palmier 0.5.1 → 0.5.3

package/README.md

@@ -46,9 +46,9 @@ All `palmier` commands should be run from a dedicated Palmier root directory (e.
 |---|---|
 | `palmier init` | Interactive setup wizard |
 | `palmier pair` | Generate an OTP code to pair a new device |
-| `palmier sessions list` | List active session tokens |
-| `palmier sessions revoke <token>` | Revoke a specific session token |
-| `palmier sessions revoke-all` | Revoke all session tokens |
+| `palmier clients list` | List active client tokens |
+| `palmier clients revoke <token>` | Revoke a specific client token |
+| `palmier clients revoke-all` | Revoke all client tokens |
 | `palmier info` | Show host connection info (address, mode) |
 | `palmier serve` | Run the persistent RPC handler (default command) |
 | `palmier restart` | Restart the palmier serve daemon |
@@ -70,17 +70,17 @@ Local access (`http://localhost:<port>`) works immediately — no pairing needed
 
 For LAN or server mode, run `palmier pair` on the host to generate an OTP code. Enter it in the PWA — either at `http://<host-ip>:<port>` (LAN mode) or `https://app.palmier.me` (server mode).
 
-### Managing sessions
+### Managing clients
 
 ```bash
 # List all paired devices
-palmier sessions list
+palmier clients list
 
 # Revoke a specific device's access
-palmier sessions revoke <token>
+palmier clients revoke <token>
 
-# Revoke all sessions (unpair all devices)
-palmier sessions revoke-all
+# Revoke all clients (unpair all devices)
+palmier clients revoke-all
 ```
 
 The `init` command:
@@ -126,7 +126,7 @@ palmier restart
 ## How It Works
 
 - The host runs as a **background daemon** (systemd user service on Linux, Registry Run key on Windows), staying alive via `palmier serve`.
-- **Device access** — localhost is always trusted (no pairing needed). LAN and server mode devices communicate via direct HTTP or NATS respectively, and must pair via OTP to get a session token.
+- **Device access** — localhost is always trusted (no pairing needed). LAN and server mode devices communicate via direct HTTP or NATS respectively, and must pair via OTP to get a client token.
 - **Tasks** are stored locally as Markdown files in a `tasks/` directory. Each task has a name, prompt, execution plan, and optional schedules (cron schedules or one-time dates).
 - **Plan generation** is automatic — when you create or update a task, the host invokes your chosen agent CLI to generate an execution plan and name.
 - **Schedules** are backed by systemd timers (Linux) or Task Scheduler (Windows). You can enable/disable them without deleting the task, and any task can still be run manually at any time.

package/dist/agents/agent-instructions.md

@@ -2,23 +2,19 @@ You are an AI agent executing a task on behalf of the user via the Palmier platf
 
 ## Reporting Output
 
-If you generate report or output files, print each file path on its own line prefixed with [PALMIER_REPORT]:
-[PALMIER_REPORT] report.md
-[PALMIER_REPORT] summary.md
+If you generate report or output files, print each file path on its own line using this exact format:
+[PALMIER_REPORT] <filename>
 
 ## Completion
 
-When you are done, output exactly one of these markers as the very last line:
-- Success: [PALMIER_TASK_SUCCESS]
-- Failure: [PALMIER_TASK_FAILURE]
-Do not wrap them in code blocks or add text on the same line.
+When you are done, output exactly one of these markers as the very last line (no other text on the same line):
+[PALMIER_TASK_SUCCESS]
+[PALMIER_TASK_FAILURE]
 
 ## Permissions
 
-If the task fails because a tool was denied or you lack the required permissions, print each required permission on its own line prefixed with [PALMIER_PERMISSION]:
-[PALMIER_PERMISSION] Read | Read file contents from the repository
-[PALMIER_PERMISSION] Bash(npm test) | Run the test suite via npm
-[PALMIER_PERMISSION] Write | Write generated output files
+If the task fails because a tool was denied or you lack the required permissions, print each required permission on its own line using this exact format:
+[PALMIER_PERMISSION] <tool_name> | <description>
 
