npm - lunel-cli - Versions diffs - 0.1.77 → 0.1.79 - Mend

lunel-cli 0.1.77 → 0.1.79

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/index.js +243 -486
package/package.json +1 -1

package/dist/index.js CHANGED Viewed

@@ -14,8 +14,6 @@ import { createServer, createConnection } from "net";
 import { createInterface } from "readline";
 const DEFAULT_PROXY_URL = normalizeGatewayUrl(process.env.LUNEL_PROXY_URL || "https://gateway.lunel.dev");
 const MANAGER_URL = normalizeGatewayUrl(process.env.LUNEL_MANAGER_URL || "https://manager.lunel.dev");
-const CLOUD_JOB_CONFIG_PATH = "/etc/lunel/job.json";
-const VM_HEARTBEAT_INTERVAL_MS = 10_000;
 const CLI_ARGS = process.argv.slice(2);
 import { createRequire } from "module";
 const __require = createRequire(import.meta.url);
@@ -58,7 +56,6 @@ let aiManager = null;
 let currentSessionCode = null;
 let currentSessionPassword = null;
 let currentPrimaryGateway = DEFAULT_PROXY_URL;
-let currentBackupGateway = null;
 let activeGatewayUrl = DEFAULT_PROXY_URL;
 let shuttingDown = false;
 let activeControlWs = null;
@@ -70,51 +67,6 @@ function logWithTimestamp(scope, message, fields) {
 }
 const activeTunnels = new Map();
 const PORT_SYNC_INTERVAL_MS = 30_000;
-let cloudJobConfig = null;
-let vmHeartbeatTimer = null;
-async function readCloudJobConfig() {
-    try {
-        const data = await fs.readFile(CLOUD_JOB_CONFIG_PATH, "utf-8");
-        return JSON.parse(data);
-    }
-    catch {
-        return null;
-    }
-}
-function startVmHeartbeat(resumeToken) {
-    if (!cloudJobConfig?.session_code)
-        return;
-    if (vmHeartbeatTimer)
-        return;
-    const cfg = cloudJobConfig;
-    const sendHeartbeat = () => {
-        if (shuttingDown)
-            return;
-        fetch(`${MANAGER_URL}/v1/vm/heartbeat`, {
-            method: "POST",
-            headers: { "Content-Type": "application/json" },
-            body: JSON.stringify({
-                sandboxId: cfg.sandbox_id,
-                resumeToken,
-                sandmanUrl: cfg.sandman_url || "",
-                repoUrl: cfg.repo_url,
-                branch: cfg.branch,
-                vmProfile: cfg.vm_profile || "",
-            }),
-        }).catch((err) => {
-            if (!shuttingDown)
-                console.warn("[vm] heartbeat failed:", err.message);
-        });
-    };
-    sendHeartbeat();
-    vmHeartbeatTimer = setInterval(sendHeartbeat, VM_HEARTBEAT_INTERVAL_MS);
-}
-function stopVmHeartbeat() {
-    if (vmHeartbeatTimer) {
-        clearInterval(vmHeartbeatTimer);
-        vmHeartbeatTimer = null;
-    }
-}
 const CLI_LOCAL_TCP_CONNECT_TIMEOUT_MS = 2_500;
 const PROXY_WS_CONNECT_TIMEOUT_MS = 12_000;
 const TUNNEL_SETUP_BUDGET_MS = 18_000;
@@ -260,7 +212,6 @@ function parseExtraPortsFromArgs(args) {
 }
 const EXTRA_PORTS = parseExtraPortsFromArgs(CLI_ARGS);
 const SCAN_PORTS = Array.from(new Set([...DEV_PORTS, ...EXTRA_PORTS])).sort((a, b) => a - b);
-const RUN_ABCD_MODE = CLI_ARGS.includes("--run-abcd");
 function samePortSet(a, b) {
     if (a.length !== b.length)
         return false;
@@ -340,45 +291,19 @@ function generatePersistentSecret(length) {
     }
     return out;
 }
-function normalizePairingRoot(input) {
-    try {
-        return fssync.realpathSync(input);
-    }
-    catch {
-        return path.resolve(input);
-    }
-}
 async function readCliConfig() {
     try {
         const raw = await fs.readFile(CLI_CONFIG_PATH, "utf-8");
         const parsed = JSON.parse(raw);
-        const pairings = Array.isArray(parsed.pairings)
-            ? parsed.pairings
-                .filter((entry) => {
-                return Boolean(entry &&
-                    typeof entry.secret === "string" &&
-                    typeof entry.root === "string" &&
-                    typeof entry.hostname === "string" &&
-                    typeof entry.phoneId === "string" &&
-                    typeof entry.pairedAt === "number" &&
-                    typeof entry.lastUsedAt === "number");
-            })
-                .map((entry) => ({
-                ...entry,
-                root: normalizePairingRoot(entry.root),
-            }))
-            : [];
         return {
             version: 1,
             deviceId: typeof parsed.deviceId === "string" && parsed.deviceId ? parsed.deviceId : generatePersistentSecret(32),
-            pairings,
         };
     }
     catch {
         return {
             version: 1,
