npm - reley - Versions diffs - 0.1.1 → 0.1.4 - Mend

reley 0.1.1 → 0.1.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/index.js +44 -2082
package/package.json +1 -1

package/dist/index.js CHANGED Viewed

@@ -1,449 +1,7 @@
 #!/usr/bin/env node
-var __defProp = Object.defineProperty;
-var __getOwnPropNames = Object.getOwnPropertyNames;
-var __esm = (fn, res) => function __init() {
-  return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res;
-};
-var __export = (target, all) => {
-  for (var name in all)
-    __defProp(target, name, { get: all[name], enumerable: true });
-};
-// src/config.ts
-var config_exports = {};
-__export(config_exports, {
-  clearConfig: () => clearConfig,
-  getConfigDir: () => getConfigDir,
-  getConfigPath: () => getConfigPath,
-  isConfigured: () => isConfigured,
-  loadConfig: () => loadConfig,
-  saveConfig: () => saveConfig
-});
-import { existsSync, readFileSync, writeFileSync, mkdirSync } from "node:fs";
-import { join } from "node:path";
-import { homedir } from "node:os";
-function getConfigDir() {
-  return CONFIG_DIR;
-}
-function getConfigPath() {
-  return CONFIG_FILE;
-}
-function loadConfig() {
-  try {
-    if (!existsSync(CONFIG_FILE)) return null;
-    const raw = readFileSync(CONFIG_FILE, "utf-8");
-    return JSON.parse(raw);
-  } catch {
-    return null;
-  }
-}
-function saveConfig(config) {
-  mkdirSync(CONFIG_DIR, { recursive: true });
-  writeFileSync(CONFIG_FILE, JSON.stringify(config, null, 2) + "\n", "utf-8");
-}
-function clearConfig() {
-  try {
-    if (existsSync(CONFIG_FILE)) {
-      writeFileSync(CONFIG_FILE, "{}\n", "utf-8");
-    }
-  } catch {
-  }
-}
-function isConfigured() {
-  const config = loadConfig();
-  return !!(config?.reley_url && config?.device_token);
-}
-var CONFIG_DIR, CONFIG_FILE;
-var init_config = __esm({
-  "src/config.ts"() {
-    "use strict";
-    CONFIG_DIR = join(homedir(), ".reley");
-    CONFIG_FILE = join(CONFIG_DIR, "config.json");
-  }
-});
-// src/index.ts
-import { Command } from "commander";
-// src/commands/run.ts
-import { createServer as createHttpServer } from "node:http";
-import { createServer as createNetServer } from "node:net";
-import { fork } from "node:child_process";
-import { existsSync as existsSync2, readFileSync as readFileSync2, writeFileSync as writeFileSync2, unlinkSync } from "node:fs";
-import { fileURLToPath } from "node:url";
-import { dirname, join as join2 } from "node:path";
-import { homedir as homedir2 } from "node:os";
-import crypto from "node:crypto";
-import WebSocket, { WebSocketServer } from "ws";
-import { spawn } from "node-pty";
-// ../../packages/crypto/dist/sodium.js
-import { createRequire } from "node:module";
-var require2 = createRequire(import.meta.url);
-var sodium = require2("libsodium-wrappers-sumo");
-var sodium_default = sodium;
-// ../../packages/crypto/dist/keys.js
-var initialized = false;
-async function ensureSodium() {
-  if (!initialized) {
-    await sodium_default.ready;
-    initialized = true;
-  }
-  return sodium_default;
-}
-async function generateIdentityKeyPair() {
-  const s = await ensureSodium();
