miki-moni 0.3.1

package/tools/tray.ps1

@@ -0,0 +1,286 @@
+<#
+  miki-moni system-tray helper.
+
+  Spawned by the daemon (src/index.ts) on Windows. Owns a NotifyIcon in the
+  system tray for as long as the daemon process is alive — when the daemon
+  PID disappears, this helper exits and the icon vanishes.
+
+  Args:
+    -DaemonPid <int>   PID to monitor. When it exits, this script exits too.
+    -Port <int>        Daemon HTTP port (used by the "Open dashboard" menu).
+
+  The cat icon is rendered at runtime via GDI+ — same path data as the SVG
+  in web/assets/miki-cat.svg, just translated to GraphicsPath calls. No
+  external icon file needed, so the daemon stays "single binary"-ish.
+#>
+
+param(
+  [Parameter(Mandatory = $true)][int]$DaemonPid,
+  [Parameter(Mandatory = $false)][int]$Port = 8765
+)
+
+$ErrorActionPreference = 'Stop'
+
+# Write all output to ~/.miki-moni/tray.log so silent failures can be
+# diagnosed post-mortem. Append so successive spawns don't clobber history.
+$trayLogPath = Join-Path $env:USERPROFILE ".miki-moni\tray.log"
+try {
+  $logDir = Split-Path $trayLogPath -Parent
+  if (-not (Test-Path $logDir)) { New-Item -ItemType Directory -Path $logDir -Force | Out-Null }
+  Start-Transcript -Path $trayLogPath -Append -Force | Out-Null
+  Write-Output "[$(Get-Date -Format 'yyyy-MM-dd HH:mm:ss')] tray.ps1 starting (DaemonPid=$DaemonPid, Port=$Port, PSVersion=$($PSVersionTable.PSVersion))"
+} catch { }
+
+Add-Type -AssemblyName System.Windows.Forms
+Add-Type -AssemblyName System.Drawing
+
+# ── Render the sleeping-cat icon ────────────────────────────────────────
+# SVG coords are in a 24×24 viewBox; we render to 32×32 (standard tray icon
+# size) and rely on GDI+ antialiasing for the curves. GetHicon() returns an
+# HICON that NotifyIcon can own; we wrap it in System.Drawing.Icon.
+function New-CatIcon {
+  $size = 32
+  $scale = $size / 24.0
+  $bmp = New-Object System.Drawing.Bitmap $size, $size
+  $g = [System.Drawing.Graphics]::FromImage($bmp)
+  $g.SmoothingMode = [System.Drawing.Drawing2D.SmoothingMode]::AntiAlias
+  $g.CompositingQuality = [System.Drawing.Drawing2D.CompositingQuality]::HighQuality
+  $g.InterpolationMode = [System.Drawing.Drawing2D.InterpolationMode]::HighQualityBicubic
+
+  $color = [System.Drawing.Color]::FromArgb(255, 28, 32, 36)
+  $pen = New-Object System.Drawing.Pen $color, ([float](1.6 * $scale))
+  $pen.StartCap = [System.Drawing.Drawing2D.LineCap]::Round
+  $pen.EndCap   = [System.Drawing.Drawing2D.LineCap]::Round
+  $pen.LineJoin = [System.Drawing.Drawing2D.LineJoin]::Round
+
+  function P([double]$x, [double]$y) {
+    New-Object System.Drawing.PointF ([float]($x * $scale)), ([float]($y * $scale))
+  }
+
+  # ── Body + two ear peaks (one continuous closed path) ────────────────
+  $body = New-Object System.Drawing.Drawing2D.GraphicsPath
+  # M 4.5,13.2 → L peaks → close with Beziers
+  $body.AddLine((P 4.5 13.2), (P 6 10))
+  $body.AddLine((P 6 10),     (P 7.6 13))
+  $body.AddLine((P 7.6 13),   (P 9.6 11))
+  $body.AddLine((P 9.6 11),   (P 11.4 13))
+  # C 14.5,13 18.5,13.6 20,15.8
+  $body.AddBezier((P 11.4 13), (P 14.5 13),   (P 18.5 13.6), (P 20 15.8))
+  # C 20.8,17 20.4,18.3 18.6,18.7
+  $body.AddBezier((P 20 15.8), (P 20.8 17),   (P 20.4 18.3), (P 18.6 18.7))
+  # C 16,19.2 7,19.2 5.4,18.4
