hyperclaw 5.2.0 → 5.2.1

package/dist/connector-C_NtpthL.js

@@ -0,0 +1,498 @@
+const require_chunk = require('./chunk-jS-bbMI5.js');
+const chalk = require_chunk.__toESM(require("chalk"));
+const fs_extra = require_chunk.__toESM(require("fs-extra"));
+const path = require_chunk.__toESM(require("path"));
+const os = require_chunk.__toESM(require("os"));
+const crypto = require_chunk.__toESM(require("crypto"));
+const http = require_chunk.__toESM(require("http"));
+const https = require_chunk.__toESM(require("https"));
+const events = require_chunk.__toESM(require("events"));
+
+//#region extensions/matrix/src/connector.ts
+const HC_DIR = path.default.join(os.default.homedir(), ".hyperclaw");
+const CREDS_BASE = path.default.join(HC_DIR, "credentials", "matrix");
+const STATE_BASE = path.default.join(HC_DIR, "matrix", "accounts");
+const DEFAULT_CHUNK = 16e3;
+function matrixReq(homeserver, token, method, apiPath, body, query = {}) {
+	return new Promise((resolve, reject) => {
+		const url = new URL(homeserver);
+		const isHttps = url.protocol === "https:";
+		const mod = isHttps ? https.default : http.default;
+		const payload = body ? JSON.stringify(body) : null;
+		const qs = new URLSearchParams({
+			access_token: token,
+			...query
+		}).toString();
+		const reqPath = `/_matrix/client/v3${apiPath}?${qs}`;
+		const req = mod.request({
+			hostname: url.hostname,
+			port: url.port || (isHttps ? 443 : 80),
+			path: reqPath,
+			method,
+			headers: {
+				Authorization: `Bearer ${token}`,
+				...payload ? {
+					"Content-Type": "application/json",
+					"Content-Length": Buffer.byteLength(payload)
+				} : {}
+			}
+		}, (res) => {
+			let data = "";
+			res.on("data", (c) => data += c);
+			res.on("end", () => {
+				try {
+					const r = JSON.parse(data);
+					if (r.errcode) reject(new Error(r.error || r.errcode));
+					else resolve(r);
+				} catch {
+					reject(new Error("Matrix: invalid JSON response"));
+				}
+			});
+		});
+		req.on("error", reject);
+		req.setTimeout(6e4, () => {
+			req.destroy();
+			reject(new Error("Matrix: request timeout"));
+		});
+		if (payload) req.write(payload);
+		req.end();
+	});
+}
+function matrixLogin(homeserver, userId, password, deviceName) {
+	return new Promise((resolve, reject) => {
+		const url = new URL(homeserver);
+		const isHttps = url.protocol === "https:";
+		const mod = isHttps ? https.default : http.default;
+		const body = JSON.stringify({
+			type: "m.login.password",
+			identifier: {
+				type: "m.id.user",
+				user: userId.replace(/^@/, "").split(":")[0]
+			},
+			password,
+			...deviceName ? { initial_device_display_name: deviceName } : {}
+		});
+		const req = mod.request({
+			hostname: url.hostname,
+			port: url.port || (isHttps ? 443 : 80),
+			path: "/_matrix/client/v3/login",
+			method: "POST",
+			headers: {
+				"Content-Type": "application/json",
+				"Content-Length": Buffer.byteLength(body)
+			}
+		}, (res) => {
+			let data = "";
+			res.on("data", (c) => data += c);
+			res.on("end", () => {
+				try {
+					resolve(JSON.parse(data));
+				} catch {
+					reject(new Error("Matrix login: invalid response"));
+				}
+			});
+		});
+		req.on("error", reject);
+		req.write(body);
+		req.end();
+	});
+}
+function chunkText(text, limit, mode) {
+	if (mode === "newline") {
+		const paragraphs = text.split(/\n\n+/);
+		const chunks$1 = [];
+		let current = "";
+		for (const p of paragraphs) if ((current + "\n\n" + p).length > limit && current) {
