pairai 0.3.0 → 0.3.2

package/lib.ts

@@ -1,10 +1,15 @@
 /**
  * Pure/testable functions extracted from pairai CLI.
- * Imported by both pairai.ts and unit tests.
+ * Imported by both pairai.ts, bridge, and unit tests.
  */
 import { existsSync, readFileSync, statSync, openSync, writeSync, closeSync, unlinkSync, mkdirSync, constants as fsConstants } from "node:fs";
 import { join } from "node:path";
 import { homedir } from "node:os";
+import {
+  publicEncrypt, privateDecrypt, sign, verify,
+  randomBytes, createCipheriv, createDecipheriv,
+  constants as cryptoConstants,
+} from "node:crypto";
 
 export type Provider = "claude" | "gemini" | "cursor" | "copilot" | "windsurf" | "codex" | "amazonq";
 
@@ -247,3 +252,67 @@ export function releaseLock(agentId: string, lockDir?: string): void {
   const path = lockPath(agentId, lockDir);
   try { unlinkSync(path); } catch {}
 }
+
+// ── Crypto ──────────────────────────────────────────────────────────────────
+
+/**
+ * Encrypt plaintext with AES-256-GCM, wrap key with RSA-OAEP for each recipient,
+ * sign (taskId + ciphertext) with RSA-PSS.
+ */
+export function localEncrypt(
+  plaintext: string,
+  taskId: string,
+  senderPrivateKey: string,
+  recipientPubKeys: Record<string, string>,
+): { ciphertext: string; signature: string; encryptedKeys: Record<string, string> } {
+  const key = randomBytes(32);
+  const iv = randomBytes(12);
+  const cipher = createCipheriv("aes-256-gcm", key, iv);
+  const encrypted = Buffer.concat([cipher.update(plaintext, "utf8"), cipher.final()]);
+  const tag = cipher.getAuthTag();
+  const ciphertext = Buffer.concat([iv, encrypted, tag]).toString("base64");
+
+  const signature = sign(null, Buffer.from(taskId + ciphertext), {
+    key: senderPrivateKey,
+    padding: cryptoConstants.RSA_PKCS1_PSS_PADDING,
+    saltLength: 32,
+  }).toString("base64");
+
+  const encryptedKeys: Record<string, string> = {};
+  for (const [id, pub] of Object.entries(recipientPubKeys)) {
+    encryptedKeys[id] = publicEncrypt(
+      { key: pub, oaepHash: "sha256", padding: cryptoConstants.RSA_PKCS1_OAEP_PADDING },
+      key,
+    ).toString("base64");
+  }
+
+  return { ciphertext, signature, encryptedKeys };
+}
+
+/**
+ * Verify signature, unwrap AES key with own private key, decrypt AES-256-GCM.
+ */
+export function localDecrypt(
+  ciphertext: string,
+  sig: string,
+  taskId: string,
+  senderPub: string,
+  myEncKey: string,
+  myPrivateKey: string,
+): string {
+  const valid = verify(null, Buffer.from(taskId + ciphertext), {
+    key: senderPub,
+    padding: cryptoConstants.RSA_PKCS1_PSS_PADDING,
+    saltLength: 32,
+  }, Buffer.from(sig, "base64"));
+  if (!valid) throw new Error("Signature verification failed");
+
+  const aesKey = privateDecrypt(
+    { key: myPrivateKey, oaepHash: "sha256", padding: cryptoConstants.RSA_PKCS1_OAEP_PADDING },
+    Buffer.from(myEncKey, "base64"),
+  );
+  const data = Buffer.from(ciphertext, "base64");
+  const decipher = createDecipheriv("aes-256-gcm", aesKey, data.subarray(0, 12));
+  decipher.setAuthTag(data.subarray(-16));
+  return Buffer.concat([decipher.update(data.subarray(12, -16)), decipher.final()]).toString("utf8");
+}

package/package.json

@@ -1,13 +1,14 @@
 {
   "name": "pairai",
-  "version": "0.3.0",
+  "version": "0.3.2",
   "description": "pairai CLI — connect AI agents to collaborate via the pairai hub",
   "type": "module",
   "license": "MIT",
   "homepage": "https://pairai.pro",
   "repository": {
     "type": "git",
-    "url": "https://git.quis.app/quis.app/connect_ai"
+    "url": "https://github.com/pairaipro/pairai",
+    "directory": "channel"
   },
   "keywords": [
     "ai",

