palmier 0.4.5 → 0.4.6

package/README.md

@@ -10,18 +10,21 @@ A Node.js CLI that lets you dispatch your own AI agents from your phone. It runs
 
 > **Important:** By using Palmier, you agree to the [Terms of Service](https://www.palmier.me/terms) and [Privacy Policy](https://www.palmier.me/privacy). See the [Disclaimer](#disclaimer) section below.
 
-## Connection Modes
+## Access Modes
 
-The host supports two independent connection modes, enabled during `palmier init`. Both can be active at the same time.
+The serve daemon always runs a local HTTP server. Three access modes are available:
 
-| Mode | Transport | PWA URL | Features |
-|------|-----------|---------|----------|
-| **Server** | Cloud relay (NATS) | `https://app.palmier.me` | Push notifications, remote access |
-| **LAN** | HTTP (direct, on-demand) | `http://<host-ip>:7400` | Low-latency, no external server needed |
+| Mode | Transport | URL | Pairing | Features |
+|------|-----------|-----|---------|----------|
+| **Local** | HTTP (localhost) | `http://localhost:<port>` | Not required | Full access from the host machine, no internet needed |
+| **LAN** | HTTP (direct) | `http://<host-ip>:<port>` | Required | Access from other devices on the local network |
+| **Server** | Cloud relay (NATS) | `https://app.palmier.me` | Required | Push notifications, remote access from anywhere |
 
-**Server mode** relays communication through the Palmier cloud server (via [NATS](https://nats.io), a lightweight messaging system). All features including push notifications are available. The PWA is served over HTTPS.
+**Local mode** is always available. The PWA is served at `http://localhost:<port>` and works without pairing or internet. The daemon binds to `127.0.0.1` by default.
 
-**LAN mode** is started on-demand via `palmier lan`. It runs a local HTTP server that reverse-proxies PWA assets from `app.palmier.me` and serves API endpoints locally. The browser accesses everything at `http://<host-ip>:<port>` (same-origin). Push notifications are not available in LAN mode.
+**LAN mode** is enabled during `palmier init`. The daemon binds to `0.0.0.0` instead, making the PWA and API endpoints accessible from the local network at `http://<host-ip>:<port>`. Devices must pair via OTP to access. Push notifications are not available.
+
+**Server mode** relays communication through the Palmier cloud server (via [NATS](https://nats.io), a lightweight messaging system). All features including push notifications are available. The PWA is served over HTTPS. Server mode and LAN mode can be active at the same time.
 
 ## Prerequisites
 
@@ -42,8 +45,7 @@ All `palmier` commands should be run from a dedicated Palmier root directory (e.
 | Command | Description |
 |---|---|
 | `palmier init` | Interactive setup wizard |
-| `palmier pair` | Generate an OTP code to pair a new device (server mode) |
-| `palmier lan` | Start an on-demand LAN server with built-in pairing |
+| `palmier pair` | Generate an OTP code to pair a new device |
 | `palmier sessions list` | List active session tokens |
 | `palmier sessions revoke <token>` | Revoke a specific session token |
 | `palmier sessions revoke-all` | Revoke all session tokens |
@@ -51,8 +53,6 @@ All `palmier` commands should be run from a dedicated Palmier root directory (e.
 | `palmier serve` | Run the persistent RPC handler (default command) |
 | `palmier restart` | Restart the palmier serve daemon |
 | `palmier run <task-id>` | Execute a specific task |
-| `palmier notify` | Send a push notification to paired devices |
-| `palmier request-input` | Request input from the user during task execution |
 
 ## Setup
 
@@ -60,14 +60,15 @@ All `palmier` commands should be run from a dedicated Palmier root directory (e.
 
 1. Install the host: `npm install -g palmier`
 2. Run `palmier init` in your Palmier root directory (e.g., `~/palmier`).
-3. The wizard detects installed agents, registers with the Palmier server, installs a background daemon, and generates a pairing code.
-4. Enter the pairing code in the Palmier PWA to connect your device.
+3. The wizard detects installed agents, configures access modes, registers with the Palmier server, and installs a background daemon.
+4. Open `http://localhost:<port>` to access the app locally — no pairing needed.
+5. To access from other devices, pair via `palmier pair` (run automatically after init).
 
-### Pairing additional devices
+### Pairing devices
 
-**Server mode:** Run `palmier pair` on the host to generate a new OTP code. Enter it in the PWA at `https://app.palmier.me`.
+Local access (`http://localhost:<port>`) works immediately — no pairing needed.
 
