heyhank 0.1.0

package/server/routes/agent-routes.ts

@@ -0,0 +1,264 @@
+import crypto from "node:crypto";
+import type { Hono } from "hono";
+import * as agentStore from "../agent-store.js";
+import type { AgentExecutor } from "../agent-executor.js";
+import type { AgentConfig, AgentConfigCreateInput, AgentConfigExport } from "../agent-types.js";
+
+/** Fields the user can set when creating/updating an agent */
+const EDITABLE_FIELDS = [
+  "name", "description", "icon", "version",
+  "backendType", "model", "permissionMode", "cwd",
+  "envSlug", "env", "allowedTools", "codexInternetAccess",
+  "prompt", "mcpServers", "skills",
+  "container", "branch", "createBranch", "useWorktree",
+  "triggers", "enabled",
+] as const;
+
+function pickEditable(body: Record<string, unknown>): Partial<AgentConfig> {
+  const result: Record<string, unknown> = {};
+  for (const key of EDITABLE_FIELDS) {
+    if (key in body) result[key] = body[key];
+  }
+  return result as Partial<AgentConfig>;
+}
+
+function buildCreateInput(
+  body: Record<string, unknown>,
+  overrides?: Partial<Pick<AgentConfigCreateInput, "enabled" | "version">>,
+): AgentConfigCreateInput {
+  return {
+    version: overrides?.version ?? 1,
+    name: (body.name as string | undefined) || "",
+    description: (body.description as string | undefined) || "",
+    icon: body.icon as string | undefined,
+    backendType: (body.backendType as AgentConfig["backendType"] | undefined) || "claude",
+    model: (body.model as string | undefined) || "",
+    permissionMode: (body.permissionMode as string | undefined) || "bypassPermissions",
+    cwd: (body.cwd as string | undefined) || "",
+    envSlug: body.envSlug as string | undefined,
+    env: body.env as Record<string, string> | undefined,
+    allowedTools: body.allowedTools as string[] | undefined,
+    codexInternetAccess: body.codexInternetAccess as boolean | undefined,
+    prompt: (body.prompt as string | undefined) || "",
+    mcpServers: body.mcpServers as AgentConfig["mcpServers"] | undefined,
+    skills: body.skills as string[] | undefined,
+    container: body.container as AgentConfig["container"] | undefined,
+    branch: body.branch as string | undefined,
+    createBranch: body.createBranch as boolean | undefined,
+    useWorktree: body.useWorktree as boolean | undefined,
+    triggers: body.triggers as AgentConfig["triggers"] | undefined,
+    enabled: overrides?.enabled ?? ((body.enabled as boolean | undefined) ?? true),
+  };
+}
+
+/** Sanitize agent before sending to the browser */
+function sanitizeAgent(agent: AgentConfig & { nextRunAt?: number | null }): Record<string, unknown> {
+  return agent as unknown as Record<string, unknown>;
+}
+
+/** Strip internal tracking fields to produce a portable export */
+function toExport(agent: AgentConfig): AgentConfigExport {
+  const {
+    id: _id,
+    createdAt: _ca,
+    updatedAt: _ua,
+    totalRuns: _tr,
+    consecutiveFailures: _cf,
+    lastRunAt: _lr,
+    lastSessionId: _ls,
+    enabled: _en,
+    ...exportable
+  } = agent;
+  return exportable;
+}
+
+export function registerAgentRoutes(
+  api: Hono,
+  agentExecutor?: AgentExecutor,
+): void {
+  // ── CRUD ────────────────────────────────────────────────────────────────
+
+  api.get("/agents", (c) => {
+    const agents = agentStore.listAgents();
+    const enriched = agents.map((a) => sanitizeAgent({
+      ...a,
+      nextRunAt: agentExecutor?.getNextRunTime(a.id)?.getTime() ?? null,
+    }));
+    return c.json(enriched);
+  });
+
+  api.get("/agents/:id", (c) => {
+    const agent = agentStore.getAgent(c.req.param("id"));
+    if (!agent) return c.json({ error: "Agent not found" }, 404);
+    return c.json(sanitizeAgent({
+      ...agent,
+      nextRunAt: agentExecutor?.getNextRunTime(agent.id)?.getTime() ?? null,
+    }));
+  });
+
+  api.post("/agents", async (c) => {
+    const body = await c.req.json().catch(() => ({}));
+    try {
+      const agent = agentStore.createAgent(buildCreateInput(body));
+
+      if (agent.enabled && agent.triggers?.schedule?.enabled) {
+        agentExecutor?.scheduleAgent(agent);
+      }
