palmier 0.8.7 → 0.8.9

package/palmier-server/pwa/src/components/CapabilityToggles.tsx

@@ -26,7 +26,7 @@ const CAPABILITIES: CapabilityDefinition[] = [
   { capability: "sms-read", label: "Read SMS", group: "Messaging", permission: "smsRead" },
   { capability: "sms-send", label: "Send SMS", group: "Messaging", permission: "smsSend" },
   { capability: "send-email", label: "Send Email", group: "Messaging", permission: "postNotifications" },
-  { capability: "notifications", label: "Read Notifications", group: "Data", permission: "notificationListener" },
+  { capability: "notifications", label: "Notifications from Other Apps", group: "Data", permission: "notificationListener" },
   { capability: "contacts", label: "Manage Contacts", group: "Data", permission: "contacts" },
   { capability: "calendar", label: "Manage Calendar", group: "Data", permission: "calendar" },
   {

package/palmier-server/pwa/src/components/ConnectionStatusIcon.tsx

@@ -0,0 +1,69 @@
+import { useState, useRef, useEffect } from "react";
+import { Capacitor } from "@capacitor/core";
+import { useHostConnection } from "../contexts/HostConnectionContext";
+
+const isNative = Capacitor.isNativePlatform();
+
+export default function ConnectionStatusIcon() {
+  const { mode } = useHostConnection();
+  const [popoverOpen, setPopoverOpen] = useState(false);
+  const containerRef = useRef<HTMLDivElement>(null);
+
+  useEffect(() => {
+    if (!popoverOpen) return;
+    function onPointerDown(e: PointerEvent) {
+      if (!containerRef.current?.contains(e.target as Node)) setPopoverOpen(false);
+    }
+    document.addEventListener("pointerdown", onPointerDown);
+    return () => document.removeEventListener("pointerdown", onPointerDown);
+  }, [popoverOpen]);
+
+  if (mode === "direct") return null;
+
+  let icon: string;
+  let label: string;
+  let modifier: string;
+  switch (mode) {
+    case "lan":
+      icon = "\u{1F4F6}";
+      label = "Connected via LAN";
+      modifier = "lan";
+      break;
+    case "nats":
+      icon = "\u{1F310}";
+      label = isNative ? "Connected via relay" : "Connected";
+      modifier = "relay";
+      break;
+    case "disconnected":
+      icon = "\u26A0\uFE0F";
+      label = "Disconnected";
+      modifier = "disconnected";
+      break;
+    case "connecting":
+    default:
+      icon = "\u{1F310}";
+      label = "Connecting…";
+      modifier = "connecting";
+      break;
+  }
+
+  return (
+    <div
+      ref={containerRef}
+      className={`conn-status conn-status--${modifier}`}
+    >
+      <button
+        type="button"
+        className="conn-status-btn"
+        aria-label={label}
+        title={label}
+        onClick={() => setPopoverOpen((v) => !v)}
+      >
+        <span aria-hidden="true">{icon}</span>
+      </button>
+      <div className={`conn-status-popover ${popoverOpen ? "conn-status-popover--open" : ""}`} role="tooltip">
+        {label}
+      </div>
+    </div>
+  );
+}

package/palmier-server/pwa/src/components/HostMenu.tsx

@@ -7,8 +7,9 @@ import { useMediaQuery } from "../hooks/useMediaQuery";
 import { confirmLeaveDraft } from "../draftGuard";
 import CapabilityToggles from "./CapabilityToggles";
 
-/** LAN mode: PWA is served by palmier serve (marker injected into HTML). */
-const isLanMode = !!(window as any).__PALMIER_SERVE__;
+/** Local mode: PWA is served by palmier serve on loopback. */
+const isLoopback = !!(window as any).__PALMIER_SERVE__
+  && (window.location.hostname === "localhost" || window.location.hostname === "127.0.0.1");
 const isNative = Capacitor.isNativePlatform();
 
 interface HostMenuProps {
@@ -99,7 +100,7 @@ export default function HostMenu({ daemonVersion, capabilityTokens, activeClient
         </button>
       )}
 
-      {!isLanMode && pairedHosts.length > 0 && (
+      {!isLoopback && pairedHosts.length > 0 && (
         <div className="drawer-section">
           <h3 className="drawer-section-label">Hosts</h3>
           <div className="host-picker-inline">
@@ -193,7 +194,7 @@ export default function HostMenu({ daemonVersion, capabilityTokens, activeClient
         </div>
       )}
 