-  const kp = s.crypto_sign_keypair();
-  return {
-    publicKey: kp.publicKey,
-    secretKey: kp.privateKey,
-    keyType: "ed25519"
-  };
-}
-async function generateEphemeralKeyPair() {
-  const s = await ensureSodium();
-  const kp = s.crypto_kx_keypair();
-  return {
-    publicKey: kp.publicKey,
-    secretKey: kp.privateKey,
-    keyType: "x25519"
-  };
-}
-async function generateOneTimeCode(length = 32) {
-  const s = await ensureSodium();
-  return s.randombytes_buf(length);
-}
-// ../../packages/crypto/dist/ecdh.js
-async function computeSharedSecret(ourSecretKey, theirPublicKey) {
-  const s = await ensureSodium();
-  return s.crypto_scalarmult(ourSecretKey, theirPublicKey);
-}
-// ../../packages/crypto/dist/hkdf.js
-var HKDF_HASH_LEN = 32;
-async function hkdfExtract(salt, ikm) {
-  const s = await ensureSodium();
-  const key = salt.length > 0 ? salt : new Uint8Array(HKDF_HASH_LEN);
-  return s.crypto_auth_hmacsha256(ikm, key);
-}
-async function hkdfExpand(prk, info, length) {
-  const s = await ensureSodium();
-  const n = Math.ceil(length / HKDF_HASH_LEN);
-  const okm = new Uint8Array(n * HKDF_HASH_LEN);
-  let prev = new Uint8Array(0);
-  for (let i = 1; i <= n; i++) {
-    const input = new Uint8Array(prev.length + info.length + 1);
-    input.set(prev, 0);
-    input.set(info, prev.length);
-    input[prev.length + info.length] = i;
-    prev = new Uint8Array(s.crypto_auth_hmacsha256(input, prk));
-    okm.set(prev, (i - 1) * HKDF_HASH_LEN);
-  }
-  return okm.slice(0, length);
-}
-async function deriveSessionKeys(sharedSecret, salt = new Uint8Array(0), info = "reley-v1") {
-  const infoBytes = new TextEncoder().encode(info);
-  const prk = await hkdfExtract(salt, sharedSecret);
-  const okm = await hkdfExpand(prk, infoBytes, 64);
-  return {
-    sendKey: okm.slice(0, 32),
-    recvKey: okm.slice(32, 64)
-  };
-}
-async function deriveChainKey(chainKey, info = "reley-chain") {
-  const s = await ensureSodium();
-  const msgKeyInput = new TextEncoder().encode(info + "-msg");
-  const chainKeyInput = new TextEncoder().encode(info + "-chain");
-  const messageKey = s.crypto_auth_hmacsha256(msgKeyInput, chainKey);
-  const nextChainKey = s.crypto_auth_hmacsha256(chainKeyInput, chainKey);
-  return { messageKey, nextChainKey };
-}
-// ../../packages/crypto/dist/aes-gcm.js
-var NONCE_LENGTH = 12;
-var KEY_LENGTH = 32;
-async function encrypt(plaintext, key, aad = new Uint8Array(0)) {
-  const s = await ensureSodium();
-  if (key.length !== KEY_LENGTH) {
-    throw new Error(`Key must be ${KEY_LENGTH} bytes, got ${key.length}`);
-  }
-  const nonce = s.randombytes_buf(NONCE_LENGTH);
-  const ciphertext = s.crypto_aead_xchacha20poly1305_ietf_encrypt(
-    plaintext,
-    aad.length > 0 ? aad : null,
-    null,
-    // nsec (unused)
-    // xchacha uses 24-byte nonce, pad our 12-byte nonce
-    padNonce(nonce, s),
-    key
-  );
-  return { nonce, ciphertext };
-}
-async function decrypt(ciphertext, nonce, key, aad = new Uint8Array(0)) {
-  const s = await ensureSodium();
-  if (key.length !== KEY_LENGTH) {
-    throw new Error(`Key must be ${KEY_LENGTH} bytes, got ${key.length}`);