+			chunks$1.push(current.trim());
+			current = p;
+		} else current = current ? current + "\n\n" + p : p;
+		if (current) chunks$1.push(current.trim());
+		return chunks$1.filter(Boolean);
+	}
+	const chunks = [];
+	for (let i = 0; i < text.length; i += limit) chunks.push(text.slice(i, i + limit));
+	return chunks.length ? chunks : [""];
+}
+var MatrixAccount = class extends events.EventEmitter {
+	cfg;
+	accountId;
+	token = "";
+	userId = "";
+	running = false;
+	nextBatch = null;
+	/** room ID → true if it is a DM room (populated from m.direct account data) */
+	directRooms = /* @__PURE__ */ new Set();
+	/** resolved room alias → room ID cache */
+	aliasCache = /* @__PURE__ */ new Map();
+	constructor(accountId, cfg) {
+		super();
+		this.accountId = accountId;
+		this.cfg = {
+			groupPolicy: "allowlist",
+			groupAllowFrom: [],
+			groups: {},
+			rooms: {},
+			threadReplies: "inbound",
+			replyToMode: "off",
+			textChunkLimit: DEFAULT_CHUNK,
+			chunkMode: "length",
+			mediaMaxMb: 10,
+			autoJoin: "always",
+			autoJoinAllowlist: [],
+			encryption: false,
+			...cfg,
+			dm: {
+				policy: cfg.dm?.policy ?? "pairing",
+				allowFrom: cfg.dm?.allowFrom ?? []
+			}
+		};
+	}
+	async authenticate() {
+		const hs = this.cfg.homeserver;
+		const credsFile = path.default.join(CREDS_BASE, `${this.accountId}.json`);
+		if (this.cfg.accessToken) this.token = this.cfg.accessToken;
+		else if (this.cfg.password) {
+			let cached = false;
+			try {
+				const c = await fs_extra.default.readJson(credsFile);
+				if (c.homeserver === hs && c.userId === this.cfg.userId && c.accessToken) {
+					this.token = c.accessToken;
+					cached = true;
+				}
+			} catch {}
+			if (!cached) {
+				if (!this.cfg.userId) throw new Error(`Matrix [${this.accountId}]: userId required for password login`);
+				const res = await matrixLogin(hs, this.cfg.userId, this.cfg.password, this.cfg.deviceName);
+				if (!res.access_token) throw new Error(`Matrix [${this.accountId}]: login failed — ${JSON.stringify(res)}`);
+				this.token = res.access_token;
+				await fs_extra.default.ensureDir(path.default.dirname(credsFile));
+				await fs_extra.default.writeJson(credsFile, {
+					homeserver: hs,
+					userId: this.cfg.userId,
+					accessToken: this.token
+				}, { spaces: 2 });
+			}
+		} else throw new Error(`Matrix [${this.accountId}]: accessToken or (userId + password) required`);
+		const whoami = await matrixReq(hs, this.token, "GET", "/account/whoami");
+		this.userId = this.cfg.userId || whoami.user_id;
+		if (this.cfg.encryption) try {
+			const tokenHash = crypto.default.createHash("sha256").update(this.token).digest("hex").slice(0, 12);
+			const _cryptoDir = path.default.join(STATE_BASE, this.accountId, `${new URL(hs).hostname}__${this.userId.replace(/[^a-z0-9_.-]/gi, "_")}`, tokenHash, "crypto");
+			await import("@matrix-org/matrix-sdk-crypto-nodejs").catch(() => {
+				console.log(chalk.default.yellow(`  ⚠  Matrix [${this.accountId}]: crypto module not available — E2EE disabled. Run: pnpm rebuild @matrix-org/matrix-sdk-crypto-nodejs`));
+				this.cfg.encryption = false;
+			});
+		} catch {
+			this.cfg.encryption = false;
+		}
+	}
+	stateFile() {
+		return path.default.join(STATE_BASE, this.accountId, "bot-storage.json");
+	}
+	async loadState() {
+		try {
+			const s = await fs_extra.default.readJson(this.stateFile());
+			this.nextBatch = s.nextBatch || null;
+			if (s.p) this.cfg.pendingPairings = s.p;
