happy-imou-cloud 2.1.21 → 2.1.22

package/dist/{index-krVv4CWK.mjs → index-CEhnCQim.mjs}

@@ -1,10 +1,10 @@
 import{createRequire as _pkgrollCR}from"node:module";const require=_pkgrollCR(import.meta.url);import chalk from 'chalk';
-import { l as logger, j as encodeBase64, c as configuration, k as readCredentials, m as ensureSigningCredentials, r as readSettings, u as updateSettings, n as encodeBase64Url, g as delay, o as buildClientHeaders, q as decodeBase64, w as writeCredentialsLegacy, t as writeCredentialsDataKey, v as readDaemonState, x as HAPPY_CLOUD_DAEMON_PORT, y as clearDaemonState, z as packageJson, B as acquireDaemonLock, C as writeDaemonState, A as ApiClient, i as isAuthenticationRequiredError, D as releaseDaemonLock, E as validateProfileForAgent, F as getProfileEnvironmentVariables, G as clearCredentials, I as clearMachineId, J as HeadTailPreviewBuffer, K as getLatestDaemonLog } from './api-DB30ctmX.mjs';
+import { l as logger, j as encodeBase64, c as configuration, k as readCredentials, m as ensureSigningCredentials, r as readSettings, u as updateSettings, n as encodeBase64Url, g as delay, o as buildClientHeaders, q as decodeBase64, w as writeCredentialsLegacy, t as writeCredentialsDataKey, v as readDaemonState, x as HAPPY_CLOUD_DAEMON_PORT, y as clearDaemonState, z as packageJson, i as isAuthenticationRequiredError, B as acquireDaemonLock, C as writeDaemonState, A as ApiClient, D as releaseDaemonLock, E as validateProfileForAgent, F as getProfileEnvironmentVariables, G as clearCredentials, I as clearMachineId, M as MessageContentSchema, J as buildSocketAuth, K as encrypt, L as HeadTailPreviewBuffer, N as getLatestDaemonLog } from './api-bhF1J82q.mjs';
 import { z } from 'zod';
 import fs, { writeFile as writeFile$1, rename, unlink as unlink$1 } from 'fs/promises';
 import os$1, { homedir } from 'os';
 import * as tmp from 'tmp';
-import { randomUUID, randomBytes } from 'node:crypto';
+import { randomUUID, randomBytes, createCipheriv } from 'node:crypto';
 import tweetnacl from 'tweetnacl';
 import axios from 'axios';
 import qrcode from 'qrcode-terminal';
@@ -29,6 +29,7 @@ import { randomUUID as randomUUID$1, randomBytes as randomBytes$1, createHash }
 import { createInterface } from 'node:readline';
 import { createServer } from 'http';
 import { promisify } from 'util';
+import { io } from 'socket.io-client';
 import { ndJsonStream, ClientSideConnection } from '@agentclientprotocol/sdk';
 import { fileURLToPath as fileURLToPath$1 } from 'node:url';
 import 'node:events';
@@ -2573,6 +2574,63 @@ async function archiveDetachedManagedSessionIfNeeded(opts) {
   return true;
 }
 