-  }
-  try {
-    return s.crypto_aead_xchacha20poly1305_ietf_decrypt(
-      null,
-      // nsec (unused)
-      ciphertext,
-      aad.length > 0 ? aad : null,
-      padNonce(nonce, s),
-      key
-    );
-  } catch {
-    throw new Error("Decryption failed: invalid ciphertext or key");
-  }
-}
-function padNonce(nonce, s) {
-  const padded = new Uint8Array(s.crypto_aead_xchacha20poly1305_ietf_NPUBBYTES);
-  padded.set(nonce, 0);
-  return padded;
-}
-// ../../packages/crypto/dist/ratchet.js
-var KEY_ROTATION_INTERVAL = 50;
-function initRatchet(sendKey, recvKey) {
-  return {
-    sendChainKey: sendKey,
-    recvChainKey: recvKey,
-    sendCounter: 0,
-    recvCounter: 0,
-    maxRecvCounter: -1
-  };
-}
-async function ratchetEncrypt(state, plaintext) {
-  const { messageKey, nextChainKey } = await deriveChainKey(state.sendChainKey);
-  const counter = state.sendCounter;
-  const aad = buildAAD(1, counter);
-  const { nonce, ciphertext } = await encrypt(plaintext, messageKey, aad);
-  const newState = {
-    ...state,
-    sendChainKey: nextChainKey,
-    sendCounter: counter + 1
-  };
-  return { ciphertext, nonce, counter, state: newState };
-}
-async function ratchetDecrypt(state, ciphertext, nonce, counter) {
-  if (counter <= state.maxRecvCounter) {
-    throw new Error(`Replay attack detected: counter ${counter} <= ${state.maxRecvCounter}`);
-  }
-  let chainKey = state.recvChainKey;
-  let currentCounter = state.recvCounter;
-  let messageKey;
-  while (currentCounter <= counter) {
-    const derived = await deriveChainKey(chainKey);
-    if (currentCounter === counter) {
-      messageKey = derived.messageKey;
-    }
-    chainKey = derived.nextChainKey;
-    currentCounter++;
-  }
-  if (!messageKey) {
-    throw new Error("Failed to derive message key");
-  }
-  const aad = buildAAD(1, counter);
-  const plaintext = await decrypt(ciphertext, nonce, messageKey, aad);
-  const newState = {
-    ...state,
-    recvChainKey: chainKey,
-    recvCounter: currentCounter,
-    maxRecvCounter: counter
-  };
-  return { plaintext, state: newState };
-}
-function needsKeyRotation(state) {
-  return state.sendCounter > 0 && state.sendCounter % KEY_ROTATION_INTERVAL === 0;
-}
-function buildAAD(version, counter) {
-  const aad = new Uint8Array(6);
-  aad[0] = version;
-  aad[1] = 1;
-  aad[2] = counter >>> 24 & 255;
-  aad[3] = counter >>> 16 & 255;
-  aad[4] = counter >>> 8 & 255;
-  aad[5] = counter & 255;
-  return aad;
-}
-// ../../packages/crypto/dist/qr-payload.js
-var MAGIC = "CB1";
-async function encodeQRPayload(payload) {
-  const s = await ensureSodium();
-  const releyBytes = new TextEncoder().encode(payload.releyUrl);
-  const jwtBytes = new TextEncoder().encode(payload.jwt);
-  const totalLen = 3 + 2 + releyBytes.length + 32 + 32 + 2 + jwtBytes.length;
-  const buf = new Uint8Array(totalLen);
-  let offset = 0;
-  buf[offset++] = MAGIC.charCodeAt(0);
-  buf[offset++] = MAGIC.charCodeAt(1);
-  buf[offset++] = MAGIC.charCodeAt(2);
-  buf[offset++] = releyBytes.length >>> 8 & 255;
-  buf[offset++] = releyBytes.length & 255;
-  buf.set(releyBytes, offset);