             deviceId: generatePersistentSecret(32),
-            pairings: [],
         };
     }
 }
@@ -393,42 +318,6 @@ async function getCliConfig() {
     }
     return await cliConfigPromise;
 }
-async function persistCliConfig(mutator) {
-    const current = await getCliConfig();
-    const next = mutator({
-        version: 1,
-        deviceId: current.deviceId,
-        pairings: [...current.pairings],
-    });
-    cliConfigPromise = Promise.resolve(next);
-    await writeCliConfig(next);
-    return next;
-}
-async function getSavedPairingForRoot(root) {
-    const normalizedRoot = normalizePairingRoot(root);
-    const config = await getCliConfig();
-    const matches = config.pairings
-        .filter((entry) => entry.root === normalizedRoot)
-        .sort((a, b) => b.lastUsedAt - a.lastUsedAt);
-    return matches[0] || null;
-}
-async function savePairing(pairing) {
-    await persistCliConfig((config) => {
-        const deduped = config.pairings.filter((entry) => entry.secret !== pairing.secret);
-        deduped.push(pairing);
-        deduped.sort((a, b) => b.lastUsedAt - a.lastUsedAt);
-        return {
-            ...config,
-            pairings: deduped.slice(0, 50),
-        };
-    });
-}
-async function removePairing(secret) {
-    await persistCliConfig((config) => ({
-        ...config,
-        pairings: config.pairings.filter((entry) => entry.secret !== secret),
-    }));
-}
 // ============================================================================
 // File System Handlers
 // ============================================================================
@@ -2323,12 +2212,7 @@ async function processMessage(message) {
                         result = handleSystemPing();
                         break;
                     case "pairDevice": {
-                        const phoneId = typeof payload.phoneId === "string" ? payload.phoneId.trim() : "";
-                        if (!phoneId) {
-                            throw Object.assign(new Error("phoneId is required"), { code: "EINVAL" });
-                        }
-                        result = { ...(await registerPersistentPairing(phoneId)) };
-                        break;
+                        throw Object.assign(new Error("pairDevice is no longer supported"), { code: "EINVAL" });
                     }
                     default:
                         throw Object.assign(new Error(`Unknown action: ${ns}.${action}`), { code: "EINVAL" });
@@ -2651,124 +2535,75 @@ function normalizeGatewayUrl(input) {
     const path = parsed.pathname === "/" ? "" : parsed.pathname.replace(/\/+$/, "");
     return `${parsed.protocol}//${parsed.host}${path}`;
 }
-async function createSessionFromManager(opts = {}) {
-    const response = await fetch(`${MANAGER_URL}/v1/session`, {
-        method: "POST",
-        headers: { "Content-Type": "application/json" },
-        body: JSON.stringify(opts.requestedCode ? { requestedCode: opts.requestedCode } : {}),
-    });
+async function createQrCode() {
+    const response = await fetch(`${MANAGER_URL}/v2/qr`);
     if (!response.ok) {
-        throw new Error(`Failed to create session from manager: ${response.status}`);
+        throw new Error(`Failed to create QR code from manager: ${response.status}`);
     }
     return (await response.json());
 }
-async function connectToCloudSession(sessionCode) {
-    const response = await fetch(`${MANAGER_URL}/v1/session/resolve`, {
-        method: "POST",
-        headers: { "Content-Type": "application/json" },
-        body: JSON.stringify({ code: sessionCode }),
-    });
-    if (!response.ok) {
-        throw new Error(`Failed to look up cloud session ${sessionCode}: ${response.status}`);
-    }
-    const snapshot = await response.json();
-    if (!snapshot.exists || !snapshot.valid || !snapshot.primary || !snapshot.resumeToken || !snapshot.code) {
-        throw new Error(`Failed to look up cloud session ${sessionCode}: invalid or expired session`);
-    }
-    return {
-        sessionId: snapshot.sessionId || "",
-        code: snapshot.code,
-        password: snapshot.resumeToken,
-        primary: snapshot.primary,
-        backup: snapshot.backup ?? null,
-        state: snapshot.state,
-        expiresAt: snapshot.expiresAt,
-    };
-}
-async function resolveSessionByResumeToken(resumeToken) {
-    const response = await fetch(`${MANAGER_URL}/v1/session/resolve`, {