+  $body.AddBezier((P 18.6 18.7), (P 16 19.2), (P 7 19.2),    (P 5.4 18.4))
+  # C 3.8,17.5 3.6,14.5 4.5,13.2
+  $body.AddBezier((P 5.4 18.4),  (P 3.8 17.5), (P 3.6 14.5),  (P 4.5 13.2))
+  $body.CloseFigure()
+  $g.DrawPath($pen, $body)
+
+  # ── Closed sleeping eye: q 0.9,0.7 1.8,0 starting at (6.8, 15.2) ─────
+  # SVG quadratic q → endpoint at (6.8+1.8, 15.2+0) = (8.6, 15.2)
+  # Convert quadratic Bezier (P0, C, P2) to cubic for GDI+:
+  #   CP1 = P0 + 2/3 (C - P0); CP2 = P2 + 2/3 (C - P2)
+  # P0=(6.8,15.2)  C=(7.7,15.9)  P2=(8.6,15.2)
+  $eyePen = New-Object System.Drawing.Pen $color, ([float](1.3 * $scale))
+  $eyePen.StartCap = [System.Drawing.Drawing2D.LineCap]::Round
+  $eyePen.EndCap   = [System.Drawing.Drawing2D.LineCap]::Round
+  $eye = New-Object System.Drawing.Drawing2D.GraphicsPath
+  # CP1 = (6.8 + 2/3*(7.7-6.8), 15.2 + 2/3*(15.9-15.2)) = (7.4, 15.667)
+  # CP2 = (8.6 + 2/3*(7.7-8.6), 15.2 + 2/3*(15.9-15.2)) = (8.0, 15.667)
+  $eye.AddBezier((P 6.8 15.2), (P 7.4 15.667), (P 8.0 15.667), (P 8.6 15.2))
+  $g.DrawPath($eyePen, $eye)
+
+  # ── Two Z's drifting up: each is "h L h" — three line segments ──────
+  $zPen1 = New-Object System.Drawing.Pen $color, ([float](1.3 * $scale))
+  $zPen1.StartCap = [System.Drawing.Drawing2D.LineCap]::Round
+  $zPen1.EndCap   = [System.Drawing.Drawing2D.LineCap]::Round
+  $zPen1.LineJoin = [System.Drawing.Drawing2D.LineJoin]::Round
+  $z1 = New-Object System.Drawing.Drawing2D.GraphicsPath
+  # M 15,7  h 2.4  l -2.4,2.6  h 2.4  →  (15,7)→(17.4,7)→(15,9.6)→(17.4,9.6)
+  $z1.AddLine((P 15 7),     (P 17.4 7))
+  $z1.AddLine((P 17.4 7),   (P 15 9.6))
+  $z1.AddLine((P 15 9.6),   (P 17.4 9.6))
+  $g.DrawPath($zPen1, $z1)
+
+  $zPen2 = New-Object System.Drawing.Pen $color, ([float](1.1 * $scale))
+  $zPen2.StartCap = [System.Drawing.Drawing2D.LineCap]::Round
+  $zPen2.EndCap   = [System.Drawing.Drawing2D.LineCap]::Round
+  $zPen2.LineJoin = [System.Drawing.Drawing2D.LineJoin]::Round
+  $z2 = New-Object System.Drawing.Drawing2D.GraphicsPath
+  # M 18.4,4.5  h 1.6  l -1.6,1.8  h 1.6  → (18.4,4.5)→(20,4.5)→(18.4,6.3)→(20,6.3)
+  $z2.AddLine((P 18.4 4.5), (P 20 4.5))
+  $z2.AddLine((P 20 4.5),   (P 18.4 6.3))
+  $z2.AddLine((P 18.4 6.3), (P 20 6.3))
+  $g.DrawPath($zPen2, $z2)
+
+  $g.Dispose()
+  $hicon = $bmp.GetHicon()
+  $icon = [System.Drawing.Icon]::FromHandle($hicon)
+  return @{ Icon = $icon; Bitmap = $bmp; Handle = $hicon }
+}
+
+# ── Build the NotifyIcon ────────────────────────────────────────────────
+$catIcon = New-CatIcon
+$notify = New-Object System.Windows.Forms.NotifyIcon
+$notify.Icon = $catIcon.Icon
+$notify.Text = "miki-moni · running · pid $DaemonPid"
+$notify.Visible = $true
+
+$menu = New-Object System.Windows.Forms.ContextMenuStrip
+$openItem    = $menu.Items.Add("Open dashboard")
+$pairItem    = $menu.Items.Add("Show pairing QR")
+$rotateItem  = $menu.Items.Add("Rotate pairing token (new QR / password)")
+$restartItem = $menu.Items.Add("Restart daemon")
+$null = $menu.Items.Add("-")  # separator
+$quitItem    = $menu.Items.Add("Quit daemon")
+
+$openItem.Add_Click({
+  Start-Process "http://127.0.0.1:$Port" | Out-Null
+})
+
+# Read pair_token + worker_url + phone_pwa_url from config.json and open the
+# static pair-info.html page that the daemon serves out of dist/web/. The page
+# renders the QR in-browser, no server endpoint needed.
