npm - claude-code-session-manager - Versions diffs - 0.21.2 → 0.21.4 - Mend

claude-code-session-manager 0.21.2 → 0.21.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (54) hide show

package/bin/cli.cjs +5 -0
package/dist/assets/{TiptapBody-CepFtp62.js → TiptapBody-CZLSQ6pj.js} +2 -2
package/dist/assets/cssMode-DfqZGMQs.js +1 -0
package/dist/assets/{freemarker2-DqQlU_4i.js → freemarker2-XTPYh37h.js} +1 -1
package/dist/assets/handlebars-DKUF5VyH.js +1 -0
package/dist/assets/html-uqoqsIeI.js +1 -0
package/dist/assets/htmlMode-aMTQs1su.js +1 -0
package/dist/assets/index-BUrrcj7x.js +3525 -0
package/dist/assets/index-DeQI4oVI.css +32 -0
package/dist/assets/javascript-BVxRZMds.js +1 -0
package/dist/assets/{jsonMode-CFEryxme.js → jsonMode-D04xP2s5.js} +4 -4
package/dist/assets/liquid-BkQHTH2P.js +1 -0
package/dist/assets/lspLanguageFeatures-By9uLznH.js +4 -0
package/dist/assets/mdx-Du1IlbjV.js +1 -0
package/dist/assets/{index-CrE67_1W.css → monaco-editor-BTnBOi8r.css} +1 -32
package/dist/assets/monaco-editor-BW5C4Iv1.js +908 -0
package/dist/assets/python-DSlImqXd.js +1 -0
package/dist/assets/razor-BmUVyvSK.js +1 -0
package/dist/assets/{tsMode-CNLm8WAZ.js → tsMode-Btj0TTH7.js} +1 -1
package/dist/assets/typescript-Bzelq9vO.js +1 -0
package/dist/assets/xml-Whd9EaSd.js +1 -0
package/dist/assets/yaml-QYf0-IN8.js +1 -0
package/dist/index.html +4 -2
package/package.json +1 -1
package/src/main/__tests__/runVerify.test.cjs +138 -0
package/src/main/config.cjs +36 -4
package/src/main/historyAggregator.cjs +400 -149
package/src/main/index.cjs +8 -0
package/src/main/ipcSchemas.cjs +42 -13
package/src/main/kg.cjs +87 -30
package/src/main/lib/credentials.cjs +7 -0
package/src/main/lib/e2eStateMachine.cjs +39 -0
package/src/main/runVerify.cjs +51 -5
package/src/main/scheduler/prdParser.cjs +16 -1
package/src/main/scheduler.cjs +171 -13
package/src/main/transcripts.cjs +141 -19
package/src/main/usageMatrix.cjs +7 -3
package/src/main/webRemote.cjs +196 -31
package/src/preload/api.d.ts +40 -0
package/src/preload/index.cjs +7 -0
package/dist/assets/cssMode-8hR_Zezu.js +0 -1
package/dist/assets/handlebars-Ts2NzFcS.js +0 -1
package/dist/assets/html-QjLxt2p6.js +0 -1
package/dist/assets/htmlMode-Dst38sy3.js +0 -1
package/dist/assets/index-XKsJ4Pk3.js +0 -4431
package/dist/assets/javascript-CNxLjNGz.js +0 -1
package/dist/assets/liquid-BBfKLTB_.js +0 -1
package/dist/assets/lspLanguageFeatures-BNyh7ouG.js +0 -4
package/dist/assets/mdx-SaTyS1xC.js +0 -1
package/dist/assets/python-C84TNhMd.js +0 -1
package/dist/assets/razor-BaVJM3L8.js +0 -1
package/dist/assets/typescript-BdrDpzPy.js +0 -1
package/dist/assets/xml-CHJ3Xjjj.js +0 -1
package/dist/assets/yaml-Cg2-K8t3.js +0 -1