+			if (s.a) this.cfg.approvedPairings = s.a;
+			if (s.directRooms) this.directRooms = new Set(s.directRooms);
+		} catch {}
+	}
+	async saveState() {
+		await fs_extra.default.ensureDir(path.default.dirname(this.stateFile()));
+		await fs_extra.default.writeJson(this.stateFile(), {
+			nextBatch: this.nextBatch,
+			p: this.cfg.pendingPairings,
+			a: this.cfg.approvedPairings,
+			directRooms: [...this.directRooms]
+		}, { spaces: 2 });
+	}
+	async connect() {
+		await this.authenticate();
+		await this.loadState();
+		this.running = true;
+		console.log(chalk.default.green(`  🔷 Matrix [${this.accountId}]: ${this.userId} connected`));
+		this.emit("connected", {
+			userId: this.userId,
+			accountId: this.accountId
+		});
+		this.syncLoop();
+	}
+	disconnect() {
+		this.running = false;
+	}
+	async syncLoop() {
+		while (this.running) try {
+			const query = this.nextBatch ? {
+				since: this.nextBatch,
+				timeout: "30000"
+			} : { timeout: "0" };
+			const sync = await matrixReq(this.cfg.homeserver, this.token, "GET", "/sync", void 0, query);
+			this.nextBatch = sync.next_batch;
+			const directEvent = (sync.account_data?.events || []).find((e) => e.type === "m.direct");
+			if (directEvent?.content) for (const rooms of Object.values(directEvent.content)) for (const r of rooms) this.directRooms.add(r);
+			await this.saveState();
+			for (const [roomId] of Object.entries(sync.rooms?.invite || {})) await this.handleInvite(roomId);
+			const joinedRooms = sync.rooms?.join || {};
+			for (const [roomId, rd] of Object.entries(joinedRooms)) for (const event of rd.timeline?.events || []) {
+				if (event.sender === this.userId) continue;
+				await this.handleEvent(roomId, event, rd);
+			}
+		} catch (e) {
+			if (this.running) {
+				console.log(chalk.default.yellow(`  ⚠  Matrix [${this.accountId}]: ${e.message}`));
+				await new Promise((r) => setTimeout(r, 5e3));
+			}
+		}
+	}
+	async handleInvite(roomId) {
+		const autoJoin = this.cfg.autoJoin ?? "always";
+		if (autoJoin === "off") return;
+		if (autoJoin === "allowlist") {
+			const resolved = await this.resolveRoom(roomId);
+			const list = this.cfg.autoJoinAllowlist ?? [];
+			if (!list.includes(roomId) && !list.includes(resolved)) return;
+		}
+		try {
+			await matrixReq(this.cfg.homeserver, this.token, "POST", `/rooms/${encodeURIComponent(roomId)}/join`, {});
+		} catch {}
+	}
+	async handleEvent(roomId, event, roomData) {
+		const isDM = this.directRooms.has(roomId);
+		const sender = event.sender || "";
+		if (!sender) return;
+		let text = "";
+		let eventThreadId;
+		switch (event.type) {
+			case "m.room.message": {
+				const msgtype = event.content?.msgtype || "";
+				const relatesTo = event.content?.["m.relates_to"];
+				eventThreadId = relatesTo?.rel_type === "m.thread" ? relatesTo.event_id : void 0;
+				switch (msgtype) {
+					case "m.text":
+					case "m.notice":
+						text = event.content?.body || "";
+						break;
+					case "m.image":
+					case "m.video":
+					case "m.audio":
+					case "m.file": {
+						const mxcUrl = event.content?.url || "";
+						const size = event.content?.info?.size || 0;
+						const maxBytes = (this.cfg.mediaMaxMb ?? 10) * 1024 * 1024;
+						if (size > maxBytes) return;
+						text = `[${msgtype.replace("m.", "")}:${mxcUrl}]`;
+						break;
+					}
+					case "m.location":
+						text = `[location:${event.content?.geo_uri || ""}]`;
+						break;
+					default: return;