-**LAN mode:** Run `palmier lan` — it displays both the URL and a pairing code. Open the URL on your device and enter the code.
+For LAN or server mode, run `palmier pair` on the host to generate an OTP code. Enter it in the PWA — either at `http://<host-ip>:<port>` (LAN mode) or `https://app.palmier.me` (server mode).
 
 ### Managing sessions
 
@@ -123,7 +124,7 @@ palmier restart
 ## How It Works
 
 - The host runs as a **background daemon** (systemd user service on Linux, Registry Run key on Windows), staying alive via `palmier serve`.
-- **Paired devices** communicate with the host via NATS (server mode) and/or direct HTTP (LAN mode). Each paired device gets a session token that authenticates all requests.
+- **Device access** — localhost is always trusted (no pairing needed). LAN and server mode devices communicate via direct HTTP or NATS respectively, and must pair via OTP to get a session token.
 - **Tasks** are stored locally as Markdown files in a `tasks/` directory. Each task has a name, prompt, execution plan, and optional schedules (cron schedules or one-time dates).
 - **Plan generation** is automatic — when you create or update a task, the host invokes your chosen agent CLI to generate an execution plan and name.
 - **Schedules** are backed by systemd timers (Linux) or Task Scheduler (Windows). You can enable/disable them without deleting the task, and any task can still be run manually at any time.
@@ -132,8 +133,8 @@ palmier restart
 - **Task confirmation** — tasks can optionally require your approval before running. You'll get a push notification (server mode) or a prompt in the PWA to confirm or abort.
 - **Conversational run history** — each run gets its own directory (`tasks/<id>/<timestamp>/`) with a `TASKRUN.md` file containing a conversational thread: assistant messages (agent output), user messages (input responses, permission grants, confirmations), and status entries (started, finished, failed, aborted, stopped). The agent runs inside the run directory, so each run's session files and artifacts are isolated. The PWA displays runs as a chat-like thread with follow-up support.
 - **Follow-up messages** — after a task run completes, users can send follow-up messages from the run detail view. The agent is invoked inline by the serve daemon (no new process spawning), and the response is appended to the same conversation thread.
-- **Real-time updates** — task status changes and result updates are pushed to connected PWA clients via NATS pub/sub (server mode) and/or SSE (LAN mode). The run detail view live-updates as the agent produces output. Events are scoped to specific runs.
-- **Agent CLI commands** — `palmier notify` and `palmier request-input` allow agents to send push notifications and request user input during task execution without requiring MCP support.
+- **Real-time updates** — task status changes and result updates are pushed to connected PWA clients via NATS pub/sub (server mode) and/or SSE (local/LAN mode). The run detail view live-updates as the agent produces output. Events are scoped to specific runs.
+- **Agent HTTP endpoints** — the serve daemon exposes localhost-only endpoints (`/notify`, `/request-input`) that agents call to send push notifications and request user input during task execution.
 
 ## NATS Subjects
 
@@ -156,7 +157,7 @@ src/
   spawn-command.ts    # Shared helper for spawning CLI tools
   task.ts             # Task file management
   types.ts            # Shared type definitions
-  lan-lock.ts         # LAN lockfile path and port reader
+  pending-requests.ts # In-memory registry for held HTTP connections (confirmation, permission, input)
   events.ts           # Event broadcasting (NATS pub/sub or HTTP SSE)
   agents/
     agent.ts          # AgentTool interface, registry, and agent detection
@@ -170,15 +171,12 @@ src/
   commands/
     init.ts           # Interactive setup wizard (auto-pair)
     pair.ts           # OTP code generation and pairing handler
-    lan.ts            # On-demand LAN server
     sessions.ts       # Session token management CLI (list, revoke, revoke-all)
     info.ts           # Print host connection info
 