-        method: "POST",
-        headers: { "Content-Type": "application/json" },
-        body: JSON.stringify({ resumeToken }),
+async function assembleWithCode(code) {
+    const wsUrl = `${MANAGER_URL.replace(/^https:/, "wss:")}/v2/assemble?code=${encodeURIComponent(code)}&role=cli`;
+    return await new Promise((resolve, reject) => {
+        const ws = new WebSocket(wsUrl);
+        let settled = false;
+        const fail = (error) => {
+            if (settled)
+                return;
+            settled = true;
+            try {
+                ws.close();
+            }
+            catch {
+                // ignore
+            }
+            reject(error);
+        };
+        ws.on("message", (data) => {
+            try {
+                const parsed = JSON.parse(data.toString());
+                if (parsed.type !== "assembled" || typeof parsed.code !== "string" || typeof parsed.password !== "string") {
+                    fail(new Error("Invalid assemble payload"));
+                    return;
+                }
+                if (settled)
+                    return;
+                settled = true;
+                ws.send(JSON.stringify({ type: "ack" }));
+                resolve({ code: parsed.code, password: parsed.password });
+            }
+            catch (error) {
+                fail(error instanceof Error ? error : new Error(String(error)));
+            }
+        });
+        ws.on("close", (codeValue, reason) => {
+            if (settled)
+                return;
+            fail(new Error(`Assemble socket closed (${codeValue}: ${reason.toString()})`));
+        });
+        ws.on("error", (error) => {
+            fail(new Error(`Assemble socket error: ${error.message}`));
+        });
     });
-    if (!response.ok) {
-        throw new Error(`Failed to resolve session from manager: ${response.status}`);
-    }
-    const snapshot = await response.json();
-    if (!snapshot.exists || !snapshot.valid || !snapshot.primary || !snapshot.resumeToken || !snapshot.code) {
-        if (snapshot.reason === "session_finalized" || snapshot.reason === "not_found") {
-            return null;
-        }
-        if (snapshot.state === "ended" || snapshot.state === "expired") {
-            return null;
-        }
-        throw new Error(`Session resolve returned invalid snapshot (${snapshot.reason || "unknown"})`);
-    }
-    return {
-        sessionId: snapshot.sessionId || "",
-        code: snapshot.code || "",
-        password: snapshot.resumeToken,
-        primary: snapshot.primary,
-        backup: snapshot.backup ?? null,
-        state: snapshot.state,
-        expiresAt: snapshot.expiresAt,
-    };
 }
-async function registerPersistentPairing(phoneId) {
-    if (!currentSessionPassword) {
-        throw new Error("No active session secret available for pairing");
-    }
-    const config = await getCliConfig();
-    const response = await fetch(`${MANAGER_URL}/v1/pairings/register`, {
-        method: "POST",
-        headers: { "Content-Type": "application/json" },
-        body: JSON.stringify({
-            activeSecret: currentSessionPassword,
-            phoneId,
-            pcId: config.deviceId,
-            root: ROOT_DIR,
-            hostname: os.hostname(),
-        }),
-    });
+async function getAssignedProxyUrl(password) {
+    const url = new URL("/v2/proxy", MANAGER_URL);
+    url.searchParams.set("password", password);
+    const response = await fetch(url);
     if (!response.ok) {
-        throw new Error(`Failed to register persistent pairing (${response.status})`);
+        throw new Error(`Failed to get proxy from manager: ${response.status}`);
     }
     const payload = await response.json();
-    if (typeof payload.secret !== "string" ||
-        typeof payload.hostname !== "string" ||
-        typeof payload.root !== "string" ||
-        typeof payload.phoneId !== "string" ||
-        typeof payload.pairedAt !== "number" ||
-        typeof payload.lastUsedAt !== "number") {
-        throw new Error("Manager returned invalid pairing response");
-    }
-    const normalized = {
-        secret: payload.secret,
-        hostname: payload.hostname,
-        root: normalizePairingRoot(payload.root),
-        phoneId: payload.phoneId,
-        pairedAt: payload.pairedAt,
-        lastUsedAt: payload.lastUsedAt,
-    };
-    await savePairing({
-        secret: normalized.secret,
-        root: normalized.root,