package/pairai.ts

@@ -8,20 +8,21 @@
  *   npx pairai upgrade     — update to latest version (preserves keys and config)
  *   npx pairai version     — show current version
  *
- * Env: PAIRAI_HUB_URL, PAIRAI_AGENT_CRED, PAIRAI_KEY_FILE, PAIRAI_POLL_MS
+ * Env: PAIRAI_HUB_URL      — hub URL (default: https://pairai.pro)
+ *      PAIRAI_AGENT_CRED   — agent API key (from setup)
+ *      PAIRAI_KEY_FILE     — path to RSA private key .pem
+ *      PAIRAI_POLL_MS      — poll interval in ms (default: 5000)
+ *      PAIRAI_LOCK_DIR     — lock file directory (default: ~/.pairai/locks)
+ *      PAIRAI_DEBUG        — verbose log: "1" for ~/.pairai/debug.log, or a file path
  * Legacy: PAIRAI_URL, PAIRAI_API_KEY, PAIRAI_PRIVATE_KEY_PATH
  */
 import { execSync } from "node:child_process";
-import {
-  generateKeyPairSync,
-  publicEncrypt, privateDecrypt, sign, verify,
-  randomBytes, createCipheriv, createDecipheriv, constants,
-} from "node:crypto";
-import { writeFileSync, mkdirSync, readFileSync, existsSync } from "node:fs";
+import { generateKeyPairSync } from "node:crypto";
+import { writeFileSync, mkdirSync, readFileSync, existsSync, appendFileSync } from "node:fs";
 import { homedir } from "node:os";
 import { join, dirname } from "node:path";
 import { fileURLToPath } from "node:url";
-import { validateProvider, detectProvider, checkExistingConfig, formatKeyBackupBox, acquireLock, releaseLock, getProviderConfig } from "./lib.js";
+import { validateProvider, detectProvider, checkExistingConfig, formatKeyBackupBox, acquireLock, releaseLock, getProviderConfig, localEncrypt as _localEncrypt, localDecrypt as _localDecrypt } from "./lib.js";
 import type { Provider } from "./lib.js";
 
 const __dirname = dirname(fileURLToPath(import.meta.url));
@@ -31,6 +32,19 @@ const VERSION: string = PKG.version;
 const args = process.argv.slice(2);
 const command = args[0];
 
+// ── Debug logging ────────────────────────────────────────────────────────────
+// Enable with PAIRAI_DEBUG=1 or PAIRAI_DEBUG=/path/to/file.log
+// When enabled, writes verbose poll/notification logs to the specified file
+// (or ~/.pairai/debug.log if set to "1").
+const DEBUG_LOG = process.env.PAIRAI_DEBUG;
+const debugLogPath = DEBUG_LOG === "1" ? join(homedir(), ".pairai", "debug.log")
+  : DEBUG_LOG || null;
+function debugLog(msg: string) {
+  if (!debugLogPath) return;
+  const line = `${new Date().toISOString()} ${msg}\n`;
+  try { appendFileSync(debugLogPath, line); } catch {}
+}
+
 // ── Version ─────────────────────────────────────────────────────────────────
 
 if (command === "version" || args.includes("--version") || args.includes("-v")) {
@@ -72,6 +86,20 @@ if (command === "setup") {
   const rest = args.slice(1);
   const hubIdx = rest.indexOf("--hub");
   const hubUrl = hubIdx !== -1 ? rest.splice(hubIdx, 2)[1] : "https://pairai.pro";
+  try {
+    const parsed = new URL(hubUrl);
+    if (!["http:", "https:"].includes(parsed.protocol)) {
+      console.error("  Error: Hub URL must use http: or https: protocol.");
+      process.exit(1);
+    }
+    const isLocal = parsed.hostname === "localhost" || parsed.hostname === "127.0.0.1" || parsed.hostname === "::1";
+    if (parsed.protocol === "http:" && !isLocal) {
+      console.error("  Warning: Hub URL uses HTTP (insecure). Use HTTPS for production deployments.");
+    }
+  } catch {
+    console.error("  Error: Invalid hub URL.");
+    process.exit(1);
+  }
   const providerIdx = rest.indexOf("--provider");
   const providerArg = providerIdx !== -1 ? rest.splice(providerIdx, 2)[1] : undefined;
   if (providerArg) {
@@ -129,7 +157,7 @@ if (command === "setup") {
   console.log(`  API Key:   ${apiKey}`);
 
   const keyDir = join(homedir(), ".pairai", "keys");
-  mkdirSync(keyDir, { recursive: true });
+  mkdirSync(keyDir, { recursive: true, mode: 0o700 });
   const keyPath = join(keyDir, `${id}.pem`);
   writeFileSync(keyPath, privateKey, { mode: 0o600 });
   console.log(`  Private key: ${keyPath}`);
@@ -149,7 +177,7 @@ if (command === "setup") {
   };
 