+      return c.json(sanitizeAgent({ ...agent, nextRunAt: null }), 201);
+    } catch (e: unknown) {
+      return c.json({ error: e instanceof Error ? e.message : String(e) }, 400);
+    }
+  });
+
+  api.put("/agents/:id", async (c) => {
+    const id = c.req.param("id");
+    const body = await c.req.json().catch(() => ({}));
+    try {
+      const allowed = pickEditable(body);
+      const agent = agentStore.updateAgent(id, allowed);
+      if (!agent) return c.json({ error: "Agent not found" }, 404);
+      // Stop old timer (id may differ after a rename)
+      if (agent.id !== id) {
+        agentExecutor?.stopAgent(id);
+      }
+      // Reschedule if enabled
+      if (agent.enabled && agent.triggers?.schedule?.enabled) {
+        agentExecutor?.scheduleAgent(agent);
+      } else {
+        agentExecutor?.stopAgent(agent.id);
+      }
+      return c.json(sanitizeAgent({ ...agent, nextRunAt: agentExecutor?.getNextRunTime(agent.id)?.getTime() ?? null }));
+    } catch (e: unknown) {
+      return c.json({ error: e instanceof Error ? e.message : String(e) }, 400);
+    }
+  });
+
+  api.delete("/agents/:id", (c) => {
+    const id = c.req.param("id");
+    agentExecutor?.stopAgent(id);
+    const deleted = agentStore.deleteAgent(id);
+    if (!deleted) return c.json({ error: "Agent not found" }, 404);
+    return c.json({ ok: true });
+  });
+
+  // ── Toggle ──────────────────────────────────────────────────────────────
+
+  api.post("/agents/:id/toggle", (c) => {
+    const id = c.req.param("id");
+    const agent = agentStore.getAgent(id);
+    if (!agent) return c.json({ error: "Agent not found" }, 404);
+    const updated = agentStore.updateAgent(id, { enabled: !agent.enabled });
+    if (updated?.enabled && updated.triggers?.schedule?.enabled) {
+      agentExecutor?.scheduleAgent(updated);
+    } else if (updated) {
+      agentExecutor?.stopAgent(updated.id);
+    }
+    return c.json(updated ? sanitizeAgent({ ...updated, nextRunAt: agentExecutor?.getNextRunTime(updated.id)?.getTime() ?? null }) : updated);
+  });
+
+  // ── Run (manual trigger) ───────────────────────────────────────────────
+
+  api.post("/agents/:id/run", async (c) => {
+    const id = c.req.param("id");
+    const agent = agentStore.getAgent(id);
+    if (!agent) return c.json({ error: "Agent not found" }, 404);
+    const body = await c.req.json().catch(() => ({}));
+    const input = typeof body.input === "string" ? body.input : undefined;
+    try {
+      const sessionInfo = await agentExecutor?.executeAgent(id, input, { force: true, triggerType: "manual" });
+      return c.json({
+        ok: true,
+        message: "Agent triggered",
+        sessionId: sessionInfo?.sessionId || null,
+        agentName: agent.name,
+      });
+    } catch (err) {
+      return c.json({ ok: false, error: err instanceof Error ? err.message : String(err) }, 500);
+    }
+  });
+
+  // ── Executions ─────────────────────────────────────────────────────────
+
+  api.get("/agents/:id/executions", (c) => {
+    const id = c.req.param("id");
+    return c.json(agentExecutor?.getExecutions(id) ?? []);
+  });
+
+  /** List executions across all agents with filtering and pagination (for Runs view). */
+  api.get("/executions", (c) => {
+    const agentId = c.req.query("agentId");
+    const triggerType = c.req.query("triggerType");
+    const rawStatus = c.req.query("status");
+    const status = (rawStatus === "running" || rawStatus === "success" || rawStatus === "error")
+      ? rawStatus : undefined;
+    const limit = Math.min(Math.max(Number(c.req.query("limit")) || 50, 1), 500);
+    const offset = Math.max(Number(c.req.query("offset")) || 0, 0);
+    return c.json(agentExecutor?.listAllExecutions({ agentId, triggerType, status, limit, offset }) ?? { executions: [], total: 0 });
+  });
+
+  // ── Import / Export ────────────────────────────────────────────────────
+
+  api.post("/agents/import", async (c) => {
+    const body = await c.req.json().catch(() => ({}));
+    try {
+      // Accept an exported agent JSON and create a new agent from it
+      const agent = agentStore.createAgent(buildCreateInput(body, {