-        hostname: normalized.hostname,
-        phoneId: normalized.phoneId,
-        pairedAt: normalized.pairedAt,
-        lastUsedAt: normalized.lastUsedAt,
-    });
-    return normalized;
+    if (typeof payload.proxyUrl !== "string" || !payload.proxyUrl) {
+        throw new Error("Manager returned invalid proxy assignment");
+    }
+    return normalizeGatewayUrl(payload.proxyUrl);
 }
-function displayQR(primaryGateway, backupGateway, code) {
+function displayQR(code) {
     console.log("\n");
     qrcode.generate(code, { small: true }, (qr) => {
         console.log(qr);
         console.log(`\n  Session code: ${code}\n`);
-        console.log(`  Primary gateway: ${primaryGateway}`);
-        if (backupGateway) {
-            console.log(`  Backup gateway: ${backupGateway}`);
-        }
         console.log(`  Root directory: ${ROOT_DIR}\n`);
         console.log("  Scan the QR code with the Lunel app to connect.");
         console.log("  Press Ctrl+C to exit.\n");
@@ -2783,14 +2618,8 @@ function buildWsUrl(gatewayUrl, role, channel) {
     if (currentSessionPassword) {
         query.set("password", currentSessionPassword);
     }
-    else if (currentSessionCode) {
-        query.set("code", currentSessionCode);
-        if (currentBackupGateway) {
-            query.set("backup", currentBackupGateway);
-        }
-    }
     else {
-        throw new Error("missing code/password for websocket connect");
+        throw new Error("missing password for websocket connect");
     }
     return `${wsBase}/v1/ws/${role}/${channel}?${query.toString()}`;
 }
@@ -2798,7 +2627,6 @@ function gracefulShutdown() {
     shuttingDown = true;
     console.log("\nShutting down...");
     void aiManager?.destroy();
-    stopVmHeartbeat();
     stopPortSync();
     if (ptyProcess) {
         ptyProcess.kill();
@@ -2820,212 +2648,195 @@ function gracefulShutdown() {
     process.exit(0);
 }
 async function connectWebSocket() {
-    const gateways = currentBackupGateway ? [currentPrimaryGateway, currentBackupGateway] : [currentPrimaryGateway];
-    const uniqueGateways = Array.from(new Set(gateways));
-    for (const gatewayUrl of uniqueGateways) {
-        try {
-            await new Promise((resolve, reject) => {
-                activeGatewayUrl = gatewayUrl;
-                const controlUrl = buildWsUrl(gatewayUrl, "cli", "control");
-                const dataUrl = buildWsUrl(gatewayUrl, "cli", "data");
-                console.log(`Connecting to gateway ${gatewayUrl}...`);
-                const controlWs = new WebSocket(controlUrl);
-                const dataWs = new WebSocket(dataUrl);
-                activeControlWs = controlWs;
-                activeDataWs = dataWs;
-                dataChannel = dataWs;
-                let controlConnected = false;
-                let dataConnected = false;
-                let settled = false;
-                let closeHandled = false;
-                let closeReason = "";
-                const failConnection = (reason) => {
-                    if (settled)
+    const gatewayUrl = currentPrimaryGateway;
+    await new Promise((resolve, reject) => {
+        activeGatewayUrl = gatewayUrl;
+        const controlUrl = buildWsUrl(gatewayUrl, "cli", "control");
+        const dataUrl = buildWsUrl(gatewayUrl, "cli", "data");
+        console.log(`Connecting to gateway ${gatewayUrl}...`);
+        const controlWs = new WebSocket(controlUrl);
+        const dataWs = new WebSocket(dataUrl);
+        activeControlWs = controlWs;
+        activeDataWs = dataWs;
+        dataChannel = dataWs;
+        let controlConnected = false;
+        let dataConnected = false;
+        let settled = false;
+        let closeHandled = false;
+        let closeReason = "";
+        const failConnection = (reason) => {
+            if (settled)
+                return;
+            settled = true;
+            reject(new Error(reason));
+        };
+        const checkFullyConnected = () => {
+            if (controlConnected && dataConnected && !settled) {
+                settled = true;
+                console.log("Connected to gateway (control + data channels).\n");
+                resolve();
+            }
+        };
+        const handleClose = (reason) => {
+            if (closeHandled || shuttingDown)
+                return;
+            closeHandled = true;
+            closeReason = reason;
+            stopPortSync();