package/src/main/webRemote.cjs CHANGED Viewed

@@ -7,7 +7,7 @@
  *   - Outbound-only: opens a WS TO the relay, never listens.
  *   - OFF by default: remoteEnabled must be explicitly true in web-remote.json.
  *   - Kill switch: synchronous — drops socket + refuses all commands instantly.
- *   - Strict allowlist: 15 enumerated command types; unknown → silent drop.
+ *   - Strict allowlist: enumerated command types; unknown → opaque rejected response.
  *   - Zod validation: every payload parsed before any dispatch.
  *   - Path safety: cwd/path fields go through validatePath (home-dir boundary).
  *   - Token at rest: web-remote.json written at 0600 via writeTextAtomic.
@@ -28,6 +28,7 @@ const { writeTextAtomic, validatePath } = require('./config.cjs');
 const logs = require('./logs.cjs');
 const { sendIfAlive } = require('./lib/sendToRenderer.cjs');
 const { schemas } = require('./ipcSchemas.cjs');
+const { makeState, confirmSas: confirmSasLogic } = require('./lib/e2eStateMachine.cjs');
 // ─── Constants ───────────────────────────────────────────────────────────────
@@ -66,7 +67,7 @@ const MSG_MAX_BYTES = 256 * 1024;
 // Single source of truth lives in ipcSchemas.cjs — imported here so the test
 // can verify the same Set without depending on Electron-linked modules.
-const { ALLOWED_COMMANDS } = require('./ipcSchemas.cjs');
+const { ALLOWED_COMMANDS, MUTATE_COMMANDS, SAS_GATED_READS } = require('./ipcSchemas.cjs');
 // ─── E2E encryption helpers (P-256 ECDH + AES-256-GCM, ADR §5.2) ────────────
@@ -111,6 +112,30 @@ function deriveSessionKey(myPrivateKeyB64, peerPublicKeyB64, deviceId) {
   return Buffer.from(crypto.hkdfSync('sha256', sharedSecret, salt, info, 32));
 }
+/**
+ * Derive a 6-digit Short Authentication String from the ECDH shared secret.
+ * Uses a separate HKDF info label ('sm-sas-v1') so the SAS is independent of
+ * the session key. Both sides compute the same value; user confirms they match.
+ */
+function deriveSas(myPrivateKeyB64, peerPublicKeyB64, deviceId) {
+  const myPrivKey = crypto.createPrivateKey({
+    key: Buffer.from(myPrivateKeyB64, 'base64url'),
+    format: 'der',
+    type: 'pkcs8',
+  });
+  const peerPubKey = crypto.createPublicKey({
+    key: Buffer.from(peerPublicKeyB64, 'base64url'),
+    format: 'der',
+    type: 'spki',
+  });
+  const sharedSecret = crypto.diffieHellman({ privateKey: myPrivKey, publicKey: peerPubKey });
+  const salt = Buffer.from(deviceId, 'utf8');
+  const info = Buffer.from('sm-sas-v1', 'utf8');
+  const sasBytes = Buffer.from(crypto.hkdfSync('sha256', sharedSecret, salt, info, 3));
+  const sasNum = ((sasBytes[0] << 16) | (sasBytes[1] << 8) | sasBytes[2]) % 1_000_000;
+  return sasNum.toString().padStart(6, '0');
+}
 /**
  * Encrypt a plaintext JSON string into an AES-256-GCM box.
  * @returns { nonce: base64url, ciphertext: base64url } — the nonce is 12 random bytes
@@ -161,12 +186,13 @@ let _configCacheAt = 0;
 let _destroyed = false; // set at app shutdown to stop reconnect loops
 // E2E session state — reset on each new WS connection.
-let _e2eSessionKey = null; // Buffer | null
+// .state: 'idle' | 'pending_sas' | 'authenticated' | 'failed'
+let _e2e = makeState();
 // ─── Config helpers ───────────────────────────────────────────────────────────
 function defaultConfig() {
-  return { remoteEnabled: false, devices: [] };
+  return { remoteEnabled: false, remoteControlEnabled: false, devices: [] };
 }
 function loadConfigSync() {
@@ -219,7 +245,8 @@ async function auditLog(ts, type, deviceId, msgId, result) {
   try {
     const ymd = ts.slice(0, 10);
     const logPath = path.join(AUDIT_LOG_DIR, `remote-audit-${ymd}.log`);
-    const line = `${ts}  ${type}  deviceId=${deviceId || '-'}  msgId=${msgId || '-'}  result=${result}\n`;
+    const clean = (s) => String(s ?? '').replace(/[\r\n\t]+/g, ' ').slice(0, 200);
+    const line = `${ts}  ${clean(type)}  deviceId=${clean(deviceId) || '-'}  msgId=${clean(msgId) || '-'}  result=${result}\n`;
     const handle = await fsp.open(logPath, 'a', 0o600);
     try {
       await handle.write(line);
@@ -285,6 +312,12 @@ async function getDeviceTicket(deviceToken) {
   return result.ticket;
 }
+// ─── E2E state helpers ────────────────────────────────────────────────────────
+function resetE2e(state = 'idle') {
+  _e2e = makeState(state);
+}
 // ─── WebSocket lifecycle ──────────────────────────────────────────────────────
 function broadcastStatus() {
@@ -293,8 +326,12 @@ function broadcastStatus() {
   const connected = _ws !== null && _ws.readyState === WebSocket.OPEN;
   sendIfAlive(_window, 'webRemote:status', {
     enabled: cfg.remoteEnabled,
+    remoteControlEnabled: cfg.remoteControlEnabled ?? false,
     connected,
-    e2eActive: connected && _e2eSessionKey !== null,
+    e2eActive: connected && _e2e.sessionKey !== null,
+    e2eAuthenticated: connected && _e2e.state === 'authenticated',
+    e2eState: connected ? _e2e.state : 'idle',
+    pendingSas: connected && _e2e.state === 'pending_sas' ? _e2e.pendingSas : null,
     devices: (cfg.devices || []).map(({ deviceId, deviceName, issuedAt, lastConnectedAt }) => ({
       deviceId, deviceName, issuedAt, lastConnectedAt,
     })),
@@ -358,7 +395,7 @@ function scheduleReconnect() {
 async function disconnect() {
   cancelReconnect();
   stopHeartbeat();
-  _e2eSessionKey = null;
+  resetE2e();
   if (_ws) {
     const ws = _ws;
     _ws = null;
@@ -407,7 +444,7 @@ async function connect() {
   _ws = ws;
   _missedPongs = 0;
-  _e2eSessionKey = null; // reset session key on new connection
+  resetE2e(); // reset E2E state on new connection
   ws.on('open', () => {
     logs.writeLine({ scope: 'webRemote', level: 'info', message: 'connected to relay' });
@@ -426,6 +463,8 @@ async function connect() {
     }).catch(() => {});
     broadcastStatus();
     // v2: begin pushing the live session list once connected.
+    // Reset diff-guard so the new client always receives a full session-list push.
+    _lastSessionListJson = null;
     startSessionListPush();
   });
@@ -442,7 +481,7 @@ async function connect() {
   ws.on('close', (code) => {
     stopHeartbeat();
     stopAllSessionWatches();
-    _e2eSessionKey = null;
+    resetE2e();
     if (_ws === ws) _ws = null;
     logs.writeLine({ scope: 'webRemote', level: 'info', message: 'ws closed', meta: { code } });
     broadcastStatus();
@@ -483,14 +522,15 @@ const SESSION_INIT_TAIL_BYTES = 512 * 1024; // bound the initial read
 const _sessionWatchers = new Map(); // tabId → watcher
 let _sessionListTimer = null;
+let _lastSessionListJson = null; // diff-guard: skip push when snapshot unchanged
 /** Push an unsolicited event to the browser(s). Encrypts when an E2E key is active. */
 function pushEvent(type, payload) {
   if (!_ws || _ws.readyState !== WebSocket.OPEN) return;
   const inner = { type, id: crypto.randomUUID(), payload, ts: Date.now() };
   try {
-    if (_e2eSessionKey) {
-      const { nonce, ciphertext } = encryptBox(JSON.stringify(inner), _e2eSessionKey);
+    if (_e2e.sessionKey) {
+      const { nonce, ciphertext } = encryptBox(JSON.stringify(inner), _e2e.sessionKey);
