leduo-patrol 1.0.0

package/README.md

@@ -0,0 +1,217 @@
+# 乐多汪汪队 / leduo-patrol
+
+一个部署在服务器上的 Web 控制台，用来通过 ACP 驱动 Claude Code，并在浏览器里接收执行流、工具调用和权限确认。
+
+## Showcase
+
+### Walkthrough
+
+**1. 进入控制台：整体布局**
+
+![整体控制台布局](docs/screenshots/01-overview.png)
+
+**2. 当前会话 tab（激活态）**
+
+![当前会话 tab（激活态）](docs/screenshots/02-sessions-tab-active.png)
+
+**3. 切换到新建会话 tab**
+
+![新建会话 tab](docs/screenshots/03-create-tab.png)
+
+**4. 对比两个 tab 状态（session）**
+
+![tab 对比（session）](docs/screenshots/04-tabs-compare-sessions.png)
+
+**5. 对比两个 tab 状态（create）**
+
+![tab 对比（create）](docs/screenshots/05-tabs-compare-create.png)
+
+**6. 选择会话卡片**
+
+![会话卡片选中态](docs/screenshots/06-session-chip-active.png)
+
+**7. 查看新建会话表单**
+
+![新建会话表单](docs/screenshots/07-create-form.png)
+
+**8. 时间线（SubAgent）展开态**
+
+![时间线 SubAgent 树（展开）](docs/screenshots/08-timeline-expanded.png)
+
+**9. 时间线（SubAgent）折叠态**
+
+![时间线 SubAgent 树（折叠）](docs/screenshots/09-timeline-collapsed.png)
+
+**10. 右侧审批 + 状态面板**
+
+![右侧审批 + 状态面板](docs/screenshots/10-approvals-panel.png)
+
+**11. 侧边栏完整视图**
+
+![侧边栏完整视图](docs/screenshots/11-sidebar-full.png)
+
+## 功能列表
+
+### 多会话管理
+- **并行多会话**：在同一页面管理多个目录会话，各会话有独立时间线、忙碌状态、权限确认与模式状态
+- **会话切换**：左侧边栏列出所有会话，点击即切换；当前选中会话有明显的左侧边框高亮与背景着色
+- **会话创建**：通过「+ 新建会话」面板指定目录、会话名与默认模式，支持目录浏览器辅助选择路径
+- **会话取消 / 关闭 / 恢复**：支持取消进行中的任务、关闭已完成的会话、在错误态下重连恢复
+- **服务端持久化**：会话状态写入 `~/.leduo-patrol/state.json`，浏览器刷新后自动恢复会话列表与时间线窗口
+
+### 指令与模式
+- **多种执行模式**：支持 `default` / `plan` / `acceptEdits` / `dontAsk` / `bypassPermissions`，创建时可设默认模式，发送消息时可临时覆盖
+- **斜杠命令补全**：输入框支持 `/` 前缀的命令名自动补全，列出当前会话可用命令
+- **消息发送队列**：会话忙碌时可继续输入，消息会在当前执行完成后自动发送
+
+### 时间线与内容渲染
+- **分页时间线**：按窗口展示时间线条目，支持向上加载历史记录，避免一次性渲染过多数据
+- **SubAgent 树状折叠**：Task / SubAgent 的起止条目自动归组，可折叠/展开子树，并显示子项计数
+- **Markdown 渲染**：Agent 回复与计划详情支持标题、列表、代码块、行内强调与链接
+- **Markdown 表格**：时间线中的 Markdown 表格自动解析并以可读格式呈现
+- **详情弹窗**：工具调用、计划步骤等复杂内容可点击在弹窗中查看完整原始数据
+- **执行计划追踪**：Plan 类型条目解析为步骤列表，每步带完成/待处理状态圆点
+
+### 权限确认
+- **右侧审批面板**：待确认的工具调用集中展示在右侧面板，显示工具名与输入预览
+- **批准 / 拒绝 / 附加说明**：可直接在 Web 界面批准或拒绝，也可附上文字说明后拒绝
+- **待处理计数**：顶部导航显示待确认数量，便于多会话时快速定位
+
+### 差异与文件
+- **Session Diff 面板**：查看当前会话工作目录的 Git 差异，区分未暂存、已暂存与未跟踪文件
+- **文件内联 Diff**：点击差异文件可在弹窗中查看逐行 diff，支持平铺与按文件两种视图
+- **目录浏览**：创建会话时可在允许根目录范围内浏览子目录，安全限制越权访问
+
+### 工具与集成
+- **VS Code Remote SSH**：侧边栏提供快捷按钮，一键在 VS Code 中打开远程目录（需配置环境变量）
+- **内置终端**：下方可展开终端抽屉，通过 xterm.js 提供完整 PTY 终端体验（需服务端开启 `LEDUO_ENABLE_SHELL=true`）
+
+### 界面与可访问性
+- **访问 Key 认证**：所有请求（HTTP / WebSocket）均需携带 key；浏览器检测到无效 key 时展示输入页
+- **Toast 通知**：后台事件（新会话、错误、会话恢复）以 toast 形式非侵入提示，支持跳转
+- **错误聚合**：全局错误指示器汇总所有应用级错误，点击查看详情
+- **键盘友好**：所有交互元素均有 focus-visible 样式，tab 与会话列表支持完整 ARIA 语义
+- **响应式过渡**：状态切换（tab、会话选中、按钮 hover）均有平滑过渡动画