+            cleanupAllTunnels();
+            setTimeout(() => {
+                if (shuttingDown)
+                    return;
+                void handleConnectionDrop(closeReason);
+            }, 50);
+        };
+        controlWs.on("open", () => {
+            controlConnected = true;
+            checkFullyConnected();
+        });
+        controlWs.on("message", async (data) => {
+            try {
+                const message = JSON.parse(data.toString());
+                if ("type" in message) {
+                    if (message.type === "connected")
                         return;
-                    settled = true;
-                    reject(new Error(reason));
-                };
-                const checkFullyConnected = () => {
-                    if (controlConnected && dataConnected && !settled) {
-                        settled = true;
-                        console.log("Connected to gateway (control + data channels).\n");
-                        resolve();
-                    }
-                };
-                const handleClose = (reason) => {
-                    if (closeHandled || shuttingDown)
+                    if (message.type === "peer_connected") {
+                        console.log("App connected!\n");
+                        startPortSync(controlWs);
                         return;
-                    closeHandled = true;
-                    closeReason = reason;
-                    stopPortSync();
-                    cleanupAllTunnels();
-                    setTimeout(() => {
-                        if (shuttingDown)
-                            return;
-                        void handleConnectionDrop(closeReason);
-                    }, 50);
-                };
-                controlWs.on("open", () => {
-                    controlConnected = true;
-                    checkFullyConnected();
-                });
-                controlWs.on("message", async (data) => {
-                    try {
-                        const message = JSON.parse(data.toString());
-                        if ("type" in message) {
-                            if (message.type === "connected")
-                                return;
-                            if (message.type === "session_password" && message.password) {
-                                if (!currentSessionPassword)
-                                    resetReplayBuffer(); // new session
-                                currentSessionPassword = message.password;
-                                console.log("[session] received reconnect password");
-                                return;
-                            }
-                            if (message.type === "peer_connected") {
-                                console.log("App connected!\n");
-                                startPortSync(controlWs);
-                                return;
-                            }
-                            if (message.type === "peer_disconnected") {
-                                console.log("App disconnected. Waiting for reconnect window.\n");
-                                stopPortSync();
-                                return;
-                            }
-                            if (message.type === "app_disconnected") {
-                                if (message.reconnectDeadline) {
-                                    console.log(`[session] app disconnected, waiting until ${new Date(message.reconnectDeadline).toISOString()}`);
-                                }
-                                return;
-                            }
-                            if (message.type === "close_connection") {
-                                const reason = message.reason || "expired";
-                                console.log(`[session] closed by gateway: ${reason}`);
-                                if (reason === "session ended from app") {
-                                    console.log("[session] Run `npx lunel-cli` again and scan the new QR code to reconnect.");
-                                }
-                                gracefulShutdown();
-                                return;
-                            }
-                        }
-                        if (isProtocolResponse(message)) {
-                            // Ignore server/app responses forwarded over WS; CLI only processes requests.
