happy-imou-cloud 2.1.21 → 2.1.23

package/dist/{index-D4A092LJ.cjs → index-yX0QThPc.cjs}

@@ -1,7 +1,7 @@
 'use strict';
 
 var chalk = require('chalk');
-var persistence = require('./api-8xtJZeXZ.cjs');
+var persistence = require('./api-CusZs0lm.cjs');
 var z = require('zod');
 var fs$2 = require('fs/promises');
 var os$1 = require('os');
@@ -31,6 +31,7 @@ var crypto = require('crypto');
 var node_readline = require('node:readline');
 var http = require('http');
 var util = require('util');
+var socket_ioClient = require('socket.io-client');
 var sdk = require('@agentclientprotocol/sdk');
 var node_url = require('node:url');
 require('node:events');
@@ -71,7 +72,7 @@ async function openBrowser(url) {
   }
 }
 
-const require$1 = node_module.createRequire((typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('index-D4A092LJ.cjs', document.baseURI).href)));
+const require$1 = node_module.createRequire((typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('index-yX0QThPc.cjs', document.baseURI).href)));
 const QRCode = require$1("qrcode-terminal/vendor/QRCode");
 const QRErrorCorrectLevel = require$1("qrcode-terminal/vendor/QRCode/QRErrorCorrectLevel");
 const pendingTempFiles = /* @__PURE__ */ new Set();
@@ -636,7 +637,7 @@ function setupCleanupHandlers() {
   });
 }
 
-const __dirname$2 = path$1.dirname(url.fileURLToPath((typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('index-D4A092LJ.cjs', document.baseURI).href))));
+const __dirname$2 = path$1.dirname(url.fileURLToPath((typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('index-yX0QThPc.cjs', document.baseURI).href))));
 function projectPath() {
   const path = path$1.resolve(__dirname$2, "..");
   return path;
@@ -2595,6 +2596,63 @@ async function archiveDetachedManagedSessionIfNeeded(opts) {
   return true;
 }
 