 ## HTTP Endpoints
 

package/dist/agents/agent.d.ts

@@ -13,9 +13,13 @@ export interface AgentTool {
     /** Return the command and args used to generate a plan from a prompt. */
     getPlanGenerationCommandLine(prompt: string): CommandLine;
     /** Return the command and args used to run a task. If followupPrompt is provided, use it instead of the task's prompt,
-     *  and treat it as a continuation of the original run (reuse the same session, etc). extraPermissions are transient
-     *  permissions granted for this run only (not persisted in frontmatter). */
-    getTaskRunCommandLine(task: ParsedTask, followupPrompt?: string, extraPermissions?: RequiredPermission[]): CommandLine;
+     *  and treat it as a continuation of the original run (reuse the same session, etc).
+     *  extraPermissions: pass an array of RequiredPermission for transient permissions granted for this run only,
+     *  or pass `"yolo"` to enable yolo mode (auto-approve all tools, skip permission instructions). */
+    getTaskRunCommandLine(task: ParsedTask, followupPrompt?: string, extraPermissions?: RequiredPermission[] | "yolo"): CommandLine;
+    /** Whether this agent supports permission overrides (e.g. --allowedTools).
+     *  If false, the permissions section is omitted from agent instructions. */
+    supportsPermissions: boolean;
     /** Detect whether the agent CLI is available and perform any agent-specific
      *  initialization. Returns true if the agent was detected and initialized successfully. */
     init(): Promise<boolean>;
@@ -23,6 +27,7 @@ export interface AgentTool {
 export interface DetectedAgent {
     key: string;
     label: string;
+    supportsPermissions: boolean;
 }
 export declare function detectAgents(): Promise<DetectedAgent[]>;
 export declare function getAgent(name: string): AgentTool;

package/dist/agents/agent.js

@@ -3,12 +3,16 @@ import { GeminiAgent } from "./gemini.js";
 import { CodexAgent } from "./codex.js";
 import { OpenClawAgent } from "./openclaw.js";
 import { CopilotAgent } from "./copilot.js";
+import { QwenAgent } from "./qwen.js";
+import { KimiAgent } from "./kimi.js";
 const agentRegistry = {
     claude: new ClaudeAgent(),
     gemini: new GeminiAgent(),
     codex: new CodexAgent(),
     openclaw: new OpenClawAgent(),
     copilot: new CopilotAgent(),
+    qwen: new QwenAgent(),
+    kimi: new KimiAgent(),
 };
 const agentLabels = {
     claude: "Claude Code",
@@ -16,6 +20,8 @@ const agentLabels = {
     codex: "Codex CLI",
     openclaw: "OpenClaw",
     copilot: "Copilot CLI",
+    qwen: "Qwen Code",
+    kimi: "Kimi Code",
 };
 export async function detectAgents() {
     const detected = [];
@@ -23,7 +29,7 @@ export async function detectAgents() {
         const label = agentLabels[key] ?? key;
         const ok = await agent.init();
         if (ok)
-            detected.push({ key, label });
+            detected.push({ key, label, supportsPermissions: agent.supportsPermissions });
     }
     return detected;
 }

package/dist/agents/claude.d.ts

@@ -1,8 +1,9 @@
 import type { ParsedTask, RequiredPermission } from "../types.js";
 import type { AgentTool, CommandLine } from "./agent.js";
 export declare class ClaudeAgent implements AgentTool {
+    supportsPermissions: boolean;
     getPlanGenerationCommandLine(prompt: string): CommandLine;
-    getTaskRunCommandLine(task: ParsedTask, followupPrompt?: string, extraPermissions?: RequiredPermission[]): CommandLine;
+    getTaskRunCommandLine(task: ParsedTask, followupPrompt?: string, extraPermissions?: RequiredPermission[] | "yolo"): CommandLine;
     init(): Promise<boolean>;
 }
 //# sourceMappingURL=claude.d.ts.map