-    serve.ts          # Transport selection, startup, and crash detection polling
+    serve.ts          # NATS + HTTP transport startup, crash detection polling
     restart.ts        # Daemon restart (cross-platform)
     run.ts            # Single task execution
-    notify.ts         # Send push notification to paired devices
-    request-input.ts  # Request user input during task execution
   platform/
     platform.ts       # PlatformService interface
     index.ts          # Platform factory (Linux vs Windows)
@@ -189,16 +187,16 @@ src/
     http-transport.ts # HTTP server with RPC, SSE, PWA reverse proxy, and internal event endpoints
 ```
 
-## Agent CLI Commands
+## Agent HTTP Endpoints
 
-These commands are available to agents during task execution. They are included in the agent's system prompt automatically.
+The serve daemon exposes localhost-only HTTP endpoints for agents during task execution. The port is baked into the agent's system prompt automatically.
 
-| Command | Flags | Description |
+| Endpoint | Method | Description |
 |---|---|---|
-| `palmier notify` | `--title <title>` `--body <body>` | Send a push notification to all paired devices |
-| `palmier request-input` | `--description <desc...>` | Request input from the user; blocks until a response is provided |
+| `/notify` | GET | Send a push notification (requires server mode) |
+| `/request-input` | GET | Request user input; blocks until a response is provided |
 
-Push notifications require server mode to be enabled. `request-input` requires the `PALMIER_TASK_ID` environment variable (set automatically during task execution).
+See [agent-instructions.md](src/agents/agent-instructions.md) for usage examples.
 
 ## Uninstalling
 

package/dist/agents/agent-instructions.md

@@ -20,20 +20,13 @@ If the task fails because a tool was denied or you lack the required permissions
 [PALMIER_PERMISSION] Bash(npm test) | Run the test suite via npm
 [PALMIER_PERMISSION] Write | Write generated output files
 
-## CLI Commands
+## HTTP Endpoints
 
-You have access to the following palmier CLI commands:
+The following HTTP endpoints are available at http://localhost:{{PORT}} during task execution.
 
-**Requesting user input** — If you need any information you do not have (credentials, configuration values, preferences, clarifications, etc.) or the task explicitly asks you to get input from the user, do NOT fail the task. Instead, request it:
-```
-palmier request-input --description "What is the database connection string?" --description "What is the API key?"
-```
-The command blocks until the user responds and prints each value on its own line. If the user aborts, the command exits with a non-zero status.
+**Requesting user input** — If you need any information you do not have (credentials, configuration values, preferences, clarifications, etc.) or the task explicitly asks you to get input from the user, do NOT fail the task. Instead, GET `/request-input?taskId={{TASK_ID}}&descriptions=question+1&descriptions=question+2`. The request blocks until the user responds. The response is `{"values":["answer1","answer2"]}` on success, or `{"aborted":true}` if the user chooses to abort.
 
-**Sending push notifications** — If you need to send a push notification to the user:
-```
-palmier notify --title "Task Complete" --body "The deployment finished successfully."
-```
+**Sending push notifications** — GET `/notify?title=...&body=...` to send a push notification to the user's devices.
 
 ---
 

package/dist/agents/claude.js

@@ -1,5 +1,5 @@
 import { execSync } from "child_process";
-import { AGENT_INSTRUCTIONS } from "./shared-prompt.js";
+import { getAgentInstructions } from "./shared-prompt.js";
 import { SHELL } from "../platform/index.js";
 export class ClaudeAgent {
     getPlanGenerationCommandLine(prompt) {
@@ -9,8 +9,8 @@ export class ClaudeAgent {
         };
     }
     getTaskRunCommandLine(task, followupPrompt, extraPermissions) {
-        const prompt = AGENT_INSTRUCTIONS + "\n\n" + (followupPrompt ?? (task.body || task.frontmatter.user_prompt));
-        const args = ["--permission-mode", "acceptEdits", "-p"];