+$pairItem.Add_Click({
+  try {
+    $cfgPath = Join-Path $env:USERPROFILE ".miki-moni\config.json"
+    if (-not (Test-Path $cfgPath)) {
+      [System.Windows.Forms.MessageBox]::Show(
+        "config.json not found at $cfgPath. Run ``miki setup`` first.",
+        "miki-moni", "OK", "Warning") | Out-Null
+      return
+    }
+    # PS 5.1 defaults to system ANSI codepage; force UTF-8 or Chinese device
+    # names (and any non-ASCII path) break ConvertFrom-Json with a cryptic
+    # "傳入了無效的物件，必須有 ':' 或 '}'" error.
+    $cfg = Get-Content -Raw -Encoding UTF8 $cfgPath | ConvertFrom-Json
+    $token = $cfg.remote.pair_token
+    $relay = $cfg.remote.worker_url
+    $pwa   = if ($cfg.remote.phone_pwa_url) { $cfg.remote.phone_pwa_url } else { "https://miki-moni.pages.dev/" }
+    if (-not $token -or -not $relay) {
+      [System.Windows.Forms.MessageBox]::Show(
+        "No pair_token or worker_url in config. Run ``miki pair`` to create one.",
+        "miki-moni", "OK", "Warning") | Out-Null
+      return
+    }
+    Add-Type -AssemblyName System.Web
+    $q = "t=" + [System.Web.HttpUtility]::UrlEncode($token) +
+         "&r=" + [System.Web.HttpUtility]::UrlEncode($relay) +
+         "&pwa=" + [System.Web.HttpUtility]::UrlEncode($pwa)
+    Start-Process "http://127.0.0.1:$Port/pair-info.html?$q" | Out-Null
+  } catch {
+    [System.Windows.Forms.MessageBox]::Show(
+      "Could not open pairing page: $_",
+      "miki-moni", "OK", "Error") | Out-Null
+  }
+})
+
+$rotateItem.Add_Click({
+  # Confirm before rotating — old QR / URL / 16-char code immediately invalid.
+  # Already-paired phones still work (signing key, not token, re-auths them).
+  $confirm = [System.Windows.Forms.MessageBox]::Show(
+    "Generate a new pairing token? The current QR / URL / 16-char code will stop working immediately. Already-paired phones are unaffected.",
+    "miki-moni · rotate pairing token",
+    "OKCancel", "Question")
+  if ($confirm -ne "OK") { return }
+  try {
+    $r = Invoke-RestMethod -Uri "http://127.0.0.1:$Port/admin/rotate-pair" `
+      -Method Post -TimeoutSec 5 -ContentType "application/json"
+    $token = $r.token
+    $relay = $r.worker_url
+    $pwa   = if ($r.phone_pwa_url) { $r.phone_pwa_url } else { "https://miki-moni.pages.dev/" }
+    Add-Type -AssemblyName System.Web
+    $q = "t=" + [System.Web.HttpUtility]::UrlEncode($token) +
+         "&r=" + [System.Web.HttpUtility]::UrlEncode($relay) +
+         "&pwa=" + [System.Web.HttpUtility]::UrlEncode($pwa)
+    # Daemon restarts itself after rotate so RelayClient re-registers the new
+    # token. Give it ~2s to come back up, then open the new QR page.
+    Start-Sleep -Seconds 2
+    Start-Process "http://127.0.0.1:$Port/pair-info.html?$q" | Out-Null
+  } catch {
+    [System.Windows.Forms.MessageBox]::Show(
+      "Rotate failed: $_",
+      "miki-moni", "OK", "Error") | Out-Null
+  }
+})
+
+$restartItem.Add_Click({
+  # POST /admin/restart so the daemon can decide how to relaunch itself.
