npm - airaknit - Versions diffs - 1.1.2-rc.9 - Mend

airaknit 1.1.2-rc.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (440) hide show

package/LICENSE +84 -0
package/README.md +202 -0
package/bin/airaknit +9 -0
package/bin/airaknit-project +14 -0
package/bin/kanna +9 -0
package/dist/client/assets/CompactSummaryMessage-Yw0BDWEJ.js +1 -0
package/dist/client/assets/ExitPlanModeMessage-DIdkQ4uF.js +1 -0
package/dist/client/assets/LocalFilePreviewDialog-DQx2eiCc.js +3 -0
package/dist/client/assets/LocalProjectsSection-C4xlWkgS.js +1 -0
package/dist/client/assets/TextMessage-B5G39DEJ.js +1 -0
package/dist/client/assets/UserMessage-CIkWk-0L.js +1 -0
package/dist/client/assets/_basePickBy-CVrAFfnZ.js +1 -0
package/dist/client/assets/_baseUniq-JL-aaF4P.js +1 -0
package/dist/client/assets/arc-B07zg7ol.js +1 -0
package/dist/client/assets/architecture-YZFGNWBL-PSLVJL3p.js +1 -0
package/dist/client/assets/architectureDiagram-Q4EWVU46-DfWIF1G_.js +36 -0
package/dist/client/assets/array-BGFCBI0e.js +1 -0
package/dist/client/assets/blockDiagram-DXYQGD6D-CzwIeo_B.js +132 -0
package/dist/client/assets/bundle-mjs-BDE2gWbQ.js +1 -0
package/dist/client/assets/button-DO50qOGv.js +1 -0
package/dist/client/assets/c4Diagram-AHTNJAMY-CR8DCQRE.js +10 -0
package/dist/client/assets/channel-Dj-UUfaF.js +1 -0
package/dist/client/assets/chunk-2KRD3SAO-dznP-cn8.js +1 -0
package/dist/client/assets/chunk-336JU56O-Dqss5Vu6.js +2 -0
package/dist/client/assets/chunk-426QAEUC-CEKis_0_.js +1 -0
package/dist/client/assets/chunk-4BX2VUAB-BYOv0Gm1.js +1 -0
package/dist/client/assets/chunk-4TB4RGXK-BxzubH5S.js +206 -0
package/dist/client/assets/chunk-55IACEB6-BSlTj03a.js +1 -0
package/dist/client/assets/chunk-5FUZZQ4R-9Au93Bi1.js +62 -0
package/dist/client/assets/chunk-5PVQY5BW-BhksHFEZ.js +2 -0
package/dist/client/assets/chunk-67CJDMHE-BFwhz-8t.js +1 -0
package/dist/client/assets/chunk-7N4EOEYR-BDUPds87.js +1 -0
package/dist/client/assets/chunk-AA7GKIK3-CEWTdyXO.js +1 -0
package/dist/client/assets/chunk-BO2N2NFS-D0LvxnhU.js +103 -0
package/dist/client/assets/chunk-BSJP7CBP-BNJnK6sq.js +1 -0
package/dist/client/assets/chunk-Bj-mKKzh.js +1 -0
package/dist/client/assets/chunk-CIAEETIT-CYhfoCeN.js +1 -0
package/dist/client/assets/chunk-EDXVE4YY-C5ovJLc0.js +1 -0
package/dist/client/assets/chunk-ENJZ2VHE-HOhYaeGr.js +10 -0
package/dist/client/assets/chunk-FMBD7UC4-BLCiKcAQ.js +15 -0
package/dist/client/assets/chunk-FOC6F5B3-B6GtY2ek.js +1 -0
package/dist/client/assets/chunk-ICPOFSXX-DPoIZoC5.js +122 -0
package/dist/client/assets/chunk-K5T4RW27-BsKN63rv.js +94 -0
package/dist/client/assets/chunk-KGLVRYIC-BUGn9uuY.js +1 -0
package/dist/client/assets/chunk-LIHQZDEY-DhaZyo03.js +1 -0
package/dist/client/assets/chunk-ORNJ4GCN-DlpeeJyi.js +1 -0
package/dist/client/assets/chunk-OYMX7WX6-Dc9q7aYA.js +231 -0
package/dist/client/assets/chunk-QZHKN3VN-BEdrPoSb.js +1 -0
package/dist/client/assets/chunk-U2HBQHQK-CIB3Bjjd.js +70 -0
package/dist/client/assets/chunk-X2U36JSP-CtB-o8Yp.js +1 -0
package/dist/client/assets/chunk-XPW4576I-C6iHhX_8.js +32 -0
package/dist/client/assets/chunk-YZCP3GAM-CTmKr6ZH.js +1 -0
package/dist/client/assets/chunk-ZZ45TVLE-BgU8A2RF.js +1 -0
package/dist/client/assets/classDiagram-6PBFFD2Q-Bqk5e679.js +1 -0
package/dist/client/assets/classDiagram-v2-HSJHXN6E-6pSaZOkC.js +1 -0
package/dist/client/assets/client-BrKWI4CM.js +1 -0
package/dist/client/assets/client-CGgNRU9w.js +1 -0
package/dist/client/assets/client-DMSLRzg9.js +6 -0
package/dist/client/assets/clone-DWcL7whJ.js +1 -0
package/dist/client/assets/cose-bilkent-S5V4N54A-CrV5wsV_.js +1 -0
package/dist/client/assets/cytoscape.esm--aLzKuep.js +321 -0
package/dist/client/assets/dagre-CuRxWcrj.js +1 -0
package/dist/client/assets/dagre-KV5264BT-BIDiVnkA.js +4 -0
package/dist/client/assets/defaultLocale-CRZydyG6.js +1 -0
package/dist/client/assets/diagram-5BDNPKRD-i1kjKRCB.js +10 -0
package/dist/client/assets/diagram-G4DWMVQ6-9ZSLuhbl.js +24 -0
package/dist/client/assets/diagram-MMDJMWI5-B4_CUjgv.js +43 -0
package/dist/client/assets/diagram-TYMM5635-Ct5eTGS8.js +24 -0
package/dist/client/assets/dist-CuB4kiSK.js +1 -0
package/dist/client/assets/erDiagram-SMLLAGMA-Cy38ercc.js +85 -0
package/dist/client/assets/flowDiagram-DWJPFMVM-CZKuYl0V.js +162 -0
package/dist/client/assets/ganttDiagram-T4ZO3ILL-DLPjCh7a.js +292 -0
package/dist/client/assets/gitGraph-7Q5UKJZL-DqbrtEp9.js +1 -0
package/dist/client/assets/gitGraphDiagram-UUTBAWPF-BoRBkDhQ.js +106 -0
package/dist/client/assets/graphlib-BcQ6qlQh.js +1 -0
package/dist/client/assets/highlighted-body-OFNGDK62-BEpBVDTX.js +1 -0
package/dist/client/assets/index-CetCiuqP.js +105 -0
package/dist/client/assets/index-N29Mip7A.css +1 -0
package/dist/client/assets/info-OMHHGYJF-D98DRBJX.js +1 -0
package/dist/client/assets/infoDiagram-42DDH7IO-BAcdTWbt.js +2 -0
package/dist/client/assets/init-B8gtcn7T.js +1 -0
package/dist/client/assets/isArrayLikeObject-D8SJFmkN.js +1 -0
package/dist/client/assets/isEmpty-BF3YX5Jk.js +1 -0
package/dist/client/assets/ishikawaDiagram-UXIWVN3A-Ynu2VKdC.js +70 -0
package/dist/client/assets/journeyDiagram-VCZTEJTY-BjfhQaN3.js +139 -0
package/dist/client/assets/jsx-runtime-CyI9ICYU.js +1 -0
package/dist/client/assets/kanban-definition-6JOO6SKY-JLXH9zUJ.js +89 -0
package/dist/client/assets/katex-B94qP8b6.js +265 -0
package/dist/client/assets/lib--QVjyxmL.js +29 -0
package/dist/client/assets/lib-B6rgJiZ9.js +1 -0
package/dist/client/assets/line-DCrYfLBn.js +1 -0
package/dist/client/assets/linear-_4upLmeo.js +1 -0
package/dist/client/assets/mermaid-GHXKKRXX-rwJHYUmW.js +1 -0
package/dist/client/assets/mermaid-parser.core-KZinfW8o.js +4 -0
package/dist/client/assets/mermaid.core-QqY9gSNe.js +11 -0
package/dist/client/assets/mindmap-definition-QFDTVHPH-TWgHDAzp.js +96 -0
package/dist/client/assets/ordinal-CCj7PWgZ.js +1 -0
package/dist/client/assets/packet-4T2RLAQJ-DEvfkn3F.js +1 -0
package/dist/client/assets/path-DZF-JdEe.js +1 -0