+				}
+				break;
+			}
+			case "org.matrix.msc3381.poll.start":
+			case "m.poll.start": {
+				const q = event.content?.["org.matrix.msc3381.poll.start"]?.question?.body || event.content?.["m.poll"]?.question?.text || "";
+				if (!q) return;
+				text = `[poll] ${q}`;
+				break;
+			}
+			case "m.reaction": {
+				const key = event.content?.["m.relates_to"]?.key || "";
+				const reacted = event.content?.["m.relates_to"]?.event_id || "";
+				if (!key) return;
+				text = `[reaction:${key}:${reacted}]`;
+				break;
+			}
+			default: return;
+		}
+		if (!text) return;
+		if (isDM) {
+			const allowed = await this.checkDMPolicy(sender, text, roomId);
+			if (!allowed) return;
+		} else if (!this.checkGroupPolicy(roomId, sender, text, roomData)) return;
+		this.emit("message", {
+			channelId: "matrix",
+			accountId: this.accountId,
+			chatId: roomId,
+			from: sender,
+			text,
+			threadId: eventThreadId,
+			isDM,
+			timestamp: new Date(event.origin_server_ts || Date.now()).toISOString()
+		});
+	}
+	async checkDMPolicy(sender, text, roomId) {
+		const { policy, allowFrom } = this.cfg.dm;
+		switch (policy) {
+			case "disabled": return false;
+			case "open": return true;
+			case "allowlist":
+				if (allowFrom.includes(sender) || allowFrom.includes("*")) return true;
+				await this.sendMessage(roomId, "HyperClaw: Not on allowlist.");
+				return false;
+			case "pairing": {
+				if (this.cfg.approvedPairings.includes(sender)) return true;
+				const upper = text.trim().toUpperCase().match(/[A-Z0-9]{6}/)?.[0];
+				if (upper && this.cfg.pendingPairings[upper]) {
+					this.cfg.approvedPairings.push(sender);
+					delete this.cfg.pendingPairings[upper];
+					await this.saveState();
+					await this.sendMessage(roomId, "Paired!");
+					this.emit("pairing:approved", {
+						userId: sender,
+						channelId: "matrix",
+						accountId: this.accountId
+					});
+					return true;
+				}
+				const code = Array.from({ length: 6 }, () => "ABCDEFGHJKLMNPQRSTUVWXYZ23456789"[Math.floor(Math.random() * 32)]).join("");
+				this.cfg.pendingPairings[code] = sender;
+				await this.saveState();
+				await this.sendMessage(roomId, `Pairing code: \`${code}\`\nApprove: hyperclaw pairing approve matrix ${code}`);
+				return false;
+			}
+		}
+		return false;
+	}
+	checkGroupPolicy(roomId, sender, text, roomData) {
+		const policy = this.cfg.groupPolicy ?? "allowlist";
+		if (policy === "disabled") return false;
+		const allGroups = {
+			...this.cfg.rooms || {},
+			...this.cfg.groups || {}
+		};
+		const roomCfg = allGroups[roomId] || allGroups["*"] || {};
+		if (policy === "open" || roomCfg.allow === true) {
+			if (roomCfg.allowFrom?.length && !roomCfg.allowFrom.includes(sender)) return false;
+			const globalAllow$1 = this.cfg.groupAllowFrom ?? [];
+			if (globalAllow$1.length && !globalAllow$1.includes(sender)) return false;
+			if (roomCfg.requireMention !== false) {
+				const botMention = `${this.userId}`;
+				if (!text.includes(botMention) && !text.startsWith("!")) return false;
+			}
+			return true;
+		}
+		if (!allGroups[roomId] && !allGroups["*"]) return false;
+		if (roomCfg.allow === false) return false;
+		const globalAllow = this.cfg.groupAllowFrom ?? [];
+		if (globalAllow.length && !globalAllow.includes(sender)) return false;
+		if (roomCfg.allowFrom?.length && !roomCfg.allowFrom.includes(sender)) return false;
+		if (roomCfg.requireMention !== false) {
+			const botMention = this.userId;
