habi-agent 0.1.0

package/dist/server.js

@@ -0,0 +1,276 @@
+"use strict";
+/**
+ * HABI Local Identity Server
+ * Runs on localhost:7432 exclusively — never binds to 0.0.0.0
+ *
+ * Pure Node.js http — zero external dependencies.
+ * Security: localhost-only binding is the enforced hardware boundary.
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.HabiLocalServer = void 0;
+const http = __importStar(require("http"));
+const hardware_1 = require("./hardware");
+const context_1 = require("./context");
+const PORT = 7432;
+const BIND_HOST = '127.0.0.1'; // NEVER 0.0.0.0
+function json(res, status, body) {
+    const payload = JSON.stringify(body);
+    res.writeHead(status, { 'Content-Type': 'application/json' });
+    res.end(payload);
+}
+function readBody(req) {
+    return new Promise((resolve, reject) => {
+        let raw = '';
+        req.on('data', (chunk) => raw += chunk.toString());
+        req.on('end', () => {
+            try {
+                resolve(raw ? JSON.parse(raw) : {});
+            }
+            catch {
+                reject(new Error('Invalid JSON body'));
+            }
+        });
+        req.on('error', reject);
+    });
+}
+class HabiLocalServer {
+    hardware = null;
+    context = null;
+    session = null;
+    server = null;
+    // ── Security: reject anything not from localhost ────────────────────────
+    isLocalhost(req) {
+        const ip = req.socket.remoteAddress;
+        return ip === '127.0.0.1' || ip === '::1' || ip === '::ffff:127.0.0.1';
+    }
+    // ── Route handlers ──────────────────────────────────────────────────────
+    handleHealth(res) {
+        json(res, 200, { ok: true, agent: 'habi-agent', version: '0.1.0', port: PORT });
+    }
+    handleIdentity(res) {
+        try {
+            const hw = this.getHardware();
+            const sess = this.getOrCreateSession();
+            json(res, 200, {
+                ok: true,
+                hardware: {
+                    fingerprint: hw.fingerprint,
+                    type: hw.type,
+                    iface: hw.iface,
+                    platform: hw.platform,
+                    hostname: hw.hostname,
+                },
+                session: {
+                    fingerprint: sess.fingerprint,
+                    boundAt: sess.boundAt,
+                    expiresAt: sess.expiresAt,
+                    active: Date.now() < sess.expiresAt,
+                },
+                agent: { version: '0.1.0', port: PORT },
+            });
+        }
+        catch (err) {
+            json(res, 500, { ok: false, error: String(err) });
+        }
+    }
+    handleVerify(res) {
+        try {
+            const hw = this.getHardware();
+            const sess = this.getOrCreateSession();
+            const now = Date.now();
+            if (now >= sess.expiresAt) {
+                this.session = null;
+                json(res, 200, { ok: false, verified: false, reason: 'Session expired — rebind required' });
+                return;
+            }
+            json(res, 200, {
+                ok: true,
+                verified: true,
+                fingerprint: sess.fingerprint,
+                hardwareId: hw.fingerprint,
+                hardwareType: hw.type,
+                expiresAt: sess.expiresAt,
+                expiresIn: Math.floor((sess.expiresAt - now) / 1000),
+            });
+        }
+        catch (err) {
+            json(res, 500, { ok: false, verified: false, error: String(err) });
+        }
+    }
+    async handleAssertContext(req, res) {
+        try {
+            const body = await readBody(req);
+            const operation = body.operation;
+            if (!operation) {
+                json(res, 400, { ok: false, error: 'operation field required' });