-  offset += releyBytes.length;
-  buf.set(payload.publicKey, offset);
-  offset += 32;
-  buf.set(payload.oneTimeCode, offset);
-  offset += 32;
-  buf[offset++] = jwtBytes.length >>> 8 & 255;
-  buf[offset++] = jwtBytes.length & 255;
-  buf.set(jwtBytes, offset);
-  return s.to_base64(buf, s.base64_variants.URLSAFE_NO_PADDING);
-}
-async function hashOneTimeCode(otc) {
-  const s = await ensureSodium();
-  return s.crypto_generichash(32, otc, null);
-}
-// ../../packages/protocol/dist/constants.js
-var PROTOCOL_VERSION = 1;
-var WIRE = {
-  VERSION: 1,
-  TYPE: 1,
-  COUNTER: 4,
-  NONCE: 12,
-  TAG: 16,
-  HEADER: 1 + 1 + 4 + 12
-  // 18 bytes total header before ciphertext
-};
-var MessageType = {
-  TERMINAL_DATA: 1,
-  TERMINAL_RESIZE: 2,
-  TERMINAL_INPUT: 3,
-  HOOK_EVENT: 16,
-  HOOK_RESPONSE: 17,
-  SESSION_PING: 32,
-  SESSION_PONG: 33,
-  SESSION_CLOSE: 34,
-  KEY_ROTATION: 48,
-  KEY_EXCHANGE: 49
-};
-var TIMEOUTS = {
-  PAIRING_EXPIRY: 5 * 60 * 1e3,
-  // 5 minutes
-  JWT_EXPIRY: 24 * 60 * 60 * 1e3,
-  // 24 hours
-  PING_INTERVAL: 30 * 1e3,
-  // 30 seconds
-  PONG_TIMEOUT: 10 * 1e3,
-  // 10 seconds
-  WS_RECONNECT_BASE: 1e3,
-  // 1 second base for exponential backoff
-  WS_RECONNECT_MAX: 30 * 1e3,
-  // 30 seconds max
-  HOOK_RESPONSE_TIMEOUT: 5 * 60 * 1e3
-  // 5 minutes for user approval
-};
-// ../../packages/protocol/dist/envelope.js
-var MESSAGE_TYPE_MAP = {
-  terminal_data: MessageType.TERMINAL_DATA,
-  terminal_resize: MessageType.TERMINAL_RESIZE,
-  terminal_input: MessageType.TERMINAL_INPUT,
-  hook_event: MessageType.HOOK_EVENT,
-  hook_response: MessageType.HOOK_RESPONSE,
-  ping: MessageType.SESSION_PING,
-  pong: MessageType.SESSION_PONG,
-  session_close: MessageType.SESSION_CLOSE,
-  key_rotation: MessageType.KEY_ROTATION,
-  key_exchange: MessageType.KEY_EXCHANGE
-};
-var REVERSE_TYPE_MAP = /* @__PURE__ */ new Map();
-for (const [k, v] of Object.entries(MESSAGE_TYPE_MAP)) {
-  REVERSE_TYPE_MAP.set(v, k);
-}
-function getWireType(messageType) {
-  const t = MESSAGE_TYPE_MAP[messageType];
-  if (t === void 0) {
-    throw new Error(`Unknown message type: ${messageType}`);
-  }
-  return t;
-}
-function encodeEnvelope(envelope) {
-  const totalLen = WIRE.HEADER + envelope.ciphertext.length;
-  const buf = new Uint8Array(totalLen);
-  let offset = 0;
-  buf[offset++] = envelope.version;
-  buf[offset++] = envelope.type;
-  buf[offset++] = envelope.counter >>> 24 & 255;
-  buf[offset++] = envelope.counter >>> 16 & 255;
-  buf[offset++] = envelope.counter >>> 8 & 255;
-  buf[offset++] = envelope.counter & 255;
-  buf.set(envelope.nonce, offset);
-  offset += WIRE.NONCE;
-  buf.set(envelope.ciphertext, offset);
-  return buf;
-}
-function decodeEnvelope(data) {
-  if (data.length < WIRE.HEADER + WIRE.TAG) {
-    throw new Error(`Envelope too short: ${data.length} bytes`);
-  }
-  let offset = 0;
-  const version = data[offset++];
-  if (version !== PROTOCOL_VERSION) {
-    throw new Error(`Unsupported protocol version: ${version}`);
-  }
-  const type = data[offset++];
-  const counter = data[offset] << 24 | data[offset + 1] << 16 | data[offset + 2] << 8 | data[offset + 3];
