clawvault 3.0.0 → 3.2.0

package/dist/lib/tailscale.cjs

@@ -1,1183 +0,0 @@
-"use strict";
-var __create = Object.create;
-var __defProp = Object.defineProperty;
-var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
-var __getOwnPropNames = Object.getOwnPropertyNames;
-var __getProtoOf = Object.getPrototypeOf;
-var __hasOwnProp = Object.prototype.hasOwnProperty;
-var __export = (target, all) => {
-  for (var name in all)
-    __defProp(target, name, { get: all[name], enumerable: true });
-};
-var __copyProps = (to, from, except, desc) => {
-  if (from && typeof from === "object" || typeof from === "function") {
-    for (let key of __getOwnPropNames(from))
-      if (!__hasOwnProp.call(to, key) && key !== except)
-        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
-  }
-  return to;
-};
-var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
-  // If the importer is in node compatibility mode or this is not an ESM
-  // file that has been converted to a CommonJS file using a Babel-
-  // compatible transform (i.e. "__esModule" has not been set), then set
-  // "default" to the CommonJS "module.exports" for node compatibility.
-  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
-  mod
-));
-var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
-
-// src/lib/tailscale.ts
-var tailscale_exports = {};
-__export(tailscale_exports, {
-  CLAWVAULT_SERVE_PATH: () => CLAWVAULT_SERVE_PATH,
-  DEFAULT_SERVE_PORT: () => DEFAULT_SERVE_PORT,
-  FILE_ENDPOINT: () => FILE_ENDPOINT,
-  MANIFEST_ENDPOINT: () => MANIFEST_ENDPOINT,
-  SYNC_ENDPOINT: () => SYNC_ENDPOINT,
-  checkPeerClawVault: () => checkPeerClawVault,
-  compareManifests: () => compareManifests,
-  configureTailscaleServe: () => configureTailscaleServe,
-  discoverClawVaultPeers: () => discoverClawVaultPeers,
-  fetchRemoteFile: () => fetchRemoteFile,
-  fetchRemoteManifest: () => fetchRemoteManifest,
-  findPeer: () => findPeer,
-  generateVaultManifest: () => generateVaultManifest,
-  getOnlinePeers: () => getOnlinePeers,
-  getTailscaleStatus: () => getTailscaleStatus,
-  getTailscaleVersion: () => getTailscaleVersion,
-  hasTailscale: () => hasTailscale,
-  pushFileToRemote: () => pushFileToRemote,
-  resolvePeerIP: () => resolvePeerIP,
-  serveVault: () => serveVault,
-  stopTailscaleServe: () => stopTailscaleServe,
-  syncWithPeer: () => syncWithPeer
-});
-module.exports = __toCommonJS(tailscale_exports);
-var import_child_process = require("child_process");
-var fs2 = __toESM(require("fs"), 1);
-var path2 = __toESM(require("path"), 1);
-var http = __toESM(require("http"), 1);
-var https = __toESM(require("https"), 1);
-
-// src/lib/webdav.ts
-var fs = __toESM(require("fs"), 1);
-var path = __toESM(require("path"), 1);
-var WEBDAV_PREFIX = "/webdav";
-var BLOCKED_PATHS = [
-  ".clawvault",
-  ".git",
-  ".obsidian",
-  "node_modules"
-];
-var SUPPORTED_METHODS = ["GET", "PUT", "DELETE", "MKCOL", "PROPFIND", "OPTIONS", "HEAD", "MOVE", "COPY"];
-function toRequestSegments(requestPath) {
-  return requestPath.replace(/\\/g, "/").split("/").filter(Boolean);
-}
-function isWithinRoot(fullPath, rootPath) {
-  const resolvedRoot = path.resolve(rootPath);
-  const relative2 = path.relative(resolvedRoot, fullPath);
-  return !(relative2.startsWith("..") || path.isAbsolute(relative2));
-}
-function isPathSafe(requestPath, rootPath) {
-  const pathParts = toRequestSegments(requestPath);
-  if (pathParts.includes("..")) {
-    return false;
-  }
-  const normalizedRelativePath = path.normalize(pathParts.join(path.sep));
-  const fullPath = path.resolve(rootPath, normalizedRelativePath);
-  if (!isWithinRoot(fullPath, rootPath)) {
-    return false;
-  }
-  for (const part of pathParts) {
-    if (BLOCKED_PATHS.includes(part)) {
-      return false;
-    }
-  }
-  return true;
-}
-function resolveWebDAVPath(requestPath, rootPath) {
-  const pathParts = toRequestSegments(requestPath);
-  if (pathParts.includes("..")) {
-    return null;
-  }
-  const normalizedRelativePath = path.normalize(pathParts.join(path.sep));
-  const fullPath = path.resolve(rootPath, normalizedRelativePath);
-  if (!isWithinRoot(fullPath, rootPath)) {
-    return null;
-  }
-  return fullPath;
-}
-function checkAuth(req, auth) {
-  if (!auth) {
-    return true;
-  }
-  const authHeader = req.headers.authorization;
-  if (!authHeader || !authHeader.startsWith("Basic ")) {
-    return false;
-  }
-  const base64Credentials = authHeader.slice(6);
-  const credentials = Buffer.from(base64Credentials, "base64").toString("utf-8");
-  const [username, password] = credentials.split(":");
-  return username === auth.username && password === auth.password;
-}
-function escapeXml(str) {
-  return str.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;").replace(/'/g, "&apos;");
-}
-function formatWebDAVDate(date) {
-  return date.toUTCString();
-}
-function generatePropfindEntry(href, stats, isCollection) {
-  const resourceType = isCollection ? "<D:resourcetype><D:collection/></D:resourcetype>" : "<D:resourcetype/>";
-  const contentLength = stats && !isCollection ? `<D:getcontentlength>${stats.size}</D:getcontentlength>` : "";