-      {!isLanMode && (<>
+      {!isLoopback && (<>
         <div className="drawer-divider" />
         <div className="drawer-section">
           <button

package/palmier-server/pwa/src/constants.ts

@@ -1,2 +1,2 @@
 /** Bump when a breaking host change is made. */
-export const MIN_HOST_VERSION = "0.8.5";
+export const MIN_HOST_VERSION = "0.8.8";

package/palmier-server/pwa/src/contexts/HostConnectionContext.tsx

@@ -8,11 +8,16 @@ import {
   type ReactNode,
 } from "react";
 import { connect, jwtAuthenticator, StringCodec, type NatsConnection, type Subscription } from "nats.ws";
+import { Capacitor } from "@capacitor/core";
+import { App as CapacitorApp } from "@capacitor/app";
+import { Network } from "@capacitor/network";
 import { SERVER_URL } from "../api";
 import { useHostStore } from "./HostStoreContext";
 import type { PairedHost } from "../types";
 
-type ConnectionMode = "nats" | "direct" | "disconnected";
+type ConnectionMode = "nats" | "lan" | "direct" | "connecting" | "disconnected";
+
+const isNative = Capacitor.isNativePlatform();
 
 interface HostConnectionContextValue {
   /** Whether we have an active connection to the host. */
@@ -33,7 +38,7 @@ interface HostConnectionContextValue {
 
 const HostConnectionContext = createContext<HostConnectionContextValue>({
   connected: false,
-  mode: "disconnected",
+  mode: "connecting",
   nc: null,
   request() { return Promise.reject(new Error("No host connection")); },
   subscribeEvents() { return () => {}; },
@@ -43,6 +48,8 @@ const HostConnectionContext = createContext<HostConnectionContextValue>({
 
 const SSE_CONNECT_TIMEOUT_MS = 2_000;
 const HEARTBEAT_TIMEOUT_MS = 6_000;
+const LAN_PROBE_TIMEOUT_MS = 1_500;
+const LAN_KEEPALIVE_MS = 60_000;
 
 export function HostConnectionProvider({ children }: { children: ReactNode }) {
   const { getActiveHost } = useHostStore();
@@ -54,6 +61,8 @@ export function HostConnectionProvider({ children }: { children: ReactNode }) {
 
   const [sseConnected, setSseConnected] = useState(false);
   const [unauthorized, setUnauthorized] = useState(false);
+  const [hostNotFound, setHostNotFound] = useState(false);
+  const [lanReachable, setLanReachable] = useState(false);
 
   const sc = useRef(StringCodec());
   const sseEventCallbacksRef = useRef<Set<(msg: { subject: string; data: Uint8Array }) => void>>(new Set());
@@ -61,16 +70,69 @@ export function HostConnectionProvider({ children }: { children: ReactNode }) {
 
   // Host is a "direct-only" host if it has a directUrl (paired with address)
   const isDirectHost = activeHost != null && !!activeHost.directUrl;
+  // Auto-LAN is opportunistic on native server-paired hosts that have a known LAN URL.
+  const useLanRpc = isNative && !isDirectHost && !!activeHost?.lanUrl && lanReachable;
 
-  const mode: ConnectionMode = !activeHost
+  const mode: ConnectionMode = unauthorized || hostNotFound
     ? "disconnected"
-    : isDirectHost
-      ? (sseConnected ? "direct" : "disconnected")
-      : (natsConnected ? "nats" : "disconnected");
-  const connected = mode !== "disconnected";
+    : !activeHost
+      ? "connecting"
+      : isDirectHost
+        ? (sseConnected ? "direct" : "connecting")
+        : !natsConnected
+          ? "connecting"
+          : (useLanRpc ? "lan" : "nats");
+  const connected = mode !== "connecting" && mode !== "disconnected";
+
+  // Reset terminal states when switching hosts or re-pairing (new client token).
+  useEffect(() => {
+    setUnauthorized(false);
+    setHostNotFound(false);
+  }, [activeHost?.hostId, activeHost?.clientToken]);
 