package/dist/client/assets/pie-ZZUOXDRM-72e6WVjb.js +1 -0
package/dist/client/assets/pieDiagram-DEJITSTG-Cl8PCsoj.js +30 -0
package/dist/client/assets/preload-helper-rov5CBGT.js +1 -0
package/dist/client/assets/pty-client-DZ27IS00.js +1 -0
package/dist/client/assets/ptyInstancesStore-D9ag7SYd.js +1 -0
package/dist/client/assets/quadrantDiagram-34T5L4WZ-CHyVGp9E.js +7 -0
package/dist/client/assets/radar-PYXPWWZC-Cp7xd_EY.js +1 -0
package/dist/client/assets/react-CClhXMB2.js +1 -0
package/dist/client/assets/react-Dd6D81m0.js +1 -0
package/dist/client/assets/react-dom--G6_6fQ_.js +1 -0
package/dist/client/assets/requirementDiagram-MS252O5E-DaanG2iM.js +84 -0
package/dist/client/assets/rough.esm-BsmKo2S5.js +1 -0
package/dist/client/assets/sankeyDiagram-XADWPNL6-B_fhLY36.js +10 -0
package/dist/client/assets/sequenceDiagram-FGHM5R23-C5FNrveI.js +157 -0
package/dist/client/assets/src-DeTlMJAU.js +1 -0
package/dist/client/assets/stateDiagram-FHFEXIEX-nTTcdjjQ.js +1 -0
package/dist/client/assets/stateDiagram-v2-QKLJ7IA2-Dw0632j_.js +1 -0
package/dist/client/assets/timeline-definition-GMOUNBTQ-DkQV1yP8.js +120 -0
package/dist/client/assets/treeView-SZITEDCU-ZLIgC7_K.js +1 -0
package/dist/client/assets/treemap-W4RFUUIX-BqaMbB6N.js +1 -0
package/dist/client/assets/uiIdentityOverlay-Ba7GNj7m.js +1 -0
package/dist/client/assets/vennDiagram-DHZGUBPP-DbZ2xgs6.js +34 -0
package/dist/client/assets/wardley-RL74JXVD-DXQS8zf4.js +1 -0
package/dist/client/assets/wardleyDiagram-NUSXRM2D-BzCJ6MAu.js +20 -0
package/dist/client/assets/xychartDiagram-5P7HB3ND-BSlFecop.js +7 -0
package/dist/client/favicon.png +0 -0
package/dist/client/favicon.svg +15 -0
package/dist/client/fonts/body-medium.woff2 +0 -0
package/dist/client/fonts/body-regular-italic.woff2 +0 -0
package/dist/client/fonts/body-regular.woff2 +0 -0
package/dist/client/fonts/body-semibold.woff2 +0 -0
package/dist/client/index.html +31 -0
package/dist/client/manifest.webmanifest +12 -0
package/dist/client/sw.js +32 -0
package/package.json +122 -0
package/src/nats/auth-callout/callout-config.test.ts +93 -0
package/src/nats/auth-callout/callout-config.ts +109 -0
package/src/nats/auth-callout/callout.integration.test.ts +332 -0
package/src/nats/auth-callout/keys.ts +103 -0
package/src/nats/auth-callout/responder.ts +241 -0
package/src/nats/auth-callout/scope-policy.test.ts +159 -0
package/src/nats/auth-callout/scope-policy.ts +210 -0
package/src/nats/auth-callout/token.test.ts +163 -0
package/src/nats/auth-callout/token.ts +157 -0
package/src/nats/nats-daemon-callout.ts +194 -0
package/src/nats/nats-daemon.test.ts +77 -0
package/src/nats/nats-daemon.ts +50 -0
package/src/nats/nats-token.test.ts +61 -0
package/src/nats/nats-token.ts +59 -0
package/src/runner/coordination-mcp-integration.test.ts +134 -0
package/src/runner/nats-coordination-client.test.ts +49 -0
package/src/runner/nats-coordination-client.ts +94 -0
package/src/runner/runner-agent.test.ts +469 -0
package/src/runner/runner-agent.ts +453 -0
package/src/runner/runner-credential.test.ts +93 -0
package/src/runner/runner-credential.ts +82 -0
package/src/runner/runner-nats.test.ts +495 -0
package/src/runner/runner-nats.ts +323 -0
package/src/runner/runner-pair.test.ts +107 -0
package/src/runner/runner-pair.ts +81 -0
package/src/runner/runner.test.ts +135 -0
package/src/runner/runner.ts +212 -0
package/src/runner/turn-factories.test.ts +97 -0
package/src/runner/turn-factories.ts +475 -0
package/src/server/agent-config-journey.test.ts +106 -0
package/src/server/agent.ts +8 -0
package/src/server/auto-continue/auth-error-detector.ts +66 -0
package/src/server/auto-continue/limit-detector.ts +194 -0
package/src/server/bm25.test.ts +92 -0
package/src/server/bm25.ts +101 -0
package/src/server/chat-events-jetstream.test.ts +135 -0
package/src/server/claude-harness.ts +360 -0
package/src/server/claude-pty/agent-normalizers.ts +309 -0
package/src/server/claude-pty/auth.test.ts +38 -0
package/src/server/claude-pty/auth.ts +32 -0
package/src/server/claude-pty/claude-session-registry.adapter.ts +81 -0
package/src/server/claude-pty/claude-session-registry.test.ts +149 -0
package/src/server/claude-pty/driver.test.ts +902 -0
package/src/server/claude-pty/driver.ts +807 -0
package/src/server/claude-pty/jsonl-path.adapter.ts +57 -0
package/src/server/claude-pty/jsonl-path.test.ts +114 -0
package/src/server/claude-pty/jsonl-to-event.test.ts +241 -0
package/src/server/claude-pty/jsonl-to-event.ts +174 -0
package/src/server/claude-pty/output-ring.test.ts +35 -0
package/src/server/claude-pty/output-ring.ts +25 -0
package/src/server/claude-pty/parity-matrix.test.ts +227 -0
package/src/server/claude-pty/pid-registry.adapter.ts +135 -0
package/src/server/claude-pty/pid-registry.test.ts +122 -0
package/src/server/claude-pty/preflight/binary-fingerprint.adapter.ts +20 -0
package/src/server/claude-pty/preflight/binary-fingerprint.test.ts +32 -0
package/src/server/claude-pty/pty-instance-registry.test.ts +177 -0
package/src/server/claude-pty/pty-instance-registry.ts +166 -0
package/src/server/claude-pty/pty-memory-sampler.adapter.test.ts +103 -0
package/src/server/claude-pty/pty-memory-sampler.adapter.ts +85 -0
package/src/server/claude-pty/pty-process.adapter.ts +66 -0
package/src/server/claude-pty/pty-process.test.ts +49 -0
package/src/server/claude-pty/resolve-binary.adapter.ts +106 -0
package/src/server/claude-pty/resolve-binary.test.ts +118 -0
package/src/server/claude-pty/runtime-dir.adapter.ts +19 -0
package/src/server/claude-pty/settings-writer.adapter.ts +27 -0
package/src/server/claude-pty/settings-writer.test.ts +22 -0
package/src/server/claude-pty/smoke-test-io.adapter.ts +28 -0
package/src/server/claude-pty/smoke-test.test.ts +191 -0
package/src/server/claude-pty/smoke-test.ts +185 -0
package/src/server/claude-pty/subagent-orchestrator.ts +887 -0
package/src/server/claude-pty/tool-callback.ts +274 -0