+                return;
+            }
+            const ctx = this.getContext();
+            if (!ctx) {
+                json(res, 200, { ok: true, allowed: true, warning: 'No Project Context File — permissive mode. Run: habi-agent init' });
+                return;
+            }
+            const hw = this.getHardware();
+            const machineCheck = (0, context_1.assertMachineAuthorized)(hw.fingerprint, ctx.context);
+            if (!machineCheck.allowed) {
+                json(res, 200, { ok: true, allowed: false, reason: machineCheck.reason, hardwareId: hw.fingerprint });
+                return;
+            }
+            const opCheck = (0, context_1.assertOperation)(operation, ctx.context);
+            json(res, 200, {
+                ok: true,
+                allowed: opCheck.allowed,
+                reason: opCheck.reason,
+                hardwareId: hw.fingerprint,
+                contextHash: ctx.contextHash,
+                project: ctx.context.project,
+            });
+        }
+        catch (err) {
+            json(res, 500, { ok: false, error: String(err) });
+        }
+    }
+    async handleAudit(req, res) {
+        try {
+            const body = await readBody(req);
+            const hw = this.getHardware();
+            const entry = {
+                ts: Date.now(),
+                hardwareId: hw.fingerprint,
+                sessionFingerprint: this.session?.fingerprint ?? 'UNBOUND',
+                ...body,
+            };
+            const entryHash = (0, hardware_1.sha256)(JSON.stringify(entry));
+            console.log(`[HABI AUDIT] ${new Date().toISOString()} ${body.eventType ?? 'EVENT'} ${entryHash.slice(0, 12)}`);
+            json(res, 200, { ok: true, entryHash });
+        }
+        catch (err) {
+            json(res, 500, { ok: false, error: String(err) });
+        }
+    }
+    // ── Internal helpers ────────────────────────────────────────────────────
+    getHardware() {
+        if (!this.hardware) {
+            this.hardware = (0, hardware_1.readHardwareIdentity)();
+            console.log(`[HABI] Hardware: ${this.hardware.fingerprint} (${this.hardware.type}) on ${this.hardware.iface}`);
+        }
+        return this.hardware;
+    }
+    getContext() {
+        if (!this.context) {
+            const p = (0, context_1.findContextFile)();
+            if (p) {
+                this.context = (0, context_1.loadContext)(p);
+                console.log(`[HABI] Context: ${this.context.context.project} (${this.context.contextHash.slice(0, 12)}...)`);
+            }
+        }
+        return this.context;
+    }
+    getOrCreateSession() {
+        const now = Date.now();
+        if (this.session && now < this.session.expiresAt)
+            return this.session;
+        const hw = this.getHardware();
+        const ctx = this.getContext();
+        const contextHash = ctx?.contextHash ?? (0, hardware_1.sha256)('no-context');
+        const fingerprint = (0, hardware_1.generateSessionFingerprint)(hw.fingerprint, contextHash, now);
+        this.session = {
+            fingerprint,
+            hardwareId: hw.fingerprint,
+            contextHash,
+            boundAt: now,
+            expiresAt: now + 15 * 60 * 1000,
+        };
+        console.log(`[HABI] Session: ${fingerprint.slice(0, 16)}... expires ${new Date(this.session.expiresAt).toISOString()}`);
+        return this.session;
+    }
+    // ── Start / stop ────────────────────────────────────────────────────────
+    start() {
+        return new Promise((resolve, reject) => {
+            try {
+                this.getHardware();
+                this.getContext();
+                this.getOrCreateSession();