       _ws.send(JSON.stringify({ type: 'e2e:box', id: inner.id, payload: { nonce, ciphertext }, ts: Date.now() }));
     } else {
       _ws.send(JSON.stringify(inner));
@@ -536,13 +576,26 @@ async function tailLines(filePath, fromOffset) {
   if (stat.size <= start) return { lines: [], size: stat.size, inode: stat.ino };
   const fd = await fsp.open(filePath, 'r');
   try {
+    // Drop the first fragment only when offset genuinely landed mid-line —
+    // i.e. the byte immediately before `start` is not '\n'. When `start`
+    // sits right on a newline boundary (previous poll ended at a complete
+    // line) the first split-part is already a full line and must be kept.
+    let dropFirst = false;
+    if (start > 0) {
+      const prev = Buffer.alloc(1);
+      await fd.read(prev, 0, 1, start - 1);
+      dropFirst = prev[0] !== 0x0a; // 0x0a = '\n'
+    }
     const len = stat.size - start;
     const buf = Buffer.alloc(len);
     await fd.read(buf, 0, len, start);
-    const parts = buf.toString('utf8').split('\n').filter(Boolean);
-    // If we started mid-file, the first fragment may be a partial line — drop it.
-    if (start > 0 && parts.length) parts.shift();
-    return { lines: parts, size: stat.size, inode: stat.ino };
+    // Shift before filter: the fragment may be an empty string (when the
+    // buffer starts with '\n', completing the previous partial line). If we
+    // filter(Boolean) first, the empty fragment disappears and shift() would
+    // remove the first valid line instead.
+    const parts = buf.toString('utf8').split('\n');
+    if (dropFirst && parts.length) parts.shift();
+    return { lines: parts.filter(Boolean), size: stat.size, inode: stat.ino };
   } finally {
     await fd.close();
   }
@@ -580,7 +633,10 @@ async function pollSessionWatcher(w) {
   if (nextState && nextState !== w.state) {
     w.state = nextState;
-    pushEvent('event:session:state', { tabId: w.tabId, state: w.state, since: Date.now() });
+    // Guard: don't push state if SAS not yet confirmed (watcher may outlive an auth reset).
+    if (_e2e.state === 'authenticated') {
+      pushEvent('event:session:state', { tabId: w.tabId, state: w.state, since: Date.now() });
+    }
   }
   if (newAssistantText && newMsgId !== w.lastMsgId) {
     w.lastAssistantText = newAssistantText;
@@ -638,6 +694,11 @@ async function pushSessionList() {
     // this stops the unsolicited background push too.
     const cfg = await loadConfig();
     if (!cfg.remoteEnabled) return;
+    // Don't push before SAS is confirmed — session cwds/titles are sensitive user data.
+    // A relay that completes e2e:hello before the user confirms the SAS would otherwise
+    // receive the full session list immediately (same threat SAS_GATED_READS blocks for
+    // cmd:sessions:load). Guard here so _lastSessionListJson is not poisoned either.
+    if (_e2e.state !== 'authenticated') return;
     const sessionsStore = require('./sessionsStore.cjs');
     const data = await sessionsStore.load();
     // Normalize persisted tabs → SessionMeta. tabId === claudeSessionId so it
@@ -648,7 +709,11 @@ async function pushSessionList() {
       title: t.label || t.cwd,
       state: _sessionWatchers.get(t.claudeSessionId)?.state ?? null,
     }));
-    pushEvent('event:session:list', { sessions, activeTabId: data?.activeTabId ?? null });
+    const payload = { sessions, activeTabId: data?.activeTabId ?? null };
+    const json = JSON.stringify(payload);
+    if (json === _lastSessionListJson) return;
+    _lastSessionListJson = json;
+    pushEvent('event:session:list', payload);
   } catch (e) {
     logs.writeLine({ scope: 'webRemote', level: 'warn', message: 'pushSessionList failed', meta: { error: e?.message } });
   }
@@ -734,6 +799,8 @@ function anthropicSummarize(apiKey, text) {
  * completed turn per subscribed tab (~$1/$5 per 1M tokens).
  */
 async function maybeSummarize(w) {
+  // Guard: don't push summaries (session transcript content) before SAS confirmed.
+  if (_e2e.state !== 'authenticated') return;
   const text = w.lastAssistantText;
   if (!text) return;
   const ofMessageId = w.lastMsgId;
@@ -822,28 +889,69 @@ async function handleMessage(raw, device) {
       logs.writeLine({ scope: 'webRemote', level: 'warn', message: 'e2e:hello but no device private key — skipping E2E' });
       return;
     }
+    // Explicit P-256 curve validation — do not rely on Node's implicit throw.
+    // Rejects wrong-curve keys (e.g. P-384), malformed DER, and the all-zero
+    // identity point. Must happen before deriveSessionKey so a bad key drops
+    // the session here, not silently in a crypto catch-all below.
     try {
-      _e2eSessionKey = deriveSessionKey(device.e2ePrivateKey, browserPubKey, device.deviceId);
-      logs.writeLine({ scope: 'webRemote', level: 'info', message: 'E2E session key established' });
+      const derBytes = Buffer.from(browserPubKey, 'base64url');
+      const importedPub = crypto.createPublicKey({ key: derBytes, format: 'der', type: 'spki' });
+      if (importedPub.asymmetricKeyDetails?.namedCurve !== 'prime256v1') {
+        throw new Error(`wrong curve: ${importedPub.asymmetricKeyDetails?.namedCurve}`);
+      }
+      // P-256 SPKI DER is always 91 bytes; raw EC point (04 || x || y) starts at offset 26.
+      // Defense-in-depth: reject the identity point (x=0, y=0) explicitly even though
+      // Node's ECDH would also reject it — P-256 is a prime-order group, so the identity
+      // is the only low-order point.
+      if (derBytes.length === 91) {
+        const x = derBytes.subarray(27, 59);
+        const y = derBytes.subarray(59, 91);
+        if (x.every((b) => b === 0) && y.every((b) => b === 0)) {
+          throw new Error('identity point rejected');
+        }
+      }
+    } catch (e) {
+      logs.writeLine({ scope: 'webRemote', level: 'warn', message: 'e2e:hello peer key validation failed — session dropped', meta: { error: e?.message } });
+      await auditLog(new Date().toISOString(), 'e2e:hello', device.deviceId, undefined, 'error:invalid_peer_key');
+      resetE2e('failed'); // surface key-validation failure to UI — user must reconnect
+      broadcastStatus();
+      return;
+    }
+    try {
+      const sessionKey = deriveSessionKey(device.e2ePrivateKey, browserPubKey, device.deviceId);
+      let pendingSas;
+      try {
+        pendingSas = deriveSas(device.e2ePrivateKey, browserPubKey, device.deviceId);
+      } catch (sasErr) {
+        // SAS derivation failed — session cannot be verified by the user.
+        // Mark failed so confirm-sas returns ok:false and the UI prompts retry.
+        resetE2e('failed');
+        logs.writeLine({ scope: 'webRemote', level: 'warn', message: 'E2E SAS derivation failed — session marked failed', meta: { error: sasErr?.message } });
+        broadcastStatus();
+        return;
+      }
+      _e2e = makeState('pending_sas', sessionKey, pendingSas);
+      logs.writeLine({ scope: 'webRemote', level: 'info', message: 'E2E session key established — SAS pending confirmation' });
       broadcastStatus();