package/dist/agents/claude.js

@@ -2,6 +2,7 @@ import { execSync } from "child_process";
 import { getAgentInstructions } from "./shared-prompt.js";
 import { SHELL } from "../platform/index.js";
 export class ClaudeAgent {
+    supportsPermissions = true;
     getPlanGenerationCommandLine(prompt) {
         return {
             command: "claude",
@@ -9,11 +10,15 @@ export class ClaudeAgent {
         };
     }
     getTaskRunCommandLine(task, followupPrompt, extraPermissions) {
-        const prompt = followupPrompt ?? (getAgentInstructions(task.frontmatter.id) + "\n\n" + (task.body || task.frontmatter.user_prompt));
-        const args = ["--permission-mode", "acceptEdits", "-p", "--allowedTools", "WebFetch"];
-        const allPerms = [...(task.frontmatter.permissions ?? []), ...(extraPermissions ?? [])];
-        for (const p of allPerms) {
-            args.push("--allowedTools", p.name);
+        const yolo = extraPermissions === "yolo";
+        const prompt = followupPrompt ?? (getAgentInstructions(task.frontmatter.id, yolo || !this.supportsPermissions) + "\n\n" + (task.body || task.frontmatter.user_prompt));
+        const args = ["--permission-mode", yolo ? "bypassPermissions" : "acceptEdits", "-p"];
+        if (!yolo) {
+            args.push("--allowedTools", "WebFetch");
+            const allPerms = [...(task.frontmatter.permissions ?? []), ...(extraPermissions ?? [])];
+            for (const p of allPerms) {
+                args.push("--allowedTools", p.name);
+            }
         }
         if (followupPrompt) {
             args.push("-c");

package/dist/agents/codex.d.ts

@@ -1,8 +1,9 @@
 import type { ParsedTask, RequiredPermission } from "../types.js";
 import type { AgentTool, CommandLine } from "./agent.js";
 export declare class CodexAgent implements AgentTool {
+    supportsPermissions: boolean;
     getPlanGenerationCommandLine(prompt: string): CommandLine;
-    getTaskRunCommandLine(task: ParsedTask, followupPrompt?: string, extraPermissions?: RequiredPermission[]): CommandLine;
+    getTaskRunCommandLine(task: ParsedTask, followupPrompt?: string, extraPermissions?: RequiredPermission[] | "yolo"): CommandLine;
     init(): Promise<boolean>;
 }
 //# sourceMappingURL=codex.d.ts.map

package/dist/agents/codex.js

@@ -2,6 +2,7 @@ import { execSync } from "child_process";
 import { getAgentInstructions } from "./shared-prompt.js";
 import { SHELL } from "../platform/index.js";
 export class CodexAgent {
+    supportsPermissions = true;
     getPlanGenerationCommandLine(prompt) {
         return {
             command: "codex",
@@ -9,13 +10,16 @@ export class CodexAgent {
         };
     }
     getTaskRunCommandLine(task, followupPrompt, extraPermissions) {
-        const prompt = followupPrompt ?? (getAgentInstructions(task.frontmatter.id) + "\n\n" + (task.body || task.frontmatter.user_prompt));
+        const yolo = extraPermissions === "yolo";
+        const prompt = followupPrompt ?? (getAgentInstructions(task.frontmatter.id, yolo || !this.supportsPermissions) + "\n\n" + (task.body || task.frontmatter.user_prompt));
         // Using danger-full-access until workspace-write is fixed: https://github.com/openai/codex/issues/12572
-        const args = ["exec", "--full-auto", "--skip-git-repo-check", "--sandbox", "danger-full-access"];
-        const allPerms = [...(task.frontmatter.permissions ?? []), ...(extraPermissions ?? [])];
-        for (const p of allPerms) {
-            args.push("--config");
-            args.push(`apps.${p.name}.default_tools_approval_mode="approve"`);
+        const args = ["exec", "--skip-git-repo-check", "--sandbox", "danger-full-access"];
+        if (!yolo) {
+            const allPerms = [...(task.frontmatter.permissions ?? []), ...(extraPermissions ?? [])];
+            for (const p of allPerms) {
+                args.push("--config");
+                args.push(`apps.${p.name}.default_tools_approval_mode="approve"`);
+            }
         }
         if (followupPrompt) {
             args.push("resume", "--last");