-  const lastModified = stats ? `<D:getlastmodified>${formatWebDAVDate(stats.mtime)}</D:getlastmodified>` : "";
-  const etag = stats ? `<D:getetag>"${stats.mtime.getTime().toString(16)}-${stats.size.toString(16)}"</D:getetag>` : "";
-  const contentType = !isCollection ? "<D:getcontenttype>application/octet-stream</D:getcontenttype>" : "";
-  return `  <D:response>
-    <D:href>${escapeXml(href)}</D:href>
-    <D:propstat>
-      <D:prop>
-        ${resourceType}
-        ${contentLength}
-        ${lastModified}
-        ${etag}
-        ${contentType}
-      </D:prop>
-      <D:status>HTTP/1.1 200 OK</D:status>
-    </D:propstat>
-  </D:response>`;
-}
-function generatePropfindResponse(entries) {
-  const responseEntries = entries.map(
-    (e) => generatePropfindEntry(e.href, e.stats, e.isCollection)
-  ).join("\n");
-  return `<?xml version="1.0" encoding="utf-8"?>
-<D:multistatus xmlns:D="DAV:">
-${responseEntries}
-</D:multistatus>`;
-}
-function handleOptions(res, prefix) {
-  res.writeHead(200, {
-    "Allow": SUPPORTED_METHODS.join(", "),
-    "DAV": "1, 2",
-    "Content-Length": "0",
-    "Access-Control-Allow-Origin": "*",
-    "Access-Control-Allow-Methods": SUPPORTED_METHODS.join(", "),
-    "Access-Control-Allow-Headers": "Content-Type, Depth, Destination, Overwrite, Authorization",
-    "MS-Author-Via": "DAV"
-  });
-  res.end();
-}
-function handleHead(res, filePath) {
-  try {
-    const stats = fs.statSync(filePath);
-    if (stats.isDirectory()) {
-      res.writeHead(200, {
-        "Content-Type": "httpd/unix-directory",
-        "Last-Modified": formatWebDAVDate(stats.mtime),
-        "ETag": `"${stats.mtime.getTime().toString(16)}"`,
-        "Access-Control-Allow-Origin": "*"
-      });
-    } else {
-      res.writeHead(200, {
-        "Content-Type": "application/octet-stream",
-        "Content-Length": stats.size.toString(),
-        "Last-Modified": formatWebDAVDate(stats.mtime),
-        "ETag": `"${stats.mtime.getTime().toString(16)}-${stats.size.toString(16)}"`,
-        "Access-Control-Allow-Origin": "*"
-      });
-    }
-    res.end();
-  } catch (err) {
-    res.writeHead(404, { "Content-Type": "text/plain", "Access-Control-Allow-Origin": "*" });
-    res.end("Not Found");
-  }
-}
-function handleGet(res, filePath) {
-  try {
-    const stats = fs.statSync(filePath);
-    if (stats.isDirectory()) {
-      const entries = fs.readdirSync(filePath);
-      const listing = entries.join("\n");
-      res.writeHead(200, {
-        "Content-Type": "text/plain",
-        "Content-Length": Buffer.byteLength(listing).toString(),
-        "Access-Control-Allow-Origin": "*"
-      });
-      res.end(listing);
-    } else {
-      const content = fs.readFileSync(filePath);
-      res.writeHead(200, {
-        "Content-Type": "application/octet-stream",
-        "Content-Length": content.length.toString(),
-        "Last-Modified": formatWebDAVDate(stats.mtime),
-        "ETag": `"${stats.mtime.getTime().toString(16)}-${stats.size.toString(16)}"`,
-        "Access-Control-Allow-Origin": "*"
-      });
-      res.end(content);
-    }
-  } catch (err) {
-    res.writeHead(404, { "Content-Type": "text/plain", "Access-Control-Allow-Origin": "*" });
-    res.end("Not Found");
-  }
-}
-function handlePut(res, filePath, body) {
-  try {
-    const exists = fs.existsSync(filePath);
-    const dir = path.dirname(filePath);
-    if (!fs.existsSync(dir)) {
-      fs.mkdirSync(dir, { recursive: true });
-    }
-    fs.writeFileSync(filePath, body);
-    const status = exists ? 204 : 201;
-    res.writeHead(status, {
-      "Content-Length": "0",
-      "Access-Control-Allow-Origin": "*"
-    });
-    res.end();
-  } catch (err) {
-    res.writeHead(500, { "Content-Type": "text/plain", "Access-Control-Allow-Origin": "*" });
-    res.end(`Error: ${err}`);
-  }
-}
-function handleDelete(res, filePath) {
-  try {
-    if (!fs.existsSync(filePath)) {
-      res.writeHead(404, { "Content-Type": "text/plain", "Access-Control-Allow-Origin": "*" });
-      res.end("Not Found");
-      return;
-    }
-    const stats = fs.statSync(filePath);
-    if (stats.isDirectory()) {
-      fs.rmSync(filePath, { recursive: true });
-    } else {
-      fs.unlinkSync(filePath);
-    }
-    res.writeHead(204, {
-      "Content-Length": "0",
-      "Access-Control-Allow-Origin": "*"
-    });
-    res.end();
-  } catch (err) {
-    res.writeHead(500, { "Content-Type": "text/plain", "Access-Control-Allow-Origin": "*" });
-    res.end(`Error: ${err}`);
-  }
-}
-function handleMkcol(res, filePath) {
-  try {
-    if (fs.existsSync(filePath)) {
-      res.writeHead(405, { "Content-Type": "text/plain", "Access-Control-Allow-Origin": "*" });
-      res.end("Resource already exists");
-      return;
-    }
-    const parent = path.dirname(filePath);
-    if (!fs.existsSync(parent)) {
-      res.writeHead(409, { "Content-Type": "text/plain", "Access-Control-Allow-Origin": "*" });
-      res.end("Parent directory does not exist");
-      return;
-    }
-    fs.mkdirSync(filePath);
-    res.writeHead(201, {
-      "Content-Length": "0",