       // Acknowledge with e2e:ready (unencrypted — session just started)
       respond(id, undefined, 'e2e:ready');
     } catch (e) {
       logs.writeLine({ scope: 'webRemote', level: 'warn', message: 'E2E key derivation failed', meta: { error: e?.message } });
-      _e2eSessionKey = null;
+      resetE2e('failed');
+      broadcastStatus();
     }
     return;
   }
   // ── Decrypt e2e:box messages ──────────────────────────────────────────────
   if (type === 'e2e:box') {
-    if (!_e2eSessionKey) {
+    if (!_e2e.sessionKey) {
       logs.writeLine({ scope: 'webRemote', level: 'warn', message: 'e2e:box received but no session key — dropping' });
       return;
     }
     const { nonce, ciphertext } = payload || {};
     if (!nonce || !ciphertext) return;
-    const plaintext = decryptBox(nonce, ciphertext, _e2eSessionKey);
+    const plaintext = decryptBox(nonce, ciphertext, _e2e.sessionKey);
     if (!plaintext) {
       logs.writeLine({ scope: 'webRemote', level: 'warn', message: 'e2e:box decryption failed (auth tag mismatch)' });
       return;
@@ -864,7 +972,7 @@ async function handleMessage(raw, device) {
   if (!type.startsWith('cmd:')) return;
   // After E2E is established, reject plaintext commands — a malicious relay cannot
   // silently downgrade the session by stripping e2e:hello (PENTEST.md §H1).
-  if (_e2eSessionKey) {
+  if (_e2e.sessionKey) {
     logs.writeLine({ scope: 'webRemote', level: 'warn', message: 'plaintext cmd rejected — e2e session active' });
     return;
   }
@@ -881,13 +989,31 @@ async function dispatchEnvelope(envelope, device) {
   const cfg = await loadConfig();
   if (!cfg.remoteEnabled) {
     await auditLog(ts, type, device.deviceId, id, 'error:disabled');
-    respond(id, { error: 'disabled' });
+    respond(id, { error: 'rejected' }); // opaque — reason stays in audit log only
     return;
   }
-  // Allowlist check — unknown types are dropped without error feedback (ADR §6.2)
+  // Allowlist check — reject unknown cmd:* types with opaque error (oracle prevention)
   if (!ALLOWED_COMMANDS.has(type)) {
     await auditLog(ts, type, device.deviceId, id, 'error:not_allowed');
+    respond(id, { error: 'rejected' });
+    return;
+  }
+  // MUTATE tier gate — write/exec commands require remoteControlEnabled=true (default false)
+  if (MUTATE_COMMANDS.has(type) && !cfg.remoteControlEnabled) {
+    await auditLog(ts, type, device.deviceId, id, 'error:not_allowed');
+    respond(id, { error: 'rejected' }); // opaque — reason stays in audit log only
+    return;
+  }
+  // E2E auth gate — MUTATE and sensitive READ commands are blocked until the
+  // user confirms the SAS on the desktop. This prevents a compromised relay
+  // from exfiltrating session lists, PRDs, run logs, or transcript summaries
+  // by completing the ECDH handshake without the user's knowledge.
+  if ((MUTATE_COMMANDS.has(type) || SAS_GATED_READS.has(type)) && _e2e.state !== 'authenticated') {
+    await auditLog(ts, type, device.deviceId, id, 'error:e2e_not_authenticated');
+    respond(id, { error: 'rejected' }); // opaque — reason stays in audit log only
     return;
   }
@@ -899,7 +1025,7 @@ async function dispatchEnvelope(envelope, device) {
   } catch (e) {
     const code = e?.name === 'ZodError' ? 'schema_invalid' : 'dispatch_error';
     await auditLog(ts, type, device.deviceId, id, `error:${code}`);
-    result = { error: code }; // never leak internal error messages to the remote caller
+    result = { error: 'rejected' }; // opaque on-wire — reason stays in audit log only
   }
   respond(id, result);
@@ -919,8 +1045,8 @@ function respond(msgId, payload, typeOverride) {
   try {
     // Encrypt the response if a session key is active.
-    if (_e2eSessionKey && !typeOverride) {
-      const { nonce, ciphertext } = encryptBox(JSON.stringify(inner), _e2eSessionKey);
+    if (_e2e.sessionKey && !typeOverride) {
+      const { nonce, ciphertext } = encryptBox(JSON.stringify(inner), _e2e.sessionKey);
       _ws.send(JSON.stringify({
         type: 'e2e:box',
         id: msgId,
@@ -1139,16 +1265,41 @@ function registerRemoteHandlers() {
   // Returns current status without tokens — safe to expose to renderer.
   ipcMain.handle('webRemote:get-status', async () => {
     const cfg = await loadConfig();
+    const connected = _ws !== null && _ws.readyState === WebSocket.OPEN;
     return {
       enabled: cfg.remoteEnabled,
-      connected: _ws !== null && _ws.readyState === WebSocket.OPEN,
-      e2eActive: _ws !== null && _ws.readyState === WebSocket.OPEN && _e2eSessionKey !== null,
+      remoteControlEnabled: cfg.remoteControlEnabled ?? false,
+      connected,
+      e2eActive: connected && _e2e.sessionKey !== null,
+      e2eAuthenticated: connected && _e2e.state === 'authenticated',
+      e2eState: connected ? _e2e.state : 'idle',
+      pendingSas: connected && _e2e.state === 'pending_sas' ? _e2e.pendingSas : null,
       devices: (cfg.devices || []).map(({ deviceId, deviceName, issuedAt, lastConnectedAt }) => ({
         deviceId, deviceName, issuedAt, lastConnectedAt,
       })),
     };
   });
+  // User confirmed that the SAS shown on both desktop and browser match.
+  // Returns ok:false if the session is not in the pending_sas state (e.g. key
+  // missing, already failed, already authenticated, or reconnected).
+  ipcMain.handle('webRemote:confirm-sas', async () => {
+    const { ok, error, next } = confirmSasLogic(_e2e);
+    if (!ok) {
+      logs.writeLine({ scope: 'webRemote', level: 'warn', message: 'confirm-sas rejected — wrong state', meta: { state: _e2e.state, error } });
+      return { ok: false, error };
+    }
+    _e2e = next;
+    logs.writeLine({ scope: 'webRemote', level: 'info', message: 'E2E session authenticated — SAS confirmed by user' });
+    broadcastStatus();
+    // Flush the session list immediately — the push loop was suppressed while
+    // state !== 'authenticated', so the mobile app would otherwise wait up to
+    // SESSION_LIST_PUSH_MS for the first useful data.
+    _lastSessionListJson = null;
+    pushSessionList().catch(() => {});
+    return { ok: true };
+  });
   ipcMain.handle('webRemote:enable', async () => {
     const cfg = await loadConfig();
     await saveConfig({ ...cfg, remoteEnabled: true });
@@ -1165,6 +1316,20 @@ function registerRemoteHandlers() {
     return { ok: true };
   });
+  ipcMain.handle('webRemote:enable-control', async () => {
+    const cfg = await loadConfig();
+    await saveConfig({ ...cfg, remoteControlEnabled: true });
+    broadcastStatus();
+    return { ok: true };
+  });
+  ipcMain.handle('webRemote:disable-control', async () => {
+    const cfg = await loadConfig();
+    await saveConfig({ ...cfg, remoteControlEnabled: false });
+    broadcastStatus();
+    return { ok: true };
+  });
   ipcMain.handle('webRemote:pair', validated(schemas.webRemotePair, async ({ otp }) => {
     return pair(otp);
   }));
@@ -1212,7 +1377,7 @@ async function init() {
 function destroy() {
   _destroyed = true;
   cancelReconnect();
-  _e2eSessionKey = null;
+  resetE2e();
   if (_ws) {
     try { _ws.terminate(); } catch { /* */ }
     _ws = null;