+                this.server = http.createServer(async (req, res) => {
+                    // Localhost enforcement
+                    if (!this.isLocalhost(req)) {
+                        json(res, 403, { error: 'HABI agent is localhost-only' });
+                        return;
+                    }
+                    const url = req.url ?? '/';
+                    const method = req.method ?? 'GET';
+                    if (url === '/health' && method === 'GET')
+                        return this.handleHealth(res);
+                    if (url === '/identity' && method === 'GET')
+                        return this.handleIdentity(res);
+                    if (url === '/verify' && method === 'POST')
+                        return this.handleVerify(res);
+                    if (url === '/assert-context' && method === 'POST')
+                        return this.handleAssertContext(req, res);
+                    if (url === '/audit' && method === 'POST')
+                        return this.handleAudit(req, res);
+                    json(res, 404, { error: `Unknown route: ${method} ${url}` });
+                });
+                this.server.listen(PORT, BIND_HOST, () => {
+                    const hw = this.hardware;
+                    console.log(`\n╔══════════════════════════════════════════════════╗`);
+                    console.log(`║  HABI Agent running on ${BIND_HOST}:${PORT}         ║`);
+                    console.log(`║  Hardware: ${hw.fingerprint.padEnd(34)} ║`);
+                    console.log(`║  Type:     ${hw.type.padEnd(34)} ║`);
+                    console.log(`╚══════════════════════════════════════════════════╝\n`);
+                    resolve();
+                });
+                this.server.on('error', (err) => {
+                    if (err.code === 'EADDRINUSE') {
+                        reject(new Error(`HABI: Port ${PORT} already in use. Another instance may be running.`));
+                    }
+                    else {
+                        reject(err);
+                    }
+                });
+            }
+            catch (err) {
+                reject(err);
+            }
+        });
+    }
+    stop() {
+        this.server?.close();
+        console.log('[HABI] Agent stopped.');
+    }
+}
+exports.HabiLocalServer = HabiLocalServer;
+//# sourceMappingURL=server.js.map

package/dist/server.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"server.js","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":";AAAA;;;;;;GAMG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEH,2CAA6B;AAE7B,yCAAwG;AACxG,uCAAkH;AAElH,MAAM,IAAI,GAAG,IAAI,CAAC;AAClB,MAAM,SAAS,GAAG,WAAW,CAAC,CAAC,gBAAgB;AAU/C,SAAS,IAAI,CAAC,GAAwB,EAAE,MAAc,EAAE,IAAa;IACnE,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;IACrC,GAAG,CAAC,SAAS,CAAC,MAAM,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;IAC9D,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;AACnB,CAAC;AAED,SAAS,QAAQ,CAAC,GAAyB;IACzC,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,IAAI,GAAG,GAAG,EAAE,CAAC;QACb,GAAG,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE,CAAC,GAAG,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC;QAC3D,GAAG,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE;YACjB,IAAI,CAAC;gBAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;YAAC,CAAC;YAC5C,MAAM,CAAC;gBAAC,MAAM,CAAC,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC,CAAC;YAAC,CAAC;QACnD,CAAC,CAAC,CAAC;QACH,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAC1B,CAAC,CAAC,CAAC;AACL,CAAC;AAED,MAAa,eAAe;IAClB,QAAQ,GAA4B,IAAI,CAAC;IACzC,OAAO,GAAyB,IAAI,CAAC;IACrC,OAAO,GAAwB,IAAI,CAAC;IACpC,MAAM,GAAuB,IAAI,CAAC;IAE1C,2EAA2E;IACnE,WAAW,CAAC,GAAyB;QAC3C,MAAM,EAAE,GAAG,GAAG,CAAC,MAAM