-  // Reset unauthorized when switching hosts or re-pairing (new client token)
-  useEffect(() => { setUnauthorized(false); }, [activeHost?.hostId, activeHost?.clientToken]);
+  // Probe the host's LAN URL on native server-paired hosts. RPC routes via direct
+  // HTTP when the probe succeeds; events stay on NATS regardless.
+  useEffect(() => {
+    if (!isNative || isDirectHost || !activeHost?.lanUrl) {
+      setLanReachable(false);
+      return;
+    }
+
+    let cancelled = false;
+    const lanUrl = activeHost.lanUrl;
+    const expectedHostId = activeHost.hostId;
+
+    async function probe() {
+      try {
+        const res = await fetch(`${lanUrl}/health`, {
+          signal: AbortSignal.timeout(LAN_PROBE_TIMEOUT_MS),
+        });
+        if (cancelled) return;
+        if (!res.ok) { setLanReachable(false); return; }
+        const data = await res.json() as { hostId?: string };
+        const reachable = data.hostId === expectedHostId;
+        setLanReachable(reachable);
+        if (reachable) console.log("[HOST/LAN] reachable:", lanUrl);
+      } catch {
+        if (!cancelled) setLanReachable(false);
+      }
+    }
+
+    probe();
+    const intervalId = window.setInterval(probe, LAN_KEEPALIVE_MS);
+
+    const appHandle = CapacitorApp.addListener("appStateChange", (state: { isActive: boolean }) => {
+      if (state.isActive) probe();
+    });
+    const netHandle = Network.addListener("networkStatusChange", () => probe());
+
+    return () => {
+      cancelled = true;
+      clearInterval(intervalId);
+      appHandle.then((h) => h.remove());
+      netHandle.then((h) => h.remove());
+    };
+  }, [activeHost?.hostId, activeHost?.lanUrl, isDirectHost]);
 
   // Fetch NATS config from server and connect (only for NATS hosts)
   useEffect(() => {
@@ -87,51 +149,63 @@ export function HostConnectionProvider({ children }: { children: ReactNode }) {
     if (!activeHost) return;
 
     let cancelled = false;
+    let retryDelayMs = 1_000;
+    const MAX_RETRY_MS = 30_000;
 
-    async function init() {
-      try {
-        // Fetch host-scoped NATS credentials (can only access this host's subjects)
-        const res = await fetch(`${SERVER_URL}/api/nats-credentials/${activeHost!.hostId}`);
-        if (!res.ok) {
-          console.error("[NATS] Failed to fetch credentials");
-          return;
-        }
-        const config = await res.json() as { natsWsUrl: string; natsJwt: string; natsNkeySeed: string };
-        if (!config.natsWsUrl) {
-          console.warn("[NATS] No WebSocket URL configured");
-          return;
-        }
-        if (cancelled) return;
+    async function connectLoop() {
+      while (!cancelled) {
+        try {
+          const res = await fetch(`${SERVER_URL}/api/nats-credentials/${activeHost!.hostId}`);
+          if (cancelled) return;
+          if (res.status === 401 || res.status === 403 || res.status === 404) {
+            console.error("[NATS] Host not found or rejected by relay:", res.status);
+            setHostNotFound(true);
+            return;
+          }
+          if (!res.ok) throw new Error(`credentials fetch ${res.status}`);
 
-        console.log("[NATS] Connecting to", config.natsWsUrl);
-        const conn = await connect({
-          servers: config.natsWsUrl,
-          authenticator: jwtAuthenticator(
-            config.natsJwt,
-            new TextEncoder().encode(config.natsNkeySeed),
-          ),
-        });
-        if (cancelled) { conn.close().catch(() => {}); return; }
-        console.log("[NATS] Connected");
-        ncRef.current = conn;
-        setNc(conn);
-        setNatsConnected(true);
-
-        conn.closed().then(() => {
-          console.log("[NATS] Connection closed");
-          if (!cancelled) {
-            setNc(null);
-            setNatsConnected(false);
-            ncRef.current = null;
+          const config = await res.json() as { natsWsUrl: string; natsJwt: string; natsNkeySeed: string };
+          if (!config.natsWsUrl) {
+            console.error("[NATS] Relay returned empty natsWsUrl — treating as terminal");
+            setHostNotFound(true);
+            return;
           }
-        });
-      } catch (err) {
-        console.error("[NATS] Connection failed:", err);
-        if (!cancelled) setNatsConnected(false);
+          if (cancelled) return;
+
+          console.log("[NATS] Connecting to", config.natsWsUrl);
+          const conn = await connect({
+            servers: config.natsWsUrl,
+            authenticator: jwtAuthenticator(
+              config.natsJwt,
+              new TextEncoder().encode(config.natsNkeySeed),
+            ),
+          });
+          if (cancelled) { conn.close().catch(() => {}); return; }
+          console.log("[NATS] Connected");
+          ncRef.current = conn;
+          setNc(conn);
+          setNatsConnected(true);
+          retryDelayMs = 1_000;
+
+          await conn.closed();
+          if (cancelled) return;
+
+          console.log("[NATS] Connection closed, will reconnect");
+          ncRef.current = null;
+          setNc(null);
+          setNatsConnected(false);
+        } catch (err) {
+          if (cancelled) return;
+          console.warn(`[NATS] Connect failed, retrying in ${retryDelayMs}ms:`, err);
+          setNatsConnected(false);
+          await new Promise((r) => setTimeout(r, retryDelayMs));
+          retryDelayMs = Math.min(retryDelayMs * 2, MAX_RETRY_MS);
+        }
       }
     }
 