package/dist/agents/copilot.d.ts

@@ -1,8 +1,9 @@
 import type { ParsedTask, RequiredPermission } from "../types.js";
 import type { AgentTool, CommandLine } from "./agent.js";
 export declare class CopilotAgent implements AgentTool {
+    supportsPermissions: boolean;
     getPlanGenerationCommandLine(prompt: string): CommandLine;
-    getTaskRunCommandLine(task: ParsedTask, followupPrompt?: string, extraPermissions?: RequiredPermission[]): CommandLine;
+    getTaskRunCommandLine(task: ParsedTask, followupPrompt?: string, extraPermissions?: RequiredPermission[] | "yolo"): CommandLine;
     init(): Promise<boolean>;
 }
 //# sourceMappingURL=copilot.d.ts.map

package/dist/agents/copilot.js

@@ -2,6 +2,7 @@ import { execSync } from "child_process";
 import { getAgentInstructions } from "./shared-prompt.js";
 import { SHELL } from "../platform/index.js";
 export class CopilotAgent {
+    supportsPermissions = false;
     getPlanGenerationCommandLine(prompt) {
         return {
             command: "copilot",
@@ -9,10 +10,16 @@ export class CopilotAgent {
         };
     }
     getTaskRunCommandLine(task, followupPrompt, extraPermissions) {
-        const prompt = followupPrompt ?? (getAgentInstructions(task.frontmatter.id) + "\n\n" + (task.body || task.frontmatter.user_prompt));
+        const yolo = extraPermissions === "yolo";
+        const prompt = followupPrompt ?? (getAgentInstructions(task.frontmatter.id, yolo || !this.supportsPermissions) + "\n\n" + (task.body || task.frontmatter.user_prompt));
         const args = ["-p", prompt];
-        const allPerms = [...(task.frontmatter.permissions ?? []), ...(extraPermissions ?? [])];
-        args.push(`--allow-tool=${["web_fetch", ...allPerms.map((p) => p.name)].join(",")}`);
+        if (yolo) {
+            args.push("--yolo");
+        }
+        else {
+            const allPerms = [...(task.frontmatter.permissions ?? []), ...(extraPermissions ?? [])];
+            args.push(`--allow-tool=${["web_fetch", ...allPerms.map((p) => p.name)].join(",")}`);
+        }
         if (followupPrompt) {
             args.push("--continue");
         }

package/dist/agents/gemini.d.ts

@@ -1,8 +1,9 @@
 import type { ParsedTask, RequiredPermission } from "../types.js";
 import type { AgentTool, CommandLine } from "./agent.js";
 export declare class GeminiAgent implements AgentTool {
+    supportsPermissions: boolean;
     getPlanGenerationCommandLine(prompt: string): CommandLine;
-    getTaskRunCommandLine(task: ParsedTask, followupPrompt?: string, extraPermissions?: RequiredPermission[]): CommandLine;
+    getTaskRunCommandLine(task: ParsedTask, followupPrompt?: string, extraPermissions?: RequiredPermission[] | "yolo"): CommandLine;
     init(): Promise<boolean>;
 }
 //# sourceMappingURL=gemini.d.ts.map