+function createOfflineMachine(opts) {
+  const { credentials, machineId, metadata, daemonState } = opts;
+  if (credentials.encryption.type === "dataKey") {
+    return {
+      id: machineId,
+      encryptionKey: credentials.encryption.machineKey,
+      encryptionVariant: "dataKey",
+      metadata,
+      metadataVersion: 0,
+      daemonState,
+      daemonStateVersion: 0
+    };
+  }
+  return {
+    id: machineId,
+    encryptionKey: credentials.encryption.secret,
+    encryptionVariant: "legacy",
+    metadata,
+    metadataVersion: 0,
+    daemonState,
+    daemonStateVersion: 0
+  };
+}
+async function registerDaemonMachine(opts) {
+  let userScopedObserver = opts.userScopedObserver;
+  let machine = createOfflineMachine(opts);
+  let daemonHasAuthenticatedSync = false;
+  try {
+    machine = await opts.api.getOrCreateMachine({
+      machineId: opts.machineId,
+      metadata: opts.metadata,
+      daemonState: opts.daemonState
+    });
+    daemonHasAuthenticatedSync = true;
+    logger.debug(`[DAEMON RUN] Machine registered: ${machine.id}`);
+  } catch (error) {
+    if (!isAuthenticationRequiredError(error)) {
+      throw error;
+    }
+    logger.warn(
+      "[DAEMON RUN] Machine registration rejected by the server. Continuing with local-only daemon control until authentication is refreshed.",
+      error instanceof Error ? error.message : String(error)
+    );
+    try {
+      await userScopedObserver?.close();
+    } catch (observerCloseError) {
+      logger.debug("[DAEMON RUN] Failed to close user-scoped observer after auth fallback", observerCloseError);
+    }
+    userScopedObserver = null;
+  }
+  return {
+    machine,
+    daemonHasAuthenticatedSync,
+    userScopedObserver
+  };
+}
+
 const NON_SESSION_PROCESS_TYPES$1 = /* @__PURE__ */ new Set([
   "current",
   "daemon",
@@ -2966,28 +3024,6 @@ const initialMachineMetadata = {
   happyHomeDir: configuration.happyCloudHomeDir,
   happyLibDir: projectPath()
 };
-function createOfflineMachine(credentials, machineId, daemonState) {
-  if (credentials.encryption.type === "dataKey") {
-    return {
-      id: machineId,
-      encryptionKey: credentials.encryption.machineKey,
-      encryptionVariant: "dataKey",
-      metadata: initialMachineMetadata,
-      metadataVersion: 0,
-      daemonState,
-      daemonStateVersion: 0
-    };
-  }
-  return {
-    id: machineId,
-    encryptionKey: credentials.encryption.secret,
-    encryptionVariant: "legacy",
-    metadata: initialMachineMetadata,
-    metadataVersion: 0,
-    daemonState,
-    daemonStateVersion: 0
-  };
-}
 async function getProfileEnvironmentVariablesForAgent(profileId, agentType) {
   try {
     const settings = await readSettings();
@@ -3562,31 +3598,16 @@ ${stderrSnapshot}`);
         logger.debug("[DAEMON RUN] Failed to start user-scoped observer, continuing without it", error);
       }
     }
-    let machine = createOfflineMachine(credentials, machineId, initialDaemonState);
-    let daemonHasAuthenticatedSync = false;
-    try {
-      machine = await activeApi.getOrCreateMachine({
-        machineId,
-        metadata: initialMachineMetadata,
-        daemonState: initialDaemonState
-      });
-      daemonHasAuthenticatedSync = true;
-      logger.debug(`[DAEMON RUN] Machine registered: ${machine.id}`);
-    } catch (error) {
-      if (!isAuthenticationRequiredError(error)) {
-        throw error;
-      }
-      logger.warn(
-        "[DAEMON RUN] Machine registration rejected by the server. Continuing with local-only daemon control until authentication is refreshed.",
-        error instanceof Error ? error.message : String(error)
-      );
-      try {
-        await userScopedObserver?.close();
-      } catch (observerCloseError) {
-        logger.debug("[DAEMON RUN] Failed to close user-scoped observer after auth fallback", observerCloseError);
-      }
-      userScopedObserver = null;
-    }
+    const machineRegistration = await registerDaemonMachine({
+      api: activeApi,
+      credentials,
+      machineId,
+      metadata: initialMachineMetadata,
+      daemonState: initialDaemonState,
+      userScopedObserver
+    });
+    const { machine, daemonHasAuthenticatedSync } = machineRegistration;
+    userScopedObserver = machineRegistration.userScopedObserver;
     const apiMachine = daemonHasAuthenticatedSync ? activeApi.machineSyncClient(machine) : null;
     apiMachine?.setRPCHandlers({
       spawnSession,
@@ -5007,6 +5028,291 @@ async function handleHappyOrgCommand(args, deps = {}) {
   throw new Error(`Unknown happy-org subcommand: ${subcommand}`);
 }
 