+        version: (body.version as AgentConfigCreateInput["version"] | undefined) || 1,
+        enabled: false, // Imported agents start disabled for safety
+      }));
+      return c.json(sanitizeAgent({ ...agent, nextRunAt: null }), 201);
+    } catch (e: unknown) {
+      return c.json({ error: e instanceof Error ? e.message : String(e) }, 400);
+    }
+  });
+
+  api.get("/agents/:id/export", (c) => {
+    const agent = agentStore.getAgent(c.req.param("id"));
+    if (!agent) return c.json({ error: "Agent not found" }, 404);
+    return c.json(toExport(agent));
+  });
+
+  // ── Webhook Secret ─────────────────────────────────────────────────────
+
+  api.post("/agents/:id/regenerate-secret", (c) => {
+    const id = c.req.param("id");
+    const agent = agentStore.regenerateWebhookSecret(id);
+    if (!agent) return c.json({ error: "Agent not found" }, 404);
+    return c.json(sanitizeAgent({ ...agent, nextRunAt: agentExecutor?.getNextRunTime(agent.id)?.getTime() ?? null }));
+  });
+
+  // ── Webhook Trigger ────────────────────────────────────────────────────
+
+  api.post("/agents/:id/webhook/:secret", async (c) => {
+    const id = c.req.param("id");
+    const secret = c.req.param("secret");
+
+    const agent = agentStore.getAgent(id);
+    if (!agent) return c.json({ error: "Agent not found" }, 404);
+
+    // Validate webhook is enabled and secret matches
+    if (!agent.triggers?.webhook?.enabled) {
+      return c.json({ error: "Webhook not enabled for this agent" }, 403);
+    }
+    // Use constant-time comparison to prevent timing attacks
+    const expected = Buffer.from(agent.triggers.webhook.secret);
+    const received = Buffer.from(secret);
+    if (expected.length !== received.length || !crypto.timingSafeEqual(expected, received)) {
+      return c.json({ error: "Invalid webhook secret" }, 401);
+    }
+
+    // Extract input from body — accept JSON { input: "..." } or plain text
+    let input: string | undefined;
+    const contentType = c.req.header("content-type") || "";
+    if (contentType.includes("application/json")) {
+      const body = await c.req.json().catch(() => ({}));
+      input = typeof body.input === "string" ? body.input : undefined;
+    } else {
+      const text = await c.req.text().catch(() => "");
+      if (text.trim()) input = text.trim();
+    }
+
+    agentExecutor?.executeAgentManually(id, input);
+    return c.json({ ok: true, message: "Agent triggered via webhook" });
+  });
+}

package/server/routes/assistant-routes.ts

@@ -0,0 +1,90 @@
+// ─── Assistant Routes ─────────────────────────────────────────────────────────
+// REST API for todos, notes, and reminders.
+
+import type { Hono } from "hono";
+import * as store from "../assistant-store.js";
+
+export function registerAssistantRoutes(api: Hono): void {
+  // ─── Todos ──────────────────────────────────────────────────────────
+
+  api.get("/assistant/todos", (c) => {
+    const done = c.req.query("done");
+    const priority = c.req.query("priority");
+    const category = c.req.query("category");
+    const filter: { done?: boolean; priority?: string; category?: string } = {};
+    if (done !== undefined) filter.done = done === "true";
+    if (priority) filter.priority = priority;
+    if (category) filter.category = category;
+    return c.json({ todos: store.listTodos(filter) });
+  });
+
+  api.post("/assistant/todos", async (c) => {
+    const body = await c.req.json<{ text: string; priority?: string; category?: string }>();
+    if (!body.text) return c.json({ error: "text is required" }, 400);
+    const todo = store.addTodo(body.text, body.priority, body.category);
+    return c.json(todo);
+  });
+
+  api.patch("/assistant/todos/:id", async (c) => {
+    const id = c.req.param("id");
+    const body = await c.req.json<{ text?: string; priority?: string; category?: string; done?: boolean }>();
+    if (body.done === true) {
+      const todo = store.completeTodo(id);
+      if (!todo) return c.json({ error: "not found" }, 404);
+      return c.json(todo);
+    }
+    const todo = store.updateTodo(id, body);
+    if (!todo) return c.json({ error: "not found" }, 404);