-      "Access-Control-Allow-Origin": "*"
-    });
-    res.end();
-  } catch (err) {
-    res.writeHead(500, { "Content-Type": "text/plain", "Access-Control-Allow-Origin": "*" });
-    res.end(`Error: ${err}`);
-  }
-}
-function handlePropfind(res, filePath, webdavPath, prefix, depth) {
-  try {
-    if (!fs.existsSync(filePath)) {
-      res.writeHead(404, { "Content-Type": "text/plain", "Access-Control-Allow-Origin": "*" });
-      res.end("Not Found");
-      return;
-    }
-    const stats = fs.statSync(filePath);
-    const entries = [];
-    const normalizedWebdavPath = webdavPath.startsWith("/") ? webdavPath : "/" + webdavPath;
-    const href = prefix + normalizedWebdavPath;
-    entries.push({
-      href: href.endsWith("/") || stats.isDirectory() ? href : href,
-      stats,
-      isCollection: stats.isDirectory()
-    });
-    if (stats.isDirectory() && depth !== "0") {
-      try {
-        const children = fs.readdirSync(filePath);
-        for (const child of children) {
-          if (BLOCKED_PATHS.includes(child)) {
-            continue;
-          }
-          const childPath = path.join(filePath, child);
-          const childWebdavPath = normalizedWebdavPath.endsWith("/") ? normalizedWebdavPath + child : normalizedWebdavPath + "/" + child;
-          try {
-            const childStats = fs.statSync(childPath);
-            entries.push({
-              href: prefix + childWebdavPath,
-              stats: childStats,
-              isCollection: childStats.isDirectory()
-            });
-          } catch {
-          }
-        }
-      } catch {
-      }
-    }
-    const xml = generatePropfindResponse(entries);
-    res.writeHead(207, {
-      "Content-Type": "application/xml; charset=utf-8",
-      "Content-Length": Buffer.byteLength(xml).toString(),
-      "Access-Control-Allow-Origin": "*"
-    });
-    res.end(xml);
-  } catch (err) {
-    res.writeHead(500, { "Content-Type": "text/plain", "Access-Control-Allow-Origin": "*" });
-    res.end(`Error: ${err}`);
-  }
-}
-function handleMove(res, sourcePath, destinationPath, overwrite) {
-  try {
-    if (!fs.existsSync(sourcePath)) {
-      res.writeHead(404, { "Content-Type": "text/plain", "Access-Control-Allow-Origin": "*" });
-      res.end("Source not found");
-      return;
-    }
-    if (!destinationPath) {
-      res.writeHead(400, { "Content-Type": "text/plain", "Access-Control-Allow-Origin": "*" });
-      res.end("Destination header required");
-      return;
-    }
-    const destExists = fs.existsSync(destinationPath);
-    if (destExists && !overwrite) {
-      res.writeHead(412, { "Content-Type": "text/plain", "Access-Control-Allow-Origin": "*" });
-      res.end("Destination exists and Overwrite is F");
-      return;
-    }
-    const destDir = path.dirname(destinationPath);
-    if (!fs.existsSync(destDir)) {
-      fs.mkdirSync(destDir, { recursive: true });
-    }
-    if (destExists) {
-      const destStats = fs.statSync(destinationPath);
-      if (destStats.isDirectory()) {
-        fs.rmSync(destinationPath, { recursive: true });
-      } else {
-        fs.unlinkSync(destinationPath);
-      }
-    }
-    fs.renameSync(sourcePath, destinationPath);
-    const status = destExists ? 204 : 201;
-    res.writeHead(status, {
-      "Content-Length": "0",
-      "Access-Control-Allow-Origin": "*"
-    });
-    res.end();
-  } catch (err) {
-    res.writeHead(500, { "Content-Type": "text/plain", "Access-Control-Allow-Origin": "*" });
-    res.end(`Error: ${err}`);
-  }
-}
-function handleCopy(res, sourcePath, destinationPath, overwrite) {
-  try {
-    if (!fs.existsSync(sourcePath)) {
-      res.writeHead(404, { "Content-Type": "text/plain", "Access-Control-Allow-Origin": "*" });
-      res.end("Source not found");
-      return;
-    }
-    if (!destinationPath) {
-      res.writeHead(400, { "Content-Type": "text/plain", "Access-Control-Allow-Origin": "*" });
-      res.end("Destination header required");
-      return;
-    }
-    const destExists = fs.existsSync(destinationPath);
-    if (destExists && !overwrite) {
-      res.writeHead(412, { "Content-Type": "text/plain", "Access-Control-Allow-Origin": "*" });
-      res.end("Destination exists and Overwrite is F");
-      return;
-    }
-    const destDir = path.dirname(destinationPath);
-    if (!fs.existsSync(destDir)) {
-      fs.mkdirSync(destDir, { recursive: true });
-    }
-    const sourceStats = fs.statSync(sourcePath);
-    if (sourceStats.isDirectory()) {
-      copyDirRecursive(sourcePath, destinationPath);
-    } else {
-      fs.copyFileSync(sourcePath, destinationPath);
-    }
-    const status = destExists ? 204 : 201;
-    res.writeHead(status, {
-      "Content-Length": "0",
-      "Access-Control-Allow-Origin": "*"
-    });
-    res.end();
-  } catch (err) {
-    res.writeHead(500, { "Content-Type": "text/plain", "Access-Control-Allow-Origin": "*" });
-    res.end(`Error: ${err}`);
-  }
-}
-function copyDirRecursive(src, dest) {
-  if (!fs.existsSync(dest)) {
-    fs.mkdirSync(dest, { recursive: true });
-  }
-  const entries = fs.readdirSync(src, { withFileTypes: true });