+  # Best-effort: fire and forget; if the endpoint doesn't exist we just
+  # exit and rely on `miki claude` to respawn on next use.
+  try {
+    Invoke-WebRequest -Uri "http://127.0.0.1:$Port/admin/restart" `
+      -Method Post -UseBasicParsing -TimeoutSec 2 | Out-Null
+  } catch { }
+})
+
+$quitItem.Add_Click({
+  try {
+    Invoke-WebRequest -Uri "http://127.0.0.1:$Port/admin/quit" `
+      -Method Post -UseBasicParsing -TimeoutSec 2 | Out-Null
+  } catch { }
+  # If the daemon ignored /admin/quit, fall back to killing the PID directly.
+  # Use the latest watched pid (in case daemon respawned since tray launch).
+  Start-Sleep -Milliseconds 800
+  $pidToKill = if ($script:DaemonPidWatched) { $script:DaemonPidWatched } else { $DaemonPid }
+  if (Get-Process -Id $pidToKill -ErrorAction SilentlyContinue) {
+    Stop-Process -Id $pidToKill -Force -ErrorAction SilentlyContinue
+  }
+})
+
+# Single-click also opens the dashboard — matches most tray-app conventions.
+$notify.Add_MouseClick({
+  param($sender, $e)
+  if ($e.Button -eq [System.Windows.Forms.MouseButtons]::Left) {
+    Start-Process "http://127.0.0.1:$Port" | Out-Null
+  }
+})
+$notify.ContextMenuStrip = $menu
+
+# ── PID watcher ─────────────────────────────────────────────────────────
+# Poll the watched PID once per second. When it dies, give a grace window
+# for a replacement daemon (rotate / restart respawns) to come up — query
+# /admin/pid and if a NEW daemon is alive on the same port, follow it.
+# Only exit if the daemon stays gone for `$maxGraceTicks` consecutive polls.
+# A WinForms Timer fires on the UI thread so we can touch $notify safely.
+$script:DaemonPidWatched = $DaemonPid
+$script:GraceTicks = 0
+$script:MaxGraceTicks = 10  # ~10s window for respawn
+$timer = New-Object System.Windows.Forms.Timer
+$timer.Interval = 1000
+$timer.Add_Tick({
+  if (Get-Process -Id $script:DaemonPidWatched -ErrorAction SilentlyContinue) {
+    $script:GraceTicks = 0
+    return
+  }
+  # Watched pid is gone — see if a replacement daemon answered /admin/pid.
+  try {
+    $r = Invoke-RestMethod -Uri "http://127.0.0.1:$Port/admin/pid" -TimeoutSec 1
+    if ($r.pid -and $r.pid -ne $script:DaemonPidWatched) {
+      $script:DaemonPidWatched = [int]$r.pid
+      $notify.Text = "miki-moni · running · pid $($script:DaemonPidWatched)"
+      $script:GraceTicks = 0
+      return
+    }
+  } catch {
+    # daemon unreachable — keep counting toward grace deadline
+  }
+  $script:GraceTicks++
+  if ($script:GraceTicks -ge $script:MaxGraceTicks) {
+    $timer.Stop()
+    $notify.Visible = $false
+    $notify.Dispose()
+    [System.Windows.Forms.Application]::Exit()
+  }
+})
+$timer.Start()
+
+# Run the WinForms message pump. Application.Exit() above breaks out cleanly.