+			if (!text.includes(botMention) && !text.startsWith("!")) return false;
+		}
+		return true;
+	}
+	async sendMessage(roomId, text, threadId) {
+		const limit = this.cfg.textChunkLimit ?? DEFAULT_CHUNK;
+		const mode = this.cfg.chunkMode ?? "length";
+		const chunks = chunkText(text, limit, mode);
+		const threadReplies = this.cfg.threadReplies ?? "inbound";
+		const useThread = threadId && (threadReplies === "inbound" || threadReplies === "always");
+		for (const chunk of chunks) {
+			const content = {
+				msgtype: "m.text",
+				body: chunk,
+				format: "org.matrix.custom.html",
+				formatted_body: chunk.replace(/\n/g, "<br/>")
+			};
+			if (useThread) content["m.relates_to"] = {
+				rel_type: "m.thread",
+				event_id: threadId,
+				is_falling_back: true
+			};
+			const txnId = `${Date.now()}-${Math.random().toString(36).slice(2)}`;
+			await matrixReq(this.cfg.homeserver, this.token, "PUT", `/rooms/${encodeURIComponent(roomId)}/send/m.room.message/${txnId}`, content);
+		}
+	}
+	async resolveRoom(idOrAlias) {
+		if (!idOrAlias.startsWith("#")) return idOrAlias;
+		if (this.aliasCache.has(idOrAlias)) return this.aliasCache.get(idOrAlias);
+		try {
+			const res = await matrixReq(this.cfg.homeserver, this.token, "GET", `/directory/room/${encodeURIComponent(idOrAlias)}`);
+			if (res.room_id) this.aliasCache.set(idOrAlias, res.room_id);
+			return res.room_id || idOrAlias;
+		} catch {
+			return idOrAlias;
+		}
+	}
+	approvePairing(code) {
+		const upper = code.toUpperCase();
+		if (!this.cfg.pendingPairings[upper]) return false;
+		this.cfg.approvedPairings.push(this.cfg.pendingPairings[upper]);
+		delete this.cfg.pendingPairings[upper];
+		this.saveState();
+		return true;
+	}
+	isRunning() {
+		return this.running;
+	}
+};
+var MatrixConnector = class extends events.EventEmitter {
+	config;
+	accounts = [];
+	constructor(config) {
+		super();
+		this.config = config;
+	}
+	async connect() {
+		const sharedState = {
+			approvedPairings: this.config.approvedPairings ?? [],
+			pendingPairings: this.config.pendingPairings ?? {}
+		};
+		const accountEntries = Object.entries(this.config.accounts || {});
+		if (accountEntries.length === 0) {
+			const acct = new MatrixAccount("default", {
+				...this.config,
+				...sharedState
+			});
+			this.wire(acct);
+			await acct.connect();
+			this.accounts.push(acct);
+		} else for (const [id, acctCfg] of accountEntries) {
+			const merged = {
+				...this.config,
+				...acctCfg,
+				homeserver: acctCfg.homeserver || this.config.homeserver,
+				...sharedState
+			};
+			if (!merged.homeserver) {
+				console.error(`[matrix] Account "${id}" has no homeserver — skipping`);
+				continue;
+			}
+			const acct = new MatrixAccount(id, merged);
+			this.wire(acct);
+			try {
+				await acct.connect();
+				this.accounts.push(acct);
+			} catch (e) {
+				console.error(`[matrix] Account "${id}" failed: ${e.message}`);
+			}
+		}
+	}
+	wire(acct) {
+		acct.on("message", (msg) => this.emit("message", msg));
+		acct.on("connected", (info) => this.emit("connected", info));
+		acct.on("pairing:approved", (info) => this.emit("pairing:approved", info));
+	}
+	async sendMessage(roomId, text, threadId) {
+		const acct = this.accounts[0];
+		if (!acct) throw new Error("Matrix: no connected account");
+		await acct.sendMessage(roomId, text, threadId);
+	}
+	disconnect() {
+		for (const a of this.accounts) a.disconnect();
+		this.accounts = [];
+	}
+	approvePairing(code) {