package/dist/agents/gemini.js

@@ -2,6 +2,7 @@ import { execSync } from "child_process";
 import { getAgentInstructions } from "./shared-prompt.js";
 import { SHELL } from "../platform/index.js";
 export class GeminiAgent {
+    supportsPermissions = true;
     getPlanGenerationCommandLine(prompt) {
         return {
             command: "gemini",
@@ -9,19 +10,22 @@ export class GeminiAgent {
         };
     }
     getTaskRunCommandLine(task, followupPrompt, extraPermissions) {
-        const prompt = followupPrompt ?? (getAgentInstructions(task.frontmatter.id) + "\n\n" + (task.body || task.frontmatter.user_prompt));
-        const args = ["--approval-mode", "auto_edit", "--allowed-tools", "web_fetch"];
-        const allPerms = [...(task.frontmatter.permissions ?? []), ...(extraPermissions ?? [])];
-        if (allPerms.length > 0) {
+        const yolo = extraPermissions === "yolo";
+        const prompt = followupPrompt ?? (getAgentInstructions(task.frontmatter.id, yolo || !this.supportsPermissions) + "\n\n" + (task.body || task.frontmatter.user_prompt));
+        const args = ["--approval-mode", yolo ? "yolo" : "auto_edit"];
+        if (!yolo) {
+            const tools = ["run_shell_command", "web_fetch"];
+            const allPerms = [...(task.frontmatter.permissions ?? []), ...(extraPermissions ?? [])];
             for (const p of allPerms) {
-                args.push(p.name);
+                tools.push(p.name);
             }
+            args.push("--allowed-tools", tools.join(","));
         }
         if (followupPrompt) {
             args.push("--resume");
         } // continue mode for followups
-        args.push("--prompt", prompt);
-        return { command: "gemini", args };
+        args.push("--prompt", "-"); // read prompt from stdin to avoid command line length limits
+        return { command: "gemini", args, stdin: prompt };
     }
     async init() {
         try {

package/dist/agents/kimi.d.ts

@@ -0,0 +1,9 @@
+import type { ParsedTask, RequiredPermission } from "../types.js";
+import type { AgentTool, CommandLine } from "./agent.js";
+export declare class KimiAgent implements AgentTool {
+    supportsPermissions: boolean;
+    getPlanGenerationCommandLine(prompt: string): CommandLine;
+    getTaskRunCommandLine(task: ParsedTask, followupPrompt?: string, extraPermissions?: RequiredPermission[] | "yolo"): CommandLine;
+    init(): Promise<boolean>;
+}
+//# sourceMappingURL=kimi.d.ts.map

package/dist/agents/kimi.js

@@ -0,0 +1,35 @@
+import { execSync } from "child_process";
+import { getAgentInstructions } from "./shared-prompt.js";
+import { SHELL } from "../platform/index.js";
+export class KimiAgent {
+    supportsPermissions = false;
+    getPlanGenerationCommandLine(prompt) {
+        return {
+            command: "kimi",
+            args: ["-p", prompt],
+        };
+    }
+    getTaskRunCommandLine(task, followupPrompt, extraPermissions) {
+        const yolo = extraPermissions === "yolo";
+        const prompt = followupPrompt ?? (getAgentInstructions(task.frontmatter.id, yolo || !this.supportsPermissions) + "\n\n" + (task.body || task.frontmatter.user_prompt));
+        const args = [];
+        if (yolo) {
+            args.push("--yolo");
+        }
+        if (followupPrompt) {
+            args.push("--continue");
+        }
+        args.push("-p", prompt);
+        return { command: "kimi", args };
+    }
+    async init() {
+        try {
+            execSync("kimi --version", { stdio: "ignore", shell: SHELL });
+        }
+        catch {
+            return false;
+        }
+        return true;
+    }
+}
+//# sourceMappingURL=kimi.js.map