package/src/server/claude-pty/tui-control.test.ts +272 -0
package/src/server/claude-pty/tui-control.ts +182 -0
package/src/server/claude-pty/tui-source.adapter.test.ts +360 -0
package/src/server/claude-pty/tui-source.adapter.ts +343 -0
package/src/server/claude-pty/tunnel-gateway.ts +12 -0
package/src/server/claude-pty-mcp/canonical-args.ts +15 -0
package/src/server/claude-pty-mcp/fs-stat.adapter.ts +8 -0
package/src/server/claude-pty-mcp/history-primer.ts +90 -0
package/src/server/claude-pty-mcp/http-server.adapter.ts +33 -0
package/src/server/claude-pty-mcp/mcp-http.ts +177 -0
package/src/server/claude-pty-mcp/mcp.ts +412 -0
package/src/server/claude-pty-mcp/mention-parser.ts +25 -0
package/src/server/claude-pty-mcp/paths.ts +24 -0
package/src/server/claude-pty-mcp/permission-gate.ts +243 -0
package/src/server/claude-pty-mcp/terminal-pid-registry.adapter.ts +107 -0
package/src/server/claude-pty-mcp/tools/ask-user-question.test.ts +119 -0
package/src/server/claude-pty-mcp/tools/ask-user-question.ts +61 -0
package/src/server/claude-pty-mcp/tools/bash.adapter.ts +76 -0
package/src/server/claude-pty-mcp/tools/bash.test.ts +56 -0
package/src/server/claude-pty-mcp/tools/delegate-subagent.test.ts +155 -0
package/src/server/claude-pty-mcp/tools/delegate-subagent.ts +111 -0
package/src/server/claude-pty-mcp/tools/edit.adapter.ts +95 -0
package/src/server/claude-pty-mcp/tools/edit.test.ts +93 -0
package/src/server/claude-pty-mcp/tools/exit-plan-mode.test.ts +61 -0
package/src/server/claude-pty-mcp/tools/exit-plan-mode.ts +50 -0
package/src/server/claude-pty-mcp/tools/glob.adapter.ts +86 -0
package/src/server/claude-pty-mcp/tools/glob.test.ts +61 -0
package/src/server/claude-pty-mcp/tools/grep.adapter.ts +126 -0
package/src/server/claude-pty-mcp/tools/grep.test.ts +62 -0
package/src/server/claude-pty-mcp/tools/read.adapter.ts +58 -0
package/src/server/claude-pty-mcp/tools/read.test.ts +62 -0
package/src/server/claude-pty-mcp/tools/tool-callback-shim.ts +42 -0
package/src/server/claude-pty-mcp/tools/webfetch.test.ts +81 -0
package/src/server/claude-pty-mcp/tools/webfetch.ts +82 -0
package/src/server/claude-pty-mcp/tools/websearch.test.ts +40 -0
package/src/server/claude-pty-mcp/tools/websearch.ts +42 -0
package/src/server/claude-pty-mcp/tools/write.adapter.ts +60 -0
package/src/server/claude-pty-mcp/tools/write.test.ts +52 -0
package/src/server/claude-pty-mcp/uploads.adapter.ts +98 -0
package/src/server/claude-pty-mcp/uploads.ts +38 -0
package/src/server/claude-turn.test.ts +176 -0
package/src/server/cli-runtime.test.ts +456 -0
package/src/server/cli-runtime.ts +374 -0
package/src/server/cli-supervisor.ts +81 -0
package/src/server/cli.ts +78 -0
package/src/server/client-log-forwarder.test.ts +74 -0
package/src/server/client-log-forwarder.ts +75 -0
package/src/server/codex-app-server-protocol.ts +449 -0
package/src/server/codex-app-server.test.ts +2990 -0
package/src/server/codex-app-server.ts +1713 -0
package/src/server/coordination-integration.test.ts +63 -0
package/src/server/coordination-mcp.test.ts +149 -0
package/src/server/coordination-mcp.ts +197 -0
package/src/server/delegation-coordinator.test.ts +675 -0
package/src/server/delegation-coordinator.ts +454 -0
package/src/server/discovery.test.ts +211 -0
package/src/server/discovery.ts +301 -0
package/src/server/event-store-agent-config.test.ts +124 -0
package/src/server/event-store-coordination.test.ts +149 -0
package/src/server/event-store-profile.test.ts +132 -0
package/src/server/event-store-repo.test.ts +154 -0
package/src/server/event-store-runner-team.test.ts +104 -0
package/src/server/event-store.test.ts +342 -0
package/src/server/event-store.ts +2208 -0
package/src/server/events.ts +379 -0
package/src/server/extension-router.test.ts +183 -0
package/src/server/extension-router.ts +114 -0
package/src/server/extensions/agents/server.test.ts +191 -0
package/src/server/extensions/agents/server.ts +108 -0
package/src/server/extensions/c3/server.test.ts +284 -0
package/src/server/extensions/c3/server.ts +212 -0
package/src/server/extensions/code/server.test.ts +200 -0
package/src/server/extensions/code/server.ts +150 -0
package/src/server/extensions.config.ts +10 -0
package/src/server/external-open.ts +69 -0
package/src/server/generate-fork-context.ts +58 -0
package/src/server/generate-merge-context.test.ts +290 -0
package/src/server/generate-merge-context.ts +141 -0
package/src/server/generate-title.ts +36 -0
package/src/server/git-clone-policy.test.ts +138 -0
package/src/server/git-clone-policy.ts +27 -0
package/src/server/harness-types.ts +1 -0
package/src/server/journey-verification.test.ts +640 -0
package/src/server/journey-verification.ts +195 -0
package/src/server/machine-name.ts +22 -0
package/src/server/nats-auth.test.ts +92 -0
package/src/server/nats-auth.ts +6 -0
package/src/server/nats-bind-guard.test.ts +71 -0
package/src/server/nats-bind-guard.ts +42 -0
package/src/server/nats-bridge.test.ts +141 -0
package/src/server/nats-bridge.ts +111 -0
package/src/server/nats-connector.test.ts +56 -0
package/src/server/nats-connector.ts +71 -0
package/src/server/nats-daemon-manager.test.ts +76 -0
package/src/server/nats-daemon-manager.ts +174 -0
package/src/server/nats-publisher.test.ts +356 -0
package/src/server/nats-publisher.ts +271 -0
package/src/server/nats-responders.test.ts +1018 -0
package/src/server/nats-responders.ts +925 -0
package/src/server/nats-streams.test.ts +112 -0
package/src/server/nats-streams.ts +129 -0
package/src/server/oauth-pool/oauth-responders.ts +185 -0
package/src/server/oauth-pool/oauth-settings-store.ts +173 -0
package/src/server/oauth-pool/oauth-token-pool.ts +303 -0
package/src/server/orchestration.test.ts +1063 -0
package/src/server/orchestration.ts +716 -0
package/src/server/pairing-endpoints.test.ts +171 -0
package/src/server/pairing-store.test.ts +154 -0
package/src/server/pairing-store.ts +124 -0