package/src/preload/api.d.ts CHANGED Viewed

@@ -393,6 +393,13 @@ export interface SupervisorLogEntry {
   costUsd: number | null;
 }
+export interface SchedulePollHealth {
+  lastPollAt: number | null;
+  lastPollOk: boolean;
+  consecutiveFailures: number;
+  lastFailureKind: string | null;
+}
 export interface ScheduleStateSnapshot {
   config: ScheduleConfig & { supervisor?: SupervisorConfig };
   jobs: ScheduleJob[];
@@ -403,6 +410,8 @@ export interface ScheduleStateSnapshot {
   paused: SchedulePauseInfo | null;
   /** Latest five_hour utilization percent (0–100) cached from billing.fetchUsage. null if unknown. */
   utilization: number | null;
+  /** Poll health — last billing poll result; used to detect stale utilization. */
+  pollHealth?: SchedulePollHealth;
   /** Returned only by the initial state() call, not the broadcast event. */
   paths?: SchedulePaths;
 }
@@ -452,6 +461,19 @@ export interface ListConversationsResult {
   scannedMs: number;
 }
+export interface SessionScanEntry {
+  sessionId: string;
+  projectEncoded: string;
+  path: string;
+  mtimeMs: number;
+  sizeBytes: number;
+}
+export interface SessionScanResult {
+  sessions: SessionScanEntry[];
+  scannedMs: number;
+}
 export interface FileEntry {
   name: string;
@@ -793,8 +815,15 @@ export interface WebRemoteDevice {
 export interface WebRemoteStatus {
   enabled: boolean;
+  remoteControlEnabled: boolean;
   connected: boolean;
   e2eActive: boolean;
+  /** True once the user has confirmed the SAS on the desktop. */
+  e2eAuthenticated: boolean;
+  /** Explicit E2E session state for UI rendering. */
+  e2eState: 'idle' | 'pending_sas' | 'authenticated' | 'failed';
+  /** 6-digit Short Authentication String pending user confirmation, or null. */
+  pendingSas: string | null;
   devices: WebRemoteDevice[];
 }
@@ -858,7 +887,10 @@ export interface SessionManagerAPI {
   };
   transcripts: {
     subscribe: (payload: { tabId: string; cwd: string; sessionUuid: string }) => Promise<SubscribeResult>;
+    /** Release the sub back to the LRU cache (view-switch). Does not destroy the watcher. */
     unsubscribe: (tabId: string) => Promise<{ ok: boolean }>;
+    /** Permanently destroy the sub (genuine tab close). */
+    closeTab: (tabId: string) => Promise<{ ok: boolean }>;
     buffer: (tabId: string) => Promise<TranscriptEvent[]>;
     pathFor: (cwd: string, sessionUuid: string) => Promise<string>;
     onEvent: (tabId: string, handler: (ev: TranscriptEvent) => void) => () => void;
@@ -949,6 +981,7 @@ export interface SessionManagerAPI {
   history: {
     aggregate: (req?: HistoryAggregateRequest) => Promise<HistoryAggregateResult>;
     listConversations: () => Promise<ListConversationsResult>;
+    scanProjects: () => Promise<SessionScanResult>;
   };
   schedule: {
     state: () => Promise<ScheduleStateSnapshot>;
@@ -1062,6 +1095,10 @@ export interface SessionManagerAPI {
     getStatus: () => Promise<WebRemoteStatus>;
     enable: () => Promise<WebRemoteMutationResult>;
     disable: () => Promise<WebRemoteMutationResult>;
+    /** Allow MUTATE-tier commands (pty spawn/write, scheduler writes). Default off. */
+    enableControl: () => Promise<WebRemoteMutationResult>;
+    /** Block MUTATE-tier commands — mobile becomes read-only mirror. */
+    disableControl: () => Promise<WebRemoteMutationResult>;
     pair: (otp: string) => Promise<WebRemotePairResult>;
     revokeDevice: (deviceId: string) => Promise<WebRemoteMutationResult>;
     auditTail: (lines?: number) => Promise<WebRemoteAuditTailResult>;
@@ -1071,6 +1108,9 @@ export interface SessionManagerAPI {
     revokeAll: () => Promise<WebRemoteMutationResult>;
     /** Subscribe to the completion event broadcast after revokeAll. */
     onRevokedAll: (handler: (ev: { revokedCount: number }) => void) => () => void;
+    /** Confirm that the SAS shown on the desktop matches the browser — marks the
+     *  E2E session as authenticated and unblocks MUTATE-tier commands. */
+    confirmSas: () => Promise<WebRemoteMutationResult>;
   };
   kg: {
     /** Distilled knowledge graph + ingest status for ONE project (`cwd`).

package/src/preload/index.cjs CHANGED Viewed

@@ -59,6 +59,7 @@ contextBridge.exposeInMainWorld('api', {
   transcripts: {
     subscribe: (payload) => ipcRenderer.invoke('transcript:subscribe', payload),
     unsubscribe: (tabId) => ipcRenderer.invoke('transcript:unsubscribe', { tabId }),
+    closeTab: (tabId) => ipcRenderer.invoke('transcript:close', { tabId }),
     buffer: (tabId) => ipcRenderer.invoke('transcript:buffer', { tabId }),
     pathFor: (cwd, sessionUuid) =>
       ipcRenderer.invoke('transcript:path', { cwd, sessionUuid }),
@@ -155,6 +156,7 @@ contextBridge.exposeInMainWorld('api', {
   history: {
     aggregate: (req) => ipcRenderer.invoke('history:aggregate', req),
     listConversations: () => ipcRenderer.invoke('history:list-conversations'),
+    scanProjects: () => ipcRenderer.invoke('history:scan-projects'),
   },
   files: {
     list: (path, showHidden) => ipcRenderer.invoke('files:list', { path, showHidden }),
@@ -283,6 +285,10 @@ contextBridge.exposeInMainWorld('api', {
     enable: () => ipcRenderer.invoke('webRemote:enable'),
     /** Turn remote control off. Immediately drops relay connection. */
     disable: () => ipcRenderer.invoke('webRemote:disable'),
+    /** Allow MUTATE-tier commands (pty spawn/write, scheduler writes). Default off. */
+    enableControl: () => ipcRenderer.invoke('webRemote:enable-control'),
+    /** Block MUTATE-tier commands — mobile becomes read-only mirror. */
+    disableControl: () => ipcRenderer.invoke('webRemote:disable-control'),
     /** Pair a new device using the 8-character OTP shown in the web UI. */
     pair: (otp) => ipcRenderer.invoke('webRemote:pair', { otp }),
     /** Revoke a paired device by its deviceId. */
@@ -303,6 +309,7 @@ contextBridge.exposeInMainWorld('api', {
     },
     /** Revoke ALL paired devices and tear down every session immediately. */
     revokeAll: () => ipcRenderer.invoke('webRemote:revoke-all'),
+    confirmSas: () => ipcRenderer.invoke('webRemote:confirm-sas'),
     /** Push event when revokeAll completes (main broadcasts webRemote:revoked-all). */
     onRevokedAll: (handler) => {
       const listener = (_e, payload) => handler(payload);