+try {
+  [System.Windows.Forms.Application]::Run()
+}
+finally {
+  $timer.Stop()
+  if ($notify) { $notify.Visible = $false; $notify.Dispose() }
+  if ($catIcon.Icon) { $catIcon.Icon.Dispose() }
+  if ($catIcon.Bitmap) { $catIcon.Bitmap.Dispose() }
+}

package/worker/package.json

@@ -0,0 +1,24 @@
+{
+  "name": "miki-relay",
+  "version": "0.1.0",
+  "private": true,
+  "description": "Cloudflare Worker + Durable Objects for miki-moni E2E relay",
+  "scripts": {
+    "dev": "wrangler dev",
+    "deploy": "wrangler deploy",
+    "test": "vitest run",
+    "test:watch": "vitest",
+    "typecheck": "tsc --noEmit"
+  },
+  "dependencies": {
+    "tweetnacl": "^1.0.3",
+    "tweetnacl-util": "^0.15.1"
+  },
+  "devDependencies": {
+    "@cloudflare/vitest-pool-workers": "^0.7.0",
+    "@cloudflare/workers-types": "^4.20250515.0",
+    "typescript": "^5.6.2",
+    "vitest": "^2.0.5",
+    "wrangler": "^3.85.0"
+  }
+}

package/worker/src/daemon-relay.ts

@@ -0,0 +1,348 @@
+import type { Env } from "./env.js";
+import {
+  generateChallenge,
+  buildChallengeMessage,
+  toBase64,
+  fromBase64,
+  deriveDaemonId,
+  CHALLENGE_TTL_MS,
+  type Challenge,
+} from "./handshake.js";
+import nacl from "tweetnacl";
+
+interface DaemonAttachment {
+  role: "daemon";
+  pubkey_b64: string;          // Ed25519 signing pubkey (challenge-response + daemon_id derivation)
+  enc_pubkey_b64?: string;     // X25519 encryption pubkey (sent to phones for ECDH in pair_init)
+  challenge?: Challenge;
+  authed: boolean;
+  daemon_id: string;
+}
+
+interface PhoneAttachment {
+  role: "phone";
+  phone_id: string;                  // signing pubkey b64 (reconnect-mode auth + revoke_self routing)
+  peer_id?: string;                  // computePeerId(encryption_pubkey) — addresses daemon→phone envelopes
+  pairing_token?: string;
+  authed: boolean;
+}
+
+type Attachment = DaemonAttachment | PhoneAttachment;
+
+export class DaemonRelay implements DurableObject {
+  constructor(private state: DurableObjectState, private env: Env) {}
+
+  async fetch(req: Request): Promise<Response> {
+    const url = new URL(req.url);
+    if (url.pathname.endsWith("/v1/daemon")) return this.acceptDaemon(req);
+    if (url.pathname.endsWith("/v1/phone")) return this.acceptPhone(req);
+    return new Response("not_found", { status: 404 });
+  }
+
+  private async acceptDaemon(req: Request): Promise<Response> {
+    const pubkey_b64 = req.headers.get("X-Daemon-Pubkey");
+    if (!pubkey_b64) return new Response("missing X-Daemon-Pubkey", { status: 400 });
+    let pubkey: Uint8Array;
+    try {
+      pubkey = fromBase64(pubkey_b64);
+      if (pubkey.length !== 32) throw new Error("bad length");
+    } catch {
+      return new Response("bad X-Daemon-Pubkey", { status: 400 });
+    }
+    // X-Daemon-Enc-Pubkey: daemon's X25519 encryption pubkey. Required for
+    // phones to derive a working shared secret in pair_offer — without this
+    // they'd ECDH against the signing key (different curve) and get garbage.
+    const enc_pubkey_b64 = req.headers.get("X-Daemon-Enc-Pubkey") ?? undefined;
+    const daemon_id = this.state.id.name ?? await deriveDaemonId(pubkey);
+
+    const pair = new WebSocketPair();
+    const [client, server] = Object.values(pair) as [WebSocket, WebSocket];
+
+    const challenge = generateChallenge();
+    const att: DaemonAttachment = {
+      role: "daemon", pubkey_b64, enc_pubkey_b64,
+      challenge, authed: false, daemon_id,
+    };
+
+    this.state.acceptWebSocket(server, ["daemon"]);
+    server.serializeAttachment(att);
+
+    server.send(JSON.stringify({
+      type: "challenge",
+      nonce: toBase64(challenge.nonce),
+      issued_at_ms: challenge.issued_at_ms,
+    }));
+
+    return new Response(null, { status: 101, webSocket: client });
+  }
+
+  private async acceptPhone(req: Request): Promise<Response> {
+    const url = new URL(req.url);
+    const pairing_token = req.headers.get("X-Pairing-Token") ?? url.searchParams.get("token");
+    const phone_pubkey_hdr = req.headers.get("X-Phone-Pubkey") ?? url.searchParams.get("phone_pubkey");
+    const sig_hdr = req.headers.get("X-Sig") ?? url.searchParams.get("sig");
+
+    const pair = new WebSocketPair();
+    const [client, server] = Object.values(pair) as [WebSocket, WebSocket];
+
+    if (!pairing_token && !phone_pubkey_hdr) {
+      server.close(4000, "missing_pairing_token_or_phone_pubkey");
+      return new Response(null, { status: 101, webSocket: client });
+    }
+
+    if (pairing_token) {
+      const phone_id = pairing_token;
+      const att: PhoneAttachment = { role: "phone", phone_id, pairing_token, authed: false };
+      this.state.acceptWebSocket(server, ["phone", phone_id]);
+      server.serializeAttachment(att);
+
+      // Prefer the X25519 encryption pubkey (post-fix daemons). Older daemons
+      // only stored the signing pubkey — phones paired against those have
+      // broken shared secrets and must re-pair after the daemon upgrades.