-    init();
+    connectLoop();
+
     return () => {
       cancelled = true;
       if (ncRef.current) {
@@ -239,14 +313,13 @@ export function HostConnectionProvider({ children }: { children: ReactNode }) {
       }
     }
 
-    // Direct host (paired with address) — always use HTTP
-    if (isDirectHost) {
-      console.log(`[HOST/HTTP] → ${method}`, params ?? "");
-      const res = await fetch(`${activeHost.directUrl}/rpc/${method}`, {
+    async function callHttp(baseUrl: string, label: string): Promise<T> {
+      console.log(`[HOST/${label}] → ${method}`, params ?? "");
+      const res = await fetch(`${baseUrl}/rpc/${method}`, {
         method: "POST",
         headers: {
           "Content-Type": "application/json",
-          Authorization: `Bearer ${activeHost.clientToken}`,
+          Authorization: `Bearer ${activeHost!.clientToken}`,
         },
         body: params != null ? JSON.stringify(params) : undefined,
         signal: opts?.timeout ? AbortSignal.timeout(opts.timeout) : undefined,
@@ -257,22 +330,39 @@ export function HostConnectionProvider({ children }: { children: ReactNode }) {
       }
       const data = await res.json() as T;
       checkUnauthorized(data);
-      console.log(`[HOST/HTTP] ← ${method}`, data);
+      console.log(`[HOST/${label}] ← ${method}`, data);
       return data;
     }
 
-    // NATS mode
-    if (!ncRef.current) throw new Error("Not connected");
-    const subject = `host.${activeHost.hostId}.rpc.${method}`;
-    const payload = { ...(params as Record<string, unknown> ?? {}), clientToken: activeHost.clientToken };
-    const body = sc.current.encode(JSON.stringify(payload));
-    console.log(`[HOST/NATS] → ${method}`, params ?? "");
-    const msg = await ncRef.current.request(subject, body, { timeout: opts?.timeout ?? 10000 });
-    const decoded = JSON.parse(sc.current.decode(msg.data)) as T;
-    checkUnauthorized(decoded);
-    console.log(`[HOST/NATS] ← ${method}`, decoded);
-    return decoded;
-  }, [activeHost, isDirectHost]);
+    async function callNats(): Promise<T> {
+      if (!ncRef.current) throw new Error("Not connected");
+      const subject = `host.${activeHost!.hostId}.rpc.${method}`;
+      const payload = { ...(params as Record<string, unknown> ?? {}), clientToken: activeHost!.clientToken };
+      const body = sc.current.encode(JSON.stringify(payload));
+      console.log(`[HOST/NATS] → ${method}`, params ?? "");
+      const msg = await ncRef.current.request(subject, body, { timeout: opts?.timeout ?? 10000 });
+      const decoded = JSON.parse(sc.current.decode(msg.data)) as T;
+      checkUnauthorized(decoded);
+      console.log(`[HOST/NATS] ← ${method}`, decoded);
+      return decoded;
+    }
+
+    // Direct (loopback) host — always HTTP, no fallback.
+    if (isDirectHost) return callHttp(activeHost.directUrl!, "HTTP");
+
+    // Auto-LAN: try HTTP first; on failure mark unreachable and retry over NATS.
+    if (useLanRpc && activeHost.lanUrl) {
+      try {
+        return await callHttp(activeHost.lanUrl, "LAN");
+      } catch (err) {
+        if (err instanceof Error && err.message === "Unauthorized") throw err;
+        console.log("[HOST/LAN] failed, falling back to NATS:", err);
+        setLanReachable(false);
+      }
+    }
+
+    return callNats();
+  }, [activeHost, isDirectHost, useLanRpc]);
 