package/dist/agents/openclaw.d.ts

@@ -1,8 +1,9 @@
 import type { ParsedTask, RequiredPermission } from "../types.js";
 import type { AgentTool, CommandLine } from "./agent.js";
 export declare class OpenClawAgent implements AgentTool {
+    supportsPermissions: boolean;
     getPlanGenerationCommandLine(prompt: string): CommandLine;
-    getTaskRunCommandLine(task: ParsedTask, followupPrompt?: string, extraPermissions?: RequiredPermission[]): CommandLine;
+    getTaskRunCommandLine(task: ParsedTask, followupPrompt?: string, extraPermissions?: RequiredPermission[] | "yolo"): CommandLine;
     init(): Promise<boolean>;
 }
 //# sourceMappingURL=openclaw.d.ts.map

package/dist/agents/openclaw.js

@@ -1,6 +1,7 @@
 import { execSync } from "child_process";
 import { getAgentInstructions } from "./shared-prompt.js";
 export class OpenClawAgent {
+    supportsPermissions = false;
     getPlanGenerationCommandLine(prompt) {
         return {
             command: "openclaw",
@@ -8,7 +9,8 @@ export class OpenClawAgent {
         };
     }
     getTaskRunCommandLine(task, followupPrompt, extraPermissions) {
-        const prompt = followupPrompt ?? (getAgentInstructions(task.frontmatter.id) + "\n\n" + (task.body || task.frontmatter.user_prompt));
+        const yolo = extraPermissions === "yolo";
+        const prompt = followupPrompt ?? (getAgentInstructions(task.frontmatter.id, yolo || !this.supportsPermissions) + "\n\n" + (task.body || task.frontmatter.user_prompt));
         // OpenClaw does not support stdin as prompt.
         const args = ["agent", "--local", "--session-id", task.frontmatter.id, "--message", prompt];
         return { command: "openclaw", args };

package/dist/agents/qwen.d.ts

@@ -0,0 +1,9 @@
+import type { ParsedTask, RequiredPermission } from "../types.js";
+import type { AgentTool, CommandLine } from "./agent.js";
+export declare class QwenAgent implements AgentTool {
+    supportsPermissions: boolean;
+    getPlanGenerationCommandLine(prompt: string): CommandLine;
+    getTaskRunCommandLine(task: ParsedTask, followupPrompt?: string, extraPermissions?: RequiredPermission[] | "yolo"): CommandLine;
+    init(): Promise<boolean>;
+}
+//# sourceMappingURL=qwen.d.ts.map

package/dist/agents/qwen.js

@@ -0,0 +1,32 @@
+import { execSync } from "child_process";
+import { getAgentInstructions } from "./shared-prompt.js";
+import { SHELL } from "../platform/index.js";
+export class QwenAgent {
+    supportsPermissions = false;
+    getPlanGenerationCommandLine(prompt) {
+        return {
+            command: "qwen",
+            args: ["-p", prompt],
+        };
+    }
+    getTaskRunCommandLine(task, followupPrompt, extraPermissions) {
+        const yolo = extraPermissions === "yolo";
+        const prompt = followupPrompt ?? (getAgentInstructions(task.frontmatter.id, yolo || !this.supportsPermissions) + "\n\n" + (task.body || task.frontmatter.user_prompt));
+        const args = ["--approval-mode", yolo ? "yolo" : "auto-edit"];
+        if (followupPrompt) {
+            args.push("-c");
+        }
+        args.push("-p", prompt);
+        return { command: "qwen", args };
+    }
+    async init() {
+        try {
+            execSync("qwen --version", { stdio: "ignore", shell: SHELL });
+        }
+        catch {
+            return false;
+        }
+        return true;
+    }
+}
+//# sourceMappingURL=qwen.js.map

package/dist/agents/shared-prompt.d.ts

@@ -1,7 +1,7 @@
 /**
  * Agent instructions with the serve daemon's HTTP port and task ID baked in.
  */
-export declare function getAgentInstructions(taskId: string): string;
+export declare function getAgentInstructions(taskId: string, skipPermissions?: boolean): string;
 export declare const TASK_SUCCESS_MARKER = "[PALMIER_TASK_SUCCESS]";
 export declare const TASK_FAILURE_MARKER = "[PALMIER_TASK_FAILURE]";
 export declare const TASK_REPORT_PREFIX = "[PALMIER_REPORT]";