-                            return;
-                        }
-                        if (isProtocolRequest(message)) {
-                            const response = await processMessage(message);
-                            sendResponseOnData(response, dataWs);
-                            return;
-                        }
-                        console.warn("[router] Ignoring non-request control frame");
-                    }
-                    catch (error) {
-                        console.error("Error processing control message:", error);
                     }
-                });
-                controlWs.on("close", (code, reason) => {
-                    if (!settled) {
-                        failConnection(`control close before ready (${code}: ${reason.toString()})`);
+                    if (message.type === "peer_disconnected") {
+                        console.log("App disconnected. Waiting for reconnect window.\n");
+                        stopPortSync();
                         return;
                     }
-                    handleClose(`control closed (${code}: ${reason.toString()})`);
-                });
-                controlWs.on("error", (error) => {
-                    if (!settled) {
-                        failConnection(`control ws error: ${error.message}`);
+                    if (message.type === "app_disconnected") {
+                        if (message.reconnectDeadline) {
+                            console.log(`[session] app disconnected, waiting until ${new Date(message.reconnectDeadline).toISOString()}`);
+                        }
                         return;
                     }
-                    console.error("Control WebSocket error:", error.message);
-                });
-                dataWs.on("open", () => {
-                    dataConnected = true;
-                    checkFullyConnected();
-                });
-                dataWs.on("message", async (data) => {
-                    try {
-                        const raw = JSON.parse(data.toString());
-                        if (raw.type === "connected")
-                            return;
-                        // E2EE handshake messages (always plaintext)
-                        if (raw.type === "e2ee_hello" && typeof raw.pubkey === "string") {
-                            e2eeHandlePeerHello(raw.pubkey, dataWs);
-                            return;
-                        }
-                        if (raw.type === "e2ee_secure_ready") {
-                            e2eeHandlePeerReady();
-                            return;
-                        }
-                        // Reconnect request: reset E2EE so fresh handshake happens, then replay
-                        if (raw.ns === "system" && raw.action === "reconnect") {
-                            e2eeReset();
-                            const lastSeq = Number(raw.payload?.lastSeq ?? 0);
-                            const toReplay = replayBuffer.filter((e) => e.seq > lastSeq);
-                            console.log(`[replay] replaying ${toReplay.length} messages after seq ${lastSeq}`);
-                            // Replay without encryption — E2EE handshake hasn't completed yet
-                            for (const entry of toReplay)
-                                dataWs.send(JSON.stringify(entry.msg));
-                            return;
-                        }
-                        // Decrypt payload if E2EE is active
-                        let message = raw;
-                        if (e2eeActive && typeof raw.enc === "string") {
-                            try {
-                                message = { ...raw, payload: e2eeDecrypt(raw.enc) };
-                                delete message.enc;
-                            }
-                            catch (decErr) {
-                                console.error("[e2ee] decryption failed:", decErr.message);
-                                return;
-                            }
-                        }
-                        if (isProtocolResponse(message)) {
-                            // Ignore server/app responses forwarded over WS; CLI only processes requests.
-                            return;
+                    if (message.type === "close_connection") {
+                        const reason = message.reason || "expired";
+                        console.log(`[session] closed by gateway: ${reason}`);
+                        if (reason === "session ended from app") {
+                            console.log("[session] Run `npx lunel-cli` again and scan the new QR code to reconnect.");
                         }
-                        if (isProtocolRequest(message)) {
-                            const response = await processMessage(message);
-                            sendResponseOnData(response, dataWs);
-                            return;
-                        }
-                        console.warn("[router] Ignoring non-request data frame");
-                    }
-                    catch (error) {
-                        console.error("Error processing data message:", error);
-                    }
-                });
-                dataWs.on("close", (code, reason) => {
-                    // Reset backpressure state so reconnect starts fresh
-                    dataChannelPaused = false;
-                    if (dataChannelDrainTimer) {
-                        clearInterval(dataChannelDrainTimer);
-                        dataChannelDrainTimer = null;
-                    }
-                    if (!settled) {
-                        failConnection(`data close before ready (${code}: ${reason.toString()})`);
+                        gracefulShutdown();
                         return;
                     }
-                    handleClose(`data closed (${code}: ${reason.toString()})`);
-                });
-                dataWs.on("error", (error) => {
-                    if (!settled) {
-                        failConnection(`data ws error: ${error.message}`);
-                        return;
+                }
+                if (isProtocolResponse(message)) {
+                    // Ignore server/app responses forwarded over WS; CLI only processes requests.