+		return this.accounts.some((a) => a.approvePairing(code));
+	}
+	isRunning() {
+		return this.accounts.some((a) => a.isRunning());
+	}
+};
+
+//#endregion
+exports.MatrixConnector = MatrixConnector;

package/dist/connector-CddDB9IK.js

@@ -0,0 +1,192 @@
+const require_chunk = require('./chunk-jS-bbMI5.js');
+const chalk = require_chunk.__toESM(require("chalk"));
+const fs_extra = require_chunk.__toESM(require("fs-extra"));
+const path = require_chunk.__toESM(require("path"));
+const os = require_chunk.__toESM(require("os"));
+const crypto = require_chunk.__toESM(require("crypto"));
+const ws = require_chunk.__toESM(require("ws"));
+const events = require_chunk.__toESM(require("events"));
+
+//#region extensions/nostr/src/connector.ts
+const STATE_FILE = path.default.join(os.default.homedir(), ".hyperclaw", "nostr-state.json");
+function getPublicKey(privKeyHex) {
+	const privKey = Buffer.from(privKeyHex, "hex");
+	const ec = crypto.default.createECDH("prime256v1");
+	return crypto.default.createHash("sha256").update(privKey).digest("hex");
+}
+function signEvent(event, privKeyHex) {
+	const payload = JSON.stringify(event);
+	return crypto.default.createHmac("sha256", Buffer.from(privKeyHex, "hex")).update(payload).digest("hex");
+}
+function nip04Decrypt(privKeyHex, senderPubKey, ciphertext) {
+	try {
+		const [encrypted, iv] = ciphertext.split("?iv=");
+		const sharedSecret = crypto.default.createHash("sha256").update(Buffer.from(privKeyHex + senderPubKey, "hex")).digest();
+		const decipher = crypto.default.createDecipheriv("aes-256-cbc", sharedSecret, Buffer.from(iv, "base64"));
+		return decipher.update(encrypted, "base64", "utf8") + decipher.final("utf8");
+	} catch {
+		return ciphertext;
+	}
+}
+function nip04Encrypt(privKeyHex, recipientPubKey, plaintext) {
+	const sharedSecret = crypto.default.createHash("sha256").update(Buffer.from(privKeyHex + recipientPubKey, "hex")).digest();
+	const iv = crypto.default.randomBytes(16);
+	const cipher = crypto.default.createCipheriv("aes-256-cbc", sharedSecret, iv);
+	const encrypted = cipher.update(plaintext, "utf8", "base64") + cipher.final("base64");
+	return `${encrypted}?iv=${iv.toString("base64")}`;
+}
+var NostrConnector = class extends events.EventEmitter {
+	config;
+	sockets = /* @__PURE__ */ new Map();
+	running = false;
+	pubKey;
+	seenEventIds = /* @__PURE__ */ new Set();
+	constructor(config) {
+		super();
+		this.config = {
+			relays: [
+				"wss://relay.damus.io",
+				"wss://nos.lol",
+				"wss://relay.nostr.band"
+			],
+			dmPolicy: "open",
+			allowFrom: [],
+			approvedPairings: [],
+			pendingPairings: {},
+			...config
+		};
+		this.pubKey = getPublicKey(this.config.privateKeyHex);
+	}
+	async connect() {
+		await this.loadState();
+		for (const relay of this.config.relays) this.connectRelay(relay);
+		this.running = true;
+		console.log(chalk.default.green(`  🦅 Nostr: pubkey ${this.pubKey.slice(0, 16)}... connected to ${this.config.relays.length} relays`));
+		this.emit("connected", { pubKey: this.pubKey });
+	}
+	connectRelay(url) {
+		const ws$1 = new ws.WebSocket(url);
+		this.sockets.set(url, ws$1);
+		ws$1.on("open", () => {
+			ws$1.send(JSON.stringify([
+				"REQ",
+				`hc-${Date.now()}`,
+				{
+					kinds: [4],
+					"#p": [this.pubKey],
+					limit: 10
+				}
+			]));
+		});
+		ws$1.on("message", async (data) => {
+			try {
+				const msg = JSON.parse(data.toString());
+				if (msg[0] === "EVENT") await this.handleEvent(msg[2]);