+const AGENT_SEND_AES_KEY_REQUIRED_MESSAGE = "Enterprise mode requires an AES key. Pass --aes-key or authenticate with a server response that includes credentials.aesKey.";
+const AGENT_SEND_E2EE_LEGACY_REQUIRED_MESSAGE = "Legacy e2ee mode is only available for legacy credentials. Use --mode enterprise or re-authenticate with a legacy account.";
+async function handleAgentCommand(args) {
+  const subcommand = args[0];
+  if (!subcommand || subcommand === "help" || subcommand === "--help" || subcommand === "-h") {
+    showAgentHelp();
+    return;
+  }
+  if (subcommand === "send") {
+    await handleAgentSend(args.slice(1));
+    return;
+  }
+  console.error(chalk.red(`Unknown agent subcommand: ${subcommand}`));
+  showAgentHelp();
+  process.exit(1);
+}
+function showAgentHelp() {
+  console.log(`
+${chalk.bold("hicloud agent")} - Enterprise task communication relay
+
+${chalk.bold("Usage:")}
+  hicloud agent send --session <id> --message <json>
+  hicloud agent send --session <id> --message <json> --mode enterprise
+  hicloud agent send --session <id> --message <json> --mode e2ee
+  hicloud agent help
+
+${chalk.bold("Options:")}
+  --session <id>      Target session ID (alias: --session-id)
+  --message <json>    App-display-compatible JSON message
+  --mode <mode>       Communication mode: e2ee (default), enterprise, or aes
+  --aes-key <hex>     Override enterprise AES key with a 64-char hex value
+
+${chalk.bold("Message format:")}
+  {"role":"user","content":{"type":"text","text":"Hello"}}
+  {"role":"agent","content":{"type":"output","data":{"message":"Task complete"}}}
+
+  Optional meta fields such as meta.happyOrg are preserved so task replay and
+  audit linkage survive enterprise communication writes.
+
+${chalk.bold("Communication modes:")}
+  e2ee        Legacy-compatible end-to-end encryption using legacy credentials.
+              This mode stays explicit and is never auto-selected as a fallback.
+  enterprise  Enterprise-managed AES-256-GCM mode. Server decrypts authorized
+  aes         plaintext for replay/audit. Requires an AES key.
+
+${chalk.bold("Examples:")}
+  hicloud agent send --session sess_abc123 --message '{"role":"user","content":{"type":"text","text":"Review this PR"}}'
+  hicloud agent send --session sess_abc123 --message '{"role":"user","content":{"type":"text","text":"Review enterprise trace"},"meta":{"happyOrg":{"taskContext":{"taskId":"task-1","organizationId":"org-1","memberAgentId":"member-1","supervisorAgentId":"ceo-1"},"replyContext":{"dispatchId":"dispatch-1","scope":"cli-agent","replyTo":"ceo-1"}}}}' --mode enterprise
+`);
+}
+async function handleAgentSend(args) {
+  const opts = parseAgentSendArgs(args);
+  if (!opts) {
+    process.exit(1);
+    return;
+  }
+  let parsedMessage;
+  try {
+    parsedMessage = JSON.parse(opts.messageJson);
+  } catch {
+    console.error(chalk.red("Error: Message must be valid JSON."));
+    process.exit(1);
+    return;
+  }
+  if (!validateAgentSendMessage(parsedMessage)) {
+    console.error(chalk.red("Error: Message does not match the App display schema."));
+    console.error(chalk.yellow('Expected: {"role":"user","content":{"type":"text","text":"..."}} or {"role":"agent","content":{"type":"output","data":{...}}}.'));
+    process.exit(1);
+    return;
+  }
+  const credentials = await readCredentials();
+  if (!credentials) {
+    console.error(chalk.red('Error: Not authenticated. Please run "hicloud auth login" first.'));