package/dist/agents/shared-prompt.js

@@ -7,11 +7,15 @@ const AGENT_INSTRUCTIONS_TEMPLATE = fs.readFileSync(path.join(__dirname, "agent-
 /**
  * Agent instructions with the serve daemon's HTTP port and task ID baked in.
  */
-export function getAgentInstructions(taskId) {
-    const port = loadConfig().httpPort ?? 7400;
-    return AGENT_INSTRUCTIONS_TEMPLATE
+export function getAgentInstructions(taskId, skipPermissions) {
+    const port = loadConfig().httpPort ?? 9966;
+    let instructions = AGENT_INSTRUCTIONS_TEMPLATE
         .replace(/\{\{PORT\}\}/g, String(port))
         .replace(/\{\{TASK_ID\}\}/g, taskId);
+    if (skipPermissions) {
+        instructions = instructions.replace(/## Permissions\r?\n[\s\S]*?(?=## |\r?\n---)/m, "");
+    }
+    return instructions;
 }
 export const TASK_SUCCESS_MARKER = "[PALMIER_TASK_SUCCESS]";
 export const TASK_FAILURE_MARKER = "[PALMIER_TASK_FAILURE]";

package/dist/client-store.d.ts

@@ -0,0 +1,12 @@
+export interface ClientEntry {
+    token: string;
+    createdAt: string;
+    label?: string;
+}
+export declare function loadClients(): ClientEntry[];
+export declare function addClient(label?: string): ClientEntry;
+export declare function revokeClient(token: string): boolean;
+export declare function revokeAllClients(): number;
+export declare function validateClient(token: string): boolean;
+export declare function hasClients(): boolean;
+//# sourceMappingURL=client-store.d.ts.map

package/dist/client-store.js

@@ -0,0 +1,57 @@
+import * as fs from "fs";
+import * as path from "path";
+import { randomBytes } from "crypto";
+import { CONFIG_DIR } from "./config.js";
+const CLIENTS_FILE = path.join(CONFIG_DIR, "clients.json");
+function readFile() {
+    try {
+        if (!fs.existsSync(CLIENTS_FILE))
+            return [];
+        const raw = fs.readFileSync(CLIENTS_FILE, "utf-8");
+        return JSON.parse(raw);
+    }
+    catch {
+        return [];
+    }
+}
+function writeFile(clients) {
+    fs.mkdirSync(CONFIG_DIR, { recursive: true });
+    fs.writeFileSync(CLIENTS_FILE, JSON.stringify(clients, null, 2), "utf-8");
+}
+export function loadClients() {
+    return readFile();
+}
+export function addClient(label) {
+    const clients = readFile();
+    const entry = {
+        token: randomBytes(32).toString("hex"),
+        createdAt: new Date().toISOString(),
+        ...(label ? { label } : {}),
+    };
+    clients.push(entry);
+    writeFile(clients);
+    return entry;
+}
+export function revokeClient(token) {
+    const clients = readFile();
+    const idx = clients.findIndex((c) => c.token === token);
+    if (idx === -1)
+        return false;
+    clients.splice(idx, 1);
+    writeFile(clients);
+    return true;
+}
+export function revokeAllClients() {
+    const clients = readFile();
+    const count = clients.length;
+    writeFile([]);
+    return count;
+}
+export function validateClient(token) {
+    const clients = readFile();
+    return clients.some((c) => c.token === token);
+}
+export function hasClients() {
+    return readFile().length > 0;
+}
+//# sourceMappingURL=client-store.js.map

package/dist/commands/clients.d.ts

@@ -0,0 +1,4 @@
+export declare function clientsListCommand(): Promise<void>;
+export declare function clientsRevokeCommand(token: string): Promise<void>;
+export declare function clientsRevokeAllCommand(): Promise<void>;
+//# sourceMappingURL=clients.d.ts.map