   // Ensure config directory exists
-  mkdirSync(dirname(cfg.configPath), { recursive: true });
+  mkdirSync(dirname(cfg.configPath), { recursive: true, mode: 0o700 });
 
   if (cfg.format === "toml") {
     // Codex CLI uses TOML
@@ -165,14 +193,14 @@ if (command === "setup") {
       `PAIRAI_AGENT_CRED = "${apiKey}"`,
       `PAIRAI_KEY_FILE = "${keyPath}"`,
     ].join("\n");
-    writeFileSync(cfg.configPath, existing + tomlBlock + "\n");
+    writeFileSync(cfg.configPath, existing + tomlBlock + "\n", { mode: 0o600 });
   } else {
     // JSON — merge with existing config
     let existing: any = {};
     try { if (existsSync(cfg.configPath)) existing = JSON.parse(readFileSync(cfg.configPath, "utf-8")); } catch {}
     if (!existing.mcpServers) existing.mcpServers = {};
     existing.mcpServers[cfg.mcpKey] = serverEntry;
-    writeFileSync(cfg.configPath, JSON.stringify(existing, null, 2) + "\n");
+    writeFileSync(cfg.configPath, JSON.stringify(existing, null, 2) + "\n", { mode: 0o600 });
   }
 
   console.log(`  Config: ${cfg.configPath}`);
@@ -200,6 +228,15 @@ if (command !== "serve") {
   console.error("  npx pairai serve [--provider claude|gemini|cursor|copilot|windsurf|codex|amazonq]");
   console.error("  npx pairai upgrade        — update to latest version");
   console.error("  npx pairai version        — show current version");
+  console.error("");
+  console.error("Environment variables:");
+  console.error("  PAIRAI_HUB_URL      Hub URL (default: https://pairai.pro)");
+  console.error("  PAIRAI_AGENT_CRED   Agent API key (from setup)");
+  console.error("  PAIRAI_KEY_FILE     Path to RSA private key .pem file");
+  console.error("  PAIRAI_POLL_MS      Poll interval in ms (default: 5000)");
+  console.error("  PAIRAI_LOCK_DIR     Lock file directory (default: ~/.pairai/locks)");
+  console.error("  PAIRAI_DEBUG=1      Verbose log to ~/.pairai/debug.log");
+  console.error("  PAIRAI_DEBUG=<path> Verbose log to custom file");
   process.exit(1);
 }
 
@@ -219,6 +256,16 @@ if (serveProviderArg) {
 const serveProvider = (serveProviderArg as Provider) ?? "claude";
 
 const HUB_URL = process.env.PAIRAI_HUB_URL ?? process.env.PAIRAI_URL ?? "https://pairai.pro";
+try {
+  const parsedHub = new URL(HUB_URL);
+  if (!["http:", "https:"].includes(parsedHub.protocol)) {
+    console.error("[pairai] Error: Hub URL must use http: or https: protocol.");
+    process.exit(1);
+  }
+} catch {
+  console.error("[pairai] Error: Invalid hub URL.");
+  process.exit(1);
+}
 const API_KEY = process.env.PAIRAI_AGENT_CRED ?? process.env.PAIRAI_API_KEY;
 const POLL_MS = Number(process.env.PAIRAI_POLL_MS ?? "5000");
 const PRIVATE_KEY_PATH = process.env.PAIRAI_KEY_FILE ?? process.env.PAIRAI_PRIVATE_KEY_PATH;
@@ -236,29 +283,51 @@ const headers = {
 
 // ── Hub API ──────────────────────────────────────────────────────────────────
 
+const HUB_TIMEOUT_MS = 30_000;
+
+const API_PREFIX = "/api/v1";
+
 async function hubGet(path: string) {
-  const res = await fetch(`${HUB_URL}${path}`, { headers });
+  const res = await fetch(`${HUB_URL}${API_PREFIX}${path}`, { headers, signal: AbortSignal.timeout(HUB_TIMEOUT_MS) });
   if (!res.ok) throw new Error(`GET ${path}: ${res.status}`);
   return res.json();
 }
 
 async function hubPost(path: string, body?: unknown) {
-  const res = await fetch(`${HUB_URL}${path}`, {
+  const res = await fetch(`${HUB_URL}${API_PREFIX}${path}`, {
     method: "POST",
     headers: body ? headers : { Authorization: headers.Authorization },
     body: body ? JSON.stringify(body) : undefined,
+    signal: AbortSignal.timeout(HUB_TIMEOUT_MS),
   });
   if (!res.ok) throw new Error(`POST ${path}: ${res.status}`);
   return res.json();
 }
 
 async function hubPatch(path: string, body: unknown) {
-  const res = await fetch(`${HUB_URL}${path}`, {
+  const res = await fetch(`${HUB_URL}${API_PREFIX}${path}`, {
     method: "PATCH",
     headers,
     body: JSON.stringify(body),
+    signal: AbortSignal.timeout(HUB_TIMEOUT_MS),
+  });
+  if (!res.ok) {
+    const body = await res.json().catch(() => ({})) as { error?: string };
+    throw new Error(body.error ?? `PATCH ${path}: ${res.status}`);
+  }
+  return res.json();
+}
+
+async function hubDelete(path: string) {
+  const res = await fetch(`${HUB_URL}${API_PREFIX}${path}`, {
+    method: "DELETE",
+    headers: { Authorization: headers.Authorization },
+    signal: AbortSignal.timeout(HUB_TIMEOUT_MS),
   });
-  if (!res.ok) throw new Error(`PATCH ${path}: ${res.status}`);
+  if (!res.ok) {
+    const body = await res.json().catch(() => ({})) as { error?: string };
+    throw new Error(body.error ?? `DELETE ${path}: ${res.status}`);
+  }
   return res.json();
 }
 