+function createOfflineMachine(opts) {
+  const { credentials, machineId, metadata, daemonState } = opts;
+  if (credentials.encryption.type === "dataKey") {
+    return {
+      id: machineId,
+      encryptionKey: credentials.encryption.machineKey,
+      encryptionVariant: "dataKey",
+      metadata,
+      metadataVersion: 0,
+      daemonState,
+      daemonStateVersion: 0
+    };
+  }
+  return {
+    id: machineId,
+    encryptionKey: credentials.encryption.secret,
+    encryptionVariant: "legacy",
+    metadata,
+    metadataVersion: 0,
+    daemonState,
+    daemonStateVersion: 0
+  };
+}
+async function registerDaemonMachine(opts) {
+  let userScopedObserver = opts.userScopedObserver;
+  let machine = createOfflineMachine(opts);
+  let daemonHasAuthenticatedSync = false;
+  try {
+    machine = await opts.api.getOrCreateMachine({
+      machineId: opts.machineId,
+      metadata: opts.metadata,
+      daemonState: opts.daemonState
+    });
+    daemonHasAuthenticatedSync = true;
+    persistence.logger.debug(`[DAEMON RUN] Machine registered: ${machine.id}`);
+  } catch (error) {
+    if (!persistence.isAuthenticationRequiredError(error)) {
+      throw error;
+    }
+    persistence.logger.warn(
+      "[DAEMON RUN] Machine registration rejected by the server. Continuing with local-only daemon control until authentication is refreshed.",
+      error instanceof Error ? error.message : String(error)
+    );
+    try {
+      await userScopedObserver?.close();
+    } catch (observerCloseError) {
+      persistence.logger.debug("[DAEMON RUN] Failed to close user-scoped observer after auth fallback", observerCloseError);
+    }
+    userScopedObserver = null;
+  }
+  return {
+    machine,
+    daemonHasAuthenticatedSync,
+    userScopedObserver
+  };
+}
+
 const NON_SESSION_PROCESS_TYPES$1 = /* @__PURE__ */ new Set([
   "current",
   "daemon",
@@ -2988,28 +3046,6 @@ const initialMachineMetadata = {
   happyHomeDir: persistence.configuration.happyCloudHomeDir,
   happyLibDir: projectPath()
 };
-function createOfflineMachine(credentials, machineId, daemonState) {
-  if (credentials.encryption.type === "dataKey") {
-    return {
-      id: machineId,
-      encryptionKey: credentials.encryption.machineKey,
-      encryptionVariant: "dataKey",
-      metadata: initialMachineMetadata,
-      metadataVersion: 0,
-      daemonState,
-      daemonStateVersion: 0
-    };
-  }
-  return {
-    id: machineId,
-    encryptionKey: credentials.encryption.secret,
-    encryptionVariant: "legacy",
-    metadata: initialMachineMetadata,
-    metadataVersion: 0,
-    daemonState,
-    daemonStateVersion: 0
-  };
-}
 async function getProfileEnvironmentVariablesForAgent(profileId, agentType) {
   try {
     const settings = await persistence.readSettings();
@@ -3584,31 +3620,16 @@ ${stderrSnapshot}`);
         persistence.logger.debug("[DAEMON RUN] Failed to start user-scoped observer, continuing without it", error);
       }
     }
-    let machine = createOfflineMachine(credentials, machineId, initialDaemonState);
-    let daemonHasAuthenticatedSync = false;
-    try {
-      machine = await activeApi.getOrCreateMachine({
-        machineId,
-        metadata: initialMachineMetadata,
-        daemonState: initialDaemonState
-      });
-      daemonHasAuthenticatedSync = true;
-      persistence.logger.debug(`[DAEMON RUN] Machine registered: ${machine.id}`);
-    } catch (error) {
-      if (!persistence.isAuthenticationRequiredError(error)) {
-        throw error;
-      }
-      persistence.logger.warn(
-        "[DAEMON RUN] Machine registration rejected by the server. Continuing with local-only daemon control until authentication is refreshed.",
-        error instanceof Error ? error.message : String(error)
-      );
-      try {
-        await userScopedObserver?.close();
-      } catch (observerCloseError) {
-        persistence.logger.debug("[DAEMON RUN] Failed to close user-scoped observer after auth fallback", observerCloseError);
-      }
-      userScopedObserver = null;
-    }
+    const machineRegistration = await registerDaemonMachine({
+      api: activeApi,
+      credentials,
+      machineId,
+      metadata: initialMachineMetadata,
+      daemonState: initialDaemonState,
+      userScopedObserver
+    });
+    const { machine, daemonHasAuthenticatedSync } = machineRegistration;
+    userScopedObserver = machineRegistration.userScopedObserver;
     const apiMachine = daemonHasAuthenticatedSync ? activeApi.machineSyncClient(machine) : null;
     apiMachine?.setRPCHandlers({
       spawnSession,
@@ -5029,6 +5050,291 @@ async function handleHappyOrgCommand(args, deps = {}) {
   throw new Error(`Unknown happy-org subcommand: ${subcommand}`);
 }
 