+
+## 环境要求
+
+- Node.js 22+
+- 已能正常运行 Claude Code
+- 服务器环境里已配置 `ANTHROPIC_API_KEY`
+
+## 启动
+
+```bash
+npm install
+npm run dev
+```
+
+默认情况下：
+
+- 前端开发服务运行在自动探测到的可访问内网 IP（优先 `bond* / eth* / ens* / enp*` 网卡）上
+- 后端服务运行在 `PORT`（默认 `3001`，端口冲突时会自动递增寻找可用端口）
+- 启动日志只打印一个推荐访问地址，避免 `br-*`、`veth*` 等虚拟网卡地址干扰
+
+- 开发模式下 `Access URL` 会优先打印前端 Web 端口（默认 `5173`，可通过 `LEDUO_PATROL_WEB_PORT` 指定），避免误用 server 端口
+
+> 说明：`npm run dev -- --host 0.0.0.0` 不会把参数透传到 `vite`，因为该命令实际启动的是 `concurrently`。本项目会在 `vite.config.ts` 内自动选择一个可访问的内网地址用于开发访问。
+
+生产构建：
+
+```bash
+npm run build
+npm start
+```
+
+> 开发者向的编程与验证测试技巧请见 `AGENTS.md`。
+
+## 可选环境变量
+
+```bash
+PORT=3001
+LEDUO_PATROL_WEB_PORT=5173
+LEDUO_PATROL_APP_NAME=乐多汪汪队
+LEDUO_PATROL_WORKSPACE_PATH=/absolute/workspace/path
+LEDUO_PATROL_ALLOWED_ROOTS=/absolute/workspace/path,/another/allowed/root
+LEDUO_PATROL_SSH_HOST=user@example-host
+LEDUO_PATROL_SSH_PATH=/absolute/workspace/path
+LEDUO_PATROL_VSCODE_URI=vscode://vscode-remote/ssh-remote+user@example-host/absolute/workspace/path
+ANTHROPIC_API_KEY=sk-...
+LEDUO_PATROL_ACCESS_KEY=your-fixed-key
+LEDUO_PATROL_AGENT_BIN=/absolute/path/to/claude-code-acp
+LEDUO_ENABLE_SHELL=true
+```
+
+如果未设置 `LEDUO_PATROL_VSCODE_URI`，但设置了 `LEDUO_PATROL_SSH_HOST`，服务会自动生成一个 VS Code Remote SSH 链接。  
+如果设置了 `LEDUO_PATROL_ALLOWED_ROOTS`，网页中只能连接这些根目录之下的路径；未设置时默认只允许启动命令所在目录。
+如果未设置 `LEDUO_PATROL_WORKSPACE_PATH`，默认工作目录为启动命令所在目录（`process.cwd()`），并在启动日志中提示如何通过环境变量修改。
+如果未设置 `LEDUO_PATROL_ALLOWED_ROOTS`，默认允许根目录同样为启动命令所在目录，并会在启动日志中提示可配置项。
+
+## 状态持久化
+
+服务会把会话状态写到用户目录下：
+
+```bash
+~/.leduo-patrol/state.json
+```
+
+其中包含：
+
+- 管理中的会话列表
+- 每个会话的工作目录、模式与最近状态
+- 浏览器刷新后用于恢复界面的基础数据
+
+## 访问校验 Key
+
+服务启动时会自动生成一次性访问 key，并在控制台打印可直接打开的地址。
+
+- 开发模式（`npm run dev`）下，`Access URL` 默认指向 Web 端口（默认 `5173`）。
+- 生产模式（`npm start`）下，Web 由同一个 Express 服务静态托管，因此不会出现独立的 Web 监听端口；`Access URL` 会指向 server 端口。若未找到打包后的 `dist/web` 资源，服务会给出错误提示页与启动日志提示。
+
+浏览器访问、前端 API 请求和 WebSocket 连接都需要携带这个 `key` 参数；未携带或错误会返回 `401 Unauthorized`。
+
+前端页面在检测到 URL 缺少 `key` 或 `key` 失效时，会先展示一个 key 输入页，粘贴后可直接进入控制台。
+
+如需固定 key，可设置：
+
+```bash
+LEDUO_PATROL_ACCESS_KEY=your-fixed-key
+LEDUO_PATROL_AGENT_BIN=/absolute/path/to/claude-code-acp
+```
+
+## 已知限制
+
+- 当前只实现了 Claude Code
+- 目前终端能力没有暴露给 ACP client，先聚焦网页指令和确认流
+
+> SubAgent 树状折叠 demo 的开发说明（含 demo 数据维护、截图流程）请见 `AGENTS.md`。
+
+
+## 打包并发布为 npm 包
+
+可以把本项目作为一个可安装的 Node 服务发布：
+
+```bash
+npm run build
+npm pack
+```
+
+`npm pack` 会生成一个 `.tgz` 包，其他人可以这样安装并运行：
+
+```bash
+npm install -g ./leduo-patrol-1.0.0.tgz
+leduo-patrol
+```
+
+如果要发布到 npm registry：
+
+```bash
+npm login
+npm publish
+```
+
+建议发布前先检查打包内容：
+
+```bash
+npm pack --dry-run
+```