+        const prompt = getAgentInstructions(task.frontmatter.id) + "\n\n" + (followupPrompt ?? (task.body || task.frontmatter.user_prompt));
+        const args = ["--permission-mode", "acceptEdits", "-p", "--allowedTools", "WebFetch"];
         const allPerms = [...(task.frontmatter.permissions ?? []), ...(extraPermissions ?? [])];
         for (const p of allPerms) {
             args.push("--allowedTools", p.name);

package/dist/agents/codex.js

@@ -1,5 +1,5 @@
 import { execSync } from "child_process";
-import { AGENT_INSTRUCTIONS } from "./shared-prompt.js";
+import { getAgentInstructions } from "./shared-prompt.js";
 import { SHELL } from "../platform/index.js";
 export class CodexAgent {
     getPlanGenerationCommandLine(prompt) {
@@ -9,7 +9,7 @@ export class CodexAgent {
         };
     }
     getTaskRunCommandLine(task, followupPrompt, extraPermissions) {
-        const prompt = AGENT_INSTRUCTIONS + "\n\n" + (followupPrompt ?? (task.body || task.frontmatter.user_prompt));
+        const prompt = getAgentInstructions(task.frontmatter.id) + "\n\n" + (followupPrompt ?? (task.body || task.frontmatter.user_prompt));
         // Using danger-full-access until workspace-write is fixed: https://github.com/openai/codex/issues/12572
         const args = ["exec", "--full-auto", "--skip-git-repo-check", "--sandbox", "danger-full-access"];
         const allPerms = [...(task.frontmatter.permissions ?? []), ...(extraPermissions ?? [])];

package/dist/agents/copilot.js

@@ -1,5 +1,5 @@
 import { execSync } from "child_process";
-import { AGENT_INSTRUCTIONS } from "./shared-prompt.js";
+import { getAgentInstructions } from "./shared-prompt.js";
 import { SHELL } from "../platform/index.js";
 export class CopilotAgent {
     getPlanGenerationCommandLine(prompt) {
@@ -9,8 +9,8 @@ export class CopilotAgent {
         };
     }
     getTaskRunCommandLine(task, followupPrompt, extraPermissions) {
-        const prompt = AGENT_INSTRUCTIONS + "\n\n" + (followupPrompt ?? (task.body || task.frontmatter.user_prompt));
-        const args = ["-p", prompt];
+        const prompt = getAgentInstructions(task.frontmatter.id) + "\n\n" + (followupPrompt ?? (task.body || task.frontmatter.user_prompt));
+        const args = ["-p", prompt, "--allowed-tools", "web_fetch"];
         const allPerms = [...(task.frontmatter.permissions ?? []), ...(extraPermissions ?? [])];
         if (allPerms.length > 0) {
             args.push(`--allow-tool='${allPerms.map((p) => p.name).join(",")}'`);

package/dist/agents/gemini.js

@@ -1,5 +1,5 @@
 import { execSync } from "child_process";
-import { AGENT_INSTRUCTIONS } from "./shared-prompt.js";
+import { getAgentInstructions } from "./shared-prompt.js";
 import { SHELL } from "../platform/index.js";
 export class GeminiAgent {
     getPlanGenerationCommandLine(prompt) {
@@ -10,8 +10,8 @@ export class GeminiAgent {
     }
     getTaskRunCommandLine(task, followupPrompt, extraPermissions) {
         const prompt = followupPrompt ?? (task.body || task.frontmatter.user_prompt);
-        const fullPrompt = AGENT_INSTRUCTIONS + "\n\n" + prompt;
-        const args = ["--prompt", "-"];
+        const fullPrompt = getAgentInstructions(task.frontmatter.id) + "\n\n" + prompt;
+        const args = ["--prompt", "--allowed-tools", "web_fetch", "-"];
         const allPerms = [...(task.frontmatter.permissions ?? []), ...(extraPermissions ?? [])];
         if (allPerms.length > 0) {
             args.push("--allowed-tools");

package/dist/agents/openclaw.js

@@ -1,5 +1,5 @@
 import { execSync } from "child_process";
-import { AGENT_INSTRUCTIONS } from "./shared-prompt.js";
+import { getAgentInstructions } from "./shared-prompt.js";
 export class OpenClawAgent {
     getPlanGenerationCommandLine(prompt) {
         return {
@@ -8,7 +8,7 @@ export class OpenClawAgent {
         };
     }
     getTaskRunCommandLine(task, followupPrompt, extraPermissions) {
-        const prompt = AGENT_INSTRUCTIONS + "\n\n" + (followupPrompt ?? (task.body || task.frontmatter.user_prompt));
+        const prompt = getAgentInstructions(task.frontmatter.id) + "\n\n" + (followupPrompt ?? (task.body || task.frontmatter.user_prompt));
         // OpenClaw does not support stdin as prompt.