+const AGENT_SEND_AES_KEY_REQUIRED_MESSAGE = "Enterprise mode requires an AES key. Pass --aes-key or authenticate with a server response that includes credentials.aesKey.";
+const AGENT_SEND_E2EE_LEGACY_REQUIRED_MESSAGE = "Legacy e2ee mode is only available for legacy credentials. Use --mode enterprise or re-authenticate with a legacy account.";
+async function handleAgentCommand(args) {
+  const subcommand = args[0];
+  if (!subcommand || subcommand === "help" || subcommand === "--help" || subcommand === "-h") {
+    showAgentHelp();
+    return;
+  }
+  if (subcommand === "send") {
+    await handleAgentSend(args.slice(1));
+    return;
+  }
+  console.error(chalk.red(`Unknown agent subcommand: ${subcommand}`));
+  showAgentHelp();
+  process.exit(1);
+}
+function showAgentHelp() {
+  console.log(`
+${chalk.bold("hicloud agent")} - Enterprise task communication relay
+
+${chalk.bold("Usage:")}
+  hicloud agent send --session <id> --message <json>
+  hicloud agent send --session <id> --message <json> --mode enterprise
+  hicloud agent send --session <id> --message <json> --mode e2ee
+  hicloud agent help
+
+${chalk.bold("Options:")}
+  --session <id>      Target session ID (alias: --session-id)
+  --message <json>    App-display-compatible JSON message
+  --mode <mode>       Communication mode: e2ee (default), enterprise, or aes
+  --aes-key <hex>     Override enterprise AES key with a 64-char hex value
+
+${chalk.bold("Message format:")}
+  {"role":"user","content":{"type":"text","text":"Hello"}}
+  {"role":"agent","content":{"type":"output","data":{"message":"Task complete"}}}
+
+  Optional meta fields such as meta.happyOrg are preserved so task replay and
+  audit linkage survive enterprise communication writes.
+
+${chalk.bold("Communication modes:")}
+  e2ee        Legacy-compatible end-to-end encryption using legacy credentials.
+              This mode stays explicit and is never auto-selected as a fallback.
+  enterprise  Enterprise-managed AES-256-GCM mode. Server decrypts authorized
+  aes         plaintext for replay/audit. Requires an AES key.
+
+${chalk.bold("Examples:")}
+  hicloud agent send --session sess_abc123 --message '{"role":"user","content":{"type":"text","text":"Review this PR"}}'
+  hicloud agent send --session sess_abc123 --message '{"role":"user","content":{"type":"text","text":"Review enterprise trace"},"meta":{"happyOrg":{"taskContext":{"taskId":"task-1","organizationId":"org-1","memberAgentId":"member-1","supervisorAgentId":"ceo-1"},"replyContext":{"dispatchId":"dispatch-1","scope":"cli-agent","replyTo":"ceo-1"}}}}' --mode enterprise
+`);
+}
+async function handleAgentSend(args) {
+  const opts = parseAgentSendArgs(args);
+  if (!opts) {
+    process.exit(1);
+    return;
+  }
+  let parsedMessage;
+  try {
+    parsedMessage = JSON.parse(opts.messageJson);
+  } catch {
+    console.error(chalk.red("Error: Message must be valid JSON."));
+    process.exit(1);
+    return;
+  }
+  if (!validateAgentSendMessage(parsedMessage)) {
+    console.error(chalk.red("Error: Message does not match the App display schema."));
+    console.error(chalk.yellow('Expected: {"role":"user","content":{"type":"text","text":"..."}} or {"role":"agent","content":{"type":"output","data":{...}}}.'));
+    process.exit(1);
+    return;
+  }
+  const credentials = await persistence.readCredentials();
+  if (!credentials) {