-  offset += 4;
-  const nonce = data.slice(offset, offset + WIRE.NONCE);
-  offset += WIRE.NONCE;
-  const ciphertext = data.slice(offset);
-  return { version, type, counter, nonce, ciphertext };
-}
-function serializeMessage(message) {
-  return new TextEncoder().encode(JSON.stringify(message));
-}
-function deserializeMessage(data) {
-  return JSON.parse(new TextDecoder().decode(data));
-}
-// src/commands/run.ts
-var __dirname = dirname(fileURLToPath(import.meta.url));
-var loggingEnabled = true;
-function log(label, msg) {
-  if (!loggingEnabled) return;
-  const colors = {
-    RELEY: "\x1B[34m",
-    PTY: "\x1B[32m",
-    WEB: "\x1B[35m",
-    CRYPTO: "\x1B[33m",
-    HOOKS: "\x1B[36m"
-  };
-  console.error(`${colors[label] ?? ""}[${label}]\x1B[0m ${msg}`);
-}
-function findReleyServer() {
-  const candidates = [
-    join2(__dirname, "../../../reley/dist/server.js"),
-    join2(__dirname, "../../../../apps/reley/dist/server.js")
-  ];
-  for (const p of candidates) {
-    if (existsSync2(p)) return p;
-  }
-  throw new Error("Not logged in. Run `reley login` first, or use `reley --online` to connect to the remote server.");
-}
-async function isReleyRunning(url) {
-  try {
-    const res = await fetch(`${url}/health`);
-    return res.ok;
-  } catch {
-    return false;
-  }
-}
-async function waitForReley(url) {
-  for (let i = 0; i < 50; i++) {
-    if (await isReleyRunning(url)) return;
-    await new Promise((r) => setTimeout(r, 200));
-  }
-  throw new Error("Reley server failed to start");
-}
-function getTerminalHtml() {
-  return `<!DOCTYPE html>
+var Ct=Object.defineProperty;var Et=(t,e)=>()=>(t&&(e=t(t=0)),e);var _t=(t,e)=>{for(var o in e)Ct(t,o,{get:e[o],enumerable:!0})};var st={};_t(st,{clearConfig:()=>Lt,getConfigDir:()=>Dt,getConfigPath:()=>$e,isConfigured:()=>je,loadConfig:()=>nt,saveConfig:()=>Be});import{existsSync as tt,readFileSync as It,writeFileSync as ot,mkdirSync as Kt}from"node:fs";import{join as rt}from"node:path";import{homedir as Ut}from"node:os";function Dt(){return Me}function $e(){return le}function nt(){try{if(!tt(le))return null;let t=It(le,"utf-8");return JSON.parse(t)}catch{return null}}function Be(t){Kt(Me,{recursive:!0}),ot(le,JSON.stringify(t,null,2)+`
+`,"utf-8")}function Lt(){try{tt(le)&&ot(le,`{}
+`,"utf-8")}catch{}}function je(){let t=nt();return!!(t?.reley_url&&t?.device_token)}var Me,le,we=Et(()=>{"use strict";Me=rt(Ut(),".reley"),le=rt(Me,"config.json")});import{Command as ao}from"commander";import{createServer as Ht}from"node:http";import{createServer as at}from"node:net";import{fork as Mt}from"node:child_process";import{existsSync as Ge,readFileSync as ct,writeFileSync as Je,unlinkSync as de}from"node:fs";import{fileURLToPath as $t}from"node:url";import{dirname as Bt,join as ze}from"node:path";import{homedir as jt}from"node:os";import Fe from"node:crypto";import R,{WebSocketServer as Ft}from"ws";import{spawn as lt}from"node-pty";import{createRequire as Tt}from"node:module";var Pt=Tt(import.meta.url),Rt=Pt("libsodium-wrappers-sumo"),Oe=Rt;var Ve=!1;async function f(){return Ve||(await