package/src/server/paths.ts +27 -0
package/src/server/pr3-liveness.test.ts +252 -0
package/src/server/process-utils.ts +10 -0
package/src/server/project-cli.ts +180 -0
package/src/server/provider-catalog.test.ts +177 -0
package/src/server/provider-catalog.ts +146 -0
package/src/server/pty-responders.ts +345 -0
package/src/server/push-notifications.test.ts +234 -0
package/src/server/push-notifications.ts +188 -0
package/src/server/quick-response.test.ts +196 -0
package/src/server/quick-response.ts +154 -0
package/src/server/read-models-agent-config.test.ts +59 -0
package/src/server/read-models-coordination.test.ts +69 -0
package/src/server/read-models.test.ts +332 -0
package/src/server/read-models.ts +258 -0
package/src/server/repo-journey.test.ts +96 -0
package/src/server/repo-manager.test.ts +118 -0
package/src/server/repo-manager.ts +97 -0
package/src/server/repo-status.test.ts +54 -0
package/src/server/repo-status.ts +82 -0
package/src/server/restart.test.ts +27 -0
package/src/server/restart.ts +30 -0
package/src/server/runner-incompatible-gate.test.ts +383 -0
package/src/server/runner-manager.test.ts +72 -0
package/src/server/runner-manager.ts +312 -0
package/src/server/runner-pairing-urls.test.ts +59 -0
package/src/server/runner-pairing-urls.ts +67 -0
package/src/server/runner-proxy.test.ts +456 -0
package/src/server/runner-proxy.ts +494 -0
package/src/server/runner-router.test.ts +429 -0
package/src/server/runner-router.ts +212 -0
package/src/server/runner-routing.test.ts +584 -0
package/src/server/runtime-registry.test.ts +436 -0
package/src/server/runtime-registry.ts +307 -0
package/src/server/sandbox-health.test.ts +127 -0
package/src/server/sandbox-health.ts +94 -0
package/src/server/sandbox-journey.test.ts +232 -0
package/src/server/sandbox-manager.test.ts +146 -0
package/src/server/sandbox-manager.ts +159 -0
package/src/server/server.test.ts +287 -0
package/src/server/server.ts +1108 -0
package/src/server/session-discovery.test.ts +129 -0
package/src/server/session-discovery.ts +475 -0
package/src/server/session-index.test.ts +362 -0
package/src/server/session-index.ts +119 -0
package/src/server/session-seed.ts +288 -0
package/src/server/share.test.ts +108 -0
package/src/server/share.ts +113 -0
package/src/server/skill-discovery.test.ts +201 -0
package/src/server/skill-discovery.ts +77 -0
package/src/server/storage/test-helpers.ts +67 -0
package/src/server/terminal-manager.test.ts +309 -0
package/src/server/terminal-manager.ts +354 -0
package/src/server/transcript-consumer.test.ts +339 -0
package/src/server/transcript-consumer.ts +162 -0
package/src/server/transcript-search.test.ts +193 -0
package/src/server/transcript-search.ts +83 -0
package/src/server/transcript-utils.ts +52 -0
package/src/server/update-manager.test.ts +107 -0
package/src/server/update-manager.ts +230 -0
package/src/server/workflow-engine.test.ts +251 -0
package/src/server/workflow-engine.ts +169 -0
package/src/server/workflow-mcp.ts +49 -0
package/src/server/workflow-store.test.ts +155 -0
package/src/server/workflow-store.ts +139 -0
package/src/server/workspace-agent-integration.test.ts +167 -0
package/src/server/workspace-agent-routes.test.ts +127 -0
package/src/server/workspace-agent-routes.ts +89 -0
package/src/server/workspace-agent.test.ts +103 -0
package/src/server/workspace-agent.ts +102 -0
package/src/server/workspace-cli.test.ts +79 -0
package/src/server/workspace-config-manager.test.ts +109 -0
package/src/server/workspace-config-manager.ts +83 -0
package/src/server/workspace-directory-policy.test.ts +109 -0
package/src/server/workspace-directory-policy.ts +56 -0
package/src/shared/agent-config-types.ts +25 -0
package/src/shared/branding.test.ts +42 -0
package/src/shared/branding.ts +54 -0
package/src/shared/compression.test.ts +85 -0
package/src/shared/compression.ts +42 -0
package/src/shared/coordination-store.test.ts +24 -0
package/src/shared/coordination-store.ts +26 -0
package/src/shared/dev-ports.test.ts +84 -0
package/src/shared/dev-ports.ts +100 -0
package/src/shared/extension-types.ts +45 -0
package/src/shared/fork-presets.ts +54 -0
package/src/shared/harness-types.test.ts +15 -0
package/src/shared/harness-types.ts +21 -0
package/src/shared/log-sink.test.ts +112 -0
package/src/shared/log-sink.ts +185 -0
package/src/shared/mention-pattern.ts +7 -0
package/src/shared/merge-presets.ts +41 -0
package/src/shared/nats-subjects.test.ts +61 -0
package/src/shared/nats-subjects.ts +131 -0
package/src/shared/permission-policy.ts +136 -0
package/src/shared/ports.ts +3 -0
package/src/shared/preset-types.ts +15 -0
package/src/shared/profile-types.ts +49 -0
package/src/shared/projectFileUrl.ts +36 -0
package/src/shared/protocol.ts +153 -0
package/src/shared/pty-instance.ts +43 -0
package/src/shared/puggy/diagnostics/result.ts +18 -0
package/src/shared/puggy/expressions/evaluate.ts +292 -0
package/src/shared/puggy/index.test.ts +101 -0
package/src/shared/puggy/index.ts +69 -0
package/src/shared/puggy/parser/ast.ts +110 -0
package/src/shared/puggy/parser/parser.ts +624 -0
package/src/shared/puggy/renderer/html.ts +447 -0
package/src/shared/runner-protocol.test.ts +277 -0
package/src/shared/runner-protocol.ts +210 -0
package/src/shared/runner-team-types.ts +73 -0
package/src/shared/runtime-types.ts +48 -0
package/src/shared/sandbox-types.ts +53 -0
package/src/shared/tailwind-build.test.ts +12 -0
package/src/shared/tinkaria-system-prompt.ts +101 -0
package/src/shared/tools.test.ts +335 -0
package/src/shared/tools.ts +397 -0
package/src/shared/transcript-entries.ts +27 -0
package/src/shared/transcript-render.test.ts +225 -0
package/src/shared/transcript-render.ts +467 -0
package/src/shared/types.ts +1031 -0
package/src/shared/vite-config.test.ts +47 -0
package/src/shared/web-context.test.ts +110 -0
package/src/shared/web-context.ts +76 -0
package/src/shared/workflow-types.ts +51 -0
package/src/shared/workspace-types.ts +100 -0