-  for (const entry of entries) {
-    const srcPath = path.join(src, entry.name);
-    const destPath = path.join(dest, entry.name);
-    if (entry.isDirectory()) {
-      copyDirRecursive(srcPath, destPath);
-    } else {
-      fs.copyFileSync(srcPath, destPath);
-    }
-  }
-}
-function parseDestinationHeader(destinationHeader, prefix, rootPath) {
-  if (!destinationHeader) {
-    return null;
-  }
-  try {
-    let destPath;
-    if (destinationHeader.startsWith("http://") || destinationHeader.startsWith("https://")) {
-      const url = new URL(destinationHeader);
-      destPath = decodeURIComponent(url.pathname);
-    } else {
-      destPath = decodeURIComponent(destinationHeader);
-    }
-    if (destPath.startsWith(prefix)) {
-      destPath = destPath.slice(prefix.length);
-    }
-    return resolveWebDAVPath(destPath, rootPath);
-  } catch {
-    return null;
-  }
-}
-function createWebDAVHandler(config) {
-  const { rootPath, prefix = WEBDAV_PREFIX, auth } = config;
-  return async (req, res) => {
-    const rawUrl = req.url || "/";
-    if (rawUrl.includes("..")) {
-      if (rawUrl.startsWith(prefix)) {
-        res.writeHead(403, { "Content-Type": "text/plain", "Access-Control-Allow-Origin": "*" });
-        res.end("Forbidden");
-        return true;
-      }
-    }
-    const url = new URL(rawUrl, `http://${req.headers.host || "localhost"}`);
-    const pathname = decodeURIComponent(url.pathname);
-    if (!pathname.startsWith(prefix)) {
-      return false;
-    }
-    let webdavPath = pathname.slice(prefix.length);
-    if (!webdavPath.startsWith("/")) {
-      webdavPath = "/" + webdavPath;
-    }
-    if (req.method === "OPTIONS") {
-      handleOptions(res, prefix);
-      return true;
-    }
-    if (!checkAuth(req, auth)) {
-      res.writeHead(401, {
-        "WWW-Authenticate": 'Basic realm="ClawVault WebDAV"',
-        "Content-Type": "text/plain",
-        "Access-Control-Allow-Origin": "*"
-      });
-      res.end("Unauthorized");
-      return true;
-    }
-    if (!isPathSafe(webdavPath, rootPath)) {
-      res.writeHead(403, { "Content-Type": "text/plain", "Access-Control-Allow-Origin": "*" });
-      res.end("Forbidden");
-      return true;
-    }
-    const filePath = resolveWebDAVPath(webdavPath, rootPath);
-    if (!filePath) {
-      res.writeHead(403, { "Content-Type": "text/plain", "Access-Control-Allow-Origin": "*" });
-      res.end("Forbidden");
-      return true;
-    }
-    const depth = req.headers.depth || "infinity";
-    const overwrite = req.headers.overwrite?.toUpperCase() !== "F";
-    const destinationHeader = req.headers.destination;
-    switch (req.method) {
-      case "HEAD":
-        handleHead(res, filePath);
-        return true;
-      case "GET":
-        handleGet(res, filePath);
-        return true;
-      case "PUT": {
-        const chunks = [];
-        for await (const chunk of req) {
-          chunks.push(Buffer.isBuffer(chunk) ? chunk : Buffer.from(chunk));
-        }
-        const body = Buffer.concat(chunks);
-        handlePut(res, filePath, body);
-        return true;
-      }
-      case "DELETE":
-        handleDelete(res, filePath);
-        return true;
-      case "MKCOL":
-        handleMkcol(res, filePath);
-        return true;
-      case "PROPFIND":
-        handlePropfind(res, filePath, webdavPath, prefix, depth);
-        return true;
-      case "MOVE": {
-        const destPath = parseDestinationHeader(destinationHeader, prefix, rootPath);
-        if (destPath && destinationHeader) {
-          const destWebdavPath = destinationHeader.includes(prefix) ? destinationHeader.slice(destinationHeader.indexOf(prefix) + prefix.length) : destinationHeader;
-          if (!isPathSafe(destWebdavPath, rootPath)) {
-            res.writeHead(403, { "Content-Type": "text/plain", "Access-Control-Allow-Origin": "*" });
-            res.end("Forbidden");
-            return true;
-          }
-        }
-        handleMove(res, filePath, destPath, overwrite);
-        return true;
-      }
-      case "COPY": {
-        const destPath = parseDestinationHeader(destinationHeader, prefix, rootPath);
-        if (destPath && destinationHeader) {
-          const destWebdavPath = destinationHeader.includes(prefix) ? destinationHeader.slice(destinationHeader.indexOf(prefix) + prefix.length) : destinationHeader;
-          if (!isPathSafe(destWebdavPath, rootPath)) {
-            res.writeHead(403, { "Content-Type": "text/plain", "Access-Control-Allow-Origin": "*" });
-            res.end("Forbidden");
-            return true;
-          }
-        }
-        handleCopy(res, filePath, destPath, overwrite);
-        return true;
-      }
-      default:
-        res.writeHead(405, {
-          "Allow": SUPPORTED_METHODS.join(", "),
-          "Content-Type": "text/plain",
-          "Access-Control-Allow-Origin": "*"
-        });
-        res.end("Method Not Allowed");
-        return true;
-    }
-  };
-}
-
-// src/lib/tailscale.ts
-var crypto = __toESM(require("crypto"), 1);
-var DEFAULT_SERVE_PORT = 8384;
-var CLAWVAULT_SERVE_PATH = "/.clawvault";