+    return c.json(todo);
+  });
+
+  api.delete("/assistant/todos/:id", (c) => {
+    const ok = store.deleteTodo(c.req.param("id"));
+    return c.json({ ok });
+  });
+
+  // ─── Notes ──────────────────────────────────────────────────────────
+
+  api.get("/assistant/notes", (c) => {
+    const search = c.req.query("search");
+    return c.json({ notes: store.listNotes(search) });
+  });
+
+  api.post("/assistant/notes", async (c) => {
+    const body = await c.req.json<{ title: string; content: string; tags?: string[] }>();
+    if (!body.title) return c.json({ error: "title is required" }, 400);
+    const note = store.addNote(body.title, body.content || "", body.tags);
+    return c.json(note);
+  });
+
+  api.patch("/assistant/notes/:id", async (c) => {
+    const body = await c.req.json<{ title?: string; content?: string; tags?: string[] }>();
+    const note = store.updateNote(c.req.param("id"), body);
+    if (!note) return c.json({ error: "not found" }, 404);
+    return c.json(note);
+  });
+
+  api.delete("/assistant/notes/:id", (c) => {
+    const ok = store.deleteNote(c.req.param("id"));
+    return c.json({ ok });
+  });
+
+  // ─── Reminders ──────────────────────────────────────────────────────
+
+  api.get("/assistant/reminders", (c) => {
+    const all = c.req.query("all") === "true";
+    return c.json({ reminders: store.listReminders(all) });
+  });
+
+  api.post("/assistant/reminders", async (c) => {
+    const body = await c.req.json<{ text: string; triggerAt: string }>();
+    if (!body.text || !body.triggerAt) return c.json({ error: "text and triggerAt required" }, 400);
+    const reminder = store.addReminder(body.text, body.triggerAt);
+    return c.json(reminder);
+  });
+
+  api.delete("/assistant/reminders/:id", (c) => {
+    const ok = store.deleteReminder(c.req.param("id"));
+    return c.json({ ok });
+  });
+}

package/server/routes/cron-routes.ts

@@ -0,0 +1,103 @@
+import type { Hono } from "hono";
+import * as cronStore from "../cron-store.js";
+import type { CronScheduler } from "../cron-scheduler.js";
+
+export function registerCronRoutes(
+  api: Hono,
+  cronScheduler?: CronScheduler,
+): void {
+  api.get("/cron/jobs", (c) => {
+    const jobs = cronStore.listJobs();
+    const enriched = jobs.map((j) => ({
+      ...j,
+      nextRunAt: cronScheduler?.getNextRunTime(j.id)?.getTime() ?? null,
+    }));
+    return c.json(enriched);
+  });
+
+  api.get("/cron/jobs/:id", (c) => {
+    const job = cronStore.getJob(c.req.param("id"));
+    if (!job) return c.json({ error: "Job not found" }, 404);
+    return c.json({
+      ...job,
+      nextRunAt: cronScheduler?.getNextRunTime(job.id)?.getTime() ?? null,
+    });
+  });
+
+  api.post("/cron/jobs", async (c) => {
+    const body = await c.req.json().catch(() => ({}));
+    try {
+      const job = cronStore.createJob({
+        name: body.name || "",
+        prompt: body.prompt || "",
+        schedule: body.schedule || "",
+        recurring: body.recurring ?? true,
+        backendType: body.backendType || "claude",
+        model: body.model || "",
+        cwd: body.cwd || "",
+        envSlug: body.envSlug,
+        enabled: body.enabled ?? true,
+        permissionMode: body.permissionMode || "bypassPermissions",
+        codexInternetAccess: body.codexInternetAccess,
+      });
+      if (job.enabled) cronScheduler?.scheduleJob(job);
+      return c.json(job, 201);
+    } catch (e: unknown) {
+      return c.json({ error: e instanceof Error ? e.message : String(e) }, 400);
+    }
+  });
+
+  api.put("/cron/jobs/:id", async (c) => {
+    const id = c.req.param("id");
+    const body = await c.req.json().catch(() => ({}));
+    try {
+      // Only allow user-editable fields — prevent tampering with internal tracking
+      const allowed: Record<string, unknown> = {};
+      for (const key of ["name", "prompt", "schedule", "recurring", "backendType", "model", "cwd", "envSlug", "enabled", "permissionMode", "codexInternetAccess"] as const) {
+        if (key in body) allowed[key] = body[key];
+      }
+      const job = cronStore.updateJob(id, allowed);