package/dist/server/__tests__/access-key.test.js

@@ -0,0 +1,25 @@
+import test from "node:test";
+import assert from "node:assert/strict";
+import { buildAccessCookie, createAccessKey, hasAuthorizedAccessCookie, isAccessKeyAuthorized, } from "../access-key.js";
+test("createAccessKey returns a non-empty hex string", () => {
+    const key = createAccessKey();
+    assert.match(key, /^[a-f0-9]{48}$/);
+});
+test("isAccessKeyAuthorized validates key in query", () => {
+    assert.equal(isAccessKeyAuthorized("/api/state?key=abc", "abc"), true);
+    assert.equal(isAccessKeyAuthorized("/api/state?key=wrong", "abc"), false);
+    assert.equal(isAccessKeyAuthorized("/api/state", "abc"), false);
+});
+test("isAccessKeyAuthorized allows requests when key enforcement disabled", () => {
+    assert.equal(isAccessKeyAuthorized("/api/state", ""), true);
+    assert.equal(isAccessKeyAuthorized(undefined, ""), true);
+});
+test("hasAuthorizedAccessCookie validates cookie key", () => {
+    assert.equal(hasAuthorizedAccessCookie("leduo_patrol_key=abc", "abc"), true);
+    assert.equal(hasAuthorizedAccessCookie("foo=bar; leduo_patrol_key=abc", "abc"), true);
+    assert.equal(hasAuthorizedAccessCookie("leduo_patrol_key=wrong", "abc"), false);
+    assert.equal(hasAuthorizedAccessCookie(undefined, "abc"), false);
+});
+test("buildAccessCookie creates expected cookie", () => {
+    assert.equal(buildAccessCookie("a b"), "leduo_patrol_key=a%20b; Path=/; HttpOnly; SameSite=Lax");
+});