-var MANIFEST_ENDPOINT = "/.clawvault/manifest";
-var SYNC_ENDPOINT = "/.clawvault/sync";
-var FILE_ENDPOINT = "/.clawvault/files";
-function hasTailscale() {
-  const probe = (0, import_child_process.spawnSync)("tailscale", ["version"], {
-    stdio: "pipe",
-    encoding: "utf-8",
-    timeout: 5e3
-  });
-  return !probe.error && probe.status === 0;
-}
-function getTailscaleVersion() {
-  const result = (0, import_child_process.spawnSync)("tailscale", ["version"], {
-    stdio: "pipe",
-    encoding: "utf-8",
-    timeout: 5e3
-  });
-  if (result.error || result.status !== 0) {
-    return null;
-  }
-  const lines = result.stdout.trim().split("\n");
-  return lines[0] || null;
-}
-function getTailscaleStatus() {
-  const status = {
-    installed: false,
-    running: false,
-    connected: false,
-    peers: []
-  };
-  if (!hasTailscale()) {
-    status.error = "Tailscale CLI not found. Install from https://tailscale.com/download";
-    return status;
-  }
-  status.installed = true;
-  const result = (0, import_child_process.spawnSync)("tailscale", ["status", "--json"], {
-    stdio: "pipe",
-    encoding: "utf-8",
-    timeout: 1e4
-  });
-  if (result.error) {
-    status.error = `Failed to get Tailscale status: ${result.error.message}`;
-    return status;
-  }
-  if (result.status !== 0) {
-    status.error = result.stderr?.trim() || "Tailscale daemon not running";
-    return status;
-  }
-  try {
-    const data = JSON.parse(result.stdout);
-    status.running = true;
-    status.backendState = data.BackendState;
-    status.connected = data.BackendState === "Running";
-    status.tailnetName = data.CurrentTailnet?.Name;
-    if (data.Self) {
-      status.selfIP = data.Self.TailscaleIPs?.[0];
-      status.selfHostname = data.Self.HostName;
-      status.selfDNSName = data.Self.DNSName;
-    }
-    if (data.Peer) {
-      for (const [_, peerData] of Object.entries(data.Peer)) {
-        const peer = {
-          hostname: peerData.HostName || "",
-          dnsName: peerData.DNSName || "",
-          tailscaleIPs: peerData.TailscaleIPs || [],
-          online: peerData.Online || false,
-          os: peerData.OS,
-          exitNode: peerData.ExitNode,
-          tags: peerData.Tags,
-          lastSeen: peerData.LastSeen
-        };
-        status.peers.push(peer);
-      }
-    }
-  } catch (err) {
-    status.error = `Failed to parse Tailscale status: ${err}`;
-  }
-  return status;
-}
-function findPeer(hostname) {
-  const status = getTailscaleStatus();
-  if (!status.connected) {
-    return null;
-  }
-  const normalizedSearch = hostname.toLowerCase();
-  let peer = status.peers.find(
-    (p) => p.hostname.toLowerCase() === normalizedSearch
-  );
-  if (peer) return peer;
-  peer = status.peers.find(
-    (p) => p.dnsName.toLowerCase().startsWith(normalizedSearch)
-  );
-  if (peer) return peer;
-  peer = status.peers.find(
-    (p) => p.hostname.toLowerCase().includes(normalizedSearch)
-  );
-  return peer || null;
-}
-function getOnlinePeers() {
-  const status = getTailscaleStatus();
-  return status.peers.filter((p) => p.online);
-}
-function resolvePeerIP(hostname) {
-  const peer = findPeer(hostname);
-  return peer?.tailscaleIPs[0] || null;
-}
-function calculateChecksum(filePath) {
-  const content = fs2.readFileSync(filePath);
-  return crypto.createHash("sha256").update(content).digest("hex");
-}
-function generateVaultManifest(vaultPath) {
-  const configPath = path2.join(vaultPath, ".clawvault.json");
-  if (!fs2.existsSync(configPath)) {
-    throw new Error(`Not a ClawVault: ${vaultPath}`);
-  }
-  const config = JSON.parse(fs2.readFileSync(configPath, "utf-8"));
-  const files = [];
-  function walkDir(dir, relativePath = "") {
-    const entries = fs2.readdirSync(dir, { withFileTypes: true });
-    for (const entry of entries) {
-      const fullPath = path2.join(dir, entry.name);
-      const relPath = path2.join(relativePath, entry.name);
-      if (entry.name.startsWith(".") && entry.name !== ".clawvault.json") {
-        continue;
-      }
-      if (entry.name === "node_modules") {
-        continue;
-      }
-      if (entry.isDirectory()) {
-        walkDir(fullPath, relPath);
-      } else if (entry.isFile() && (entry.name.endsWith(".md") || entry.name === ".clawvault.json")) {
-        const stats = fs2.statSync(fullPath);
-        const category = relativePath.split(path2.sep)[0] || "root";
-        files.push({
-          path: relPath,
-          size: stats.size,
-          modified: stats.mtime.toISOString(),
-          checksum: calculateChecksum(fullPath),
-          category
-        });
-      }
-    }
-  }
-  walkDir(vaultPath);
-  return {
-    name: config.name,
-    version: config.version || "1.0.0",
-    lastUpdated: (/* @__PURE__ */ new Date()).toISOString(),
-    files
-  };
-}
-function compareManifests(local, remote) {
-  const localFiles = new Map(local.files.map((f) => [f.path, f]));
-  const remoteFiles = new Map(remote.files.map((f) => [f.path, f]));
-  const toPush = [];
-  const toPull = [];
-  const conflicts = [];
-  const unchanged = [];