+      const daemonEncPubkey = await this.state.storage.get<string>("daemon_enc_pubkey_b64");
+      const daemonPubkey = daemonEncPubkey ?? await this.state.storage.get<string>("daemon_pubkey_b64");
+      const pending = await this.state.storage.get<{ token: string; expires_at_ms: number }>("pending_pair");
+      if (!daemonPubkey || !pending || pending.token !== pairing_token || Date.now() > pending.expires_at_ms) {
+        server.close(4002, "pairing_token_invalid");
+        return new Response(null, { status: 101, webSocket: client });
+      }
+
+      server.send(JSON.stringify({ type: "pair_init", daemon_pubkey: daemonPubkey }));
+      return new Response(null, { status: 101, webSocket: client });
+    }
+
+    // Reconnect mode (sig verification)
+    if (!phone_pubkey_hdr || !sig_hdr) {
+      return new Response("missing phone_pubkey or sig", { status: 400 });
+    }
+    const phone_id = phone_pubkey_hdr;
+    const att: PhoneAttachment = { role: "phone", phone_id, authed: false };
+    this.state.acceptWebSocket(server, ["phone", phone_id]);
+    server.serializeAttachment(att);
+    const paired = await this.state.storage.get<Record<string, string>>("paired_phones");
+    if (!paired || !paired[phone_pubkey_hdr]) {
+      server.close(4001, "unknown_phone");
+      return new Response(null, { status: 101, webSocket: client });
+    }
+    if (!this.verifyReconnectSig(phone_pubkey_hdr, sig_hdr)) {
+      server.close(4001, "bad_sig");
+      return new Response(null, { status: 101, webSocket: client });
+    }
+    att.authed = true;
+    server.serializeAttachment(att);
+    server.send(JSON.stringify({ type: "ready" }));
+    return new Response(null, { status: 101, webSocket: client });
+  }
+
+  private verifyReconnectSig(phone_pubkey_b64: string, sig_b64: string): boolean {
+    try {
+      const pubkey = fromBase64(phone_pubkey_b64);
+      const sig = fromBase64(sig_b64);
+      const daemon_id = this.state.id.name!;
+      const daemonIdBytes = new TextEncoder().encode(daemon_id);
+      const nowMinute = Math.floor(Date.now() / 60_000);
+      for (const m of [nowMinute, nowMinute - 1]) {
+        const msg = new Uint8Array(daemonIdBytes.length + 8);
+        msg.set(daemonIdBytes, 0);
+        new DataView(msg.buffer, daemonIdBytes.length, 8).setBigUint64(0, BigInt(m), false);
+        if (nacl.sign.detached.verify(msg, sig, pubkey)) return true;
+      }
+      return false;
+    } catch {
+      return false;
+    }
+  }
+
+  // ── Hibernating WebSocket handlers ────────────────────────────────────────
+
+  async webSocketMessage(ws: WebSocket, message: string | ArrayBuffer): Promise<void> {
+    const att = ws.deserializeAttachment() as Attachment | undefined;
+    if (!att) { ws.close(1011, "no_attachment"); return; }
+    const text = typeof message === "string" ? message : new TextDecoder().decode(message);
+    let msg: any;
+    try { msg = JSON.parse(text); } catch { ws.close(1008, "bad_json"); return; }
+
+    if (att.role === "daemon") return this.handleDaemonMessage(ws, att, msg);
+    return this.handlePhoneMessage(ws, att, msg);
+  }
+
+  private async handleDaemonMessage(ws: WebSocket, att: DaemonAttachment, msg: any): Promise<void> {
+    if (!att.authed) {
+      if (msg.type !== "challenge_response") { ws.close(1008, "expected_challenge_response"); return; }
+      const pubkey = fromBase64(att.pubkey_b64);
+      const sig = fromBase64(msg.sig);
+      const ch = att.challenge!;
+      const sigMsg = buildChallengeMessage(ch.nonce, ch.issued_at_ms);
+      if (Date.now() > ch.issued_at_ms + CHALLENGE_TTL_MS) { ws.close(4001, "challenge_expired"); return; }
+      if (!nacl.sign.detached.verify(sigMsg, sig, pubkey)) { ws.close(4001, "bad_sig"); return; }
+      att.authed = true;
+      att.challenge = undefined;
+      ws.serializeAttachment(att);
+      await this.state.storage.put("daemon_pubkey_b64", att.pubkey_b64);
+      // Store the X25519 encryption pubkey separately so pair_init returns the
+      // right key for phone-side ECDH. Older daemons that don't send the
+      // header → field stays undefined and we fall back in acceptPhone.