   // Subscribe to task events
   const subscribeEvents = useCallback((hostId: string, callback: (msg: { subject: string; data: Uint8Array }) => void): () => void => {

package/palmier-server/pwa/src/pages/Dashboard.tsx

@@ -7,6 +7,7 @@ import { useHostConnection } from "../contexts/HostConnectionContext";
 import TasksView from "../components/TasksView";
 import TabBar from "../components/TabBar";
 import HostMenu from "../components/HostMenu";
+import ConnectionStatusIcon from "../components/ConnectionStatusIcon";
 import SessionsView from "../components/SessionsView";
 import RunDetailView from "../components/RunDetailView";
 import { usePushSubscription } from "../hooks/usePushSubscription";
@@ -298,6 +299,7 @@ export default function Dashboard() {
           <div className="app-title-bar">
             {!isDesktop && <HostMenu daemonVersion={daemonVersion} capabilityTokens={capabilityTokens} activeClientToken={activeClientToken} request={request} onCapabilityTokensChange={setCapabilityTokens} />}
             <h1 className="app-title">Palmier</h1>
+            <ConnectionStatusIcon />
           </div>
           <div className="tab-bar">
             <TabBar />

package/palmier-server/pwa/src/pages/PairHost.tsx

@@ -15,8 +15,9 @@ interface PairResponse {
   hostName?: string;
 }
 
-/** LAN mode: PWA is served by palmier serve (marker injected into HTML). */
-const isLanMode = !!(window as any).__PALMIER_SERVE__;
+/** Loopback (Local) mode: PWA is served by palmier serve on localhost. */
+const isLoopback = !!(window as any).__PALMIER_SERVE__
+  && (window.location.hostname === "localhost" || window.location.hostname === "127.0.0.1");
 
 export default function PairHost() {
   const [code, setCode] = useState("");
@@ -38,8 +39,7 @@ export default function PairHost() {
     try {
       let response: PairResponse;
 
-      if (isLanMode) {
-        // LAN mode — same-origin fetch to the host serving this page
+      if (isLoopback) {
         const res = await fetch("/pair", {
           method: "POST",
           headers: { "Content-Type": "application/json" },
@@ -53,7 +53,6 @@ export default function PairHost() {
 
         response = await res.json() as PairResponse;
       } else {
-        // Server mode — pair via NATS
         const configRes = await fetch(`${SERVER_URL}/api/config`);
         if (!configRes.ok) throw new Error("Failed to fetch server config");
         const config = await configRes.json() as { natsWsUrl: string; natsJwt: string; natsNkeySeed: string };
@@ -82,7 +81,8 @@ export default function PairHost() {
       const host: PairedHost = {
         hostId: response.hostId,
         clientToken: response.clientToken,
-        directUrl: isLanMode ? window.location.origin : undefined,
+        directUrl: isLoopback ? window.location.origin : undefined,
+        lanUrl: !isLoopback ? response.directUrl : undefined,
         ...(response.hostName ? { name: response.hostName } : {}),
       };
 
@@ -125,15 +125,15 @@ export default function PairHost() {
     <div className="pair-page">
       <div className="pair-card">
         <div className="pair-header">
-          <h1 className="pair-title">{isLanMode ? "Pair" : "Pair with Host"}</h1>
+          <h1 className="pair-title">{isLoopback ? "Pair" : "Pair with Host"}</h1>
           <p className="pair-subtitle">
-            {isLanMode
+            {isLoopback
               ? "Enter the pairing code shown in your terminal."
               : "Connect this device to a Palmier host"}
           </p>
         </div>
 
-        {!isLanMode && (
+        {!isLoopback && (
           <div className="pair-instructions">
             <div className="pair-instruction-block">
               <h3 className="pair-instruction-heading">Setting up a new host?</h3>

package/palmier-server/pwa/src/types.ts

@@ -64,6 +64,8 @@ export interface PairedHost {
   hostId: string;
   clientToken: string;
   name?: string;
-  /** If set, all communication uses HTTP to this URL instead of NATS. */
+  /** If set, all communication uses HTTP to this URL instead of NATS. Set only for loopback (Local mode). */
   directUrl?: string;
+  /** Host's LAN URL captured at pair time. Native Capacitor app probes for reachability and routes RPC over HTTP when reachable; events stay on NATS. */
+  lanUrl?: string;
 }

package/palmier-server/spec.md

@@ -12,7 +12,7 @@ The host supports **Linux** (systemd), **macOS** (launchd user LaunchAgent), and
 
