miki-moni 0.3.1

package/src/install-hooks.ts

@@ -0,0 +1,107 @@
+import { promises as fs } from "node:fs";
+import path from "node:path";
+import os from "node:os";
+import { fileURLToPath } from "node:url";
+
+const SETTINGS_PATH = path.join(os.homedir(), ".claude", "settings.json");
+// Resolve the hook script relative to THIS source file, not the current
+// working directory. After a global `npm install -g miki-moni` the user
+// will run `miki install-hooks` from anywhere — process.cwd() is no longer
+// the cc-hub repo so `path.resolve("hooks", ...)` would point at the wrong
+// place. Module-relative gives us the package's own hooks/ dir.
+const _moduleDir = path.dirname(fileURLToPath(import.meta.url));
+const HOOK_SCRIPT_ABS = path.resolve(_moduleDir, "..", "hooks", "miki-emit.ps1");
+const MARKER = "miki-emit.ps1";
+// Legacy markers from pre-rename installs. Any hook group whose command
+// references one of these is stripped before we install the current entry —
+// otherwise upgrade-and-rerun produces two hooks firing per event.
+const LEGACY_MARKERS = ["cc-hub-emit.ps1"];
+
+const TARGETS: Array<{ key: string; matcher?: string }> = [
+  { key: "SessionStart" },
+  { key: "Stop" },
+  { key: "UserPromptSubmit" },
+  { key: "PreToolUse", matcher: ".*" },
+  { key: "PostToolUse", matcher: ".*" },
+];
+
+function commandFor(eventName: string): string {
+  return `powershell -NoProfile -File "${HOOK_SCRIPT_ABS}" ${eventName}`;
+}
+
+async function readSettings(): Promise<Record<string, any>> {
+  let raw: string;
+  try {
+    raw = await fs.readFile(SETTINGS_PATH, "utf8");
+  } catch (err: unknown) {
+    if ((err as NodeJS.ErrnoException).code === "ENOENT") return {};
+    throw err;
+  }
+  try {
+    return JSON.parse(raw);
+  } catch (err) {
+    console.error(`Could not parse ${SETTINGS_PATH} — file is not valid JSON.`);
+    console.error(`Original error: ${(err as Error).message}`);
+    console.error(`Fix the file by hand (or restore from a backup), then re-run install:hooks.`);
+    process.exit(1);
+  }
+}
+
+async function writeSettings(s: Record<string, any>): Promise<void> {
+  await fs.mkdir(path.dirname(SETTINGS_PATH), { recursive: true });
+  await fs.writeFile(SETTINGS_PATH, JSON.stringify(s, null, 2));
+}
+
+function isLegacyGroup(g: any): boolean {
+  if (!Array.isArray(g?.hooks)) return false;
+  return g.hooks.some((h: any) =>
+    typeof h?.command === "string" && LEGACY_MARKERS.some((m) => h.command.includes(m)),
+  );
+}
+
+function ensureHookEntry(
+  hooks: Record<string, any[]>,
+  key: string,
+  matcher: string | undefined,
+  command: string,
+): void {
+  if (!Array.isArray(hooks[key])) hooks[key] = [];
+  // Drop legacy entries first so a re-install after rename doesn't double-fire.
+  hooks[key] = hooks[key].filter((g) => !isLegacyGroup(g));
+  const groups = hooks[key];
+
+  for (const g of groups) {
+    if (Array.isArray(g.hooks)) {
+      for (const h of g.hooks) {
+        if (typeof h.command === "string" && h.command.includes(MARKER)) return;  // already present
+      }
+    }
+  }
+
+  const newGroup: Record<string, any> = { hooks: [{ type: "command", command }] };
+  if (matcher) newGroup.matcher = matcher;
+  groups.push(newGroup);
+}
+
+async function main(): Promise<void> {
+  const settings = await readSettings();
+
+  // Backup once
+  const backup = SETTINGS_PATH + ".miki-moni.bak";
+  try { await fs.access(backup); }
+  catch { try { await fs.copyFile(SETTINGS_PATH, backup); } catch { /* no original yet */ } }
+
+  if (!settings.hooks || typeof settings.hooks !== "object") settings.hooks = {};
+  for (const t of TARGETS) {
+    ensureHookEntry(settings.hooks, t.key, t.matcher, commandFor(t.key));
+  }
+
+  await writeSettings(settings);
+  console.log(`Hooks installed to ${SETTINGS_PATH}`);
+  console.log(`Backup at ${backup}`);
+}
+
+main().catch((err) => {
+  console.error(err);
+  process.exit(1);
+});

package/src/notifier.ts

@@ -0,0 +1,21 @@
+import notifier from "node-notifier";
+
+export interface NotifyArgs {
+  project: string;
+  message: string;
+}
+
+export type SendFn = (opts: { title: string; message: string }) => void;
+
+export const defaultSend: SendFn = (opts) => notifier.notify(opts);
+
+export class Notifier {
+  constructor(private send: SendFn = defaultSend) {}
+
+  async notify(args: NotifyArgs): Promise<void> {
+    this.send({
+      title: `miki-moni · ${args.project}`,
+      message: args.message,
+    });
+  }
+}