         const args = ["agent", "--local", "--session-id", task.frontmatter.id, "--message", prompt];
         return { command: "openclaw", args };

package/dist/agents/shared-prompt.d.ts

@@ -1,9 +1,7 @@
 /**
- * Instructions prepended or injected as system prompt for every task invocation.
- * Instructs the agent to output structured markers so palmier can determine
- * the task outcome, report files, and permission/input requests.
+ * Agent instructions with the serve daemon's HTTP port and task ID baked in.
  */
-export declare const AGENT_INSTRUCTIONS: string;
+export declare function getAgentInstructions(taskId: string): string;
 export declare const TASK_SUCCESS_MARKER = "[PALMIER_TASK_SUCCESS]";
 export declare const TASK_FAILURE_MARKER = "[PALMIER_TASK_FAILURE]";
 export declare const TASK_REPORT_PREFIX = "[PALMIER_REPORT]";

package/dist/agents/shared-prompt.js

@@ -1,13 +1,18 @@
 import * as fs from "fs";
 import * as path from "path";
 import { fileURLToPath } from "url";
+import { loadConfig } from "../config.js";
 const __dirname = path.dirname(fileURLToPath(import.meta.url));
+const AGENT_INSTRUCTIONS_TEMPLATE = fs.readFileSync(path.join(__dirname, "agent-instructions.md"), "utf-8");
 /**
- * Instructions prepended or injected as system prompt for every task invocation.
- * Instructs the agent to output structured markers so palmier can determine
- * the task outcome, report files, and permission/input requests.
+ * Agent instructions with the serve daemon's HTTP port and task ID baked in.
  */
-export const AGENT_INSTRUCTIONS = fs.readFileSync(path.join(__dirname, "agent-instructions.md"), "utf-8");
+export function getAgentInstructions(taskId) {
+    const port = loadConfig().httpPort ?? 7400;
+    return AGENT_INSTRUCTIONS_TEMPLATE
+        .replace(/\{\{PORT\}\}/g, String(port))
+        .replace(/\{\{TASK_ID\}\}/g, taskId);
+}
 export const TASK_SUCCESS_MARKER = "[PALMIER_TASK_SUCCESS]";
 export const TASK_FAILURE_MARKER = "[PALMIER_TASK_FAILURE]";
 export const TASK_REPORT_PREFIX = "[PALMIER_REPORT]";

package/dist/commands/init.js

@@ -3,6 +3,7 @@ import { loadConfig, saveConfig } from "../config.js";
 import { detectAgents } from "../agents/agent.js";
 import { getPlatform } from "../platform/index.js";
 import { pairCommand } from "./pair.js";
+import { detectLanIp } from "../transports/http-transport.js";
 const bold = (s) => `\x1b[1m${s}\x1b[0m`;
 const dim = (s) => `\x1b[2m${s}\x1b[0m`;
 const green = (s) => `\x1b[32m${s}\x1b[0m`;
@@ -29,6 +30,33 @@ export async function initCommand() {
             process.exit(1);
         }
         console.log(`  Found: ${green(agents.map((a) => a.label).join(", "))}\n`);
+        // LAN mode
+        const lanAnswer = await ask("Enable LAN access (direct HTTP from local network)? (y/N): ");
+        const lanEnabled = lanAnswer.trim().toLowerCase() === "y";
+        let httpPort = 7400;
+        const portLabel = lanEnabled ? "HTTP port for local and LAN access" : "HTTP port for local access";
+        const portAnswer = await ask(`${portLabel} (default ${httpPort}): `);
+        const parsed = parseInt(portAnswer.trim(), 10);
+        if (parsed > 0 && parsed < 65536)
+            httpPort = parsed;
+        // Display summary and ask for confirmation before making any changes
+        console.log(`\n${bold("Setup summary:")}\n`);
+        console.log(`  ${dim("Task storage:")}   ${bold(process.cwd())}`);
+        console.log(`                  All tasks and execution data will be stored here.\n`);
+        console.log(`  ${dim("Local access:")}   ${cyan(`http://localhost:${httpPort}`)}`);
+        console.log(`                  Always available — no internet required.\n`);
+        if (lanEnabled) {
+            const ip = detectLanIp();
+            console.log(`  ${dim("LAN access:")}     ${cyan(`http://${ip}:${httpPort}`)}`);
+            console.log(`                  Accessible from other devices on your local network. Pairing required.\n`);
+        }
+        console.log(`  ${dim("Agents:")}         ${agents.map((a) => a.label).join(", ")}\n`);
+        const confirm = await ask("Proceed? (Y/n): ");
+        if (confirm.trim().toLowerCase() === "n") {