,CAAC,aAAa,CAAC;QACpC,OAAO,EAAE,KAAK,WAAW,IAAI,EAAE,KAAK,KAAK,IAAI,EAAE,KAAK,kBAAkB,CAAC;IACzE,CAAC;IAED,2EAA2E;IACnE,YAAY,CAAC,GAAwB;QAC3C,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,YAAY,EAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;IAClF,CAAC;IAEO,cAAc,CAAC,GAAwB;QAC7C,IAAI,CAAC;YACH,MAAM,EAAE,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;YAC9B,MAAM,IAAI,GAAG,IAAI,CAAC,kBAAkB,EAAE,CAAC;YACvC,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE;gBACb,EAAE,EAAE,IAAI;gBACR,QAAQ,EAAE;oBACR,WAAW,EAAE,EAAE,CAAC,WAAW;oBAC3B,IAAI,EAAE,EAAE,CAAC,IAAI;oBACb,KAAK,EAAE,EAAE,CAAC,KAAK;oBACf,QAAQ,EAAE,EAAE,CAAC,QAAQ;oBACrB,QAAQ,EAAE,EAAE,CAAC,QAAQ;iBACtB;gBACD,OAAO,EAAE;oBACP,WAAW,EAAE,IAAI,CAAC,WAAW;oBAC7B,OAAO,EAAE,IAAI,CAAC,OAAO;oBACrB,SAAS,EAAE,IAAI,CAAC,SAAS;oBACzB,MAAM,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,SAAS;iBACpC;gBACD,KAAK,EAAE,EAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE;aACxC,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QACpD,CAAC;IACH,CAAC;IAEO,YAAY,CAAC,GAAwB;QAC3C,IAAI,CAAC;YACH,MAAM,EAAE,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;YAC9B,MAAM,IAAI,GAAG,IAAI,CAAC,kBAAkB,EAAE,CAAC;YACvC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YACvB,IAAI,GAAG,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;gBAC1B,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC;gBACpB,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,mCAAmC,EAAE,CAAC,CAAC;gBAC5F,OAAO;YACT,CAAC;YACD,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE;gBACb,EAAE,EAAE,IAAI;gBACR,QAAQ,EAAE,IAAI;gBACd,WAAW,EAAE,IAAI,CAAC,WAAW;gBAC7B,UAAU,EAAE,EAAE,CAAC,WAAW;gBAC1B,YAAY,EAAE,EAAE,CAAC,IAAI;gBACrB,SAAS,EAAE,IAAI,CAAC,SAAS;gBACzB,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,SAAS,GAAG,GAAG,CAAC,GAAG,IAAI,CAAC;aACrD,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QACrE,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,mBAAmB,CAAC,GAAyB,EAAE,GAAwB;QACnF,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,GAAG,CAAC,CAAC;YACjC,MAAM,SAAS,GAAG,IAAI,CAAC,SAA+B,CAAC;YACvD,IAAI,CAAC,SAAS,EAAE,CAAC;gBAAC,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,0BAA0B,EAAE,CAAC,CAAC;gBAAC,OAAO;YAAC,CAAC;YAE7F,MAAM,GAAG,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC;YAC9B,IAAI,CAAC,GAAG,EAAE,CAAC;gBACT,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,iEAAiE,EAAE,CAAC,CAAC;gBACxH,OAAO;YACT,CAAC;YAED,MAAM,EAAE,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;YAC9B,MAAM,YAAY,GAAG,IAAA,iCAAuB,EAAC,EAAE,CAAC,WAAW,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;YAC1E,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,CAAC;gBAC1B,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,YAAY,CAAC,MAAM,EAAE,UAAU,EAAE,EAAE,CAAC,WAAW,EAAE,CAAC,CAAC;gBACtG,OAAO;YACT,CAAC;YAED,MAAM,OAAO,GAAG,IAAA,yBAAe,EAAC,SAAS,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;YACxD,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE;gBACb,EAAE,EAAE,IAAI;gBACR,OAAO,EAAE,OAAO,CAAC,OAAO;gBACxB,MAAM,EAAE,OAAO,CAAC,MAAM;gBACtB,UAAU,EAAE,EAAE,CAAC,WAAW;gBAC1B,WAAW,EAAE,GAAG,CAAC,WAAW;gBAC5B,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,OAAO;aAC7B,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QACpD,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,WAAW,CAAC,GAAyB,EAAE,GAAwB;QAC3E,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,GAAG,CAAC,CAAC;YACjC,MAAM,EAAE,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;YAC9B,MAAM,KAAK,GAAG;gBACZ,EAAE,EAAE,IAAI,CAAC,GAAG,EAAE;gBACd,UAAU,EAAE,EAAE,CAAC,WAAW;gBAC1B,kBAAkB,EAAE,IAAI,CAAC,OAAO,EAAE,WAAW,IAAI,SAAS;gBAC1D,GAAG,IAAI;aACR,CAAC;YACF,MAAM,SAAS,GAAG,IAAA,iBAAM,EAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC;YAChD,OAAO,CAAC,GAAG,CAAC,gBAAgB,