package/dist/server/__tests__/acp-session.test.js

@@ -0,0 +1,54 @@
+import test from "node:test";
+import assert from "node:assert/strict";
+import { ClaudeAcpSession } from "../acp-session.js";
+function makeSession() {
+    return new ClaudeAcpSession({
+        workspacePath: "/tmp/workspace",
+        agentBinPath: "claude",
+        onEvent: () => undefined,
+    });
+}
+test("ClaudeAcpSession.resolveWorkspacePath allows path within workspace", () => {
+    const session = makeSession();
+    const resolved = session.resolveWorkspacePath("a/b.txt");
+    assert.equal(resolved, "/tmp/workspace/a/b.txt");
+});
+test("ClaudeAcpSession.resolveWorkspacePath rejects traversal", () => {
+    const session = makeSession();
+    assert.throws(() => session.resolveWorkspacePath("../etc/passwd"), /outside workspace/);
+});
+test("ClaudeAcpSession.resolvePermission rejects unknown request", async () => {
+    const session = makeSession();
+    await assert.rejects(() => session.resolvePermission("missing", "allow"), /not found|already resolved/);
+});
+test("ClaudeAcpSession.cancel is a no-op when no active prompt", async () => {
+    const session = makeSession();
+    await session.cancel();
+    assert.ok(true);
+});
+test("ClaudeAcpSession.shouldIgnoreAgentStderr filters known ACP session/update invalid params noise", () => {
+    const session = makeSession();
+    const ignored = session.shouldIgnoreAgentStderr(`Error handling notification { method: 'session/update' } { message: 'Invalid params' }`);
+    assert.equal(ignored, true);
+});
+test("ClaudeAcpSession.shouldIgnoreAgentStderr keeps non-matching errors", () => {
+    const session = makeSession();
+    const ignored = session.shouldIgnoreAgentStderr("Error: connection reset");
+    assert.equal(ignored, false);
+});
+test("ClaudeAcpSession.resolvePermission forwards optional note via _meta", async () => {
+    const session = makeSession();
+    const calls = [];
+    session.pendingPermissions.set("req-1", {
+        resolve: (value) => calls.push(value),
+        reject: () => undefined,
+    });
+    await session.resolvePermission("req-1", "deny", "请先解释影响范围");
+    assert.deepEqual(calls[0], {
+        outcome: {
+            outcome: "selected",
+            optionId: "deny",
+            _meta: { note: "请先解释影响范围" },
+        },
+    });
+});

package/dist/server/__tests__/network.test.js

@@ -0,0 +1,28 @@
+import test from "node:test";
+import assert from "node:assert/strict";
+import net from "node:net";
+import { findAvailablePort, networkTestables } from "../network.js";
+test("network helper skips virtual/bridge interfaces", () => {
+    assert.equal(networkTestables.shouldSkipInterface("lo"), true);
+    assert.equal(networkTestables.shouldSkipInterface("br-f017ab"), true);
+    assert.equal(networkTestables.shouldSkipInterface("vethf0aa"), true);
+    assert.equal(networkTestables.shouldSkipInterface("bond0"), false);
+    assert.equal(networkTestables.shouldSkipInterface("eth0"), false);
+});
+test("network helper findAvailablePort falls back when preferred port is occupied", async () => {
+    const lockedServer = net.createServer();
+    await new Promise((resolve) => lockedServer.listen(0, "127.0.0.1", () => resolve()));
+    const address = lockedServer.address();
+    if (!address || typeof address === "string") {
+        throw new Error("Failed to resolve locked server address");
+    }
+    const fallbackPort = await findAvailablePort(address.port, "127.0.0.1");
+    assert.notEqual(fallbackPort, address.port);
+    await new Promise((resolve, reject) => lockedServer.close((error) => {
+        if (error) {
+            reject(error);
+            return;
+        }
+        resolve();
+    }));
+});

package/dist/server/__tests__/server-helpers.test.js

@@ -0,0 +1,18 @@
+import test from "node:test";
+import assert from "node:assert/strict";
+import path from "node:path";
+import { formatError, resolveAllowedPath } from "../server-helpers.js";
+test("server helpers formatError handles Error and primitives", () => {
+    assert.equal(formatError(new Error("boom")), "boom");
+    assert.equal(formatError("plain"), '"plain"');
+    assert.equal(formatError(12), "12");
+});
+test("server helpers resolveAllowedPath returns normalized path in root", () => {
+    const root = path.resolve("/tmp/repo");
+    const resolved = resolveAllowedPath("/tmp/repo/src", [root]);
+    assert.equal(resolved, path.resolve("/tmp/repo/src"));
+});
+test("server helpers resolveAllowedPath rejects outside roots", () => {
+    const root = path.resolve("/tmp/repo");
+    assert.throws(() => resolveAllowedPath("/etc", [root]), /outside allowed roots/);
+});