+      if (!job) return c.json({ error: "Job not found" }, 404);
+      // Stop the old timer (id may differ from job.id after a rename)
+      if (job.id !== id) cronScheduler?.stopJob(id);
+      cronScheduler?.scheduleJob(job);
+      return c.json(job);
+    } catch (e: unknown) {
+      return c.json({ error: e instanceof Error ? e.message : String(e) }, 400);
+    }
+  });
+
+  api.delete("/cron/jobs/:id", (c) => {
+    const id = c.req.param("id");
+    cronScheduler?.stopJob(id);
+    const deleted = cronStore.deleteJob(id);
+    if (!deleted) return c.json({ error: "Job not found" }, 404);
+    return c.json({ ok: true });
+  });
+
+  api.post("/cron/jobs/:id/toggle", (c) => {
+    const id = c.req.param("id");
+    const job = cronStore.getJob(id);
+    if (!job) return c.json({ error: "Job not found" }, 404);
+    const updated = cronStore.updateJob(id, { enabled: !job.enabled });
+    if (updated?.enabled) {
+      cronScheduler?.scheduleJob(updated);
+    } else {
+      cronScheduler?.stopJob(id);
+    }
+    return c.json(updated);
+  });
+
+  api.post("/cron/jobs/:id/run", (c) => {
+    const id = c.req.param("id");
+    const job = cronStore.getJob(id);
+    if (!job) return c.json({ error: "Job not found" }, 404);
+    cronScheduler?.executeJobManually(id);
+    return c.json({ ok: true, message: "Job triggered" });
+  });
+
+  api.get("/cron/jobs/:id/executions", (c) => {
+    const id = c.req.param("id");
+    return c.json(cronScheduler?.getExecutions(id) ?? []);
+  });
+}

package/server/routes/env-routes.ts

@@ -0,0 +1,95 @@
+import { existsSync } from "node:fs";
+import type { Hono } from "hono";
+import { join } from "node:path";
+import * as envManager from "../env-manager.js";
+import { containerManager } from "../container-manager.js";
+import { imagePullManager } from "../image-pull-manager.js";
+
+export function registerEnvRoutes(
+  api: Hono,
+  options: { webDir: string },
+): void {
+  api.get("/envs", (c) => {
+    try {
+      return c.json(envManager.listEnvs());
+    } catch (e: unknown) {
+      return c.json({ error: e instanceof Error ? e.message : String(e) }, 500);
+    }
+  });
+
+  api.get("/envs/:slug", (c) => {
+    const env = envManager.getEnv(c.req.param("slug"));
+    if (!env) return c.json({ error: "Environment not found" }, 404);
+    return c.json(env);
+  });
+
+  api.post("/envs", async (c) => {
+    const body = await c.req.json().catch(() => ({}));
+    try {
+      const env = envManager.createEnv(body.name, body.variables || {});
+      return c.json(env, 201);
+    } catch (e: unknown) {
+      return c.json({ error: e instanceof Error ? e.message : String(e) }, 400);
+    }
+  });
+
+  api.put("/envs/:slug", async (c) => {
+    const slug = c.req.param("slug");
+    const body = await c.req.json().catch(() => ({}));
+    try {
+      const env = envManager.updateEnv(slug, {
+        name: body.name,
+        variables: body.variables,
+      });
+      if (!env) return c.json({ error: "Environment not found" }, 404);
+      return c.json(env);
+    } catch (e: unknown) {
+      return c.json({ error: e instanceof Error ? e.message : String(e) }, 400);
+    }
+  });
+
+  api.delete("/envs/:slug", (c) => {
+    try {
+      const deleted = envManager.deleteEnv(c.req.param("slug"));
+      if (!deleted) return c.json({ error: "Environment not found" }, 404);
+      return c.json({ ok: true });
+    } catch (e: unknown) {
+      return c.json({ error: e instanceof Error ? e.message : String(e) }, 400);
+    }
+  });
+
+  api.post("/docker/build-base", async (c) => {
+    if (!containerManager.checkDocker()) return c.json({ error: "Docker is not available" }, 503);
+    const dockerfilePath = join(options.webDir, "docker", "Dockerfile.the-companion");
+    if (!existsSync(dockerfilePath)) {
+      return c.json({ error: "Base Dockerfile not found at " + dockerfilePath }, 404);
+    }
+    try {
+      const log = containerManager.buildImage(dockerfilePath, "the-companion:latest");
+      return c.json({ success: true, log });
+    } catch (e: unknown) {
+      return c.json({ success: false, error: e instanceof Error ? e.message : String(e) }, 500);