package/dist/assets/cssMode-8hR_Zezu.js DELETED Viewed

@@ -1 +0,0 @@

- import{d as h,l as s}from"./index-XKsJ4Pk3.js";import{C as c,H as u,d as p,D as m,R as f,g as _,h as w,b as k,F as v,a as D,S as P,c as R,f as I}from"./lspLanguageFeatures-BNyh7ouG.js";import{e as b,i as H,j as U,t as y,k as T}from"./lspLanguageFeatures-BNyh7ouG.js";const C=120*1e3;class A{constructor(o){this._defaults=o,this._worker=null,this._client=null,this._idleCheckInterval=window.setInterval(()=>this._checkIfIdle(),30*1e3),this._lastUsedTime=0,this._configChangeListener=this._defaults.onDidChange(()=>this._stopWorker())}_stopWorker(){this._worker&&(this._worker.dispose(),this._worker=null),this._client=null}dispose(){clearInterval(this._idleCheckInterval),this._configChangeListener.dispose(),this._stopWorker()}_checkIfIdle(){if(!this._worker)return;Date.now()-this._lastUsedTime>C&&this._stopWorker()}_getClient(){return this._lastUsedTime=Date.now(),this._client||(this._worker=h({moduleId:"vs/language/css/cssWorker",createWorker:()=>new Worker(new URL(""+new URL("css.worker-B4z49cGk.js",import.meta.url).href,import.meta.url),{type:"module"}),label:this._defaults.languageId,createData:{options:this._defaults.options,languageId:this._defaults.languageId}}),this._client=this._worker.getProxy()),this._client}getLanguageServiceWorker(...o){let e;return this._getClient().then(a=>{e=a}).then(a=>{if(this._worker)return this._worker.withSyncedResources(o)}).then(a=>e)}}function F(n){const o=[],e=[],a=new A(n);o.push(a);const r=(...t)=>a.getLanguageServiceWorker(...t);function l(){const{languageId:t,modeConfiguration:i}=n;g(e),i.completionItems&&e.push(s.registerCompletionItemProvider(t,new c(r,["/","-",":"]))),i.hovers&&e.push(s.registerHoverProvider(t,new u(r))),i.documentHighlights&&e.push(s.registerDocumentHighlightProvider(t,new p(r))),i.definitions&&e.push(s.registerDefinitionProvider(t,new m(r))),i.references&&e.push(s.registerReferenceProvider(t,new f(r))),i.documentSymbols&&e.push(s.registerDocumentSymbolProvider(t,new _(r))),i.rename&&e.push(s.registerRenameProvider(t,new w(r))),i.colors&&e.push(s.registerColorProvider(t,new k(r))),i.foldingRanges&&e.push(s.registerFoldingRangeProvider(t,new v(r))),i.diagnostics&&e.push(new D(t,r,n.onDidChange)),i.selectionRanges&&e.push(s.registerSelectionRangeProvider(t,new P(r))),i.documentFormattingEdits&&e.push(s.registerDocumentFormattingEditProvider(t,new R(r))),i.documentRangeFormattingEdits&&e.push(s.registerDocumentRangeFormattingEditProvider(t,new I(r)))}return l(),o.push(d(e)),d(o)}function d(n){return{dispose:()=>g(n)}}function g(n){for(;n.length;)n.pop().dispose()}export{c as CompletionAdapter,m as DefinitionAdapter,D as DiagnosticsAdapter,k as DocumentColorAdapter,R as DocumentFormattingEditProvider,p as DocumentHighlightAdapter,b as DocumentLinkAdapter,I as DocumentRangeFormattingEditProvider,_ as DocumentSymbolAdapter,v as FoldingRangeAdapter,u as HoverAdapter,f as ReferenceAdapter,w as RenameAdapter,P as SelectionRangeAdapter,A as WorkerManager,H as fromPosition,U as fromRange,F as setupMode,y as toRange,T as toTextEdit};

package/dist/assets/handlebars-Ts2NzFcS.js DELETED Viewed

@@ -1 +0,0 @@

- import{l as e}from"./index-XKsJ4Pk3.js";const t=["area","base","br","col","embed","hr","img","input","keygen","link","menuitem","meta","param","source","track","wbr"],a={wordPattern:/(-?\d*\.\d\w*)|([^\`\~\!\@\$\^\&\*\=\+\[\{\]\}\\\|\;\:\'\"\,\.\<\>\/\s]+)/g,comments:{blockComment:["{{!--","--}}"]},brackets:[[""],["<",">"],["{{","}}"],["{","}"],["(",")"]],autoClosingPairs:[{open:"{",close:"}"},{open:"[",close:"]"},{open:"(",close:")"},{open:'"',close:'"'},{open:"'",close:"'"}],surroundingPairs:[{open:"<",close:">"},{open:'"',close:'"'},{open:"'",close:"'"}],onEnterRules:[{beforeText:new RegExp(`<(?!(?:${t.join("|")}))(\\w[\\w\\d]*)([^/>]*(?!/)>)[^<]*$`,"i"),afterText:/^<\/(\w[\w\d]*)\s*>$/i,action:{indentAction:e.IndentAction.IndentOutdent}},{beforeText:new RegExp(`<(?!(?:${t.join("|")}))(\\w[\\w\\d]*)([^/>]*(?!/)>)[^<]*$`,"i"),action:{indentAction:e.IndentAction.Indent}}]},m={defaultToken:"",tokenPostfix:"",tokenizer:{root:[[/\{\{!--/,"comment.block.start.handlebars","@commentBlock"],[/\{\{!/,"comment.start.handlebars","@comment"],[/\{\{/,{token:"@rematch",switchTo:"@handlebarsInSimpleState.root"}],[/<!DOCTYPE/,"metatag.html","@doctype"],[//,"comment.html","@pop"],[/[^-]+/,"comment.content.html"],[/./,"comment.content.html"]],otherTag:[[/\{\{/,{token:"@rematch",switchTo:"@handlebarsInSimpleState.otherTag"}],[/\/?>/,"delimiter.html","@pop"],[/"([^"]*)"/,"attribute.value"],[/'([^']*)'/,"attribute.value"],[/[\w\-]+/,"attribute.name"],[/=/,"delimiter"],[/[ \t\r\n]+/]],script:[[/\{\{/,{token:"@rematch",switchTo:"@handlebarsInSimpleState.script"}],[/type/,"attribute.name","@scriptAfterType"],[/"([^"]*)"/,"attribute.value"],[/'([^']*)'/,"attribute.value"],[/[\w\-]+/,"attribute.name"],[/=/,"delimiter"],[/>/,{token:"delimiter.html",next:"@scriptEmbedded.text/javascript",nextEmbedded:"text/javascript"}],[/[ \t\r\n]+/],[/(<\/)(script\s*)(>)/,["delimiter.html","tag.html",{token:"delimiter.html",next:"@pop"}]]],scriptAfterType:[[/\{\{/,{token:"@rematch",switchTo:"@handlebarsInSimpleState.scriptAfterType"}],[/=/,"delimiter","@scriptAfterTypeEquals"],[/>/,{token:"delimiter.html",next:"@scriptEmbedded.text/javascript",nextEmbedded:"text/javascript"}],[/[ \t\r\n]+/],[/<\/script\s*>/,{token:"@rematch",next:"@pop"}]],scriptAfterTypeEquals:[[/\{\{/,{token:"@rematch",switchTo:"@handlebarsInSimpleState.scriptAfterTypeEquals"}],[/"([^"]*)"/,{token:"attribute.value",switchTo:"@scriptWithCustomType.$1"}],[/'([^']*)'/,{token:"attribute.value",switchTo:"@scriptWithCustomType.$1"}],[/>/,{token:"delimiter.html",next:"@scriptEmbedded.text/javascript",nextEmbedded:"text/javascript"}],[/[ \t\r\n]+/],[/<\/script\s*>/,{token:"@rematch",next:"@pop"}]],scriptWithCustomType:[[/\{\{/,{token:"@rematch",switchTo:"@handlebarsInSimpleState.scriptWithCustomType.$S2"}],[/>/,{token:"delimiter.html",next:"@scriptEmbedded.$S2",nextEmbedded:"$S2"}],[/"([^"]*)"/,"attribute.value"],[/'([^']*)'/,"attribute.value"],[/[\w\-]+/,"attribute.name"],[/=/,"delimiter"],[/[ \t\r\n]+/],[/<\/script\s*>/,{token:"@rematch",next:"@pop"}]],scriptEmbedded:[[/\{\{/,{token:"@rematch",switchTo:"@handlebarsInEmbeddedState.scriptEmbedded.$S2",nextEmbedded:"@pop"}],[/<\/script/,{token:"@rematch",next:"@pop",nextEmbedded:"@pop"}]],style:[[/\{\{/,{token:"@rematch",switchTo:"@handlebarsInSimpleState.style"}],[/type/,"attribute.name","@styleAfterType"],[/"([^"]*)"/,"attribute.value"],[/'([^']*)'/,"attribute.value"],[/[\w\-]+/,"attribute.name"],[/=/,"delimiter"],[/>/,{token:"delimiter.html",next:"@styleEmbedded.text/css",nextEmbedded:"text/css"}],[/[ \t\r\n]+/],[/(<\/)(style\s*)(>)/,["delimiter.html","tag.html",{token:"delimiter.html",next:"@pop"}]]],styleAfterType:[[/\{\{/,{token:"@rematch",switchTo:"@handlebarsInSimpleState.styleAfterType"}],[/=/,"delimiter","@styleAfterTypeEquals"],[/>/,{token:"delimiter.html",next:"@styleEmbedded.text/css",nextEmbedded:"text/css"}],[/[ \t\r\n]+/],[/<\/style\s*>/,{token:"@rematch",next:"@pop"}]],styleAfterTypeEquals:[[/\{\{/,{token:"@rematch",switchTo:"@handlebarsInSimpleState.styleAfterTypeEquals"}],[/"([^"]*)"/,{token:"attribute.value",switchTo:"@styleWithCustomType.$1"}],[/'([^']*)'/,{token:"attribute.value",switchTo:"@styleWithCustomType.$1"}],[/>/,{token:"delimiter.html",next:"@styleEmbedded.text/css",nextEmbedded:"text/css"}],[/[ \t\r\n]+/],[/<\/style\s*>/,{token:"@rematch",next:"@pop"}]],styleWithCustomType:[[/\{\{/,{token:"@rematch",switchTo:"@handlebarsInSimpleState.styleWithCustomType.$S2"}],[/>/,{token:"delimiter.html",next:"@styleEmbedded.$S2",nextEmbedded:"$S2"}],[/"([^"]*)"/,"attribute.value"],[/'([^']*)'/,"attribute.value"],[/[\w\-]+/,"attribute.name"],[/=/,"delimiter"],[/[ \t\r\n]+/],[/<\/style\s*>/,{token:"@rematch",next:"@pop"}]],styleEmbedded:[[/\{\{/,{token:"@rematch",switchTo:"@handlebarsInEmbeddedState.styleEmbedded.$S2",nextEmbedded:"@pop"}],[/<\/style/,{token:"@rematch",next:"@pop",nextEmbedded:"@pop"}]],handlebarsInSimpleState:[[/\{\{\{?/,"delimiter.handlebars"],[/\}\}\}?/,{token:"delimiter.handlebars",switchTo:"@$S2.$S3"}],{include:"handlebarsRoot"}],handlebarsInEmbeddedState:[[/\{\{\{?/,"delimiter.handlebars"],[/\}\}\}?/,{token:"delimiter.handlebars",switchTo:"@$S2.$S3",nextEmbedded:"$S3"}],{include:"handlebarsRoot"}],handlebarsRoot:[[/"[^"]*"/,"string.handlebars"],[/[#/][^\s}]+/,"keyword.helper.handlebars"],[/else\b/,"keyword.helper.handlebars"],[/[\s]+/],[/[^}]/,"variable.parameter.handlebars"]]}};export{a as conf,m as language};