package/src/pairing.ts

@@ -0,0 +1,100 @@
+import nacl from "tweetnacl";
+import { createHash } from "node:crypto";
+import { deriveSharedSecret, toBase64, fromBase64 } from "./crypto.js";
+import type { PairedPeer } from "./config.js";
+import type { Plaintext } from "./relay-protocol.js";
+
+export const PAIRING_TOKEN_TTL_MS = 10 * 60 * 1000;
+
+const PAIRING_ALPHABET = "23456789ABCDEFGHJKMNPQRSTUVWXYZ";
+const PAIRING_TOKEN_LENGTH = 16;
+const PAIRING_TOKEN_BYTES = 16;
+
+export function generateNewPairingToken(): string {
+  const bytes = nacl.randomBytes(PAIRING_TOKEN_LENGTH);
+  let out = "";
+  for (let i = 0; i < PAIRING_TOKEN_LENGTH; i++) {
+    out += PAIRING_ALPHABET[bytes[i]! % PAIRING_ALPHABET.length];
+  }
+  return out;
+}
+
+export interface PairingQrInput {
+  worker_url: string;
+  pairing_token: string;
+  daemon_pubkey: string;   // kept for backwards-compat; not used in new URL
+  device_name: string;     // kept for backwards-compat; not used in new URL
+  /** Override the PWA URL — used by self-hosters whose Pages project isn't
+   *  at miki-moni.pages.dev. Defaults to the hosted convenience URL. */
+  phone_pwa_url?: string;
+}
+
+/** Hosted PWA URL — phone camera opens this directly. Self-hosters override via
+ *  Config.remote.phone_pwa_url + pass through the input. */
+export const PHONE_PWA_URL = "https://miki-moni.pages.dev/";
+
+/** HTTPS URL with token + relay in the URL fragment. Fragment is never sent to
+ *  the server, so the token doesn't leak into CF/Pages access logs. */
+export function pairingQrPayload(input: PairingQrInput): string {
+  const fragment = `t=${input.pairing_token}&r=${encodeURIComponent(input.worker_url)}`;
+  const base = input.phone_pwa_url ?? PHONE_PWA_URL;
+  return `${base}#${fragment}`;
+}
+
+export function computePeerId(peerPubkeyBase64: string): string {
+  return createHash("sha256")
+    .update(peerPubkeyBase64)
+    .digest("base64")
+    .replace(/[+/=]/g, "")
+    .slice(0, 16);
+}
+
+type PairingState = "pending" | "paired" | "expired";
+
+export interface PairOffer {
+  phone_pk: string;   // base64
+  phone_name: string;
+}
+
+export interface PairResult {
+  peer: PairedPeer;
+  pairAck: Extract<Plaintext, { kind: "pair_ack" }>;
+}
+
+export class PairingSession {
+  readonly pairingToken: string;
+  state: PairingState = "pending";
+  private readonly createdAt: number = Date.now();
+  private readonly daemonPrivkey: Uint8Array;
+  private readonly daemonPubkey: Uint8Array;
+
+  constructor(daemonPrivkey: Uint8Array, daemonPubkey: Uint8Array) {
+    this.daemonPrivkey = daemonPrivkey;
+    this.daemonPubkey = daemonPubkey;
+    this.pairingToken = toBase64(nacl.randomBytes(PAIRING_TOKEN_BYTES));
+  }
+
+  isExpired(): boolean {
+    return Date.now() - this.createdAt >= PAIRING_TOKEN_TTL_MS;
+  }
+
+  handleOffer(offer: PairOffer): PairResult {
+    if (this.state !== "pending") {
+      throw new Error(
+        `PairingSession already in state '${this.state}'; cannot accept new offer`,
+      );
+    }
+    const phonePubkey = fromBase64(offer.phone_pk);
+    const sharedSecret = deriveSharedSecret(this.daemonPrivkey, phonePubkey);
+    const peer: PairedPeer = {
+      peer_id: computePeerId(offer.phone_pk),
+      peer_name: offer.phone_name,
+      peer_pubkey: offer.phone_pk,
+      shared_secret: toBase64(sharedSecret),
+      paired_at: Date.now(),
+      last_seen_at: null,
+    };
+    this.state = "paired";
+    return { peer, pairAck: { kind: "pair_ack", ok: true } };
+  }
+}

package/src/protocol-ext.ts

@@ -0,0 +1,46 @@
+// Daemon-side mirror of extension/src/protocol.ts. Kept duplicate (not a
+// symlink/shared package) because the extension is a separate npm package
+// with its own dist; cross-package import would complicate the VSIX build.
+// Drift risk is low — types are small and stable. If they ever diverge, both
+// integration test (ws_ext routing) and submitter test will fail.
+
+export interface MsgRegister {
+  type: "register";
+  workspace_root: string;
+  helper_version: string;
+}
+
+export interface MsgSubmitAck {
+  type: "submit_ack";
+  request_id: string;
+  ok: boolean;
+  error?: string;
+  diag?: string;
+}
+
+export interface MsgPong {
+  type: "pong";
+  request_id: string;
+}
+
+export type ExtMessage = MsgRegister | MsgSubmitAck | MsgPong;
+
+export interface MsgSubmit {
+  type: "submit";
+  request_id: string;
+  session_uuid: string;
+  prompt: string;
+}
+
+export interface MsgPing {
+  type: "ping";
+  request_id: string;
+}
+
+export type DaemonMessage = MsgSubmit | MsgPing;
+
+export function normalizePath(p: string): string {
+  let n = p.replace(/\\/g, "/").toLowerCase();
+  if (n.length > 1 && n.endsWith("/")) n = n.slice(0, -1);
+  return n;
+}