package/src/server/journey-verification.ts ADDED Viewed

@@ -0,0 +1,195 @@
+export type JourneyRouteExpectation =
+  | { kind: "exact"; value: string }
+  | { kind: "prefix"; value: string }
+export interface JourneyStageSpec {
+  id: string
+  label: string
+  owners: readonly string[]
+  route: JourneyRouteExpectation
+  requiredUiIds: readonly string[]
+  expectedText: readonly string[]
+}
+export interface JourneySpec {
+  id: string
+  label: string
+  stages: readonly JourneyStageSpec[]
+  persistenceChecks: boolean
+}
+export interface StageProbeResult {
+  missing: string[]
+  c3ByUiId: Record<string, string | null>
+  textByUiId: Record<string, string | null>
+}
+export type JourneyStageInventory = JourneyStageSpec
+export type JourneyDefinition = JourneySpec
+const HOME_READY_STAGE: JourneyStageSpec = {
+  id: "home.ready",
+  label: "Homepage connected with a visible project overview",
+  owners: ["c3-117"],
+  route: { kind: "exact", value: "/" },
+  requiredUiIds: [
+    "home.page",
+    "home.header",
+    "home.workspace-grid",
+    "home.project-card",
+    "home.project-overview",
+    "home.project-primary.action",
+    "home.project-secondary.action",
+  ],
+  expectedText: [
+    "Workspaces",
+    "Project Overview",
+    "Start First Task",
+  ],
+}
+const CHAT_READY_STAGE: JourneyStageSpec = {
+  id: "chat.ready",
+  label: "Chat shell rendered after starting a fresh task",
+  owners: ["c3-110", "c3-111", "c3-112"],
+  route: { kind: "prefix", value: "/chat/" },
+  requiredUiIds: [
+    "chat.page",
+    "chat.navbar",
+    "transcript.message-list",
+    "chat.composer",
+  ],
+  expectedText: [],
+}
+const FORK_DIALOG_STAGE: JourneyStageSpec = {
+  id: "fork-dialog.open",
+  label: "Fork session dialog opened from the chat navbar",
+  owners: ["c3-110"],
+  route: { kind: "prefix", value: "/chat/" },
+  requiredUiIds: [
+    "chat.fork-session.dialog",
+    "chat.fork-session.context.input",
+    "chat.fork-session.submit.action",
+    "chat.fork-session.cancel.action",
+    "chat.fork-session.preset.action",
+  ],
+  expectedText: [],
+}
+const MERGE_DIALOG_STAGE: JourneyStageSpec = {
+  id: "merge-dialog.open",
+  label: "Merge session dialog opened from the chat navbar",
+  owners: ["c3-110"],
+  route: { kind: "prefix", value: "/chat/" },
+  requiredUiIds: [
+    "chat.merge-session.dialog",
+    "chat.merge-session.sessions.list",
+    "chat.merge-session.context.input",
+    "chat.merge-session.submit.action",
+    "chat.merge-session.cancel.action",
+  ],
+  expectedText: [],
+}
+export const HOME_TO_NEW_CHAT_JOURNEY: JourneySpec = {
+  id: "homepage-to-new-chat",
+  label: "Homepage project overview -> Start First Task -> chat shell",
+  stages: [HOME_READY_STAGE, CHAT_READY_STAGE],
+  persistenceChecks: true,
+}
+export const HOME_TO_FORK_DIALOG_JOURNEY: JourneySpec = {
+  id: "homepage-to-fork-dialog",
+  label: "Homepage project overview -> Start First Task -> fork dialog",
+  stages: [HOME_READY_STAGE, CHAT_READY_STAGE, FORK_DIALOG_STAGE],
+  persistenceChecks: true,
+}
+export const HOME_TO_MERGE_DIALOG_JOURNEY: JourneySpec = {
+  id: "homepage-to-merge-dialog",
+  label: "Homepage project overview -> Start First Task -> merge dialog",
+  stages: [HOME_READY_STAGE, CHAT_READY_STAGE, MERGE_DIALOG_STAGE],
+  persistenceChecks: true,
+}
+export function matchesJourneyRoute(pathname: string, expectation: JourneyRouteExpectation): boolean {
+  if (expectation.kind === "exact") {
+    return pathname === expectation.value
+  }
+  return pathname.startsWith(expectation.value)
+}
+export function buildStageProbeScript(stage: JourneyStageSpec): string {
+  const uiIds = JSON.stringify([...stage.requiredUiIds])
+  return `(() => {
+    const uiIds = ${uiIds};
+    const textByUiId = {};
+    const c3ByUiId = {};
+    const missing = [];
+    for (const uiId of uiIds) {
+      const selector = '[data-ui-id="' + uiId + '"]';
+      const element = document.querySelector(selector);
+      if (!element) {
+        missing.push(uiId);
+        c3ByUiId[uiId] = null;
+        textByUiId[uiId] = null;
+        continue;
+      }
+      c3ByUiId[uiId] = element.getAttribute("data-ui-c3");
+      textByUiId[uiId] = element.textContent ? element.textContent.trim() : "";
+    }
+    return { missing, c3ByUiId, textByUiId };
+  })()`
+}
+export function getJourneyStage(id: JourneyStageSpec["id"]): JourneyStageSpec {
+  const stage = [
+    ...HOME_TO_NEW_CHAT_JOURNEY.stages,
+    ...HOME_TO_FORK_DIALOG_JOURNEY.stages,
+    ...HOME_TO_MERGE_DIALOG_JOURNEY.stages,
+  ].find((candidate) => candidate.id === id)
+  if (!stage) {
+    throw new Error(`Unknown journey stage: ${id}`)
+  }
+  return structuredClone(stage)
+}
+export function getJourneySpec(id: string): JourneySpec {
+  switch (id) {
+    case HOME_TO_NEW_CHAT_JOURNEY.id:
+      return structuredClone(HOME_TO_NEW_CHAT_JOURNEY)
+    case HOME_TO_FORK_DIALOG_JOURNEY.id:
+      return structuredClone(HOME_TO_FORK_DIALOG_JOURNEY)
+    case HOME_TO_MERGE_DIALOG_JOURNEY.id:
+      return structuredClone(HOME_TO_MERGE_DIALOG_JOURNEY)
+    default:
+      throw new Error(`Unknown journey: ${id}`)
+  }
+}
+export function getStageVerificationErrors(
+  observed: { url: string; uiIds: string[] },
+  stage: JourneyStageSpec,
+): string[] {
+  const errors: string[] = []
+  const pathname = new URL(observed.url).pathname
+  if (!matchesJourneyRoute(pathname, stage.route)) {
+    errors.push(`expected route ${stage.route.kind} ${stage.route.value}, got ${pathname}`)
+  }
+  for (const uiId of stage.requiredUiIds) {
+    if (!observed.uiIds.includes(uiId)) {
+      errors.push(`missing ui id ${uiId}`)
+    }
+  }
+  return errors
+}