package/dist/assets/html-QjLxt2p6.js DELETED Viewed

@@ -1 +0,0 @@

- import{l as e}from"./index-XKsJ4Pk3.js";const t=["area","base","br","col","embed","hr","img","input","keygen","link","menuitem","meta","param","source","track","wbr"],i={wordPattern:/(-?\d*\.\d\w*)|([^\`\~\!\@\$\^\&\*\=\+\[\{\]\}\\\|\;\:\'\"\,\.\<\>\/\s]+)/g,comments:{blockComment:[""]},brackets:[[""],["<",">"],["{","}"],["(",")"]],autoClosingPairs:[{open:"{",close:"}"},{open:"[",close:"]"},{open:"(",close:")"},{open:'"',close:'"'},{open:"'",close:"'"}],surroundingPairs:[{open:'"',close:'"'},{open:"'",close:"'"},{open:"{",close:"}"},{open:"[",close:"]"},{open:"(",close:")"},{open:"<",close:">"}],onEnterRules:[{beforeText:new RegExp(`<(?!(?:${t.join("|")}))([_:\\w][_:\\w-.\\d]*)([^/>]*(?!/)>)[^<]*$`,"i"),afterText:/^<\/([_:\w][_:\w-.\d]*)\s*>$/i,action:{indentAction:e.IndentAction.IndentOutdent}},{beforeText:new RegExp(`<(?!(?:${t.join("|")}))(\\w[\\w\\d]*)([^/>]*(?!/)>)[^<]*$`,"i"),action:{indentAction:e.IndentAction.Indent}}],folding:{markers:{start:new RegExp("^\\s*"),end:new RegExp("^\\s*")}}},r={defaultToken:"",tokenPostfix:".html",ignoreCase:!0,tokenizer:{root:[[/<!DOCTYPE/,"metatag","@doctype"],[//,"comment","@pop"],[/[^-]+/,"comment.content"],[/./,"comment.content"]],otherTag:[[/\/?>/,"delimiter","@pop"],[/"([^"]*)"/,"attribute.value"],[/'([^']*)'/,"attribute.value"],[/[\w\-]+/,"attribute.name"],[/=/,"delimiter"],[/[ \t\r\n]+/]],script:[[/type/,"attribute.name","@scriptAfterType"],[/"([^"]*)"/,"attribute.value"],[/'([^']*)'/,"attribute.value"],[/[\w\-]+/,"attribute.name"],[/=/,"delimiter"],[/>/,{token:"delimiter",next:"@scriptEmbedded",nextEmbedded:"text/javascript"}],[/[ \t\r\n]+/],[/(<\/)(script\s*)(>)/,["delimiter","tag",{token:"delimiter",next:"@pop"}]]],scriptAfterType:[[/=/,"delimiter","@scriptAfterTypeEquals"],[/>/,{token:"delimiter",next:"@scriptEmbedded",nextEmbedded:"text/javascript"}],[/[ \t\r\n]+/],[/<\/script\s*>/,{token:"@rematch",next:"@pop"}]],scriptAfterTypeEquals:[[/"module"/,{token:"attribute.value",switchTo:"@scriptWithCustomType.text/javascript"}],[/'module'/,{token:"attribute.value",switchTo:"@scriptWithCustomType.text/javascript"}],[/"([^"]*)"/,{token:"attribute.value",switchTo:"@scriptWithCustomType.$1"}],[/'([^']*)'/,{token:"attribute.value",switchTo:"@scriptWithCustomType.$1"}],[/>/,{token:"delimiter",next:"@scriptEmbedded",nextEmbedded:"text/javascript"}],[/[ \t\r\n]+/],[/<\/script\s*>/,{token:"@rematch",next:"@pop"}]],scriptWithCustomType:[[/>/,{token:"delimiter",next:"@scriptEmbedded.$S2",nextEmbedded:"$S2"}],[/"([^"]*)"/,"attribute.value"],[/'([^']*)'/,"attribute.value"],[/[\w\-]+/,"attribute.name"],[/=/,"delimiter"],[/[ \t\r\n]+/],[/<\/script\s*>/,{token:"@rematch",next:"@pop"}]],scriptEmbedded:[[/<\/script/,{token:"@rematch",next:"@pop",nextEmbedded:"@pop"}],[/[^<]+/,""]],style:[[/type/,"attribute.name","@styleAfterType"],[/"([^"]*)"/,"attribute.value"],[/'([^']*)'/,"attribute.value"],[/[\w\-]+/,"attribute.name"],[/=/,"delimiter"],[/>/,{token:"delimiter",next:"@styleEmbedded",nextEmbedded:"text/css"}],[/[ \t\r\n]+/],[/(<\/)(style\s*)(>)/,["delimiter","tag",{token:"delimiter",next:"@pop"}]]],styleAfterType:[[/=/,"delimiter","@styleAfterTypeEquals"],[/>/,{token:"delimiter",next:"@styleEmbedded",nextEmbedded:"text/css"}],[/[ \t\r\n]+/],[/<\/style\s*>/,{token:"@rematch",next:"@pop"}]],styleAfterTypeEquals:[[/"([^"]*)"/,{token:"attribute.value",switchTo:"@styleWithCustomType.$1"}],[/'([^']*)'/,{token:"attribute.value",switchTo:"@styleWithCustomType.$1"}],[/>/,{token:"delimiter",next:"@styleEmbedded",nextEmbedded:"text/css"}],[/[ \t\r\n]+/],[/<\/style\s*>/,{token:"@rematch",next:"@pop"}]],styleWithCustomType:[[/>/,{token:"delimiter",next:"@styleEmbedded.$S2",nextEmbedded:"$S2"}],[/"([^"]*)"/,"attribute.value"],[/'([^']*)'/,"attribute.value"],[/[\w\-]+/,"attribute.name"],[/=/,"delimiter"],[/[ \t\r\n]+/],[/<\/style\s*>/,{token:"@rematch",next:"@pop"}]],styleEmbedded:[[/<\/style/,{token:"@rematch",next:"@pop",nextEmbedded:"@pop"}],[/[^<]+/,""]]}};export{i as conf,r as language};