+            console.log("\nSetup cancelled.");
+            rl.close();
+            return;
+        }
         // Register with server
         let existingHostId;
         try {
@@ -54,7 +82,7 @@ export async function initCommand() {
                 }
             }
         }
-        // Build config
+        // Build and save config
         const config = {
             hostId: registerResponse.hostId,
             projectRoot: process.cwd(),
@@ -62,9 +90,10 @@ export async function initCommand() {
             natsWsUrl: registerResponse.natsWsUrl,
             natsToken: registerResponse.natsToken,
             agents,
+            httpPort,
+            lanEnabled,
         };
         saveConfig(config);
-        console.log(`\n${green("Host provisioned")} ID: ${cyan(config.hostId)}`);
         console.log(`Config saved to ${dim("~/.config/palmier/host.json")}`);
         getPlatform().installDaemon(config);
         console.log("\nStarting pairing...");

package/dist/commands/pair.d.ts

@@ -2,7 +2,7 @@ export declare const PAIRING_EXPIRY_MS: number;
 export declare function generatePairingCode(): string;
 /**
  * Generate an OTP code and wait for a PWA client to pair.
- * Listens on NATS always, and also on the LAN server if `palmier lan` is running.
+ * Listens on NATS (server mode) and HTTP (via serve daemon) in parallel.
  */
 export declare function pairCommand(): Promise<void>;
 //# sourceMappingURL=pair.d.ts.map

package/dist/commands/pair.js

@@ -3,7 +3,6 @@ import { StringCodec } from "nats";
 import { loadConfig } from "../config.js";
 import { connectNats } from "../nats-client.js";
 import { addSession } from "../session-store.js";
-import { getLanPort } from "../lan-lock.js";
 const CODE_CHARS = "ABCDEFGHJKMNPQRSTUVWXYZ23456789"; // no O/0/I/1/L
 const CODE_LENGTH = 6;
 export const PAIRING_EXPIRY_MS = 5 * 60 * 1000; // 5 minutes
@@ -20,15 +19,15 @@ function buildPairResponse(config, label) {
     };
 }
 /**
- * POST to the running LAN server and long-poll until paired or expired.
+ * POST to the running serve daemon and long-poll until paired or expired.
  */
-function lanPairRegister(port, code) {
+function httpPairRegister(port, code) {
     const body = JSON.stringify({ code, expiryMs: PAIRING_EXPIRY_MS });
     return new Promise((resolve) => {
         const req = http.request({
             hostname: "127.0.0.1",
             port,
-            path: "/internal/pair-register",
+            path: "/pair-register",
             method: "POST",
             headers: { "Content-Type": "application/json" },
             timeout: PAIRING_EXPIRY_MS + 5000,
@@ -52,11 +51,12 @@ function lanPairRegister(port, code) {
 }
 /**
  * Generate an OTP code and wait for a PWA client to pair.
- * Listens on NATS always, and also on the LAN server if `palmier lan` is running.
+ * Listens on NATS (server mode) and HTTP (via serve daemon) in parallel.
  */
 export async function pairCommand() {
     const config = loadConfig();
     const code = generatePairingCode();
+    const httpPort = config.httpPort ?? 7400;
     let paired = false;
     function onPaired() {
         paired = true;
@@ -70,7 +70,7 @@ export async function pairCommand() {
     console.log(`  ${code}`);
     console.log("");
     console.log("Code expires in 5 minutes.");
-    // NATS pairing (always active)
+    // NATS pairing (server mode)
     const nc = await connectNats(config);
     const sc = StringCodec();
     const subject = `pair.${code}`;
@@ -98,15 +98,12 @@ export async function pairCommand() {
             onPaired();
         }
     })();
-    // LAN pairing — if `palmier lan` is running, also register with it
-    const lanPort = getLanPort();
-    if (lanPort) {
-        (async () => {
-            const result = await lanPairRegister(lanPort, code);
-            if (result)
-                onPaired();
-        })();
-    }
+    // HTTP pairing — register with serve daemon's /pair-register endpoint
+    (async () => {
+        const result = await httpPairRegister(httpPort, code);
+        if (result)
+            onPaired();
+    })();
     // Wait for pairing or timeout
     const start = Date.now();
     await new Promise((resolve) => {