@@ -287,27 +356,7 @@ async function loadPublicKeys() {
 
 function localEncrypt(plaintext: string, taskId: string, recipientPubKeys: Record<string, string>) {
   if (!PRIVATE_KEY) throw new Error("No private key configured");
-  const key = randomBytes(32);
-  const iv = randomBytes(12);
-  const cipher = createCipheriv("aes-256-gcm", key, iv);
-  const encrypted = Buffer.concat([cipher.update(plaintext, "utf8"), cipher.final()]);
-  const tag = cipher.getAuthTag();
-  const ciphertext = Buffer.concat([iv, encrypted, tag]).toString("base64");
-
-  const signature = sign(null, Buffer.from(taskId + ciphertext), {
-    key: PRIVATE_KEY,
-    padding: constants.RSA_PKCS1_PSS_PADDING,
-    saltLength: 32,
-  }).toString("base64");
-
-  const encryptedKeys: Record<string, string> = {};
-  for (const [id, pub] of Object.entries(recipientPubKeys)) {
-    encryptedKeys[id] = publicEncrypt(
-      { key: pub, oaepHash: "sha256", padding: constants.RSA_PKCS1_OAEP_PADDING },
-      key,
-    ).toString("base64");
-  }
-  return { ciphertext, signature, encryptedKeys };
+  return _localEncrypt(plaintext, taskId, PRIVATE_KEY, recipientPubKeys);
 }
 
 function localDecrypt(
@@ -318,21 +367,7 @@ function localDecrypt(
   myEncKey: string,
 ): string {
   if (!PRIVATE_KEY) throw new Error("No private key configured");
-  const valid = verify(null, Buffer.from(taskId + ciphertext), {
-    key: senderPub,
-    padding: constants.RSA_PKCS1_PSS_PADDING,
-    saltLength: 32,
-  }, Buffer.from(sig, "base64"));
-  if (!valid) throw new Error("Signature verification failed");
-
-  const aesKey = privateDecrypt(
-    { key: PRIVATE_KEY, oaepHash: "sha256", padding: constants.RSA_PKCS1_OAEP_PADDING },
-    Buffer.from(myEncKey, "base64"),
-  );
-  const data = Buffer.from(ciphertext, "base64");
-  const decipher = createDecipheriv("aes-256-gcm", aesKey, data.subarray(0, 12));
-  decipher.setAuthTag(data.subarray(-16));
-  return Buffer.concat([decipher.update(data.subarray(12, -16)), decipher.final()]).toString("utf8");
+  return _localDecrypt(ciphertext, sig, taskId, senderPub, myEncKey, PRIVATE_KEY);
 }
 
 // ── MCP Server ───────────────────────────────────────────────────────────────
@@ -340,6 +375,7 @@ function localDecrypt(
 const instructions = [
   "You are connected to the pairai agent hub. Messages from other AI agents arrive as notifications.",
   "The channel server polls for updates automatically — you don't need to poll manually.",
+  "When the user asks about updates, new messages, or pending work, use pairai_check_updates (not pairai_list_tasks).",
   "",
   "Notification attributes:",
   "  task_id     — the task this message belongs to",
@@ -369,7 +405,7 @@ mcp.setRequestHandler(ListToolsRequestSchema, async () => ({
   tools: [
     {
       name: "pairai_check_updates",
-      description: "Check for new tasks or unread messages. Call this at the start of every conversation and periodically during active collaborations.",
+      description: "Check for NEW incoming tasks and UNREAD messages from other agents. This is the primary way to discover what needs your attention — returns only unseen items, not all tasks. Call this first when asked about updates, new messages, or pending work.",
       inputSchema: {
         type: "object" as const,
         properties: {
@@ -504,6 +540,17 @@ mcp.setRequestHandler(ListToolsRequestSchema, async () => ({
         required: ["connection_id", "rule"],
       },
     },
+    {
+      name: "pairai_disconnect",
+      description: "Disconnect from an agent. Cascades: cancels active tasks, notifies the other agent.",
+      inputSchema: {
+        type: "object" as const,
+        properties: {
+          connection_id: { type: "string", description: "Connection ID to delete" },
+        },
+        required: ["connection_id"],
+      },
+    },
     {
       name: "pairai_list_pending_approvals",
       description: "List tasks waiting for your approval.",
@@ -534,7 +581,7 @@ mcp.setRequestHandler(ListToolsRequestSchema, async () => ({
     },
     {
       name: "pairai_list_tasks",
-      description: "List all tasks you are involved in (as initiator or target).",
+      description: "List ALL tasks (not just new ones). Use this to browse your full task history or filter by status. For checking what's new, use pairai_check_updates instead.",
       inputSchema: {
         type: "object" as const,
         properties: {
@@ -567,6 +614,18 @@ mcp.setRequestHandler(ListToolsRequestSchema, async () => ({
         required: ["task_id", "filename", "mime_type", "base64_content"],
       },
     },
+    {
+      name: "pairai_download_file",
+      description: "Download a file from a task. For encrypted tasks, the file is automatically decrypted.",
+      inputSchema: {
+        type: "object" as const,
+        properties: {
+          task_id: { type: "string", description: "Task ID the file belongs to" },
+          file_id: { type: "string", description: "File ID to download" },
+        },
+        required: ["task_id", "file_id"],
+      },
+    },
     {
       name: "pairai_create_encrypted_task",
       description: "Create an encrypted task. Title and description are encrypted — the hub cannot read them.",
@@ -593,6 +652,7 @@ mcp.setRequestHandler(CallToolRequestSchema, async (req) => {
       hasUpdates: boolean;
       pendingTasks: Array<{ id: string; title: string; fromAgent: string }>;
       unreadMessages: Array<{ taskId: string; taskTitle: string; count: number }>;
+      cursor: number;
     };
 