+    process.exit(1);
+    return;
+  }
+  let resolved;
+  try {
+    resolved = resolveAgentSendOptions(opts, parsedMessage, credentials);
+  } catch (error) {
+    console.error(chalk.red(`Error: ${error instanceof Error ? error.message : "Unknown error"}`));
+    process.exit(1);
+    return;
+  }
+  console.log(chalk.bold(`
+Sending message to session: ${resolved.sessionId}`));
+  console.log(chalk.gray(`Communication mode: ${resolved.encryptionMode === "aes" ? "enterprise (aes)" : "legacy e2ee"}`));
+  console.log(chalk.gray(`Server: ${configuration.serverUrl}`));
+  await sendMessage({
+    ...resolved,
+    credentials
+  });
+}
+function validateAgentSendMessage(message) {
+  return MessageContentSchema.safeParse(message).success;
+}
+function resolveAgentSendOptions(opts, messageContent, credentials) {
+  if (opts.requestedMode === "aes") {
+    const aesKey = opts.aesKey ?? credentials.aesKey ?? void 0;
+    if (!aesKey) {
+      throw new Error(AGENT_SEND_AES_KEY_REQUIRED_MESSAGE);
+    }
+    if (!/^[0-9a-fA-F]{64}$/.test(aesKey)) {
+      throw new Error("Enterprise AES key must be a 64-character hex string.");
+    }
+    return {
+      sessionId: opts.sessionId,
+      messageContent,
+      encryptionMode: "aes",
+      aesKey
+    };
+  }
+  if (credentials.encryption.type !== "legacy") {
+    throw new Error(AGENT_SEND_E2EE_LEGACY_REQUIRED_MESSAGE);
+  }
+  return {
+    sessionId: opts.sessionId,
+    messageContent,
+    encryptionMode: "e2ee",
+    encryptionKey: credentials.encryption.secret,
+    encryptionVariant: "legacy"
+  };
+}
+async function sendMessage(opts) {
+  let socket;
+  let resolved = false;
+  return await new Promise((resolve, reject) => {
+    socket = io(configuration.serverUrl, {
+      auth: (cb) => {
+        cb(buildSocketAuth({
+          credentials: opts.credentials,
+          clientType: "session-scoped",
+          sessionId: opts.sessionId
+        }));
+      },
+      path: "/v1/updates",
+      transports: ["websocket"],
+      reconnection: false,
+      timeout: 1e4
+    });
+    const timeout = setTimeout(() => {
+      if (!resolved) {
+        resolved = true;
+        socket?.close();
+        reject(new Error("Connection timeout"));
+      }
+    }, 1e4);
+    socket.on("connect", () => {
+      console.log(chalk.green("Connected to server"));
+    });
+    socket.on("connect_error", (err) => {
+      if (!resolved) {
+        resolved = true;
+        clearTimeout(timeout);
+        socket?.close();
+        reject(new Error(`Connection error: ${err.message}`));
+      }
+    });
+    socket.on("error", (err) => {
+      if (!resolved) {
+        resolved = true;
+        clearTimeout(timeout);
+        socket?.close();
+        reject(new Error(`Socket error: ${err}`));
+      }
+    });
+    const localId = `agent-${randomUUID()}`;
+    const payload = {
+      sid: opts.sessionId,
+      localId
+    };
+    if (opts.encryptionMode === "aes") {
+      const encrypted = encryptAesJson(JSON.stringify(opts.messageContent), opts.aesKey);
+      if (!encrypted) {
+        clearTimeout(timeout);
+        if (!resolved) {
+          resolved = true;
+          socket?.close();
+          reject(new Error("AES encryption failed"));
+        }
+        return;
+      }
+      payload.message = encrypted;
+      payload.encryptionMode = "aes";
+    } else {