+    }
+  });
+
+  api.get("/docker/base-image", (c) => {
+    const exists = containerManager.imageExists("the-companion:latest");
+    return c.json({ exists, image: "the-companion:latest" });
+  });
+
+  api.get("/images/:tag/status", (c) => {
+    const tag = decodeURIComponent(c.req.param("tag"));
+    if (!tag) return c.json({ error: "Image tag is required" }, 400);
+    return c.json(imagePullManager.getState(tag));
+  });
+
+  api.post("/images/:tag/pull", (c) => {
+    const tag = decodeURIComponent(c.req.param("tag"));
+    if (!tag) return c.json({ error: "Image tag is required" }, 400);
+    if (!containerManager.checkDocker()) {
+      return c.json({ error: "Docker is not available" }, 503);
+    }
+    imagePullManager.pull(tag);
+    return c.json({ ok: true, state: imagePullManager.getState(tag) });
+  });
+}

package/server/routes/federation-routes.ts

@@ -0,0 +1,76 @@
+// ─── Federation REST API Routes ───────────────────────────────────────────────
+
+import { Hono } from "hono";
+import { getNodeIdentity, updateNodeName, addNode, removeNode } from "../federation/node-store.js";
+import { nodeManager } from "../federation/node-manager.js";
+
+export function registerFederationRoutes(api: Hono): void {
+  // GET /api/federation/identity — public (no auth needed for node discovery)
+  api.get("/federation/identity", (c) => {
+    return c.json(getNodeIdentity());
+  });
+
+  // PUT /api/federation/identity — update node name
+  api.put("/federation/identity", async (c) => {
+    const body = await c.req.json<{ name?: string }>().catch(() => ({} as { name?: string }));
+    const name = body.name?.trim();
+    if (!name) return c.json({ error: "name required" }, 400);
+    return c.json({ ok: true, ...updateNodeName(name) });
+  });
+
+  // GET /api/federation/nodes — list nodes with connection status
+  api.get("/federation/nodes", (c) => {
+    return c.json({
+      identity: getNodeIdentity(),
+      nodes: nodeManager.getNodeStatuses(),
+    });
+  });
+
+  // POST /api/federation/nodes — add a new node
+  api.post("/federation/nodes", async (c) => {
+    const body = await c.req.json<{ url?: string; secret?: string; name?: string }>().catch(() => ({} as { url?: string; secret?: string; name?: string }));
+    const url = body.url?.trim();
+    const secret = body.secret?.trim();
+    const name = body.name?.trim() || "";
+
+    if (!url) return c.json({ error: "url required" }, 400);
+    if (!secret) return c.json({ error: "secret required" }, 400);
+
+    const node = addNode({ url, secret, name });
+    nodeManager.connectNode(node.id);
+    return c.json({ ok: true, node }, 201);
+  });
+
+  // DELETE /api/federation/nodes/:id — remove and disconnect
+  api.delete("/federation/nodes/:id", (c) => {
+    const id = c.req.param("id");
+    nodeManager.disconnectNode(id);
+    removeNode(id);
+    return c.json({ ok: true });
+  });
+
+  // POST /api/federation/nodes/:id/test — check connection status
+  api.post("/federation/nodes/:id/test", (c) => {
+    const id = c.req.param("id");
+    const status = nodeManager.getNodeStatuses().find((n) => n.id === id);
+    if (!status) return c.json({ error: "node not found" }, 404);
+    return c.json({ ok: true, connected: status.connected, node: status });
+  });
+
+  // GET /api/federation/remote-sessions — list sessions from all connected peers
+  api.get("/federation/remote-sessions", (c) => {
+    return c.json({ sessions: nodeManager.getRemoteSessions() });
+  });
+
+  // POST /api/federation/proxy — send message to a remote session
+  api.post("/federation/proxy", async (c) => {
+    const body = await c.req.json<{ sessionId?: string; text?: string }>().catch(() => ({} as { sessionId?: string; text?: string }));
+    const sessionId = body.sessionId?.trim();
+    const text = body.text?.trim();
+    if (!sessionId || !text) return c.json({ error: "sessionId and text required" }, 400);
+
+    const result = await nodeManager.sendToRemoteSession(sessionId, text);
+    if (result.error) return c.json({ error: result.error }, 502);
+    return c.json(result);
+  });
+}