     if (!updates.hasUpdates) {
@@ -628,8 +688,10 @@ mcp.setRequestHandler(CallToolRequestSchema, async (req) => {
       parts.push(`**Unread messages:**\n${enriched.join("\n")}`);
     }
 
-    if ((args as any).acknowledge) {
-      await hubPost("/updates/ack");
+    // Always ack — this is the authoritative "user has seen these" signal.
+    // The poll loop does NOT ack; only this tool does.
+    if (updates.cursor > 0) {
+      await hubPost("/updates/ack", { cursor: updates.cursor });
     }
 
     return { content: [{ type: "text" as const, text: parts.join("\n\n") }] };
@@ -650,17 +712,22 @@ mcp.setRequestHandler(CallToolRequestSchema, async (req) => {
         return { content: [{ type: "text" as const, text: "Error: Cannot reply to encrypted task — missing cryptographic keys. Re-run setup or reconnect." }] };
       }
       const envelope = JSON.stringify({ contentType: content_type ?? "text", body: text });
-      const { ciphertext, signature, encryptedKeys } = localEncrypt(envelope, task_id, {
-        [myAgentId]: myPublicKey,
-        [otherId]: otherPub,
-      });
-      await hubPost(`/tasks/${task_id}/messages`, {
-        content: ciphertext,
-        contentType: "encrypted",
-        encryptedKeys,
-        senderSignature: signature,
-      });
-      return { content: [{ type: "text" as const, text: "Sent (encrypted)." }] };
+      try {
+        const { ciphertext, signature, encryptedKeys } = localEncrypt(envelope, task_id, {
+          [myAgentId]: myPublicKey,
+          [otherId]: otherPub,
+        });
+        await hubPost(`/tasks/${task_id}/messages`, {
+          content: ciphertext,
+          contentType: "encrypted",
+          encryptedKeys,
+          senderSignature: signature,
+        });
+        return { content: [{ type: "text" as const, text: "Sent (encrypted)." }] };
+      } catch (err) {
+        console.error(`[pairai] encryption failed for task ${task_id}: ${(err as Error).message}`);
+        return { content: [{ type: "text" as const, text: `Error: Failed to encrypt reply — ${(err as Error).message}. The other agent may have an invalid public key.` }], isError: true };
+      }
     }
     // Non-encrypted task: send plaintext
     await hubPost(`/tasks/${task_id}/messages`, {
@@ -671,8 +738,16 @@ mcp.setRequestHandler(CallToolRequestSchema, async (req) => {
   }
 
   if (name === "pairai_update_status") {
-    await hubPatch(`/tasks/${args.task_id}`, { status: args.status });
-    return { content: [{ type: "text" as const, text: `Status → ${args.status}` }] };
+    try {
+      await hubPatch(`/tasks/${args.task_id}`, { status: args.status });
+      return { content: [{ type: "text" as const, text: `Status → ${args.status}` }] };
+    } catch (err) {
+      const msg = (err as Error).message;
+      if (msg.includes("409") || msg.includes("400")) {
+        return { content: [{ type: "text" as const, text: `Cannot update status — ${msg}` }] };
+      }
+      throw err;
+    }
   }
 
   if (name === "pairai_get_profile") {
@@ -777,6 +852,16 @@ mcp.setRequestHandler(CallToolRequestSchema, async (req) => {
     return { content: [{ type: "text" as const, text: JSON.stringify(data, null, 2) }] };
   }
 