+    console.error(chalk.red('Error: Not authenticated. Please run "hicloud auth login" first.'));
+    process.exit(1);
+    return;
+  }
+  let resolved;
+  try {
+    resolved = resolveAgentSendOptions(opts, parsedMessage, credentials);
+  } catch (error) {
+    console.error(chalk.red(`Error: ${error instanceof Error ? error.message : "Unknown error"}`));
+    process.exit(1);
+    return;
+  }
+  console.log(chalk.bold(`
+Sending message to session: ${resolved.sessionId}`));
+  console.log(chalk.gray(`Communication mode: ${resolved.encryptionMode === "aes" ? "enterprise (aes)" : "legacy e2ee"}`));
+  console.log(chalk.gray(`Server: ${persistence.configuration.serverUrl}`));
+  await sendMessage({
+    ...resolved,
+    credentials
+  });
+}
+function validateAgentSendMessage(message) {
+  return persistence.MessageContentSchema.safeParse(message).success;
+}
+function resolveAgentSendOptions(opts, messageContent, credentials) {
+  if (opts.requestedMode === "aes") {
+    const aesKey = opts.aesKey ?? credentials.aesKey ?? void 0;
+    if (!aesKey) {
+      throw new Error(AGENT_SEND_AES_KEY_REQUIRED_MESSAGE);
+    }
+    if (!/^[0-9a-fA-F]{64}$/.test(aesKey)) {
+      throw new Error("Enterprise AES key must be a 64-character hex string.");
+    }
+    return {
+      sessionId: opts.sessionId,
+      messageContent,
+      encryptionMode: "aes",
+      aesKey
+    };
+  }
+  if (credentials.encryption.type !== "legacy") {
+    throw new Error(AGENT_SEND_E2EE_LEGACY_REQUIRED_MESSAGE);
+  }
+  return {
+    sessionId: opts.sessionId,
+    messageContent,
+    encryptionMode: "e2ee",
+    encryptionKey: credentials.encryption.secret,
+    encryptionVariant: "legacy"
+  };
+}
+async function sendMessage(opts) {
+  let socket;
+  let resolved = false;
+  return await new Promise((resolve, reject) => {
+    socket = socket_ioClient.io(persistence.configuration.serverUrl, {
+      auth: (cb) => {
+        cb(persistence.buildSocketAuth({
+          credentials: opts.credentials,
+          clientType: "session-scoped",
+          sessionId: opts.sessionId
+        }));
+      },
+      path: "/v1/updates",
+      transports: ["websocket"],
+      reconnection: false,
+      timeout: 1e4
+    });
+    const timeout = setTimeout(() => {
+      if (!resolved) {
+        resolved = true;
+        socket?.close();
+        reject(new Error("Connection timeout"));
+      }
+    }, 1e4);
+    socket.on("connect", () => {
+      console.log(chalk.green("Connected to server"));
+    });
+    socket.on("connect_error", (err) => {
+      if (!resolved) {
+        resolved = true;
+        clearTimeout(timeout);
+        socket?.close();
+        reject(new Error(`Connection error: ${err.message}`));
+      }
+    });
+    socket.on("error", (err) => {
+      if (!resolved) {
+        resolved = true;
+        clearTimeout(timeout);
+        socket?.close();
+        reject(new Error(`Socket error: ${err}`));
+      }
+    });
+    const localId = `agent-${node_crypto.randomUUID()}`;
+    const payload = {
+      sid: opts.sessionId,
+      localId
+    };
+    if (opts.encryptionMode === "aes") {
+      const encrypted = encryptAesJson(JSON.stringify(opts.messageContent), opts.aesKey);
+      if (!encrypted) {
+        clearTimeout(timeout);
+        if (!resolved) {
+          resolved = true;
+          socket?.close();
+          reject(new Error("AES encryption failed"));
+        }
+        return;
+      }
+      payload.message = encrypted;