package/src/server/machine-name.ts ADDED Viewed

@@ -0,0 +1,22 @@
+import { hostname } from "node:os"
+import process from "node:process"
+import { spawnSync } from "node:child_process"
+function runAndRead(command: string, args: string[]) {
+  const result = spawnSync(command, args, { encoding: "utf8" })
+  if (result.status !== 0) return null
+  const value = result.stdout.trim()
+  return value || null
+}
+export function getMachineDisplayName() {
+  if (process.platform === "darwin") {
+    const computerName = runAndRead("scutil", ["--get", "ComputerName"])
+    if (computerName) {
+      return computerName
+    }
+  }
+  const rawHostname = hostname().trim()
+  return rawHostname.replace(/\.local$|\.lan$/i, "") || "This Machine"
+}

package/src/server/nats-auth.test.ts ADDED Viewed

@@ -0,0 +1,92 @@
+import { afterEach, describe, test, expect } from "bun:test"
+import { NatsServer } from "@lagz0ne/nats-embedded"
+import { connect, type NatsConnection } from "@nats-io/transport-node"
+import { generateAuthToken } from "./nats-auth"
+let server: NatsServer | null = null
+let nc: NatsConnection | null = null
+afterEach(async () => {
+  if (nc) {
+    await nc.drain()
+    nc = null
+  }
+  if (server) {
+    await server.stop()
+    server = null
+  }
+})
+describe("generateAuthToken", () => {
+  test("returns a non-empty string", () => {
+    const token = generateAuthToken()
+    expect(typeof token).toBe("string")
+    expect(token.length).toBeGreaterThan(0)
+  })
+  test("produces unique tokens on each call", () => {
+    const tokens = new Set(Array.from({ length: 100 }, () => generateAuthToken()))
+    expect(tokens.size).toBe(100)
+  })
+  test("token has sufficient entropy (>= 32 chars)", () => {
+    const token = generateAuthToken()
+    expect(token.length).toBeGreaterThanOrEqual(32)
+  })
+})
+describe("NATS token auth integration", () => {
+  test("authenticated client connects successfully", async () => {
+    const token = generateAuthToken()
+    server = await NatsServer.start({ token })
+    nc = await connect({ servers: server.url, token })
+    // Verify connection works by publishing + subscribing
+    const received: string[] = []
+    const sub = nc.subscribe("test.auth")
+    void (async () => {
+      for await (const msg of sub) {
+        received.push(new TextDecoder().decode(msg.data))
+        sub.unsubscribe()
+      }
+    })()
+    nc.publish("test.auth", new TextEncoder().encode("hello"))
+    await nc.flush()
+    // Give subscription a moment to process
+    await new Promise((resolve) => setTimeout(resolve, 50))
+    expect(received).toContain("hello")
+  })
+  test("unauthenticated client is rejected", async () => {
+    const token = generateAuthToken()
+    server = await NatsServer.start({ token })
+    try {
+      nc = await connect({ servers: server.url })
+      // If connection somehow succeeds, verify it can't operate
+      await nc.flush()
+      // Should not reach here
+      expect(true).toBe(false)
+    } catch (error) {
+      const message = error instanceof Error ? error.message : String(error)
+      expect(message.toLowerCase()).toMatch(/authorization|auth|denied|closed/)
+      nc = null
+    }
+  })
+  test("client with wrong token is rejected", async () => {
+    const token = generateAuthToken()
+    server = await NatsServer.start({ token })
+    try {
+      nc = await connect({ servers: server.url, token: "wrong-token" })
+      await nc.flush()
+      expect(true).toBe(false)
+    } catch (error) {
+      const message = error instanceof Error ? error.message : String(error)
+      expect(message.toLowerCase()).toMatch(/authorization|auth|denied|closed/)
+      nc = null
+    }
+  })
+})