-  for (const [filePath, localFile] of localFiles) {
-    const remoteFile = remoteFiles.get(filePath);
-    if (!remoteFile) {
-      toPush.push(localFile);
-    } else if (localFile.checksum === remoteFile.checksum) {
-      unchanged.push(filePath);
-    } else {
-      const localTime = new Date(localFile.modified).getTime();
-      const remoteTime = new Date(remoteFile.modified).getTime();
-      if (localTime > remoteTime) {
-        toPush.push(localFile);
-      } else if (remoteTime > localTime) {
-        toPull.push(remoteFile);
-      } else {
-        conflicts.push({ path: filePath, local: localFile, remote: remoteFile });
-      }
-    }
-  }
-  for (const [filePath, remoteFile] of remoteFiles) {
-    if (!localFiles.has(filePath)) {
-      toPull.push(remoteFile);
-    }
-  }
-  return { toPush, toPull, conflicts, unchanged };
-}
-function serveVault(vaultPath, options = {}) {
-  const port = options.port || DEFAULT_SERVE_PORT;
-  const pathPrefix = options.pathPrefix || CLAWVAULT_SERVE_PATH;
-  if (!fs2.existsSync(path2.join(vaultPath, ".clawvault.json"))) {
-    throw new Error(`Not a ClawVault: ${vaultPath}`);
-  }
-  const webdavHandler = createWebDAVHandler({
-    rootPath: vaultPath,
-    prefix: WEBDAV_PREFIX,
-    auth: options.webdavAuth
-  });
-  const server = http.createServer(async (req, res) => {
-    const url = new URL(req.url || "/", `http://localhost:${port}`);
-    const pathname = url.pathname;
-    if (pathname.startsWith(WEBDAV_PREFIX)) {
-      try {
-        const handled = await webdavHandler(req, res);
-        if (handled) return;
-      } catch (err) {
-        res.writeHead(500, { "Content-Type": "text/plain", "Access-Control-Allow-Origin": "*" });
-        res.end(`WebDAV Error: ${err}`);
-        return;
-      }
-    }
-    res.setHeader("Access-Control-Allow-Origin", "*");
-    res.setHeader("Access-Control-Allow-Methods", "GET, POST, OPTIONS");
-    res.setHeader("Access-Control-Allow-Headers", "Content-Type");
-    if (req.method === "OPTIONS") {
-      res.writeHead(200);
-      res.end();
-      return;
-    }
-    if (pathname === `${pathPrefix}/health`) {
-      res.writeHead(200, { "Content-Type": "application/json" });
-      res.end(JSON.stringify({ status: "ok", vault: path2.basename(vaultPath) }));
-      return;
-    }
-    if (pathname === `${pathPrefix}/manifest`) {
-      try {
-        const manifest = generateVaultManifest(vaultPath);
-        res.writeHead(200, { "Content-Type": "application/json" });
-        res.end(JSON.stringify(manifest));
-      } catch (err) {
-        res.writeHead(500, { "Content-Type": "application/json" });
-        res.end(JSON.stringify({ error: String(err) }));
-      }
-      return;
-    }
-    if (pathname.startsWith(`${pathPrefix}/files/`)) {
-      const relativePath = decodeURIComponent(pathname.slice(`${pathPrefix}/files/`.length));
-      const filePath = path2.join(vaultPath, relativePath);
-      const resolvedPath = path2.resolve(filePath);
-      const resolvedVault = path2.resolve(vaultPath);
-      if (!resolvedPath.startsWith(resolvedVault)) {
-        res.writeHead(403, { "Content-Type": "application/json" });
-        res.end(JSON.stringify({ error: "Access denied" }));
-        return;
-      }
-      if (!fs2.existsSync(filePath)) {
-        res.writeHead(404, { "Content-Type": "application/json" });
-        res.end(JSON.stringify({ error: "File not found" }));
-        return;
-      }
-      try {
-        const content = fs2.readFileSync(filePath, "utf-8");
-        const stats = fs2.statSync(filePath);
-        res.writeHead(200, {
-          "Content-Type": "text/markdown",
-          "Content-Length": Buffer.byteLength(content),
-          "Last-Modified": stats.mtime.toUTCString()
-        });
-        res.end(content);
-      } catch (err) {
-        res.writeHead(500, { "Content-Type": "application/json" });
-        res.end(JSON.stringify({ error: String(err) }));
-      }
-      return;
-    }
-    if (pathname.startsWith(`${pathPrefix}/upload/`) && req.method === "POST") {
-      const relativePath = decodeURIComponent(pathname.slice(`${pathPrefix}/upload/`.length));
-      const filePath = path2.join(vaultPath, relativePath);
-      const resolvedPath = path2.resolve(filePath);
-      const resolvedVault = path2.resolve(vaultPath);
-      if (!resolvedPath.startsWith(resolvedVault)) {
-        res.writeHead(403, { "Content-Type": "application/json" });
-        res.end(JSON.stringify({ error: "Access denied" }));
-        return;
-      }
-      let body = "";
-      req.on("data", (chunk) => {
-        body += chunk;
-      });
-      req.on("end", () => {
-        try {
-          const dir = path2.dirname(filePath);
-          if (!fs2.existsSync(dir)) {
-            fs2.mkdirSync(dir, { recursive: true });
-          }
-          fs2.writeFileSync(filePath, body, "utf-8");
-          res.writeHead(200, { "Content-Type": "application/json" });
-          res.end(JSON.stringify({ success: true, path: relativePath }));
-        } catch (err) {
-          res.writeHead(500, { "Content-Type": "application/json" });