+                    return;
+                }
+                if (isProtocolRequest(message)) {
+                    const response = await processMessage(message);
+                    sendResponseOnData(response, dataWs);
+                    return;
+                }
+                console.warn("[router] Ignoring non-request control frame");
+            }
+            catch (error) {
+                console.error("Error processing control message:", error);
+            }
+        });
+        controlWs.on("close", (code, reason) => {
+            if (!settled) {
+                failConnection(`control close before ready (${code}: ${reason.toString()})`);
+                return;
+            }
+            handleClose(`control closed (${code}: ${reason.toString()})`);
+        });
+        controlWs.on("error", (error) => {
+            if (!settled) {
+                failConnection(`control ws error: ${error.message}`);
+                return;
+            }
+            console.error("Control WebSocket error:", error.message);
+        });
+        dataWs.on("open", () => {
+            dataConnected = true;
+            checkFullyConnected();
+        });
+        dataWs.on("message", async (data) => {
+            try {
+                const raw = JSON.parse(data.toString());
+                if (raw.type === "connected")
+                    return;
+                // E2EE handshake messages (always plaintext)
+                if (raw.type === "e2ee_hello" && typeof raw.pubkey === "string") {
+                    e2eeHandlePeerHello(raw.pubkey, dataWs);
+                    return;
+                }
+                if (raw.type === "e2ee_secure_ready") {
+                    e2eeHandlePeerReady();
+                    return;
+                }
+                // Reconnect request: reset E2EE so fresh handshake happens, then replay
+                if (raw.ns === "system" && raw.action === "reconnect") {
+                    e2eeReset();
+                    const lastSeq = Number(raw.payload?.lastSeq ?? 0);
+                    const toReplay = replayBuffer.filter((e) => e.seq > lastSeq);
+                    console.log(`[replay] replaying ${toReplay.length} messages after seq ${lastSeq}`);
+                    // Replay without encryption — E2EE handshake hasn't completed yet
+                    for (const entry of toReplay)
+                        dataWs.send(JSON.stringify(entry.msg));
+                    return;
+                }
+                // Decrypt payload if E2EE is active
+                let message = raw;
+                if (e2eeActive && typeof raw.enc === "string") {
+                    try {
+                        message = { ...raw, payload: e2eeDecrypt(raw.enc) };
+                        delete message.enc;
                     }
-                    console.error("Data WebSocket error:", error.message);
-                });
-                setTimeout(() => {
-                    if (!settled) {
-                        failConnection("connection timeout");
+                    catch (decErr) {
+                        console.error("[e2ee] decryption failed:", decErr.message);
+                        return;
                     }
-                }, 10000);
-            });
-            return;
-        }
-        catch (err) {
-            console.error(`[gateway] failed ${gatewayUrl}: ${err.message}`);
-        }
-    }
-    throw new Error("unable to connect to any gateway");
+                }
+                if (isProtocolResponse(message)) {
+                    // Ignore server/app responses forwarded over WS; CLI only processes requests.
+                    return;
+                }
+                if (isProtocolRequest(message)) {
+                    const response = await processMessage(message);
+                    sendResponseOnData(response, dataWs);
+                    return;
+                }
+                console.warn("[router] Ignoring non-request data frame");
+            }
+            catch (error) {
+                console.error("Error processing data message:", error);
+            }
+        });
+        dataWs.on("close", (code, reason) => {
+            // Reset backpressure state so reconnect starts fresh
+            dataChannelPaused = false;
+            if (dataChannelDrainTimer) {
+                clearInterval(dataChannelDrainTimer);
+                dataChannelDrainTimer = null;
+            }
+            if (!settled) {
+                failConnection(`data close before ready (${code}: ${reason.toString()})`);
+                return;
+            }
+            handleClose(`data closed (${code}: ${reason.toString()})`);
+        });
+        dataWs.on("error", (error) => {
+            if (!settled) {
+                failConnection(`data ws error: ${error.message}`);
+                return;
+            }
+            console.error("Data WebSocket error:", error.message);
+        });
+        setTimeout(() => {
+            if (!settled) {