+      payload.encryptionMode = "aes";
+    } else {
+      payload.message = persistence.encodeBase64(persistence.encrypt(opts.encryptionKey, opts.encryptionVariant, opts.messageContent));
+    }
+    socket.emit("message", payload, (ack) => {
+      clearTimeout(timeout);
+      if (!resolved) {
+        resolved = true;
+        socket?.close();
+        if (ack?.ok) {
+          console.log(chalk.green("\nMessage sent successfully!"));
+          console.log(chalk.gray(`  messageId: ${ack.messageId ?? "unknown"}`));
+          console.log(chalk.gray(`  status:   ${ack.status ?? "accepted"}`));
+          resolve();
+        } else {
+          reject(new Error(`Message rejected: ${ack?.error ?? "unknown"}`));
+        }
+      }
+    });
+  });
+}
+function encryptAesJson(jsonMessage, aesKeyHex) {
+  try {
+    const key = Buffer.from(aesKeyHex, "hex");
+    if (key.length !== 32) {
+      return null;
+    }
+    const nonce = node_crypto.randomBytes(12);
+    const cipher = node_crypto.createCipheriv("aes-256-gcm", key, nonce);
+    const plaintext = Buffer.from(jsonMessage, "utf8");
+    const encrypted = Buffer.concat([cipher.update(plaintext), cipher.final()]);
+    const authTag = cipher.getAuthTag();
+    const bundle = Buffer.alloc(1 + 12 + encrypted.length + 16);
+    bundle.writeUInt8(0, 0);
+    nonce.copy(bundle, 1);
+    encrypted.copy(bundle, 13);
+    authTag.copy(bundle, 13 + encrypted.length);
+    return bundle.toString("base64");
+  } catch {
+    return null;
+  }
+}
+function parseAgentSendArgs(args) {
+  let sessionId;
+  let messageJson;
+  let requestedMode = "e2ee";
+  let aesKey;
+  for (let index = 0; index < args.length; index += 1) {
+    const arg = args[index];
+    if (arg === "--session" || arg === "-s" || arg === "--session-id") {
+      sessionId = args[index + 1];
+      index += 1;
+      continue;
+    }
+    if (arg === "--message" || arg === "-m") {
+      messageJson = args[index + 1];
+      index += 1;
+      continue;
+    }
+    if (arg === "--mode" || arg === "--encryption" || arg === "--encryption-mode") {
+      const mode = args[index + 1]?.toLowerCase();
+      index += 1;
+      if (mode === "enterprise" || mode === "aes") {
+        requestedMode = "aes";
+        continue;
+      }
+      if (mode === "e2ee") {
+        requestedMode = "e2ee";
+        continue;
+      }
+      console.error(chalk.red(`Unknown communication mode: ${mode}. Use 'e2ee', 'enterprise', or 'aes'.`));
+      return null;
+    }
+    if (arg === "--aes-key") {
+      aesKey = args[index + 1];
+      index += 1;
+      continue;
+    }
+    if (arg === "--help" || arg === "-h") {
+      showAgentHelp();
+      return null;
+    }
+    if (!arg.startsWith("-")) {
+      messageJson ??= arg;
+    }
+  }
+  if (!sessionId) {
+    console.error(chalk.red("Error: --session <sessionId> or --session-id <sessionId> is required."));
+    return null;
+  }
+  if (!messageJson) {
+    console.error(chalk.red("Error: --message <json> is required."));
+    return null;
+  }
+  return {
+    sessionId,
+    messageJson,
+    requestedMode,
+    aesKey
+  };
+}
+
 function getProjectPath(workingDirectory, claudeConfigDirOverride) {
   const projectId = path.resolve(workingDirectory).replace(/[^a-zA-Z0-9-]/g, "-");
   const claudeConfigDirRaw = process.env.CLAUDE_CONFIG_DIR ?? "";
@@ -9143,7 +9449,7 @@ class AbortError extends Error {
   }
 }
 