-          res.end(JSON.stringify({ error: String(err) }));
-        }
-      });
-      return;
-    }
-    if (pathname === pathPrefix || pathname === `${pathPrefix}/`) {
-      res.writeHead(200, { "Content-Type": "application/json" });
-      res.end(JSON.stringify({
-        service: "clawvault-sync",
-        version: "1.0.0",
-        vault: path2.basename(vaultPath),
-        endpoints: {
-          health: `${pathPrefix}/health`,
-          manifest: `${pathPrefix}/manifest`,
-          files: `${pathPrefix}/files/<path>`,
-          upload: `${pathPrefix}/upload/<path>`,
-          webdav: `${WEBDAV_PREFIX}/`
-        }
-      }));
-      return;
-    }
-    res.writeHead(404, { "Content-Type": "application/json" });
-    res.end(JSON.stringify({ error: "Not found" }));
-  });
-  server.listen(port, "0.0.0.0");
-  return {
-    server,
-    port,
-    stop: () => new Promise((resolve3, reject) => {
-      server.close((err) => {
-        if (err) reject(err);
-        else resolve3();
-      });
-    })
-  };
-}
-async function fetchRemoteManifest(host, port = DEFAULT_SERVE_PORT, useHttps = false) {
-  return new Promise((resolve3, reject) => {
-    const protocol = useHttps ? https : http;
-    const url = `${useHttps ? "https" : "http"}://${host}:${port}${CLAWVAULT_SERVE_PATH}/manifest`;
-    const req = protocol.get(url, { timeout: 1e4 }, (res) => {
-      let data = "";
-      res.on("data", (chunk) => {
-        data += chunk;
-      });
-      res.on("end", () => {
-        if (res.statusCode !== 200) {
-          reject(new Error(`Failed to fetch manifest: HTTP ${res.statusCode}`));
-          return;
-        }
-        try {
-          resolve3(JSON.parse(data));
-        } catch (err) {
-          reject(new Error(`Invalid manifest response: ${err}`));
-        }
-      });
-    });
-    req.on("error", reject);
-    req.on("timeout", () => {
-      req.destroy();
-      reject(new Error("Request timed out"));
-    });
-  });
-}
-async function fetchRemoteFile(host, filePath, port = DEFAULT_SERVE_PORT, useHttps = false) {
-  return new Promise((resolve3, reject) => {
-    const protocol = useHttps ? https : http;
-    const encodedPath = encodeURIComponent(filePath).replace(/%2F/g, "/");
-    const url = `${useHttps ? "https" : "http"}://${host}:${port}${CLAWVAULT_SERVE_PATH}/files/${encodedPath}`;
-    const req = protocol.get(url, { timeout: 3e4 }, (res) => {
-      let data = "";
-      res.on("data", (chunk) => {
-        data += chunk;
-      });
-      res.on("end", () => {
-        if (res.statusCode !== 200) {
-          reject(new Error(`Failed to fetch file: HTTP ${res.statusCode}`));
-          return;
-        }
-        resolve3(data);
-      });
-    });
-    req.on("error", reject);
-    req.on("timeout", () => {
-      req.destroy();
-      reject(new Error("Request timed out"));
-    });
-  });
-}
-async function pushFileToRemote(host, filePath, content, port = DEFAULT_SERVE_PORT, useHttps = false) {
-  return new Promise((resolve3, reject) => {
-    const protocol = useHttps ? https : http;
-    const encodedPath = encodeURIComponent(filePath).replace(/%2F/g, "/");
-    const url = new URL(`${useHttps ? "https" : "http"}://${host}:${port}${CLAWVAULT_SERVE_PATH}/upload/${encodedPath}`);
-    const options = {
-      hostname: url.hostname,
-      port: url.port,
-      path: url.pathname,
-      method: "POST",
-      headers: {
-        "Content-Type": "text/markdown",
-        "Content-Length": Buffer.byteLength(content)
-      },
-      timeout: 3e4
-    };
-    const req = protocol.request(options, (res) => {
-      let data = "";
-      res.on("data", (chunk) => {
-        data += chunk;
-      });
-      res.on("end", () => {
-        if (res.statusCode !== 200) {
-          reject(new Error(`Failed to push file: HTTP ${res.statusCode}`));
-          return;
-        }
-        resolve3();
-      });
-    });
-    req.on("error", reject);
-    req.on("timeout", () => {
-      req.destroy();
-      reject(new Error("Request timed out"));
-    });
-    req.write(content);
-    req.end();
-  });
-}
-async function syncWithPeer(vaultPath, options) {
-  const startTime = Date.now();
-  const result = {
-    pushed: [],
-    pulled: [],
-    deleted: [],
-    unchanged: [],
-    errors: [],
-    stats: {
-      bytesTransferred: 0,
-      filesProcessed: 0,
-      duration: 0
-    }
-  };
-  const {
-    peer,
-    port = DEFAULT_SERVE_PORT,
-    direction = "bidirectional",
-    dryRun = false,
-    deleteOrphans = false,
-    categories,
-    https: useHttps = false
-  } = options;
-  let host = peer;
-  if (!peer.match(/^\d+\.\d+\.\d+\.\d+$/)) {
-    const resolvedIP = resolvePeerIP(peer);
-    if (!resolvedIP) {
-      result.errors.push(`Could not resolve peer: ${peer}`);
-      result.stats.duration = Date.now() - startTime;
-      return result;
-    }
-    host = resolvedIP;
-  }
-  try {
-    const localManifest = generateVaultManifest(vaultPath);
-    const remoteManifest = await fetchRemoteManifest(host, port, useHttps);
-    let { toPush, toPull, conflicts, unchanged } = compareManifests(localManifest, remoteManifest);