+  if (name === "pairai_disconnect") {
+    const { connection_id } = args as { connection_id: string };
+    try {
+      const result = (await hubDelete(`/connections/${connection_id}`)) as { cancelledTasks?: number };
+      return { content: [{ type: "text" as const, text: `Disconnected. ${result.cancelledTasks ?? 0} task(s) cancelled.` }] };
+    } catch (err) {
+      return { content: [{ type: "text" as const, text: `Error: ${(err as Error).message}` }], isError: true };
+    }
+  }
+
   if (name === "pairai_list_pending_approvals") {
     const data = await hubGet("/approvals");
     return { content: [{ type: "text" as const, text: JSON.stringify(data, null, 2) }] };
@@ -822,13 +907,20 @@ mcp.setRequestHandler(CallToolRequestSchema, async (req) => {
       encryptedKeys?: any; senderSignature?: string;
     }>;
     if (data.encrypted) {
-      const desc = decryptTaskDescription(data, data.id);
-      data.description = desc;
+      try {
+        data.description = decryptTaskDescription(data, data.id);
+      } catch {
+        data.description = "[decryption failed]";
+      }
     }
     const decryptedMsgs = msgs.map((m) => {
       if (data.encrypted) {
-        const d = decryptMessage(m, data.id);
-        return { ...m, content: d.content, contentType: d.contentType };
+        try {
+          const d = decryptMessage(m, data.id);
+          return { ...m, content: d.content, contentType: d.contentType };
+        } catch {
+          return { ...m, content: "[decryption failed]", contentType: "text" };
+        }
       }
       return m;
     });
@@ -839,12 +931,151 @@ mcp.setRequestHandler(CallToolRequestSchema, async (req) => {
     const { task_id, filename, mime_type, base64_content } = args as {
       task_id: string; filename: string; mime_type: string; base64_content: string;
     };
+
+    // Check if task is encrypted
+    const taskData = (await hubGet(`/tasks/${task_id}`)) as any;
+    if (taskData.encrypted) {
+      // Size guardrail: encryption overhead (~37%) could exceed hub's 50MB limit
+      const rawSize = Buffer.from(base64_content, "base64").byteLength;
+      if (rawSize > 28 * 1024 * 1024) {
+        return { content: [{ type: "text" as const, text: "Error: File too large for encrypted upload (max ~28 MB before encryption overhead)." }] };
+      }
+
+      await loadPublicKeys();
+      const otherId =
+        taskData.initiatorAgentId === myAgentId ? taskData.targetAgentId : taskData.initiatorAgentId;
+      const otherPub = pubKeyCache.get(otherId);
+      if (!otherPub || !myPublicKey || !PRIVATE_KEY) {
+        return { content: [{ type: "text" as const, text: "Error: Cannot upload to encrypted task — missing cryptographic keys. Re-run setup or reconnect." }] };
+      }
+
+      const envelope = JSON.stringify({ filename, mimeType: mime_type, data: base64_content });
+      const { ciphertext, signature, encryptedKeys } = localEncrypt(envelope, task_id, {
+        [myAgentId]: myPublicKey,
+        [otherId]: otherPub,
+      });
+
+      const data = await hubPost(`/tasks/${task_id}/files/json`, {
+        filename: "encrypted_file",
+        mimeType: "application/octet-stream",
+        base64Content: ciphertext,
+        encryptedKeys,
+        senderSignature: signature,
+      });
+      return { content: [{ type: "text" as const, text: JSON.stringify(data, null, 2) }] };
+    }
+
+    // Non-encrypted task: pass through
     const data = await hubPost(`/tasks/${task_id}/files/json`, {
       filename, mimeType: mime_type, base64Content: base64_content,
     });
     return { content: [{ type: "text" as const, text: JSON.stringify(data, null, 2) }] };
   }
 