package/dist/server/__tests__/session-manager.test.js

@@ -0,0 +1,152 @@
+import test from "node:test";
+import assert from "node:assert/strict";
+import { SessionManager, sessionManagerTestables } from "../session-manager.js";
+test("sessionManagerTestables.summarizeToolTitle summarizes from raw input", () => {
+    const result = sessionManagerTestables.summarizeToolTitle("tool_exec", { command: "npm test", cwd: "/repo" }, "tool-1");
+    assert.equal(result, "npm test · /repo");
+});
+test("sessionManagerTestables.summarizeToolTitle falls back to tool id", () => {
+    const result = sessionManagerTestables.summarizeToolTitle("tool_exec", null, "tool-7");
+    assert.equal(result, "tool_exec");
+});
+test("sessionManagerTestables.summarizeToolTitle reads subagent description from stringified rawInput", () => {
+    const rawInput = JSON.stringify({ rawInput: { description: "探索当前代码库结构" } });
+    const result = sessionManagerTestables.summarizeToolTitle("Task", rawInput, "tool-9");
+    assert.equal(result, "Task · 探索当前代码库结构");
+});
+test("sessionManagerTestables.labelForMode maps known and unknown modes", () => {
+    assert.equal(sessionManagerTestables.labelForMode("plan"), "Plan");
+    assert.equal(sessionManagerTestables.labelForMode("custom"), "custom");
+    assert.equal(sessionManagerTestables.labelForMode(undefined), "默认模式");
+});
+test("sessionManagerTestables.formatError handles Error and objects", () => {
+    assert.equal(sessionManagerTestables.formatError(new Error("boom")), "boom");
+    assert.match(sessionManagerTestables.formatError({ code: 1 }), /"code":1/);
+});
+test("sessionManagerTestables.stringifyMaybe and asRecord behave as expected", () => {
+    assert.equal(sessionManagerTestables.stringifyMaybe("ok"), "ok");
+    assert.equal(sessionManagerTestables.asRecord(["x"]), null);
+    assert.deepEqual(sessionManagerTestables.asRecord({ a: 1 }), { a: 1 });
+});
+test("sessionManagerTestables.extractChunkText handles ACP content variants", () => {
+    assert.equal(sessionManagerTestables.extractChunkText({ type: "text", text: "hello" }), "hello");
+    assert.equal(sessionManagerTestables.extractChunkText({ type: "resource", resource: { text: "from-resource" } }), "from-resource");
+    assert.equal(sessionManagerTestables.extractChunkText({ type: "resource_link", uri: "file:///tmp/demo.txt" }), "[resource] file:///tmp/demo.txt");
+    assert.equal(sessionManagerTestables.extractChunkText([
+        { type: "text", text: "line-1" },
+        { type: "resource", resource: { text: "line-2" } },
+    ]), "line-1\nline-2");
+});
+test("SessionManager.getSessionHistory returns bounded page", () => {
+    const manager = new SessionManager({ allowedRoots: [process.cwd()], agentBinPath: "claude" });
+    const timeline = Array.from({ length: 10 }, (_, index) => ({
+        id: String(index),
+        kind: "system",
+        title: `t-${index}`,
+        body: `b-${index}`,
+    }));
+    manager.sessions.set("s1", {
+        snapshot: {
+            clientSessionId: "s1",
+            title: "demo",
+            workspacePath: process.cwd(),
+            connectionState: "connected",
+            sessionId: "x",
+            modes: [],
+            defaultModeId: "default",
+            currentModeId: "default",
+            busy: false,
+            timeline: [],
+            historyTotal: 0,
+            historyStart: 0,
+            permissions: [],
+            availableCommands: [],
+            updatedAt: new Date().toISOString(),
+        },
+        acpSession: null,
+        connectPromise: null,
+        fullTimeline: timeline,
+    });
+    const page = manager.getSessionHistory("s1", 9, 3);
+    assert.equal(page.start, 6);
+    assert.equal(page.total, 10);
+    assert.deepEqual(page.items.map((item) => item.id), ["6", "7", "8"]);
+});
+test("SessionManager.setSessionMode updates default and current mode together", async () => {
+    const manager = new SessionManager({ allowedRoots: [process.cwd()], agentBinPath: "claude" });
+    const events = [];
+    let requestedMode = "";
+    manager.subscribe((event) => {
+        events.push(event);
+    });
+    manager.sessions.set("s1", {
+        snapshot: {
+            clientSessionId: "s1",
+            title: "demo",
+            workspacePath: process.cwd(),
+            connectionState: "connected",
+            sessionId: "x",
+            modes: ["default", "plan"],
+            defaultModeId: "default",
+            currentModeId: "default",
+            busy: false,
+            timeline: [],
+            historyTotal: 0,
+            historyStart: 0,
+            permissions: [],
+            availableCommands: [],
+            updatedAt: new Date().toISOString(),
+        },
+        acpSession: {
+            setMode: async (modeId) => {
+                requestedMode = modeId;
+            },
+        },
+        connectPromise: null,
+        fullTimeline: [],
+    });
+    await manager.setSessionMode("s1", "plan");
+    const entry = manager.sessions.get("s1");
+    assert.equal(requestedMode, "plan");
+    assert.equal(entry.snapshot.defaultModeId, "plan");
+    assert.equal(entry.snapshot.currentModeId, "plan");
+    assert.deepEqual(events.at(-1), {
+        type: "session_mode_changed",
+        payload: {
+            clientSessionId: "s1",
+            defaultModeId: "plan",
+            currentModeId: "plan",
+        },
+    });
+});
+test("sessionManagerTestables.enrichPromptWithToolHints does not append routing hint", () => {
+    const untouched = sessionManagerTestables.enrichPromptWithToolHints("请读取配置并写回");
+    assert.equal(untouched, "请读取配置并写回");
+    const trimmed = sessionManagerTestables.enrichPromptWithToolHints("  请使用 mcp_acp_Read 读取文件  ");
+    assert.equal(trimmed, "请使用 mcp_acp_Read 读取文件");
+});
+test("sessionManagerTestables.formatEditToolChangeMessage summarizes edit diff payload", () => {
+    const formatted = sessionManagerTestables.formatEditToolChangeMessage(JSON.stringify([
+        {
+            oldFileName: "/tmp/a.ts",
+            newFileName: "/tmp/a.ts",
+            hunks: [{ oldStart: 1, oldLines: 1, newStart: 1, newLines: 2, lines: ["-x", "+y"] }],
+        },
+        {
+            index: "/tmp/b.ts",
+            hunks: [],
+        },
+    ]));
+    assert.deepEqual(formatted, {
+        title: "Edit 已修改 2 个文件",
+        body: "Edit 工具已更新以下文件：\n- /tmp/a.ts（1 处修改）\n- /tmp/b.ts",
+    });
+});
+test("sessionManagerTestables.normalizeAvailableCommandsSnapshot keeps slash names", () => {
+    const normalized = sessionManagerTestables.normalizeAvailableCommandsSnapshot([
+        { name: "help", description: "h" },
+        { command: "mcp.list", title: "list" },
+        "/help",
+    ]);
+    assert.deepEqual(normalized.map((item) => item.name), ["/help", "/mcp.list"]);
+});