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,IAAI,IAAI,CAAC,SAAS,IAAI,OAAO,IAAI,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,CAAC;YAC/G,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,CAAC;QAC1C,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QACpD,CAAC;IACH,CAAC;IAED,2EAA2E;IACnE,WAAW;QACjB,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACnB,IAAI,CAAC,QAAQ,GAAG,IAAA,+BAAoB,GAAE,CAAC;YACvC,OAAO,CAAC,GAAG,CAAC,oBAAoB,IAAI,CAAC,QAAQ,CAAC,WAAW,KAAK,IAAI,CAAC,QAAQ,CAAC,IAAI,QAAQ,IAAI,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC;QACjH,CAAC;QACD,OAAO,IAAI,CAAC,QAAQ,CAAC;IACvB,CAAC;IAEO,UAAU;QAChB,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;YAClB,MAAM,CAAC,GAAG,IAAA,yBAAe,GAAE,CAAC;YAC5B,IAAI,CAAC,EAAE,CAAC;gBACN,IAAI,CAAC,OAAO,GAAG,IAAA,qBAAW,EAAC,CAAC,CAAC,CAAC;gBAC9B,OAAO,CAAC,GAAG,CAAC,mBAAmB,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,OAAO,KAAK,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,CAAC;YAC/G,CAAC;QACH,CAAC;QACD,OAAO,IAAI,CAAC,OAAO,CAAC;IACtB,CAAC;IAEO,kBAAkB;QACxB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,IAAI,IAAI,CAAC,OAAO,IAAI,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS;YAAE,OAAO,IAAI,CAAC,OAAO,CAAC;QAEtE,MAAM,EAAE,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;QAC9B,MAAM,GAAG,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC;QAC9B,MAAM,WAAW,GAAG,GAAG,EAAE,WAAW,IAAI,IAAA,iBAAM,EAAC,YAAY,CAAC,CAAC;QAC7D,MAAM,WAAW,GAAG,IAAA,qCAA0B,EAAC,EAAE,CAAC,WAAW,EAAE,WAAW,EAAE,GAAG,CAAC,CAAC;QAEjF,IAAI,CAAC,OAAO,GAAG;YACb,WAAW;YACX,UAAU,EAAE,EAAE,CAAC,WAAW;YAC1B,WAAW;YACX,OAAO,EAAE,GAAG;YACZ,SAAS,EAAE,GAAG,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI;SAChC,CAAC;QACF,OAAO,CAAC,GAAG,CAAC,mBAAmB,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,eAAe,IAAI,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;QACxH,OAAO,IAAI,CAAC,OAAO,CAAC;IACtB,CAAC;IAED,2EAA2E;IAC3E,KAAK;QACH,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,IAAI,CAAC;gBACH,IAAI,CAAC,WAAW,EAAE,CAAC;gBACnB,IAAI,CAAC,UAAU,EAAE,CAAC;gBAClB,IAAI,CAAC,kBAAkB,EAAE,CAAC;gBAE1B,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,YAAY,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;oBACjD,wBAAwB;oBACxB,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,EAAE,CAAC;wBAC3B,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,8BAA8B,EAAE,CAAC,CAAC;wBAC1D,OAAO;oBACT,CAAC;oBAED,MAAM,GAAG,GAAG,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC;oBAC3B,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,IAAI,KAAK,CAAC;oBAEnC,IAAI,GAAG,KAAK,SAAS,IAAI,MAAM,KAAK,KAAK;wBAAU,OAAO,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC;oBACjF,IAAI,GAAG,KAAK,WAAW,IAAI,MAAM,KAAK,KAAK;wBAAQ,OAAO,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC;oBACnF,IAAI,GAAG,KAAK,SAAS,IAAI,MAAM,KAAK,MAAM;wBAAS,OAAO,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC;oBACjF,IAAI,GAAG,KAAK,iBAAiB,IAAI,MAAM,KAAK,MAAM;wBAAE,OAAO,IAAI,CAAC,mBAAmB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;oBAC9F,IAAI,GAAG,KAAK,QAAQ,IAAI,MAAM,KAAK,MAAM;wBAAU,OAAO,IAAI,CAAC,WAAW,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;oBAErF,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,kBAAkB,MAAM,IAAI,GAAG,EAAE,EAAE,CAAC,CAAC;gBAC/D,CAAC,CAAC,CAAC;gBAEH,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,SAAS,EAAE,GAAG,EAAE;oBACvC,MAAM,EAAE,GAAG,IAAI,CAAC,QAAS,CAAC;oBAC1B,OAAO,CAAC,GAAG,CAAC,wDAAwD,CAAC,CAAC;oBACtE,OAAO,CAAC,GAAG,CAAC,4BAA4B,SAAS,IAAI,IAAI,YAAY,CAAC,CAAC;oBACvE,OAAO,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC,WAAW,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC;oBAC3D,OAAO,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC;oBACpD,OAAO,CAAC,GAAG,CAAC,wDAAwD,CAAC,CAAC;oBACtE,OAAO,EAAE,CAAC;gBACZ,CAAC,CAAC,