-const __filename$1 = node_url.fileURLToPath((typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('index-D4A092LJ.cjs', document.baseURI).href)));
+const __filename$1 = node_url.fileURLToPath((typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('index-yX0QThPc.cjs', document.baseURI).href)));
 const __dirname$1 = path.join(__filename$1, "..");
 function getGlobalClaudeVersion() {
   try {
@@ -10462,14 +10768,14 @@ var launch = /*#__PURE__*/Object.freeze({
 const unifiedProviderExecutors = {
   claude: async (opts) => {
     const claudeOptions = opts.claudeOptions ?? {};
-    const { runClaude } = await Promise.resolve().then(function () { return require('./runClaude-DmXinUiz.cjs'); });
+    const { runClaude } = await Promise.resolve().then(function () { return require('./runClaude-5moKE082.cjs'); });
     await runClaude(opts.credentials, {
       ...claudeOptions,
       startingMode: claudeOptions.startingMode ?? (claudeOptions.startedBy === "daemon" ? "remote" : void 0)
     });
   },
   codex: async (opts) => {
-    const { runCodex } = await Promise.resolve().then(function () { return require('./runCodex-CoqsQ-cb.cjs'); });
+    const { runCodex } = await Promise.resolve().then(function () { return require('./runCodex-BJn5KMLg.cjs'); });
     await runCodex({
       credentials: opts.credentials,
       startedBy: opts.startedBy,
@@ -10478,7 +10784,7 @@ const unifiedProviderExecutors = {
     });
   },
   gemini: async (opts) => {
-    const { runGemini } = await Promise.resolve().then(function () { return require('./runGemini-BC_5rNMt.cjs'); });
+    const { runGemini } = await Promise.resolve().then(function () { return require('./runGemini-CWG0QweX.cjs'); });
     await runGemini({
       credentials: opts.credentials,
       startedBy: opts.startedBy
@@ -10561,7 +10867,7 @@ function shouldRunMainClaudeFlow(opts) {
     return;
   } else if (subcommand === "runtime") {
     if (args[1] === "providers") {
-      const { renderRuntimeProviders } = await Promise.resolve().then(function () { return require('./command-79M8Bz4I.cjs'); });
+      const { renderRuntimeProviders } = await Promise.resolve().then(function () { return require('./command-Cp_bgCOD.cjs'); });
       console.log(renderRuntimeProviders());
       return;
     }
@@ -10623,6 +10929,17 @@ function shouldRunMainClaudeFlow(opts) {
       process.exit(1);
     }
     return;
+  } else if (subcommand === "agent") {
+    try {
+      await handleAgentCommand(args.slice(1));
+    } catch (error) {
+      console.error(chalk.red("Error:"), error instanceof Error ? error.message : "Unknown error");
+      if (process.env.DEBUG) {
+        console.error(error);
+      }
+      process.exit(1);
+    }
+    return;
   } else if (subcommand === "codex") {
     try {
       let startedBy = void 0;
@@ -10750,8 +11067,8 @@ function shouldRunMainClaudeFlow(opts) {
       const projectId = args[3];
       try {
         const { saveGoogleCloudProjectToConfig } = await Promise.resolve().then(function () { return config; });
-        const { readCredentials: readCredentials2 } = await Promise.resolve().then(function () { return require('./api-8xtJZeXZ.cjs'); }).then(function (n) { return n.persistence; });
-        const { ApiClient: ApiClient2 } = await Promise.resolve().then(function () { return require('./api-8xtJZeXZ.cjs'); }).then(function (n) { return n.api; });
+        const { readCredentials: readCredentials2 } = await Promise.resolve().then(function () { return require('./api-CusZs0lm.cjs'); }).then(function (n) { return n.persistence; });
+        const { ApiClient: ApiClient2 } = await Promise.resolve().then(function () { return require('./api-CusZs0lm.cjs'); }).then(function (n) { return n.api; });
         let userEmail = void 0;
         try {
           const credentials = await readCredentials2();

package/dist/index.cjs

@@ -1,9 +1,9 @@
 'use strict';
 
 require('chalk');
-require('./api-8xtJZeXZ.cjs');
+require('./api-CusZs0lm.cjs');
 require('zod');
-require('./index-D4A092LJ.cjs');
+require('./index-yX0QThPc.cjs');
 require('node:child_process');
 require('node:fs');
 require('cross-spawn');

package/dist/index.mjs

@@ -1,7 +1,7 @@
 import 'chalk';
-import './api-DB30ctmX.mjs';
+import './api-CDC4ZRT7.mjs';
 import 'zod';
-import './index-krVv4CWK.mjs';
+import './index-CFLvb1x1.mjs';
 import 'node:child_process';
 import 'node:fs';
 import 'cross-spawn';

package/dist/lib.cjs

@@ -1,6 +1,6 @@
 'use strict';
 
-var persistence = require('./api-8xtJZeXZ.cjs');
+var persistence = require('./api-CusZs0lm.cjs');
 var types = require('./types-DVk3crez.cjs');
 require('axios');
 require('chalk');