 ### 1.2 Components
 
-* **Host Binary (Node.js):** Runs persistently on the user's host machine as a NATS + HTTP RPC handler. Manages file system operations (task CRUD), OS-level scheduling (systemd), and task generation. Provides a CLI with commands: `palmier init` (provisioning), `palmier pair` (generate pairing code for device pairing), `palmier clients` (manage client tokens), `palmier run <task-id>` (executes a task via the configured agent tool), `palmier uninstall` (stop daemon and remove all scheduled tasks), and `palmier serve` (persistent RPC handler, default command). The `serve` process always starts a local HTTP server (bound to `127.0.0.1` by default, or `0.0.0.0` if LAN mode is enabled) alongside the NATS transport. Exposes a localhost-only MCP server at `/mcp` (streamable HTTP transport) with tools: `notify`, `request-input`, `request-confirmation`, `device-geolocation`, `read-contacts`, `create-contact`, `read-calendar`, `create-calendar-event`, `send-sms-message`, `send-alarm`, `read-battery`, `set-ringer-mode`; and resources: `notifications://device` (device notifications), `sms-messages://device` (SMS messages). Tools and resources are auto-generated as REST endpoints from shared registries (`ToolDefinition[]`, `ResourceDefinition[]`) — zero duplication. Tool REST endpoints are POST with `taskId` query param; resource REST endpoints are GET. `/request-permission` remains a separate endpoint (not part of the MCP registries). MCP resources support subscriptions — clients call `resources/subscribe` and the server holds the POST response open as an SSE stream, pushing `notifications/resources/updated` notifications when the resource data changes. MCP sessions track agent names from `initialize` clientInfo for logging and UI display. `palmier run` is a short-lived process invoked by systemd. Task execution is abstracted through an `AgentTool` interface (`src/agents/agent.ts`) so different AI CLI tools can be supported — each agent implements `getPromptCommandLine()`, `getTaskRunCommandLine()`, and `init()`. The task's `agent` field (e.g., `"claude"`) selects which agent is used.
+* **Host Binary (Node.js):** Runs persistently on the user's host machine as a NATS + HTTP RPC handler. Manages file system operations (task CRUD), OS-level scheduling (systemd), and task generation. Provides a CLI with commands: `palmier init` (provisioning), `palmier pair` (generate pairing code for device pairing), `palmier clients` (manage client tokens), `palmier run <task-id>` (executes a task via the configured agent tool), `palmier uninstall` (stop daemon and remove all scheduled tasks), and `palmier serve` (persistent RPC handler, default command). The `serve` process always starts an HTTP server bound to `0.0.0.0` alongside the NATS transport. The web UI, `/pair`, and `/events` are gated to loopback callers; `/rpc/<method>` (bearer-auth) and `/health` (public) are reachable from the LAN to support the Capacitor app's auto-LAN mode. Exposes a localhost-only MCP server at `/mcp` (streamable HTTP transport) with tools: `notify`, `request-input`, `request-confirmation`, `device-geolocation`, `read-contacts`, `create-contact`, `read-calendar`, `create-calendar-event`, `send-sms-message`, `send-alarm`, `read-battery`, `set-ringer-mode`; and resources: `notifications://device` (device notifications), `sms-messages://device` (SMS messages). Tools and resources are auto-generated as REST endpoints from shared registries (`ToolDefinition[]`, `ResourceDefinition[]`) — zero duplication. Tool REST endpoints are POST with `taskId` query param; resource REST endpoints are GET. `/request-permission` remains a separate endpoint (not part of the MCP registries). MCP resources support subscriptions — clients call `resources/subscribe` and the server holds the POST response open as an SSE stream, pushing `notifications/resources/updated` notifications when the resource data changes. MCP sessions track agent names from `initialize` clientInfo for logging and UI display. `palmier run` is a short-lived process invoked by systemd. Task execution is abstracted through an `AgentTool` interface (`src/agents/agent.ts`) so different AI CLI tools can be supported — each agent implements `getPromptCommandLine()`, `getTaskRunCommandLine()`, and `init()`. The task's `agent` field (e.g., `"claude"`) selects which agent is used.
 
 * **Web Server (Node.js):** Serves the PWA assets (React) via `app.palmier.me` (Cloudflare proxied), manages Web Push VAPID keys, and provides host registration. Uses **PostgreSQL** for persistent storage (host registrations, push subscriptions, FCM tokens). Connects to NATS via TCP to subscribe to `host-event.>` for sending push notifications (confirmations, dismissals, completion/failure). For `POST /api/push/respond` (confirmation responses via push notification action buttons), the Web Server forwards the response to the host via the `task.user_input` NATS RPC. Subscribes to `host.*.push.send` NATS subjects to relay push notification requests from the host CLI. Subscribes to `host.*.fcm.geolocation` to relay device geolocation requests via FCM. Subscribes to `host.*.fcm.contacts`, `host.*.fcm.calendar`, `host.*.fcm.sms`, `host.*.fcm.alarm`, `host.*.fcm.battery`, and `host.*.fcm.ringer` to relay device capability requests via FCM. Provides HTTP endpoints for Android to post responses back (`/api/device/contacts-response`, `/api/device/calendar-response`, `/api/device/sms-response`, `/api/device/alarm-response`, `/api/device/battery-response`, `/api/device/ringer-response`). Co-located with the NATS server on the same machine.
 