Oe.ready,Ve=!0),Oe}async function Ne(){let e=(await f()).crypto_sign_keypair();return{publicKey:e.publicKey,secretKey:e.privateKey,keyType:"ed25519"}}async function re(){let e=(await f()).crypto_kx_keypair();return{publicKey:e.publicKey,secretKey:e.privateKey,keyType:"x25519"}}async function Ae(t=32){return(await f()).randombytes_buf(t)}async function J(t,e){return(await f()).crypto_scalarmult(t,e)}var ve=32;async function Ot(t,e){let o=await f(),r=t.length>0?t:new Uint8Array(ve);return o.crypto_auth_hmacsha256(e,r)}async function Nt(t,e,o){let r=await f(),n=Math.ceil(o/ve),s=new Uint8Array(n*ve),i=new Uint8Array(0);for(let c=1;c<=n;c++){let a=new Uint8Array(i.length+e.length+1);a.set(i,0),a.set(e,i.length),a[i.length+e.length]=c,i=new Uint8Array(r.crypto_auth_hmacsha256(a,t)),s.set(i,(c-1)*ve)}return s.slice(0,o)}async function W(t,e=new Uint8Array(0),o="reley-v1"){let r=new TextEncoder().encode(o),n=await Ot(e,t),s=await Nt(n,r,64);return{sendKey:s.slice(0,32),recvKey:s.slice(32,64)}}async function be(t,e="reley-chain"){let o=await f(),r=new TextEncoder().encode(e+"-msg"),n=new TextEncoder().encode(e+"-chain"),s=o.crypto_auth_hmacsha256(r,t),i=o.crypto_auth_hmacsha256(n,t);return{messageKey:s,nextChainKey:i}}var qe=12;var me=32;async function Ie(t,e,o=new Uint8Array(0)){let r=await f();if(e.length!==me)throw new Error(`Key must be ${me} bytes, got ${e.length}`);let n=r.randombytes_buf(qe),s=r.crypto_aead_xchacha20poly1305_ietf_encrypt(t,o.length>0?o:null,null,Xe(n,r),e);return{nonce:n,ciphertext:s}}async function Ke(t,e,o,r=new Uint8Array(0)){let n=await f();if(o.length!==me)throw new Error(`Key must be ${me} bytes, got ${o.length}`);try{return n.crypto_aead_xchacha20poly1305_ietf_decrypt(null,t,r.length>0?r:null,Xe(e,n),o)}catch{throw new Error("Decryption failed: invalid ciphertext or key")}}function Xe(t,e){let o=new Uint8Array(e.crypto_aead_xchacha20poly1305_ietf_NPUBBYTES);return o.set(t,0),o}var Qe=50;function Y(t,e){return{sendChainKey:t,recvChainKey:e,sendCounter:0,recvCounter:0,maxRecvCounter:-1}}async function V(t,e){let{messageKey:o,nextChainKey:r}=await be(t.sendChainKey),n=t.sendCounter,s=Ze(1,n),{nonce:i,ciphertext:c}=await Ie(e,o,s),a={...t,sendChainKey:r,sendCounter:n+1};return{ciphertext:c,nonce:i,counter:n,state:a}}async function se(t,e,o,r){if(r<=t.maxRecvCounter)throw new Error(`Replay attack detected: counter ${r} <= ${t.maxRecvCounter}`);let n=t.recvChainKey,s=t.recvCounter,i;for(;s<=r;){let m=await be(n);s===r&&(i=m.messageKey),n=m.nextChainKey,s++}if(!i)throw new Error("Failed to derive message key");let c=Ze(1,r),a=await Ke(e,o,i,c),u={...t,recvChainKey:n,recvCounter:s,maxRecvCounter:r};return{plaintext:a,state:u}}function Ue(t){return t.sendCounter>0&&t.sendCounter%Qe===0}function Ze(t,e){let o=new Uint8Array(6);return o[0]=t,o[1]=1,o[2]=e>>>24&255,o[3]=e>>>16&255,o[4]=e>>>8&255,o[5]=e&255,o}var De="CB1";async function Le(t){let e=await f(),o=new TextEncoder().encode(t.releyUrl),r=new TextEncoder().encode(t.jwt),n=5+o.length+32+32+2+r.length,s=new Uint8Array(n),i=0;return