+  if (name === "pairai_download_file") {
+    const { task_id, file_id } = args as { task_id: string; file_id: string };
+
+    // Fetch the task to check encryption status
+    const taskData = (await hubGet(`/tasks/${task_id}`)) as any;
+
+    // Download raw file bytes
+    const response = await fetch(`${HUB_URL}/files/${file_id}`, {
+      headers: { Authorization: `Bearer ${API_KEY}` },
+      signal: AbortSignal.timeout(HUB_TIMEOUT_MS),
+    });
+    if (!response.ok) {
+      return { content: [{ type: "text" as const, text: `Error: Failed to download file (${response.status}).` }] };
+    }
+    const fileBuffer = Buffer.from(await response.arrayBuffer());
+
+    if (!taskData.encrypted) {
+      // Non-encrypted: return raw file info
+      const contentType = response.headers.get("content-type") ?? "application/octet-stream";
+      const disposition = response.headers.get("content-disposition") ?? "";
+      const filenameMatch = disposition.match(/filename="([^"]+)"/);
+      return {
+        content: [{
+          type: "text" as const,
+          text: JSON.stringify({
+            filename: filenameMatch?.[1] ?? "file",
+            mimeType: contentType,
+            data: fileBuffer.toString("base64"),
+            sizeBytes: fileBuffer.byteLength,
+          }, null, 2),
+        }],
+      };
+    }
+
+    // Encrypted task: find the message that holds the encryption keys for this file
+    const taskMessages = (await hubGet(`/tasks/${task_id}/messages`)) as Array<{
+      id: string; content: string; contentType: string; senderAgentId: string;
+      encryptedKeys?: any; senderSignature?: string;
+    }>;
+    const fileMsg = taskMessages.find((m) => m.content === file_id);
+    if (!fileMsg) {
+      return { content: [{ type: "text" as const, text: "Error: Could not find message for this file." }] };
+    }
+
+    // Legacy plaintext file in encrypted task (no keys stored)
+    if (!fileMsg.encryptedKeys || !fileMsg.senderSignature) {
+      const contentType = response.headers.get("content-type") ?? "application/octet-stream";
+      return {
+        content: [{
+          type: "text" as const,
+          text: JSON.stringify({
+            filename: "file",
+            mimeType: contentType,
+            data: fileBuffer.toString("base64"),
+            sizeBytes: fileBuffer.byteLength,
+            warning: "File was uploaded without encryption (legacy).",
+          }, null, 2),
+        }],
+      };
+    }
+
+    // Decrypt the file
+    if (!PRIVATE_KEY) {
+      return { content: [{ type: "text" as const, text: "Error: No private key configured. Re-run setup." }] };
+    }
+
+    await loadPublicKeys();
+    const senderPub = fileMsg.senderAgentId === myAgentId
+      ? myPublicKey
+      : pubKeyCache.get(fileMsg.senderAgentId);
+    const keys = typeof fileMsg.encryptedKeys === "string"
+      ? JSON.parse(fileMsg.encryptedKeys)
+      : fileMsg.encryptedKeys;
+    const myKey = keys[myAgentId];
+
+    if (!senderPub || !myKey) {
+      return { content: [{ type: "text" as const, text: "Error: Decryption keys not found for this agent." }] };
+    }
+
+    try {
+      // The hub stores binary (decoded from base64 ciphertext); re-encode for localDecrypt
+      const ciphertextB64 = fileBuffer.toString("base64");
+      const plain = localDecrypt(ciphertextB64, fileMsg.senderSignature, task_id, senderPub, myKey);
+      const envelope = JSON.parse(plain);
+      return {
+        content: [{
+          type: "text" as const,
+          text: JSON.stringify({
+            filename: envelope.filename,
+            mimeType: envelope.mimeType,
+            data: envelope.data,
+            sizeBytes: Buffer.from(envelope.data, "base64").byteLength,
+          }, null, 2),
+        }],
+      };
+    } catch (err) {
+      const msg = (err as Error).message;
+      if (msg.includes("Signature")) {
+        return { content: [{ type: "text" as const, text: "Error: File signature verification failed — possible tampering." }] };
+      }
+      return { content: [{ type: "text" as const, text: `Error: Failed to decrypt file — ${msg}` }] };
+    }
+  }
+
   if (name === "pairai_create_encrypted_task") {
     if (!PRIVATE_KEY)
       return { content: [{ type: "text" as const, text: "No private key configured. Re-run setup." }] };
@@ -887,6 +1118,7 @@ mcp.setRequestHandler(CallToolRequestSchema, async (req) => {
 // ── Polling ──────────────────────────────────────────────────────────────────
 
 const seenMessages = new Set<string>();
+const SEEN_MESSAGES_MAX = 10_000;
 
 function decryptMessage(
   msg: { content: string; contentType: string; senderAgentId: string; encryptedKeys?: any; senderSignature?: string },
@@ -943,13 +1175,16 @@ async function poll() {
       hasUpdates: boolean;
       pendingTasks: Array<{ id: string; title: string; fromAgent: string }>;
       unreadMessages: Array<{ taskId: string; taskTitle: string; count: number }>;
+      cursor: number;
     };
 
+    debugLog(`poll: hasUpdates=${updates.hasUpdates} tasks=${updates.pendingTasks.length} messages=${updates.unreadMessages.length} cursor=${updates.cursor}`);
     if (!updates.hasUpdates) return;
+    console.error(`[pairai] poll: ${updates.pendingTasks.length} tasks, ${updates.unreadMessages.length} messages`);
 
     for (const task of updates.pendingTasks) {
       const key = `task:${task.id}`;
-      if (seenMessages.has(key)) continue;
+      if (seenMessages.has(key)) { debugLog(`skip seen task ${task.id}`); continue; }
       seenMessages.add(key);
 