+                failConnection("connection timeout");
+            }
+        }, 10000);
+    });
 }
 async function handleConnectionDrop(reason) {
     if (shuttingDown)
@@ -3042,16 +2853,7 @@ async function handleConnectionDrop(reason) {
         const base = Math.min(250 * 2 ** (attempt - 1), 30_000);
         const delayMs = Math.round(base * (0.8 + Math.random() * 0.4));
         try {
-            const resolved = await resolveSessionByResumeToken(currentSessionPassword);
-            if (!resolved) {
-                console.error("[reconnect] session no longer exists or is finalized");
-                gracefulShutdown();
-                return;
-            }
-            currentSessionCode = resolved.code;
-            currentSessionPassword = resolved.password;
-            currentPrimaryGateway = normalizeGatewayUrl(resolved.primary);
-            currentBackupGateway = resolved.backup ? normalizeGatewayUrl(resolved.backup) : null;
+            currentPrimaryGateway = await getAssignedProxyUrl(currentSessionPassword);
             await connectWebSocket();
             console.log(`[reconnect] connected via ${activeGatewayUrl}`);
             return;
@@ -3068,14 +2870,6 @@ async function main() {
     if (EXTRA_PORTS.length > 0) {
         console.log(`Extra ports enabled: ${EXTRA_PORTS.join(", ")}`);
     }
-    // Detect cloud VM mode
-    cloudJobConfig = await readCloudJobConfig();
-    if (cloudJobConfig?.session_code) {
-        console.log(`[cloud] Running in VM mode (sandbox: ${cloudJobConfig.sandbox_id})`);
-    }
-    if (RUN_ABCD_MODE) {
-        console.log("[review] Running in pinned review session mode (code: abcd)");
-    }
     try {
         await getCliConfig();
         console.log("Checking PTY runtime...");
@@ -3096,52 +2890,15 @@ async function main() {
                 checkDataChannelBackpressure();
             }
         });
-        let session;
-        if (RUN_ABCD_MODE) {
-            session = await createSessionFromManager({ requestedCode: "abcd" });
-            console.log(`[review] Attached to session ${session.code} via ${session.primary}`);
-        }
-        else if (cloudJobConfig?.session_code) {
-            // Cloud mode: connect to an existing session assigned by the manager
-            session = await connectToCloudSession(cloudJobConfig.session_code);
-            console.log(`[cloud] Connected to session ${session.code} via ${session.primary}`);
-        }
-        else {
-            const savedPairing = await getSavedPairingForRoot(ROOT_DIR);
-            if (savedPairing) {
-                try {
-                    const resolved = await resolveSessionByResumeToken(savedPairing.secret);
-                    if (resolved) {
-                        session = resolved;
-                        console.log(`[pairing] Waiting on saved connection for ${savedPairing.hostname}`);
-                    }
-                    else {
-                        await removePairing(savedPairing.secret);
-                        session = await createSessionFromManager();
-                        displayQR(normalizeGatewayUrl(session.primary), session.backup ? normalizeGatewayUrl(session.backup) : null, session.code);
-                    }
-                }
-                catch {
-                    await removePairing(savedPairing.secret);
-                    session = await createSessionFromManager();
-                    displayQR(normalizeGatewayUrl(session.primary), session.backup ? normalizeGatewayUrl(session.backup) : null, session.code);
-                }
-            }
-            else {
-                // Public mode: create a new session and show QR code
-                session = await createSessionFromManager();
-                displayQR(normalizeGatewayUrl(session.primary), session.backup ? normalizeGatewayUrl(session.backup) : null, session.code);
-            }
-        }
-        currentPrimaryGateway = normalizeGatewayUrl(session.primary);
-        currentBackupGateway = session.backup ? normalizeGatewayUrl(session.backup) : null;
-        currentSessionPassword = session.password;
+        const qr = await createQrCode();
+        currentSessionCode = qr.code;
+        displayQR(qr.code);
+        const assembled = await assembleWithCode(qr.code);
+        resetReplayBuffer();
+        currentSessionCode = assembled.code;
+        currentSessionPassword = assembled.password;
+        currentPrimaryGateway = await getAssignedProxyUrl(assembled.password);
         activeGatewayUrl = currentPrimaryGateway;
-        currentSessionCode = session.code;
-        // Start VM heartbeat in cloud mode (session.password = resumeToken)
-        if (cloudJobConfig?.session_code) {
-            startVmHeartbeat(session.password);
-        }
         await connectWebSocket();
     }
     catch (error) {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "lunel-cli",
-  "version": "0.1.77",
+  "version": "0.1.79",
   "author": [
     {
       "name": "Soham Bharambe",