package/dist/server/access-key.js

@@ -0,0 +1,40 @@
+import { randomBytes } from "node:crypto";
+export function createAccessKey() {
+    return randomBytes(24).toString("hex");
+}
+export function isAccessKeyAuthorized(rawUrl, expectedKey) {
+    if (!expectedKey) {
+        return true;
+    }
+    if (!rawUrl) {
+        return false;
+    }
+    const parsedUrl = new URL(rawUrl, "http://localhost");
+    return parsedUrl.searchParams.get("key") === expectedKey;
+}
+export function hasAuthorizedAccessCookie(rawCookie, expectedKey) {
+    if (!expectedKey) {
+        return true;
+    }
+    if (!rawCookie) {
+        return false;
+    }
+    const segments = rawCookie.split(";");
+    for (const segment of segments) {
+        const [rawName, ...rawValueParts] = segment.trim().split("=");
+        if (rawName !== "leduo_patrol_key") {
+            continue;
+        }
+        const rawValue = rawValueParts.join("=");
+        try {
+            return decodeURIComponent(rawValue) === expectedKey;
+        }
+        catch {
+            return rawValue === expectedKey;
+        }
+    }
+    return false;
+}
+export function buildAccessCookie(expectedKey) {
+    return `leduo_patrol_key=${encodeURIComponent(expectedKey)}; Path=/; HttpOnly; SameSite=Lax`;
+}