CAAC;gBAEH,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAA0B,EAAE,EAAE;oBACrD,IAAI,GAAG,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;wBAC9B,MAAM,CAAC,IAAI,KAAK,CAAC,cAAc,IAAI,mDAAmD,CAAC,CAAC,CAAC;oBAC3F,CAAC;yBAAM,CAAC;wBACN,MAAM,CAAC,GAAG,CAAC,CAAC;oBACd,CAAC;gBACH,CAAC,CAAC,CAAC;YACL,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,MAAM,CAAC,GAAG,CAAC,CAAC;YACd,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAED,IAAI;QACF,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC;QACrB,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAC;IACvC,CAAC;CACF;AApND,0CAoNC"}

package/package.json

@@ -0,0 +1,24 @@
+{
+  "name": "habi-agent",
+  "version": "0.1.0",
+  "description": "HABI Local Identity Agent — hardware fingerprint daemon on localhost:7432",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "bin": {
+    "habi-agent": "dist/cli.js"
+  },
+  "scripts": {
+    "build": "tsc",
+    "dev": "ts-node src/cli.ts",
+    "start": "node dist/cli.js",
+    "test": "jest"
+  },
+  "dependencies": {
+    "dotenv": "^16.4.5"
+  },
+  "devDependencies": {
+    "@types/node": "^20.12.0",
+    "typescript": "^5.4.0",
+    "ts-node": "^10.9.2"
+  }
+}

package/src/cli.ts

@@ -0,0 +1,264 @@
+#!/usr/bin/env node
+/**
+ * HABI Agent CLI
+ * Usage:
+ *   habi-agent start     — start the local identity daemon
+ *   habi-agent status    — check if agent is running
+ *   habi-agent identity  — print hardware identity
+ *   habi-agent init      — generate a Project Context File
+ *   habi-agent verify    — verify current session
+ */
+
+import { HabiLocalServer } from './server';
+import { readHardwareIdentity, generateSessionFingerprint, sha256 } from './hardware';
+import { findContextFile, loadContext } from './context';
+import { registerDevice, sendHeartbeat } from './cloud';
+import * as fs from 'fs';
+import * as path from 'path';
+import * as http from 'http';
+import * as os from 'os';
+
+const AGENT_PORT = 7432;
+const command = process.argv[2] || 'start';
+
+// ── Utility: ping the running agent ────────────────────────────────────────
+function pingAgent(p: string = '/health'): Promise<Record<string, unknown>> {
+  return new Promise((resolve, reject) => {
+    const req = http.get(
+      { host: '127.0.0.1', port: AGENT_PORT, path: p },
+      (res) => {
+        let body = '';
+        res.on('data', (chunk: Buffer) => body += chunk.toString());
+        res.on('end', () => {
+          try { resolve(JSON.parse(body)); }
+          catch { reject(new Error('Invalid JSON from agent')); }
+        });
+      }
+    );
+    req.on('error', reject);
+    req.setTimeout(2000, () => { req.destroy(); reject(new Error('timeout')); });
+  });
+}
+
+async function cmdStart() {
+  console.log('\n┌─────────────────────────────────────────────┐');
+  console.log('│  HABI Local Identity Agent v0.1.0           │');
+  console.log('│  On Spot Solutions LLC — hardware-first AI  │');
+  console.log('└─────────────────────────────────────────────┘\n');
+
+  // Check if already running
+  try {
+    await pingAgent();
+    console.log('⚠  HABI agent is already running on port 7432.');
+    console.log('   Run: habi-agent status  to check it.');
+    process.exit(0);
+  } catch {
+    // Not running — proceed
+  }
+
+  const server = new HabiLocalServer();
+
+  // Graceful shutdown
+  const shutdown = () => {
+    console.log('\n[HABI] Shutting down agent...');
+    server.stop();
+    process.exit(0);
+  };
+  process.on('SIGINT', shutdown);
+  process.on('SIGTERM', shutdown);
+
+  try {
+    await server.start();
+
+    // ── Cloud registration ──────────────────────────────────────────────
+    const hw = readHardwareIdentity();
+    const habiKey = process.env.HABI_KEY || process.env.HABI_OWNER_EMAIL || "";