package/dist/assets/htmlMode-Dst38sy3.js DELETED Viewed

@@ -1 +0,0 @@

- import{d as D,l as t}from"./index-XKsJ4Pk3.js";import{H as d,d as l,e as u,F as c,g as h,S as m,h as p,c as w,f as _,C as R}from"./lspLanguageFeatures-BNyh7ouG.js";import{D as E,a as H,b,R as y,i as U,j as T,t as x,k as M}from"./lspLanguageFeatures-BNyh7ouG.js";const I=120*1e3;class f{constructor(n){this._defaults=n,this._worker=null,this._client=null,this._idleCheckInterval=window.setInterval(()=>this._checkIfIdle(),30*1e3),this._lastUsedTime=0,this._configChangeListener=this._defaults.onDidChange(()=>this._stopWorker())}_stopWorker(){this._worker&&(this._worker.dispose(),this._worker=null),this._client=null}dispose(){clearInterval(this._idleCheckInterval),this._configChangeListener.dispose(),this._stopWorker()}_checkIfIdle(){if(!this._worker)return;Date.now()-this._lastUsedTime>I&&this._stopWorker()}_getClient(){return this._lastUsedTime=Date.now(),this._client||(this._worker=D({moduleId:"vs/language/html/htmlWorker",createWorker:()=>new Worker(new URL(""+new URL("html.worker-DtiGdgqp.js",import.meta.url).href,import.meta.url),{type:"module"}),createData:{languageSettings:this._defaults.options,languageId:this._defaults.languageId},label:this._defaults.languageId}),this._client=this._worker.getProxy()),this._client}getLanguageServiceWorker(...n){let e;return this._getClient().then(r=>{e=r}).then(r=>{if(this._worker)return this._worker.withSyncedResources(n)}).then(r=>e)}}class v extends R{constructor(n){super(n,[".",":","<",'"',"=","/"])}}function C(i){const n=new f(i),e=(...o)=>n.getLanguageServiceWorker(...o);let r=i.languageId;t.registerCompletionItemProvider(r,new v(e)),t.registerHoverProvider(r,new d(e)),t.registerDocumentHighlightProvider(r,new l(e)),t.registerLinkProvider(r,new u(e)),t.registerFoldingRangeProvider(r,new c(e)),t.registerDocumentSymbolProvider(r,new h(e)),t.registerSelectionRangeProvider(r,new m(e)),t.registerRenameProvider(r,new p(e)),r==="html"&&(t.registerDocumentFormattingEditProvider(r,new w(e)),t.registerDocumentRangeFormattingEditProvider(r,new _(e)))}function L(i){const n=[],e=[],r=new f(i);n.push(r);const o=(...s)=>r.getLanguageServiceWorker(...s);function P(){const{languageId:s,modeConfiguration:a}=i;k(e),a.completionItems&&e.push(t.registerCompletionItemProvider(s,new v(o))),a.hovers&&e.push(t.registerHoverProvider(s,new d(o))),a.documentHighlights&&e.push(t.registerDocumentHighlightProvider(s,new l(o))),a.links&&e.push(t.registerLinkProvider(s,new u(o))),a.documentSymbols&&e.push(t.registerDocumentSymbolProvider(s,new h(o))),a.rename&&e.push(t.registerRenameProvider(s,new p(o))),a.foldingRanges&&e.push(t.registerFoldingRangeProvider(s,new c(o))),a.selectionRanges&&e.push(t.registerSelectionRangeProvider(s,new m(o))),a.documentFormattingEdits&&e.push(t.registerDocumentFormattingEditProvider(s,new w(o))),a.documentRangeFormattingEdits&&e.push(t.registerDocumentRangeFormattingEditProvider(s,new _(o)))}return P(),n.push(g(e)),g(n)}function g(i){return{dispose:()=>k(i)}}function k(i){for(;i.length;)i.pop().dispose()}export{R as CompletionAdapter,E as DefinitionAdapter,H as DiagnosticsAdapter,b as DocumentColorAdapter,w as DocumentFormattingEditProvider,l as DocumentHighlightAdapter,u as DocumentLinkAdapter,_ as DocumentRangeFormattingEditProvider,h as DocumentSymbolAdapter,c as FoldingRangeAdapter,d as HoverAdapter,y as ReferenceAdapter,p as RenameAdapter,m as SelectionRangeAdapter,f as WorkerManager,U as fromPosition,T as fromRange,L as setupMode,C as setupMode1,x as toRange,M as toTextEdit};