package/dist/commands/run.js

@@ -9,7 +9,6 @@ import { getAgent } from "../agents/agent.js";
 import { getPlatform } from "../platform/index.js";
 import { TASK_SUCCESS_MARKER, TASK_FAILURE_MARKER, TASK_REPORT_PREFIX, TASK_PERMISSION_PREFIX } from "../agents/shared-prompt.js";
 import { publishHostEvent } from "../events.js";
-import { waitForUserInput } from "../user-input.js";
 /**
  * Invoke the agent CLI with a continuation loop for permissions and user input.
  *
@@ -24,7 +23,7 @@ async function invokeAgentWithContinuation(ctx, invokeTask) {
         const { command, args, stdin } = ctx.agent.getTaskRunCommandLine(invokeTask, followupPrompt, ctx.transientPermissions);
         const result = await spawnCommand(command, args, {
             cwd: getRunDir(ctx.taskDir, ctx.runId),
-            env: { ...ctx.guiEnv, PALMIER_TASK_ID: ctx.task.frontmatter.id, PALMIER_RUN_DIR: getRunDir(ctx.taskDir, ctx.runId) },
+            env: { ...ctx.guiEnv, PALMIER_TASK_ID: ctx.task.frontmatter.id, PALMIER_RUN_DIR: getRunDir(ctx.taskDir, ctx.runId), PALMIER_HTTP_PORT: String(ctx.config.httpPort ?? 7400) },
             echoStdout: true,
             resolveOnFailure: true,
             stdin,
@@ -41,8 +40,7 @@ async function invokeAgentWithContinuation(ctx, invokeTask) {
         });
         // Permission handling — agent requested permissions
         if (requiredPermissions.length > 0) {
-            const response = await requestPermission(ctx.nc, ctx.config, ctx.task, ctx.taskDir, requiredPermissions);
-            await publishPermissionResolved(ctx.nc, ctx.config, ctx.taskId, response);
+            const response = await requestPermission(ctx.config, ctx.task, ctx.taskDir, requiredPermissions);
             if (response === "aborted") {
                 await appendAndNotify(ctx, {
                     role: "user",
@@ -144,9 +142,7 @@ export async function runCommand(taskId) {
         await publishHostEvent(nc, config.hostId, taskId, { event_type: "result-updated", run_id: runId });
         // If requires_confirmation, notify clients and wait
         if (task.frontmatter.requires_confirmation) {
-            const confirmed = await requestConfirmation(nc, config, task, taskDir);
-            const resolvedStatus = confirmed ? "confirmed" : "aborted";
-            await publishConfirmResolved(nc, config, taskId, resolvedStatus);
+            const confirmed = await requestConfirmation(config, task, taskDir);
             if (!confirmed) {
                 console.log("Task aborted by user.");
                 appendRunMessage(taskDir, runId, { role: "status", time: Date.now(), content: "", type: "aborted" });
@@ -220,7 +216,7 @@ async function runCommandTriggeredMode(ctx) {
     console.log(`[command-triggered] Spawning: ${commandStr}`);
     const child = spawnStreamingCommand(commandStr, {
         cwd: getRunDir(ctx.taskDir, ctx.runId),
-        env: { ...ctx.guiEnv, PALMIER_TASK_ID: ctx.task.frontmatter.id, PALMIER_RUN_DIR: getRunDir(ctx.taskDir, ctx.runId) },
+        env: { ...ctx.guiEnv, PALMIER_TASK_ID: ctx.task.frontmatter.id, PALMIER_RUN_DIR: getRunDir(ctx.taskDir, ctx.runId), PALMIER_HTTP_PORT: String(ctx.config.httpPort ?? 7400) },
     });
     let linesProcessed = 0;
     let invocationsSucceeded = 0;
@@ -336,49 +332,29 @@ async function publishTaskEvent(nc, config, taskDir, taskId, eventType, taskName
         payload.run_id = runId;
     await publishHostEvent(nc, config.hostId, taskId, payload);
 }
-/**
- * Notify clients that a confirmation request has been resolved.
- */
-async function publishConfirmResolved(nc, config, taskId, status) {
-    await publishHostEvent(nc, config.hostId, taskId, {
-        event_type: "confirm-resolved",
-        host_id: config.hostId,
-        status,
-    });
-}
-async function requestPermission(nc, config, task, taskDir, requiredPermissions) {
-    const currentStatus = readTaskStatus(taskDir);
-    writeTaskStatus(taskDir, { ...currentStatus, pending_permission: requiredPermissions });
-    await publishHostEvent(nc, config.hostId, task.frontmatter.id, {
-        event_type: "permission-request",
-        host_id: config.hostId,
-        required_permissions: requiredPermissions,