+    const friendlyName = process.env.HABI_DEVICE_NAME || os.hostname();
+
+    if (!habiKey) {
+      console.log('[HABI Cloud] HABI_OWNER_EMAIL not set — running in local-only mode.');
+      console.log('[HABI Cloud] Set export HABI_OWNER_EMAIL=you@example.com to enable cloud registration.\n');
+    } else {
+      console.log(`[HABI Cloud] Registering "${friendlyName}" via HABI key...`);
+      const cloudState = await registerDevice({
+        friendlyName,
+        hardwareFingerprint: hw.fingerprint,
+        fingerprintType: hw.type,
+        agentVersion: '0.1.0',
+        osPlatform: os.platform(),
+      });
+
+      if (cloudState) {
+        console.log(`[HABI Cloud] ✓ Device registered — ID: ${cloudState.deviceId.slice(0, 8)}...`);
+        console.log(`[HABI Cloud] ✓ Session token active until ${new Date(cloudState.sessionTokenExpiresAt).toLocaleTimeString()}\n`);
+
+        // ── Heartbeat loop every 30s ──────────────────────────────────
+        let currentToken = cloudState.sessionToken;
+        setInterval(async () => {
+          const hb = await sendHeartbeat({
+            deviceId: cloudState.deviceId,
+            sessionToken: currentToken,
+            hardwareFingerprint: hw.fingerprint,
+          });
+          if (hb) {
+            currentToken = hb.sessionToken;
+            if (hb.pendingJobs && hb.pendingJobs.length > 0) {
+              console.log(`[HABI Cloud] ${hb.pendingJobs.length} pending job(s) received from dispatch queue.`);
+              // Job execution handled in Phase 2 — log for now
+              for (const job of hb.pendingJobs) {
+                console.log(`[HABI Cloud]   Job ${job.id.slice(0, 8)}: ${JSON.stringify(job.payload).slice(0, 80)}`);
+              }
+            }
+          }
+        }, 30000);
+      }
+    }
+
+    // Keep alive
+    await new Promise(() => {});
+  } catch (err) {
+    console.error(`\n✗ HABI agent failed to start:\n  ${err}\n`);
+    process.exit(1);
+  }
+}
+
+async function cmdStatus() {
+  try {
+    const health = await pingAgent('/health');
+    console.log('\n✓ HABI agent is RUNNING');
+    console.log(`  Port:    ${AGENT_PORT}`);
+    console.log(`  Version: ${health.version || 'unknown'}`);
+
+    const identity = await pingAgent('/identity') as Record<string, unknown>;
+    const hw = identity.hardware as Record<string, unknown>;
+    const sess = identity.session as Record<string, unknown>;
+    if (hw) {
+      console.log(`  Hardware: ${hw.fingerprint} (${hw.type})`);
+      console.log(`  Platform: ${hw.platform} / ${hw.hostname}`);
+    }
+    if (sess) {
+      const expiresAt = new Date(sess.expiresAt as number);
+      const active = sess.active ? '✓ ACTIVE' : '✗ EXPIRED';
+      console.log(`  Session:  ${(sess.fingerprint as string)?.slice(0, 16)}...`);
+      console.log(`  Status:   ${active} (expires ${expiresAt.toLocaleTimeString()})`);
+    }
+    console.log();
+  } catch {
+    console.log('\n✗ HABI agent is NOT RUNNING');
+    console.log('  Start it with: npx ts-node src/cli.ts start\n');
+    process.exit(1);
+  }
+}
+
+async function cmdIdentity() {
+  try {
+    const hw = readHardwareIdentity();
+    const ctx = (() => {
+      try {
+        const p = findContextFile();
+        return p ? loadContext(p) : null;
+      } catch { return null; }
+    })();
+
+    const contextHash = ctx?.contextHash ?? sha256('no-context');
+    const fingerprint = generateSessionFingerprint(hw.fingerprint, contextHash, Date.now());
+
+    console.log('\n┌─ HABI Hardware Identity ──────────────────────────────────┐');
+    console.log(`│  Hardware ID:  ${hw.fingerprint}`);
+    console.log(`│  Type:         ${hw.type}`);
+    console.log(`│  Interface:    ${hw.iface}`);