       const full = (await hubGet(`/tasks/${task.id}`)) as {
@@ -959,19 +1194,27 @@ async function poll() {
         senderSignature?: string;
         initiatorAgentId?: string;
         approvalStatus?: string | null;
-        messages: Array<{
-          content: string;
-          contentType: string;
-          senderAgentId: string;
-          encryptedKeys?: any;
-          senderSignature?: string;
-        }>;
       };
+      const taskMsgs = (await hubGet(`/tasks/${task.id}/messages`)) as Array<{
+        content: string;
+        contentType: string;
+        senderAgentId: string;
+        encryptedKeys?: any;
+        senderSignature?: string;
+      }>;
 
       const desc = decryptTaskDescription(full, task.id);
-      const decryptedMessages = (full.messages ?? []).map((m) => {
-        const d = decryptMessage(m, task.id);
-        return d.content;
+      const decryptedMessages = (taskMsgs ?? []).map((m) => {
+        // Encrypted file messages: content is a file ID (short nanoid), not ciphertext
+        if (m.contentType === "encrypted" && m.encryptedKeys && m.content.length < 30) {
+          return "[File attachment — use pairai_download_file to retrieve]";
+        }
+        try {
+          const d = decryptMessage(m, task.id);
+          return d.content;
+        } catch {
+          return "[decryption failed]";
+        }
       });
 
       const isPendingApproval = full.approvalStatus === "pending";
@@ -997,24 +1240,34 @@ async function poll() {
     }
 
     for (const unread of updates.unreadMessages) {
-      const full = (await hubGet(`/tasks/${unread.taskId}`)) as {
-        messages: Array<{
-          id: string;
-          content: string;
-          contentType: string;
-          senderAgentId: string;
-          encryptedKeys?: any;
-          senderSignature?: string;
-        }>;
-      };
+      const msgs = (await hubGet(`/tasks/${unread.taskId}/messages`)) as Array<{
+        id: string;
+        content: string;
+        contentType: string;
+        senderAgentId: string;
+        encryptedKeys?: any;
+        senderSignature?: string;
+      }>;
 
-      if (!full?.messages) continue;
-      for (const msg of full.messages.slice(-unread.count)) {
+      debugLog(`unread: taskId=${unread.taskId} count=${unread.count} fetched=${msgs?.length ?? 0}`);
+      if (!msgs || msgs.length === 0) continue;
+      for (const msg of msgs.slice(-unread.count)) {
         const key = `msg:${msg.id}`;
-        if (seenMessages.has(key)) continue;
+        if (seenMessages.has(key)) { debugLog(`skip seen msg ${msg.id}`); continue; }
         seenMessages.add(key);
 
-        const decrypted = decryptMessage(msg, unread.taskId);
+        // Encrypted file messages: content is a file ID (short nanoid), not ciphertext
+        const isEncryptedFile = msg.contentType === "encrypted" && msg.encryptedKeys && msg.content.length < 30;
+        let decrypted: { content: string; contentType: string };
+        if (isEncryptedFile) {
+          decrypted = { content: "[File attachment — use pairai_download_file to retrieve]", contentType: "text" };
+        } else {
+          try {
+            decrypted = decryptMessage(msg, unread.taskId);
+          } catch {
+            decrypted = { content: "[decryption failed]", contentType: "text" };
+          }
+        }
 
         try {
           await mcp.notification({
@@ -1037,9 +1290,20 @@ async function poll() {
       }
     }
 
-    await hubPost("/updates/ack");
+    // Do NOT ack the hub here — the hub's lastSeenRowid is only advanced
+    // when the user explicitly calls pairai_check_updates (authoritative ack).
+    // The seenMessages Set prevents duplicate notifications within this session.
+    debugLog(`poll: processed cursor=${updates.cursor} (hub NOT acked — seenMessages dedup only)`);
+
+    // Prevent unbounded memory growth
+    if (seenMessages.size > SEEN_MESSAGES_MAX) {
+      const excess = seenMessages.size - SEEN_MESSAGES_MAX;
+      const iter = seenMessages.values();
+      for (let i = 0; i < excess; i++) seenMessages.delete(iter.next().value!);
+    }
   } catch (err) {
     console.error(`[pairai] poll error: ${(err as Error).message}`);
+    debugLog(`poll error: ${(err as Error).message}`);
   }
 }
 
@@ -1066,6 +1330,15 @@ process.on("SIGINT", cleanupLock);
 process.on("beforeExit", cleanupLock);
 process.on("exit", cleanupLock);
 
+// Detect parent death — when the MCP host (Claude/Gemini) exits, stdin closes.
+// Without this, the process becomes an orphan reparented to systemd.
+process.stdin.on("end", () => {
+  console.error("[pairai] stdin closed (parent exited). Shutting down.");
+  cleanupLock();
+  process.exit(0);
+});
+process.stdin.resume(); // ensure 'end' fires even if nothing reads stdin
+
 console.error(`[pairai] agent=${myAgentId} keys=${pubKeyCache.size} polling every ${POLL_MS}ms`);
 setInterval(poll, POLL_MS);
 poll();