,OAAO;QACnC,IAAI,CAAC,SAAS,CAAC;YACb,IAAI,EAAE,WAAW;YACjB,UAAU,EAAE,WAAW;YACvB,YAAY,EAAE,YAAY;YAC1B,GAAG,EAAE,EAAE;YACP,KAAK,EAAE,aAAa;YACpB,OAAO,EAAE,WAAW;YACpB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACpC,CAAC,CAAC;IACL,CAAC;CACF"}

package/dist/types.d.ts

@@ -0,0 +1,37 @@
+export interface HookPayload {
+    session_id: string;
+    transcript_path: string;
+    cwd: string;
+    hook_event_name: string;
+    notification_type?: string;
+    message?: string;
+}
+export type AgentEventType = 'permission_prompt' | 'task_complete' | 'session_error' | 'idle_waiting' | 'session_started' | 'session_ended' | 'session_updated' | 'heartbeat' | 'full_sync';
+export interface AgentEvent {
+    type: AgentEventType;
+    session_id: string;
+    project_name: string;
+    cwd: string;
+    agent: 'claude-code' | 'codex' | 'amp';
+    message: string;
+    permission_command?: string;
+    tool_name?: string;
+    tool_input?: string;
+    timestamp: string;
+    pid?: string;
+}
+export interface FullSyncEvent extends AgentEvent {
+    type: 'full_sync';
+    sessions: AgentEvent[];
+}
+export type PhoneCommandType = 'approve' | 'deny' | 'send_prompt' | 'heartbeat' | 'register_fcm_token';
+export interface PhoneCommand {
+    type: PhoneCommandType;
+    session_id: string;
+    payload?: string;
+    /** FCM registration token — present on 'register_fcm_token' commands. */
+    token?: string;
+    /** Human-readable phone name — present on 'register_fcm_token' commands. */
+    device_name?: string;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,WAAW;IAC1B,UAAU,EAAE,MAAM,CAAC;IACnB,eAAe,EAAE,MAAM,CAAC;IACxB,GAAG,EAAE,MAAM,CAAC;IACZ,eAAe,EAAE,MAAM,CAAC;IACxB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,MAAM,cAAc,GACtB,mBAAmB,GACnB,eAAe,GACf,eAAe,GACf,cAAc,GACd,iBAAiB,GACjB,eAAe,GACf,iBAAiB,GACjB,WAAW,GACX,WAAW,CAAC;AAEhB,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,cAAc,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,GAAG,EAAE,MAAM,CAAC;IACZ,KAAK,EAAE,aAAa,GAAG,OAAO,GAAG,KAAK,CAAC;IACvC,OAAO,EAAE,MAAM,CAAC;IAChB,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,GAAG,CAAC,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,aAAc,SAAQ,UAAU;IAC/C,IAAI,EAAE,WAAW,CAAC;IAClB,QAAQ,EAAE,UAAU,EAAE,CAAC;CACxB;AAED,MAAM,MAAM,gBAAgB,GAAG,SAAS,GAAG,MAAM,GAAG,aAAa,GAAG,WAAW,GAAG,oBAAoB,CAAC;AAEvG,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,gBAAgB,CAAC;IACvB,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,yEAAyE;IACzE,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,4EAA4E;IAC5E,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB"}

package/dist/types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=types.js.map

package/dist/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":""}