+    console.log(`│  Platform:     ${hw.platform}`);
+    console.log(`│  Hostname:     ${hw.hostname}`);
+    console.log(`│  Context:      ${ctx ? ctx.context.project : 'none loaded'}`);
+    console.log(`│  Context Hash: ${ctx ? ctx.contextHash.slice(0, 24) + '...' : 'n/a'}`);
+    console.log(`│  Session FP:   ${fingerprint.slice(0, 24)}...`);
+    console.log('└────────────────────────────────────────────────────────────┘\n');
+  } catch (err) {
+    console.error(`\n✗ Could not read hardware identity:\n  ${err}\n`);
+    process.exit(1);
+  }
+}
+
+async function cmdInit() {
+  const hw = readHardwareIdentity();
+  const projectName = process.argv[3] || path.basename(process.cwd());
+
+  const contextContent = {
+    project: projectName,
+    version: '1.0.0',
+    owner: process.env.HABI_OWNER_EMAIL || process.env.USER || process.env.USERNAME || 'owner',
+    allowedMachines: [hw.fingerprint],
+    allowedOperations: {
+      paths: [`${process.cwd()}/**`],
+      cloudAccounts: [],
+      databases: [],
+      repos: [],
+    },
+    deniedOperations: [
+      'DROP TABLE',
+      'DROP DATABASE',
+      'rm -rf /',
+      'DELETE FROM audit_log',
+      'truncate audit_log',
+    ],
+  };
+
+  const contextHash = sha256(JSON.stringify(contextContent, null, 2));
+  const fullContext = { ...contextContent, contextHash };
+  const outPath = path.join(process.cwd(), 'habi-context.json');
+
+  if (fs.existsSync(outPath)) {
+    console.log(`\n⚠  Context file already exists: ${outPath}`);
+    console.log('   Delete it first if you want to regenerate.\n');
+    process.exit(1);
+  }
+
+  fs.writeFileSync(outPath, JSON.stringify(fullContext, null, 2), 'utf8');
+
+  console.log('\n✓ HABI Project Context File created');
+  console.log(`  File:     ${outPath}`);
+  console.log(`  Project:  ${projectName}`);
+  console.log(`  Machine:  ${hw.fingerprint} (${hw.type})`);
+  console.log(`  Hash:     ${contextHash.slice(0, 24)}...`);
+  console.log('\n⚠  IMPORTANT: Add habi-context.json to your .gitignore');
+  console.log('   This file contains your machine identity — do not commit it.\n');
+}
+
+async function cmdVerify() {
+  try {
+    const data = await pingAgent('/verify') as Record<string, unknown>;
+    if (data.verified) {
+      console.log('\n✓ Session VERIFIED');
+      console.log(`  Hardware ID: ${data.hardwareId}`);
+      console.log(`  Fingerprint: ${(data.fingerprint as string)?.slice(0, 24)}...`);
+      console.log(`  Expires in:  ${data.expiresIn}s\n`);
+    } else {
+      console.log('\n✗ Session NOT VERIFIED');
+      console.log(`  Reason: ${data.reason || data.error}\n`);
+      process.exit(1);
+    }
+  } catch {
+    console.log('\n✗ HABI agent not running. Start with: npx ts-node src/cli.ts start\n');
+    process.exit(1);
+  }
+}
+
+// ── Dispatch ────────────────────────────────────────────────────────────────
+(async () => {
+  switch (command) {
+    case 'start':    await cmdStart();    break;
+    case 'status':   await cmdStatus();   break;
+    case 'identity': await cmdIdentity(); break;
+    case 'init':     await cmdInit();     break;
+    case 'verify':   await cmdVerify();   break;
+    default:
+      console.log(`\nHABI Agent v0.1.0 — On Spot Solutions LLC`);
+      console.log(`Usage: npx ts-node src/cli.ts <command>`);
+      console.log(`\nCommands:`);
+      console.log(`  start     Start the local identity daemon on port 7432`);
+      console.log(`  status    Show agent status and hardware identity`);
+      console.log(`  identity  Print hardware fingerprint`);
+      console.log(`  init      Generate a Project Context File for this directory`);
+      console.log(`  verify    Verify the current session\n`);
+  }
+})();