package/src/server/nats-auth.ts ADDED Viewed

@@ -0,0 +1,6 @@
+import { randomBytes } from "node:crypto"
+/** Generates a URL-safe base64 auth token for NATS server + client connections. */
+export function generateAuthToken(): string {
+  return randomBytes(32).toString("base64url")
+}

package/src/server/nats-bind-guard.test.ts ADDED Viewed

@@ -0,0 +1,71 @@
+import { describe, test, expect } from "bun:test"
+import { requiresCalloutForBind } from "./nats-bind-guard"
+describe("requiresCalloutForBind", () => {
+  // ── Allowed combinations ────────────────────────────────────────────────────
+  test("loopback 127.0.0.1 + token → ok (dev default)", () => {
+    expect(requiresCalloutForBind("127.0.0.1", "token")).toEqual({ ok: true })
+  })
+  test("loopback localhost + token → ok", () => {
+    expect(requiresCalloutForBind("localhost", "token")).toEqual({ ok: true })
+  })
+  test("loopback ::1 + token → ok", () => {
+    expect(requiresCalloutForBind("::1", "token")).toEqual({ ok: true })
+  })
+  test("loopback 127.0.0.1 + callout → ok", () => {
+    expect(requiresCalloutForBind("127.0.0.1", "callout")).toEqual({ ok: true })
+  })
+  test("wide 0.0.0.0 + callout → ok (tailnet path)", () => {
+    expect(requiresCalloutForBind("0.0.0.0", "callout")).toEqual({ ok: true })
+  })
+  test("tailnet IP + callout → ok", () => {
+    expect(requiresCalloutForBind("100.64.1.1", "callout")).toEqual({ ok: true })
+  })
+  // ── Disallowed combinations ─────────────────────────────────────────────────
+  test("wide 0.0.0.0 + token → refused with reason", () => {
+    const result = requiresCalloutForBind("0.0.0.0", "token")
+    expect(result.ok).toBe(false)
+    expect(result.reason).toMatch(/Refusing to bind NATS to 0\.0\.0\.0 in token mode/)
+    expect(result.reason).toMatch(/NATS_AUTH_MODE=callout/)
+  })
+  test("tailnet IP + token → refused with reason", () => {
+    const result = requiresCalloutForBind("100.64.1.1", "token")
+    expect(result.ok).toBe(false)
+    expect(result.reason).toMatch(/Refusing to bind NATS to 100\.64\.1\.1 in token mode/)
+  })
+  test("arbitrary private IP + token → refused", () => {
+    const result = requiresCalloutForBind("192.168.1.10", "token")
+    expect(result.ok).toBe(false)
+  })
+  test("reason message is non-empty when refused", () => {
+    const result = requiresCalloutForBind("10.0.0.1", "token")
+    expect(result.ok).toBe(false)
+    expect(typeof result.reason).toBe("string")
+    expect((result.reason ?? "").length).toBeGreaterThan(0)
+  })
+  // ── Case-insensitive loopback match ─────────────────────────────────────────
+  test("LOCALHOST (uppercase) + token → ok (case-insensitive loopback)", () => {
+    expect(requiresCalloutForBind("LOCALHOST", "token")).toEqual({ ok: true })
+  })
+  test("Localhost (mixed-case) + token → ok", () => {
+    expect(requiresCalloutForBind("Localhost", "token")).toEqual({ ok: true })
+  })
+  test("  localhost  (whitespace) + token → ok", () => {
+    expect(requiresCalloutForBind("  localhost  ", "token")).toEqual({ ok: true })
+  })
+})

package/src/server/nats-bind-guard.ts ADDED Viewed

@@ -0,0 +1,42 @@
+/**
+ * Guard: a wide (non-loopback) NATS bind is only permitted in callout mode.
+ *
+ * Decision 0007: never expose a shared-token bus on the tailnet.
+ * Loopback + token stays allowed (dev default).
+ * Non-loopback + callout is allowed (tailnet path); logs a note.
+ * Non-loopback + token is refused at startup with a fatal error message.
+ */
+/** The set of host values that are considered loopback/local-only. */
+const LOOPBACK_HOSTS = new Set(["127.0.0.1", "localhost", "::1"])
+export type AuthMode = "callout" | "token"
+export interface BindGuardResult {
+  ok: boolean
+  /** Present only when ok is false. */
+  reason?: string
+}
+/**
+ * Pure predicate — no side effects.
+ *
+ * Returns `{ ok: false, reason }` when binding a non-loopback host in token
+ * mode (decision 0007), `{ ok: true }` otherwise.
+ */
+export function requiresCalloutForBind(
+  host: string,
+  authMode: AuthMode,
+): BindGuardResult {
+  const isLoopback = LOOPBACK_HOSTS.has(host.trim().toLowerCase())
+  if (!isLoopback && authMode !== "callout") {
+    return {
+      ok: false,
+      reason:
+        `Refusing to bind NATS to ${host} in token mode — ` +
+        `a shared-token bus must not be exposed beyond loopback; ` +
+        `set NATS_AUTH_MODE=callout`,
+    }
+  }
+  return { ok: true }
+}