-        name: task.frontmatter.name,
+async function requestPermission(config, task, taskDir, requiredPermissions) {
+    const port = config.httpPort ?? 7400;
+    const params = new URLSearchParams({
+        taskId: task.frontmatter.id,
+        taskName: task.frontmatter.name,
+        permissions: JSON.stringify(requiredPermissions),
     });
-    const userInput = await waitForUserInput(taskDir);
-    const response = userInput[0];
+    const res = await fetch(`http://localhost:${port}/request-permission?${params}`);
+    const { response } = await res.json();
     writeTaskStatus(taskDir, {
         running_state: response === "aborted" ? "aborted" : "started",
         time_stamp: Date.now(),
     });
     return response;
 }
-async function publishPermissionResolved(nc, config, taskId, status) {
-    await publishHostEvent(nc, config.hostId, taskId, {
-        event_type: "permission-resolved",
-        host_id: config.hostId,
-        status,
-    });
-}
-async function requestConfirmation(nc, config, task, taskDir) {
-    const currentStatus = readTaskStatus(taskDir);
-    writeTaskStatus(taskDir, { ...currentStatus, pending_confirmation: true });
-    await publishHostEvent(nc, config.hostId, task.frontmatter.id, {
-        event_type: "confirm-request",
-        host_id: config.hostId,
+async function requestConfirmation(config, task, taskDir) {
+    const port = config.httpPort ?? 7400;
+    const params = new URLSearchParams({
+        taskId: task.frontmatter.id,
+        taskName: task.frontmatter.name,
     });
-    const userInput = await waitForUserInput(taskDir);
-    const confirmed = userInput[0] === "confirmed";
+    const res = await fetch(`http://localhost:${port}/request-confirmation?${params}`);
+    const { confirmed } = await res.json();
     writeTaskStatus(taskDir, {
         running_state: confirmed ? "started" : "aborted",
         time_stamp: Date.now(),

package/dist/commands/serve.d.ts

@@ -1,5 +1,5 @@
 /**
- * Start the persistent RPC handler (NATS only).
+ * Start the persistent RPC handler (NATS + HTTP).
  */
 export declare function serveCommand(): Promise<void>;
 //# sourceMappingURL=serve.d.ts.map

package/dist/commands/serve.js

@@ -4,6 +4,7 @@ import { loadConfig } from "../config.js";
 import { connectNats } from "../nats-client.js";
 import { createRpcHandler } from "../rpc-handler.js";
 import { startNatsTransport } from "../transports/nats-transport.js";
+import { startHttpTransport } from "../transports/http-transport.js";
 import { getTaskDir, readTaskStatus, writeTaskStatus, parseTaskFile, appendRunMessage } from "../task.js";
 import { publishHostEvent } from "../events.js";
 import { getPlatform } from "../platform/index.js";
@@ -69,7 +70,7 @@ async function checkStaleTasks(config, nc) {
     }
 }
 /**
- * Start the persistent RPC handler (NATS only).
+ * Start the persistent RPC handler (NATS + HTTP).
  */
 export async function serveCommand() {
     const config = loadConfig();
@@ -91,6 +92,12 @@ export async function serveCommand() {
         });
     }, POLL_INTERVAL_MS);
     const handleRpc = createRpcHandler(config, nc);
-    await startNatsTransport(config, handleRpc, nc);
+    const httpPort = config.httpPort ?? 7400;
+    // Start NATS transport (loops forever, fire-and-forget)
+    if (nc) {
+        startNatsTransport(config, handleRpc, nc);
+    }
+    // Start HTTP transport (loops forever)
+    await startHttpTransport(config, handleRpc, httpPort, nc);
 }
 //# sourceMappingURL=serve.js.map

package/dist/events.d.ts

@@ -1,9 +1,9 @@
 import { type NatsConnection } from "nats";
 /**
- * Broadcast an event to connected clients via NATS and HTTP SSE (if LAN server is running).
+ * Broadcast an event to connected clients via NATS and HTTP SSE.
  *
  * - NATS: publishes to `host-event.{hostId}.{taskId}`
- * - HTTP: POSTs to the LAN server's `/internal/event` endpoint (auto-detected via lockfile)
+ * - HTTP: POSTs to the serve daemon's `/event` endpoint
  */
 export declare function publishHostEvent(nc: NatsConnection | undefined, hostId: string, taskId: string, payload: Record<string, unknown>): Promise<void>;
 //# sourceMappingURL=events.d.ts.map