@@ -90,42 +90,42 @@ Each host machine is provisioned via `palmier init`, an interactive wizard that
 `palmier init` is an interactive wizard that:
 
 1. Detects installed agent CLIs.
-2. Asks whether to enable LAN access and which HTTP port to use (default 7256).
-3. Shows a summary of task storage directory, local access URL, LAN URL (if enabled), detected agents, and any existing tasks to recover. Asks for confirmation before proceeding.
+2. Asks which HTTP port to use (default 7256).
+3. Shows a summary of task storage directory, local access URL, detected agents, and any existing tasks to recover. Asks for confirmation before proceeding.
 4. Registers with the Palmier server via `POST <url>/api/hosts/register` — server returns `{ hostId, natsUrl, natsWsUrl, natsJwt, natsNkeySeed }`.
-5. Saves config to `~/.config/palmier/host.json` (includes `httpPort`, `lanEnabled`, NATS credentials).
+5. Saves config to `~/.config/palmier/host.json` (includes `httpPort`, NATS credentials).
 6. Installs a systemd user service (Linux), user LaunchAgent (macOS), or Task Scheduler entry (Windows) and auto-enters pair mode.
 
 The daemon automatically recovers existing tasks by reinstalling their system timers on startup.
 
-The `serve` daemon always starts an HTTP server on the configured port. Three access modes are available:
+The `serve` daemon always starts an HTTP server bound to `0.0.0.0:<port>`. Two access modes are available:
 
-**Local mode** (always available):
-- HTTP server binds to `127.0.0.1:<port>`. The PWA is accessible at `http://localhost:<port>` without pairing or internet. The PWA is bundled with the host package. The serve daemon injects `window.__PALMIER_SERVE__=true` into the HTML; the PWA detects this and auto-connects.
+**Local mode** (always available, loopback only):
+- The PWA is accessible at `http://localhost:<port>` without pairing or internet. The PWA is bundled with the host package. The serve daemon injects `window.__PALMIER_SERVE__=true` into the HTML; the PWA detects this and auto-connects. Web UI assets, `/pair`, and `/events` are gated to loopback callers (`127.0.0.1`/`::1`); non-loopback requests get 404.
 
-**LAN mode** (enabled during init):
-- HTTP server binds to `0.0.0.0:<port>`, making the PWA accessible from the local network at `http://<host-ip>:<port>`. Non-localhost access requires pairing via a pairing code. Push notifications are not available.
-
-**Server mode** (NATS cloud relay, always on):
+**Server mode** (NATS cloud relay):
 - Communication is relayed through the Palmier cloud server via NATS. PWA is accessed at `https://app.palmier.me`. Enables push notifications and remote access.
 
+**Auto-LAN** (transparent perf optimization on top of Server mode):
+- The host's HTTP server exposes `/rpc/<method>` (bearer-auth) and `/health` (public) on all interfaces, so other devices on the LAN can reach them. The native Capacitor app probes `${lanUrl}/health` (URL captured at pair time) and routes RPC over direct HTTP when reachable, falling back to NATS otherwise. Events stay on NATS regardless. Browser PWAs cannot use this path due to Private Network Access / mixed-content rules.
+
 ### 2.2 Device Pairing
 
 Local access (`http://localhost:<port>`) requires no pairing — the PWA auto-connects with a placeholder host ID.
 
-For LAN and server mode, `palmier pair` generates a 6-character pairing code from the charset `ABCDEFGHJKMNPQRSTUVWXYZ23456789` (excludes ambiguous O/0/I/1/L) and listens on both transports in parallel:
+For server-mode pairing, `palmier pair` generates a 6-character pairing code from the charset `ABCDEFGHJKMNPQRSTUVWXYZ23456789` (excludes ambiguous O/0/I/1/L) and listens on both NATS (relay) and HTTP (loopback only) in parallel:
 
-**Server mode (NATS):**
+**Server pairing (NATS, primary path):**
 1. Host subscribes to `pair.<CODE>` on NATS with a 5-minute timeout.
 2. User enters the code in the PWA at `https://app.palmier.me`.
-3. Host validates the code, generates a client token via `addClient()`, and responds with `{ hostId, clientToken }`.
+3. Host validates the code, generates a client token via `addClient()`, and responds with `{ hostId, clientToken, directUrl, hostName }`. `directUrl` is the host's LAN URL (`http://<lan-ip>:<port>`) — stored on the device as `lanUrl` and probed by the native app for auto-LAN.
 