+      payload.message = encodeBase64(encrypt(opts.encryptionKey, opts.encryptionVariant, opts.messageContent));
+    }
+    socket.emit("message", payload, (ack) => {
+      clearTimeout(timeout);
+      if (!resolved) {
+        resolved = true;
+        socket?.close();
+        if (ack?.ok) {
+          console.log(chalk.green("\nMessage sent successfully!"));
+          console.log(chalk.gray(`  messageId: ${ack.messageId ?? "unknown"}`));
+          console.log(chalk.gray(`  status:   ${ack.status ?? "accepted"}`));
+          resolve();
+        } else {
+          reject(new Error(`Message rejected: ${ack?.error ?? "unknown"}`));
+        }
+      }
+    });
+  });
+}
+function encryptAesJson(jsonMessage, aesKeyHex) {
+  try {
+    const key = Buffer.from(aesKeyHex, "hex");
+    if (key.length !== 32) {
+      return null;
+    }
+    const nonce = randomBytes(12);
+    const cipher = createCipheriv("aes-256-gcm", key, nonce);
+    const plaintext = Buffer.from(jsonMessage, "utf8");
+    const encrypted = Buffer.concat([cipher.update(plaintext), cipher.final()]);
+    const authTag = cipher.getAuthTag();
+    const bundle = Buffer.alloc(1 + 12 + encrypted.length + 16);
+    bundle.writeUInt8(0, 0);
+    nonce.copy(bundle, 1);
+    encrypted.copy(bundle, 13);
+    authTag.copy(bundle, 13 + encrypted.length);
+    return bundle.toString("base64");
+  } catch {
+    return null;
+  }
+}
+function parseAgentSendArgs(args) {
+  let sessionId;
+  let messageJson;
+  let requestedMode = "e2ee";
+  let aesKey;
+  for (let index = 0; index < args.length; index += 1) {
+    const arg = args[index];
+    if (arg === "--session" || arg === "-s" || arg === "--session-id") {
+      sessionId = args[index + 1];
+      index += 1;
+      continue;
+    }
+    if (arg === "--message" || arg === "-m") {
+      messageJson = args[index + 1];
+      index += 1;
+      continue;
+    }
+    if (arg === "--mode" || arg === "--encryption" || arg === "--encryption-mode") {
+      const mode = args[index + 1]?.toLowerCase();
+      index += 1;
+      if (mode === "enterprise" || mode === "aes") {
+        requestedMode = "aes";
+        continue;
+      }
+      if (mode === "e2ee") {
+        requestedMode = "e2ee";
+        continue;
+      }
+      console.error(chalk.red(`Unknown communication mode: ${mode}. Use 'e2ee', 'enterprise', or 'aes'.`));
+      return null;
+    }
+    if (arg === "--aes-key") {
+      aesKey = args[index + 1];
+      index += 1;
+      continue;
+    }
+    if (arg === "--help" || arg === "-h") {
+      showAgentHelp();
+      return null;
+    }
+    if (!arg.startsWith("-")) {
+      messageJson ??= arg;
+    }
+  }
+  if (!sessionId) {
+    console.error(chalk.red("Error: --session <sessionId> or --session-id <sessionId> is required."));
+    return null;
+  }
+  if (!messageJson) {
+    console.error(chalk.red("Error: --message <json> is required."));
+    return null;
+  }
+  return {
+    sessionId,
+    messageJson,
+    requestedMode,
+    aesKey
+  };
+}
+
 function getProjectPath(workingDirectory, claudeConfigDirOverride) {
   const projectId = resolve$1(workingDirectory).replace(/[^a-zA-Z0-9-]/g, "-");
   const claudeConfigDirRaw = process.env.CLAUDE_CONFIG_DIR ?? "";
@@ -10440,14 +10746,14 @@ var launch = /*#__PURE__*/Object.freeze({
 const unifiedProviderExecutors = {
   claude: async (opts) => {
     const claudeOptions = opts.claudeOptions ?? {};