+      if (att.enc_pubkey_b64) {
+        await this.state.storage.put("daemon_enc_pubkey_b64", att.enc_pubkey_b64);
+      }
+      ws.send(JSON.stringify({ type: "ready", daemon_id: att.daemon_id }));
+      return;
+    }
+
+    if (msg.type === "register_pairing") {
+      const token = String(msg.token ?? "");
+      // `persistent: true` makes the token survive both TTL sweeps and claims,
+      // so the QR can be permanent until the user rotates. DO storage gets the
+      // same flag for its own consistency check in acceptPhone().
+      const persistent = msg.persistent === true;
+      const expires_at_ms = persistent ? Number.MAX_SAFE_INTEGER : Date.now() + 10 * 60 * 1000;
+      await this.state.storage.put("pending_pair", { token, expires_at_ms, persistent });
+      if (this.env.PAIRING) {
+        const coordId = this.env.PAIRING.idFromName("coordinator");
+        const coordStub = this.env.PAIRING.get(coordId);
+        await coordStub.fetch("https://x/register", {
+          method: "POST",
+          body: JSON.stringify({ token, daemon_id: att.daemon_id, persistent }),
+          headers: { "content-type": "application/json" },
+        });
+      }
+      return;
+    }
+
+    if (msg.type === "pair_ack") {
+      for (const phone of this.state.getWebSockets("phone")) {
+        const p = phone.deserializeAttachment() as PhoneAttachment;
+        if (p && p.pairing_token) {
+          // Forward the WHOLE message so daemon_id flows through to phone.
+          phone.send(JSON.stringify(msg));
+          p.authed = true;
+          p.pairing_token = undefined;
+          phone.serializeAttachment(p);
+        }
+      }
+      // Persistent tokens are kept — same QR can pair the next device.
+      // Ephemeral tokens are consumed once.
+      const pending = await this.state.storage.get<{ token: string; expires_at_ms: number; persistent?: boolean }>("pending_pair");
+      if (!pending?.persistent) {
+        await this.state.storage.delete("pending_pair");
+      }
+      return;
+    }
+
+    if (msg.type === "revoke_phone") {
+      // Daemon kicks a previously-paired phone: drop from paired_phones map and
+      // close any live WS for that phone.
+      const signPk = String(msg.phone_pubkey_b64 ?? "");
+      if (signPk) {
+        const paired = (await this.state.storage.get<Record<string, string>>("paired_phones")) ?? {};
+        if (paired[signPk]) {
+          delete paired[signPk];
+          await this.state.storage.put("paired_phones", paired);
+        }
+        for (const ph of this.state.getWebSockets("phone")) {
+          const p = ph.deserializeAttachment() as PhoneAttachment | undefined;
+          if (p && p.phone_id === signPk) {
+            try { ph.send(JSON.stringify({ type: "phone_revoked", by: "daemon" })); } catch { /* */ }
+            try { ph.close(4003, "revoked"); } catch { /* */ }
+          }
+        }
+      }
+      return;
+    }
+
+    // Envelope or other daemon-originated message. Route by `to` field if it
+    // identifies a specific phone; otherwise broadcast to all authed phones.