-    if (categories && categories.length > 0) {
-      const categorySet = new Set(categories);
-      toPush = toPush.filter((f) => categorySet.has(f.category));
-      toPull = toPull.filter((f) => categorySet.has(f.category));
-    }
-    result.unchanged = unchanged;
-    for (const conflict of conflicts) {
-      result.errors.push(`Conflict: ${conflict.path} (local and remote have same timestamp but different content)`);
-    }
-    if (direction === "push" || direction === "bidirectional") {
-      for (const file of toPush) {
-        try {
-          if (!dryRun) {
-            const content = fs2.readFileSync(path2.join(vaultPath, file.path), "utf-8");
-            await pushFileToRemote(host, file.path, content, port, useHttps);
-            result.stats.bytesTransferred += file.size;
-          }
-          result.pushed.push(file.path);
-          result.stats.filesProcessed++;
-        } catch (err) {
-          result.errors.push(`Failed to push ${file.path}: ${err}`);
-        }
-      }
-    }
-    if (direction === "pull" || direction === "bidirectional") {
-      for (const file of toPull) {
-        try {
-          if (!dryRun) {
-            const content = await fetchRemoteFile(host, file.path, port, useHttps);
-            const filePath = path2.join(vaultPath, file.path);
-            const dir = path2.dirname(filePath);
-            if (!fs2.existsSync(dir)) {
-              fs2.mkdirSync(dir, { recursive: true });
-            }
-            fs2.writeFileSync(filePath, content, "utf-8");
-            result.stats.bytesTransferred += file.size;
-          }
-          result.pulled.push(file.path);
-          result.stats.filesProcessed++;
-        } catch (err) {
-          result.errors.push(`Failed to pull ${file.path}: ${err}`);
-        }
-      }
-    }
-    if (deleteOrphans && direction === "pull") {
-      const remoteFiles = new Set(remoteManifest.files.map((f) => f.path));
-      for (const file of localManifest.files) {
-        if (!remoteFiles.has(file.path)) {
-          if (!categories || categories.includes(file.category)) {
-            try {
-              if (!dryRun) {
-                fs2.unlinkSync(path2.join(vaultPath, file.path));
-              }
-              result.deleted.push(file.path);
-            } catch (err) {
-              result.errors.push(`Failed to delete ${file.path}: ${err}`);
-            }
-          }
-        }
-      }
-    }
-  } catch (err) {
-    result.errors.push(`Sync failed: ${err}`);
-  }
-  result.stats.duration = Date.now() - startTime;
-  return result;
-}
-function configureTailscaleServe(localPort, options = {}) {
-  if (!hasTailscale()) {
-    return null;
-  }
-  const args = ["serve"];
-  if (options.funnel) {
-    args.push("--bg");
-    args.push("funnel");
-  } else if (options.background) {
-    args.push("--bg");
-  }
-  args.push(`localhost:${localPort}`);
-  const proc = (0, import_child_process.spawn)("tailscale", args, {
-    stdio: "inherit",
-    detached: options.background
-  });
-  if (options.background) {
-    proc.unref();
-  }
-  return proc;
-}
-function stopTailscaleServe() {
-  if (!hasTailscale()) {
-    return false;
-  }
-  const result = (0, import_child_process.spawnSync)("tailscale", ["serve", "off"], {
-    stdio: "pipe",
-    encoding: "utf-8",
-    timeout: 5e3
-  });
-  return result.status === 0;
-}
-async function checkPeerClawVault(host, port = DEFAULT_SERVE_PORT) {
-  try {
-    const response = await new Promise((resolve3) => {
-      const req = http.get(
-        `http://${host}:${port}${CLAWVAULT_SERVE_PATH}/health`,
-        { timeout: 5e3 },
-        (res) => {
-          resolve3(res.statusCode === 200);
-        }
-      );
-      req.on("error", () => resolve3(false));
-      req.on("timeout", () => {
-        req.destroy();
-        resolve3(false);
-      });
-    });
-    return response;
-  } catch {
-    return false;
-  }
-}
-async function discoverClawVaultPeers(port = DEFAULT_SERVE_PORT) {
-  const status = getTailscaleStatus();
-  if (!status.connected) {
-    return [];
-  }
-  const clawvaultPeers = [];
-  const checkPromises = status.peers.filter((p) => p.online).map(async (peer) => {
-    const ip = peer.tailscaleIPs[0];
-    if (!ip) return;
-    const isServing = await checkPeerClawVault(ip, port);
-    if (isServing) {
-      peer.clawvaultServing = true;
-      peer.clawvaultPort = port;
-      clawvaultPeers.push(peer);
-    }
-  });
-  await Promise.all(checkPromises);
-  return clawvaultPeers;
-}
-// Annotate the CommonJS export names for ESM import in node:
-0 && (module.exports = {
-  CLAWVAULT_SERVE_PATH,
-  DEFAULT_SERVE_PORT,
-  FILE_ENDPOINT,
-  MANIFEST_ENDPOINT,
-  SYNC_ENDPOINT,
-  checkPeerClawVault,
-  compareManifests,
-  configureTailscaleServe,
-  discoverClawVaultPeers,
-  fetchRemoteFile,
-  fetchRemoteManifest,
-  findPeer,
-  generateVaultManifest,
-  getOnlinePeers,
-  getTailscaleStatus,
-  getTailscaleVersion,
-  hasTailscale,
-  pushFileToRemote,
-  resolvePeerIP,
-  serveVault,
-  stopTailscaleServe,
-  syncWithPeer
-});