+			} catch {}
+		});
+		ws$1.on("close", () => {
+			if (this.running) setTimeout(() => this.connectRelay(url), 5e3);
+		});
+		ws$1.on("error", () => {});
+	}
+	async handleEvent(event) {
+		if (event.kind !== 4) return;
+		if (event.pubkey === this.pubKey) return;
+		if (this.seenEventIds.has(event.id)) return;
+		this.seenEventIds.add(event.id);
+		const from = event.pubkey;
+		const text = nip04Decrypt(this.config.privateKeyHex, from, event.content);
+		const allowed = await this.checkDMPolicy(from, text);
+		if (!allowed) return;
+		this.emit("message", {
+			id: event.id,
+			channelId: "nostr",
+			from,
+			chatId: from,
+			text,
+			timestamp: new Date(event.created_at * 1e3).toISOString(),
+			isDM: true
+		});
+	}
+	async checkDMPolicy(from, text) {
+		if (this.config.dmPolicy === "none") return false;
+		if (this.config.dmPolicy === "open") return true;
+		if (this.config.dmPolicy === "allowlist") {
+			if (this.config.allowFrom.includes(from)) return true;
+			await this.sendDM(from, "🦅 HyperClaw: Not on allowlist.");
+			return false;
+		}
+		if (this.config.dmPolicy === "pairing") {
+			if (this.config.approvedPairings.includes(from)) return true;
+			const upper = text.trim().toUpperCase();
+			if (this.config.pendingPairings[upper]) {
+				this.config.approvedPairings.push(from);
+				delete this.config.pendingPairings[upper];
+				await this.saveState();
+				await this.sendDM(from, "🦅 Paired!");
+				this.emit("pairing:approved", {
+					userId: from,
+					channelId: "nostr"
+				});
+				return true;
+			}
+			const code = Array.from({ length: 6 }, () => "ABCDEFGHJKLMNPQRSTUVWXYZ23456789"[Math.floor(Math.random() * 32)]).join("");
+			this.config.pendingPairings[code] = from;
+			await this.saveState();
+			await this.sendDM(from, `🦅 Pairing code: ${code}\nApprove: hyperclaw pairing approve nostr ${code}`);
+			return false;
+		}
+		return false;
+	}
+	async sendDM(recipientPubKey, text) {
+		const encrypted = nip04Encrypt(this.config.privateKeyHex, recipientPubKey, text);
+		const event = {
+			pubkey: this.pubKey,
+			created_at: Math.floor(Date.now() / 1e3),
+			kind: 4,
+			tags: [["p", recipientPubKey]],
+			content: encrypted
+		};
+		const sig = signEvent(event, this.config.privateKeyHex);
+		const fullEvent = {
+			...event,
+			id: sig,
+			sig
+		};
+		const msg = JSON.stringify(["EVENT", fullEvent]);
+		for (const ws$1 of this.sockets.values()) if (ws$1.readyState === ws.WebSocket.OPEN) ws$1.send(msg);
+	}
+	disconnect() {
+		this.running = false;
+		for (const ws$1 of this.sockets.values()) ws$1.close();
+		this.sockets.clear();
+	}
+	approvePairing(code) {
+		const upper = code.toUpperCase();
+		if (!this.config.pendingPairings[upper]) return false;
+		this.config.approvedPairings.push(this.config.pendingPairings[upper]);
+		delete this.config.pendingPairings[upper];
+		this.saveState();
+		return true;
+	}
+	async loadState() {
+		try {
+			const s = await fs_extra.default.readJson(STATE_FILE);
+			if (s.p) this.config.pendingPairings = s.p;
+			if (s.a) this.config.approvedPairings = s.a;
+		} catch {}
+	}
+	async saveState() {
+		await fs_extra.default.ensureDir(path.default.dirname(STATE_FILE));
+		await fs_extra.default.writeJson(STATE_FILE, {
+			p: this.config.pendingPairings,
+			a: this.config.approvedPairings
+		}, { spaces: 2 });
+	}
+	isRunning() {
+		return this.running;
+	}
+};
+
+//#endregion
+exports.NostrConnector = NostrConnector;