-**LAN mode (HTTP):**
-1. Host registers the code with the serve daemon via `POST /pair-register`.
-2. User opens `http://<host-ip>:<port>` and enters the code. No host address field is shown since the request is same-origin.
-3. PWA posts `POST /pair` with `{ code }` to the same origin. Host responds with `{ hostId, clientToken, directUrl }`.
+**Local pairing (HTTP, loopback only):**
+1. Host registers the code with the serve daemon via `POST /pair-register` (loopback-gated).
+2. User opens `http://localhost:<port>` on the host machine and enters the code.
+3. PWA posts `POST /pair` (loopback-gated) with `{ code }` and gets the same payload as above. The PWA treats `directUrl = window.location.origin` (loopback), and stores nothing as `lanUrl`.
 
-In both cases, the PWA stores the paired host in localStorage and navigates to the dashboard. Codes expire after 5 minutes or first successful use.
+The PWA stores the paired host in localStorage and navigates to the dashboard. Codes expire after 5 minutes or first successful use.
 
 ### 2.3 Client Management
 
@@ -143,6 +143,8 @@ All communication is scoped per host. **Request-reply** is used for RPC-style ca
 
 The **RPC method is derived from the NATS subject**, not the message body. The host subscribes to `host.<host_id>.rpc.>` and extracts the method by splitting the subject at `rpc.` (e.g., `...rpc.task.create` → `task.create`). The message body contains the request parameters as JSON, including the `clientToken` field for authentication.
 
+**Auto-LAN (native Capacitor app only).** When the device probes the host's LAN URL successfully, it routes the same RPC methods over direct HTTP (`POST <lanUrl>/rpc/<method>` with `Authorization: Bearer <clientToken>`) instead of through NATS. Identical request/response payloads, lower latency. Browser PWA always uses NATS. Events (`host-event.*`) always flow through NATS regardless of mode.
+
 **Host RPC endpoints** (request-reply, subject: `host.<host_id>.rpc.<method>`):
 
 | Method | Params | Description |

package/src/commands/init.ts

@@ -37,25 +37,21 @@ export async function initCommand(): Promise<void> {
 
     console.log(`  Found: ${green(agents.map((a) => a.label).join(", "))}\n`);
 
-    const lanAnswer = await ask("Enable LAN access (direct HTTP from local network)? (y/N): ");
-    const lanEnabled = lanAnswer.trim().toLowerCase() === "y";
-
     let httpPort = 7256;
-    const portLabel = lanEnabled ? "HTTP port for local and LAN access" : "HTTP port for local access";
-    const portAnswer = await ask(`${portLabel} (default ${httpPort}): `);
+    const portAnswer = await ask(`HTTP port (default ${httpPort}): `);
     const parsed = parseInt(portAnswer.trim(), 10);
     if (parsed > 0 && parsed < 65536) httpPort = parsed;
 
+    const lanIp = detectLanIp();
+
     console.log(`\n${bold("Setup summary:")}\n`);
     console.log(`  ${dim("Task storage:")}   ${bold(process.cwd())}`);
     console.log(`                  All tasks and execution data will be stored here.\n`);
     console.log(`  ${dim("Local access:")}   ${cyan(`http://localhost:${httpPort}`)}`);
-    console.log(`                  Always available — no internet required.\n`);
-    if (lanEnabled) {
-      const ip = detectLanIp();
-      console.log(`  ${dim("LAN access:")}     ${cyan(`http://${ip}:${httpPort}`)}`);
-      console.log(`                  Accessible from other devices on your local network. Pairing required.\n`);
-    }
+    console.log(`                  Open in a browser on this machine — no internet required.\n`);
+    console.log(`  ${dim("Remote access:")}  ${cyan("https://app.palmier.me")}`);
+    console.log(`                  Pair the app to your host. The app uses ${cyan(`http://${lanIp}:${httpPort}`)}`);
+    console.log(`                  for direct RPC when on the same network, otherwise the relay.\n`);
     console.log(`  ${dim("Agents:")}         ${agents.map((a) => a.label).join(", ")}\n`);
 
     const existingTasks = listTasks(process.cwd());
@@ -106,7 +102,6 @@ export async function initCommand(): Promise<void> {
       natsNkeySeed: registerResponse.natsNkeySeed,
       agents,
       httpPort,
-      lanEnabled,
     };
 
     saveConfig(config);