-    const { runClaude } = await import('./runClaude-nzLh-orP.mjs');
+    const { runClaude } = await import('./runClaude-CMKm1bBe.mjs');
     await runClaude(opts.credentials, {
       ...claudeOptions,
       startingMode: claudeOptions.startingMode ?? (claudeOptions.startedBy === "daemon" ? "remote" : void 0)
     });
   },
   codex: async (opts) => {
-    const { runCodex } = await import('./runCodex-C-Pjpbxn.mjs');
+    const { runCodex } = await import('./runCodex-BkfujuLR.mjs');
     await runCodex({
       credentials: opts.credentials,
       startedBy: opts.startedBy,
@@ -10456,7 +10762,7 @@ const unifiedProviderExecutors = {
     });
   },
   gemini: async (opts) => {
-    const { runGemini } = await import('./runGemini-CIVm6NWC.mjs');
+    const { runGemini } = await import('./runGemini-DcN0Nb3f.mjs');
     await runGemini({
       credentials: opts.credentials,
       startedBy: opts.startedBy
@@ -10539,7 +10845,7 @@ function shouldRunMainClaudeFlow(opts) {
     return;
   } else if (subcommand === "runtime") {
     if (args[1] === "providers") {
-      const { renderRuntimeProviders } = await import('./command-C6injNJE.mjs');
+      const { renderRuntimeProviders } = await import('./command-CyUpFVkQ.mjs');
       console.log(renderRuntimeProviders());
       return;
     }
@@ -10601,6 +10907,17 @@ function shouldRunMainClaudeFlow(opts) {
       process.exit(1);
     }
     return;
+  } else if (subcommand === "agent") {
+    try {
+      await handleAgentCommand(args.slice(1));
+    } catch (error) {
+      console.error(chalk.red("Error:"), error instanceof Error ? error.message : "Unknown error");
+      if (process.env.DEBUG) {
+        console.error(error);
+      }
+      process.exit(1);
+    }
+    return;
   } else if (subcommand === "codex") {
     try {
       let startedBy = void 0;
@@ -10728,8 +11045,8 @@ function shouldRunMainClaudeFlow(opts) {
       const projectId = args[3];
       try {
         const { saveGoogleCloudProjectToConfig } = await Promise.resolve().then(function () { return config; });
-        const { readCredentials: readCredentials2 } = await import('./api-DB30ctmX.mjs').then(function (n) { return n.L; });
-        const { ApiClient: ApiClient2 } = await import('./api-DB30ctmX.mjs').then(function (n) { return n.M; });
+        const { readCredentials: readCredentials2 } = await import('./api-bhF1J82q.mjs').then(function (n) { return n.O; });
+        const { ApiClient: ApiClient2 } = await import('./api-bhF1J82q.mjs').then(function (n) { return n.P; });
         let userEmail = void 0;
         try {
           const credentials = await readCredentials2();

package/dist/index.cjs

@@ -1,9 +1,9 @@
 'use strict';
 
 require('chalk');
-require('./api-8xtJZeXZ.cjs');
+require('./api-BXGRJ5Kn.cjs');
 require('zod');
-require('./index-D4A092LJ.cjs');
+require('./index-BNTRi6Uv.cjs');
 require('node:child_process');
 require('node:fs');
 require('cross-spawn');

package/dist/index.mjs

@@ -1,7 +1,7 @@
 import 'chalk';
-import './api-DB30ctmX.mjs';
+import './api-bhF1J82q.mjs';
 import 'zod';
-import './index-krVv4CWK.mjs';
+import './index-CEhnCQim.mjs';
 import 'node:child_process';
 import 'node:fs';
 import 'cross-spawn';

package/dist/lib.cjs

@@ -1,6 +1,6 @@
 'use strict';
 
-var persistence = require('./api-8xtJZeXZ.cjs');
+var persistence = require('./api-BXGRJ5Kn.cjs');
 var types = require('./types-DVk3crez.cjs');
 require('axios');
 require('chalk');