+    //   to: "phone:<peer_id>"  → only the matching phone (avoids decryption noise
+    //                            on other paired phones that share this DO)
+    //   to: anything else / absent → broadcast (back-compat for unaddressed sends)
+    const target = typeof msg?.to === "string" ? msg.to : "";
+    const peerMatch = /^phone:(.+)$/.exec(target);
+    if (peerMatch) {
+      const targetPeerId = peerMatch[1];
+      for (const phone of this.state.getWebSockets("phone")) {
+        const p = phone.deserializeAttachment() as PhoneAttachment;
+        if (p && p.authed && p.peer_id === targetPeerId) {
+          phone.send(JSON.stringify(msg));
+        }
+      }
+      return;
+    }
+    for (const phone of this.state.getWebSockets("phone")) {
+      const p = phone.deserializeAttachment() as PhoneAttachment;
+      if (p && p.authed) phone.send(JSON.stringify(msg));
+    }
+  }
+
+  private async handlePhoneMessage(ws: WebSocket, att: PhoneAttachment, msg: any): Promise<void> {
+    if (!att.authed) {
+      if (msg.type === "pair_offer" && att.pairing_token) {
+        const signPk = String(msg.phone_sign_pubkey ?? msg.phone_pubkey ?? "");
+        if (signPk) {
+          const paired = (await this.state.storage.get<Record<string, string>>("paired_phones")) ?? {};
+          paired[signPk] = String(Date.now());
+          await this.state.storage.put("paired_phones", paired);
+          // Re-key attachment to the signing pubkey so a later revoke_self on
+          // this same socket can identify itself without a disconnect+reconnect.
+          att.phone_id = signPk;
+          ws.serializeAttachment(att);
+        }
+        this.broadcastToDaemons(msg);
+        return;
+      }
+      ws.close(1008, "expected_pair_offer");
+      return;
+    }
+
+    if (msg.type === "register_peer_id") {
+      // Phone tells the relay its addressable peer_id so daemon→phone envelopes
+      // addressed `to: "phone:<peer_id>"` can be routed precisely instead of
+      // broadcast-and-discard-noise on every other paired phone.
+      const peer_id = String(msg.peer_id ?? "");
+      if (peer_id) {
+        att.peer_id = peer_id;
+        ws.serializeAttachment(att);
+      }
+      return;
+    }
+
+    if (msg.type === "revoke_self") {
+      // Phone wants to unpair. att.phone_id IS the signing pubkey in reconnect mode.
+      const signPk = att.phone_id;
+      if (signPk) {
+        const paired = (await this.state.storage.get<Record<string, string>>("paired_phones")) ?? {};
+        if (paired[signPk]) {
+          delete paired[signPk];
+          await this.state.storage.put("paired_phones", paired);
+        }
+        // Tell daemon to clean up its local config too.
+        this.broadcastToDaemons({ type: "phone_revoked", phone_pubkey_b64: signPk });
+      }
+      try { ws.send(JSON.stringify({ type: "revoked_ok" })); } catch { /* */ }
+      ws.close(1000, "revoked");
+      return;
+    }
+
+    this.broadcastToDaemons(msg);
+  }
+
+  /** Multiple daemon WSes can accumulate (e.g. pair CLI restarts before the prior WS is GC'd).
+   *  Broadcast to all — only the live process replies. Dead sockets either no-op or get cleaned up
+   *  in webSocketClose. */
+  /** Broadcast to every daemon WS in the tag. Stale sockets from crashed CLI
+   *  sessions can accumulate; sending to a dead one throws and is ignored. The
+   *  live daemon(s) — typically one — receive and respond. */
+  private broadcastToDaemons(msg: any): void {
+    const payload = JSON.stringify(msg);
+    for (const d of this.state.getWebSockets("daemon")) {
+      try { d.send(payload); } catch { /* dead socket; CF GCs on close */ }
+    }
+  }
+
+  async webSocketClose(_ws: WebSocket, _code: number, _reason: string, _wasClean: boolean): Promise<void> {}
+  async webSocketError(_ws: WebSocket, _err: unknown): Promise<void> {}
+
+  private daemonWs(): WebSocket | null {
+    const arr = this.state.getWebSockets("daemon");
+    return arr[0] ?? null;
+  }
+}

package/worker/src/env.ts

@@ -0,0 +1,11 @@
+// Bindings exposed by wrangler.toml to the Worker runtime.
+export interface Env {
+  PAIRING: DurableObjectNamespace;
+  RELAY: DurableObjectNamespace;
+  RATE_LIMITER: RateLimit;
+}
+
+// CF rate-limit binding (not in workers-types yet).
+export interface RateLimit {
+  limit(opts: { key: string }): Promise<{ success: boolean }>;
+}