package/dist/commands/clients.js

@@ -0,0 +1,27 @@
+import { loadClients, revokeClient, revokeAllClients } from "../client-store.js";
+export async function clientsListCommand() {
+    const clients = loadClients();
+    if (clients.length === 0) {
+        console.log("No active clients.");
+        return;
+    }
+    console.log(`${clients.length} active client(s):\n`);
+    for (const c of clients) {
+        const label = c.label ? ` (${c.label})` : "";
+        console.log(`  ${c.token}${label}  created ${c.createdAt}`);
+    }
+}
+export async function clientsRevokeCommand(token) {
+    if (revokeClient(token)) {
+        console.log("Client revoked.");
+    }
+    else {
+        console.error("Client not found.");
+        process.exit(1);
+    }
+}
+export async function clientsRevokeAllCommand() {
+    const count = revokeAllClients();
+    console.log(`Revoked ${count} client(s).`);
+}
+//# sourceMappingURL=clients.js.map

package/dist/commands/info.js

@@ -1,11 +1,11 @@
 import { loadConfig } from "../config.js";
-import { loadSessions } from "../session-store.js";
+import { loadClients } from "../client-store.js";
 /**
  * Print host connection info for setting up clients.
  */
 export async function infoCommand() {
     const config = loadConfig();
-    const sessions = loadSessions();
+    const clients = loadClients();
     console.log(`Host ID:      ${config.hostId}`);
     console.log(`Project root: ${config.projectRoot}`);
     // Detected agents
@@ -15,9 +15,9 @@ export async function infoCommand() {
     else {
         console.log(`Agents:       (none detected — run \`palmier agents\`)`);
     }
-    // Sessions
-    console.log(`Sessions:     ${sessions.length} active`);
-    if (sessions.length === 0) {
+    // Clients
+    console.log(`Clients:      ${clients.length} active`);
+    if (clients.length === 0) {
         console.log("");
         console.log("No paired clients. Run `palmier pair` to connect a device.");
     }

package/dist/commands/init.js

@@ -33,7 +33,7 @@ export async function initCommand() {
         // LAN mode
         const lanAnswer = await ask("Enable LAN access (direct HTTP from local network)? (y/N): ");
         const lanEnabled = lanAnswer.trim().toLowerCase() === "y";
-        let httpPort = 7400;
+        let httpPort = 9966;
         const portLabel = lanEnabled ? "HTTP port for local and LAN access" : "HTTP port for local access";
         const portAnswer = await ask(`${portLabel} (default ${httpPort}): `);
         const parsed = parseInt(portAnswer.trim(), 10);

package/dist/commands/pair.js

@@ -2,7 +2,7 @@ import * as http from "node:http";
 import { StringCodec } from "nats";
 import { loadConfig } from "../config.js";
 import { connectNats } from "../nats-client.js";
-import { addSession } from "../session-store.js";
+import { addClient } from "../client-store.js";
 const CODE_CHARS = "ABCDEFGHJKMNPQRSTUVWXYZ23456789"; // no O/0/I/1/L
 const CODE_LENGTH = 6;
 export const PAIRING_EXPIRY_MS = 5 * 60 * 1000; // 5 minutes
@@ -12,10 +12,10 @@ export function generatePairingCode() {
     return Array.from(bytes, (b) => CODE_CHARS[b % CODE_CHARS.length]).join("");
 }
 function buildPairResponse(config, label) {
-    const session = addSession(label);
+    const client = addClient(label);
     return {
         hostId: config.hostId,
-        sessionToken: session.token,
+        clientToken: client.token,
     };
 }
 /**
@@ -56,7 +56,7 @@ function httpPairRegister(port, code) {
 export async function pairCommand() {
     const config = loadConfig();
     const code = generatePairingCode();
-    const httpPort = config.httpPort ?? 7400;
+    const httpPort = config.httpPort ?? 9966;
     let paired = false;
     function onPaired() {
         paired = true;