package/src/server/nats-bridge.test.ts ADDED Viewed

@@ -0,0 +1,141 @@
+import { afterEach, describe, test, expect } from "bun:test"
+import { NatsBridge } from "./nats-bridge"
+import { connect } from "@nats-io/transport-node"
+const decoder = new TextDecoder()
+let bridge: NatsBridge | null = null
+afterEach(async () => {
+  if (bridge) {
+    await bridge.dispose()
+    bridge = null
+  }
+})
+describe("NatsBridge", () => {
+  test("create() starts NATS server and connects", async () => {
+    bridge = await NatsBridge.create()
+    expect(bridge.natsUrl).toMatch(/^nats:\/\/127\.0\.0\.1:\d+$/)
+    expect(bridge.natsWsUrl).toMatch(/^ws:\/\/127\.0\.0\.1:\d+\/?$/)
+    expect(bridge.natsWsPort).toBeGreaterThan(0)
+  })
+  test("create() can bind on all interfaces while advertising localhost URLs", async () => {
+    bridge = await NatsBridge.create({
+      bindHost: "0.0.0.0",
+      advertisedHost: "127.0.0.1",
+    })
+    expect(bridge.natsUrl).toMatch(/^nats:\/\/127\.0\.0\.1:\d+$/)
+    expect(bridge.natsWsUrl).toMatch(/^ws:\/\/127\.0\.0\.1:\d+\/?$/)
+    const testClient = await connect({ servers: bridge.natsUrl })
+    await testClient.drain()
+  })
+  test("publish() delivers message to subscriber", async () => {
+    bridge = await NatsBridge.create()
+    // Connect a test subscriber
+    const testClient = await connect({ servers: bridge.natsUrl })
+    const sub = testClient.subscribe("test.subject")
+    await testClient.flush()
+    // Publish via bridge
+    bridge.publish("test.subject", { hello: "world" })
+    // Receive message
+    const msg = await (async () => {
+      for await (const m of sub) {
+        return JSON.parse(decoder.decode(m.data))
+      }
+    })()
+    expect(msg).toEqual({ hello: "world" })
+    await testClient.drain()
+  })
+  test("publish() handles multiple subjects", async () => {
+    bridge = await NatsBridge.create()
+    const testClient = await connect({ servers: bridge.natsUrl })
+    const received: Array<{ subject: string; data: unknown }> = []
+    const sub1 = testClient.subscribe("runtime.snap.sidebar")
+    const sub2 = testClient.subscribe("runtime.snap.chat.abc")
+    // Collect in background
+    const collect = async (sub: AsyncIterable<{ data: Uint8Array; subject: string }>, count: number) => {
+      let n = 0
+      for await (const m of sub) {
+        received.push({ subject: m.subject, data: JSON.parse(decoder.decode(m.data)) })
+        if (++n >= count) break
+      }
+    }
+    const p1 = collect(sub1, 1)
+    const p2 = collect(sub2, 1)
+    await testClient.flush()
+    bridge.publish("runtime.snap.sidebar", { type: "sidebar" })
+    bridge.publish("runtime.snap.chat.abc", { type: "chat", chatId: "abc" })
+    await Promise.all([p1, p2])
+    expect(received).toHaveLength(2)
+    expect(received.find((r) => r.subject === "runtime.snap.sidebar")?.data).toEqual({ type: "sidebar" })
+    expect(received.find((r) => r.subject === "runtime.snap.chat.abc")?.data).toEqual({ type: "chat", chatId: "abc" })
+    await testClient.drain()
+  })
+  test("dispose() cleanly stops NATS server", async () => {
+    bridge = await NatsBridge.create()
+    const url = bridge.natsUrl
+    await bridge.dispose()
+    bridge = null
+    // Connection to stopped server should fail
+    try {
+      await connect({ servers: url, maxReconnectAttempts: 0, reconnect: false })
+      expect(true).toBe(false) // should not reach
+    } catch (error) {
+      expect(error).toBeDefined()
+    }
+  })
+  test("wildcard subscription receives matching messages", async () => {
+    bridge = await NatsBridge.create()
+    const testClient = await connect({ servers: bridge.natsUrl })
+    const received: string[] = []
+    const sub = testClient.subscribe("runtime.snap.>")
+    const collect = async (count: number) => {
+      let n = 0
+      for await (const m of sub) {
+        received.push(m.subject)
+        if (++n >= count) break
+      }
+    }
+    const p = collect(3)
+    await testClient.flush()
+    bridge.publish("runtime.snap.sidebar", {})
+    bridge.publish("runtime.snap.update", {})
+    bridge.publish("runtime.snap.chat.xyz", {})
+    await p
+    expect(received).toContain("runtime.snap.sidebar")
+    expect(received).toContain("runtime.snap.update")
+    expect(received).toContain("runtime.snap.chat.xyz")
+    await testClient.drain()
+  })
+})

package/src/server/nats-bridge.ts ADDED Viewed

@@ -0,0 +1,111 @@
+import { NatsServer } from "@lagz0ne/nats-embedded"
+import { connect, type NatsConnection } from "@nats-io/transport-node"
+import { LOG_PREFIX } from "../shared/branding"
+const encoder = new TextEncoder()
+function tokenOption(token?: string): { token: string } | undefined {
+  return token ? { token } : undefined
+}
+export interface CreateNatsBridgeOptions {
+  token?: string
+  bindHost?: string
+  advertisedHost?: string
+}
+function normalizeAdvertisedHost(bindHost: string, advertisedHost?: string): string {
+  if (advertisedHost) return advertisedHost
+  return bindHost === "0.0.0.0" ? "127.0.0.1" : bindHost
+}
+function rewriteUrlHost(rawUrl: string, host: string): string {
+  const url = new URL(rawUrl)
+  url.hostname = host
+  return url.toString().replace(/\/$/, "")
+}
+export class NatsBridge {
+  readonly natsUrl: string
+  readonly natsWsUrl: string
+  readonly natsWsPort: number
+  readonly authToken: string | undefined
+  private readonly server: NatsServer
+  readonly nc: NatsConnection
+  private disposed = false
+  private constructor(
+    server: NatsServer,
+    connection: NatsConnection,
+    advertisedNatsUrl: string,
+    advertisedWsUrl: string,
+    token?: string
+  ) {
+    this.server = server
+    this.nc = connection
+    this.natsUrl = advertisedNatsUrl
+    this.natsWsUrl = advertisedWsUrl
+    this.natsWsPort = server.wsPort!
+    this.authToken = token
+  }
+  static async create(options: CreateNatsBridgeOptions = {}): Promise<NatsBridge> {
+    const bindHost = options.bindHost ?? "127.0.0.1"
+    const advertisedHost = normalizeAdvertisedHost(bindHost, options.advertisedHost)
+    const server = await NatsServer.start({
+      host: bindHost,
+      websocket: true,
+      jetstream: true,
+      ...tokenOption(options.token),
+    })
+    if (!server.wsUrl || !server.wsPort) {
+      await server.stop()
+      throw new Error("NATS server started without WebSocket support")
+    }
+    const connection = await connect({
+      servers: rewriteUrlHost(server.url, advertisedHost),
+      ...tokenOption(options.token),
+    })
+    const advertisedNatsUrl = rewriteUrlHost(server.url, advertisedHost)
+    const advertisedWsUrl = rewriteUrlHost(server.wsUrl, advertisedHost)
+    console.warn(LOG_PREFIX, `NATS bridge started — TCP: ${advertisedNatsUrl}, WS: ${advertisedWsUrl}`)
+    const bridge = new NatsBridge(server, connection, advertisedNatsUrl, advertisedWsUrl, options.token)
+    void server.exited.then((code) => {
+      if (!bridge.disposed) {
+        console.warn(LOG_PREFIX, `NATS server exited unexpectedly with code ${code}`)
+      }
+    })
+    return bridge
+  }
+  publish(subject: string, data: unknown): void {
+    if (this.disposed) return
+    try {
+      this.nc.publish(subject, encoder.encode(JSON.stringify(data)))
+    } catch (error) {
+      const message = error instanceof Error ? error.message : String(error)
+      console.warn(LOG_PREFIX, `NATS publish failed on ${subject}: ${message}`)
+    }
+  }
+  async dispose(): Promise<void> {
+    if (this.disposed) return
+    this.disposed = true
+    try {
+      await this.nc.drain()
+    } catch (error) {
+      const message = error instanceof Error ? error.message : String(error)
+      console.warn(LOG_PREFIX, `NATS connection drain failed: ${message}`)
+    }
+    await this.server.stop()
+    console.warn(LOG_PREFIX, "NATS bridge stopped")
+  }
+}