s[i++]=De.charCodeAt(0),s[i++]=De.charCodeAt(1),s[i++]=De.charCodeAt(2),s[i++]=o.length>>>8&255,s[i++]=o.length&255,s.set(o,i),i+=o.length,s.set(t.publicKey,i),i+=32,s.set(t.oneTimeCode,i),i+=32,s[i++]=r.length>>>8&255,s[i++]=r.length&255,s.set(r,i),e.to_base64(s,e.base64_variants.URLSAFE_NO_PADDING)}async function He(t){return(await f()).crypto_generichash(32,t,null)}var q={VERSION:1,TYPE:1,COUNTER:4,NONCE:12,TAG:16,HEADER:18},K={TERMINAL_DATA:1,TERMINAL_RESIZE:2,TERMINAL_INPUT:3,HOOK_EVENT:16,HOOK_RESPONSE:17,SESSION_PING:32,SESSION_PONG:33,SESSION_CLOSE:34,KEY_ROTATION:48,KEY_EXCHANGE:49},ie={PAIRING_EXPIRY:5*60*1e3,JWT_EXPIRY:24*60*60*1e3,PING_INTERVAL:30*1e3,PONG_TIMEOUT:10*1e3,WS_RECONNECT_BASE:1e3,WS_RECONNECT_MAX:30*1e3,HOOK_RESPONSE_TIMEOUT:5*60*1e3};var et={terminal_data:K.TERMINAL_DATA,terminal_resize:K.TERMINAL_RESIZE,terminal_input:K.TERMINAL_INPUT,hook_event:K.HOOK_EVENT,hook_response:K.HOOK_RESPONSE,ping:K.SESSION_PING,pong:K.SESSION_PONG,session_close:K.SESSION_CLOSE,key_rotation:K.KEY_ROTATION,key_exchange:K.KEY_EXCHANGE},At=new Map;for(let[t,e]of Object.entries(et))At.set(e,t);function X(t){let e=et[t];if(e===void 0)throw new Error(`Unknown message type: ${t}`);return e}function Q(t){let e=q.HEADER+t.ciphertext.length,o=new Uint8Array(e),r=0;return o[r++]=t.version,o[r++]=t.type,o[r++]=t.counter>>>24&255,o[r++]=t.counter>>>16&255,o[r++]=t.counter>>>8&255,o[r++]=t.counter&255,o.set(t.nonce,r),r+=q.NONCE,o.set(t.ciphertext,r),o}function ae(t){if(t.length<q.HEADER+q.TAG)throw new Error(`Envelope too short: ${t.length} bytes`);let e=0,o=t[e++];if(o!==1)throw new Error(`Unsupported protocol version: ${o}`);let r=t[e++],n=t[e]<<24|t[e+1]<<16|t[e+2]<<8|t[e+3];e+=4;let s=t.slice(e,e+q.NONCE);e+=q.NONCE;let i=t.slice(e);return{version:o,type:r,counter:n,nonce:s,ciphertext:i}}function Z(t){return new TextEncoder().encode(JSON.stringify(t))}function ce(t){return JSON.parse(new TextDecoder().decode(t))}var it=Bt($t(import.meta.url)),We=!0;function E(t,e){if(!We)return;console.error(`${{RELEY:"\x1B[34m",PTY:"\x1B[32m",WEB:"\x1B[35m",CRYPTO:"\x1B[33m",HOOKS:"\x1B[36m"}[t]??""}[${t}]\x1B[0m ${e}`)}function zt(){let t=[ze(it,"../../../reley/dist/server.js"),ze(it,"../../../../apps/reley/dist/server.js")];for(let e of t)if(Ge(e))return e;throw new Error("Not logged in. Run `reley login` first, or use `reley` to connect to the remote server.")}async function dt(t){try{return(await fetch(`${t}/health`)).ok}catch{return!1}}async function Gt(t){for(let e=0;e<50;e++){if(await dt(t))return;await new Promise(o=>setTimeout(o,200))}throw new Error("Reley server failed to start")}function Jt(){return`<!DOCTYPE html>
 <html lang="ko"><head>
   <meta charset="utf-8">
   <meta name="viewport" content="width=device-width, initial-scale=1">
@@ -998,14 +556,7 @@ function getTerminalHtml() {
       return d.innerHTML;
     }
   </script>
-</body></html>`;
-}
-function getClaudeSettingsPath() {
-  return join2(homedir2(), ".claude", "settings.json");
-}
-function createHookScript(sockPath) {
-  const scriptPath = `/tmp/reley-hook-${process.pid}`;
-  const script = `#!/usr/bin/env node
+</body></html>`}function Wt(){return ze(jt(),".claude","settings.json")}function pt(t){let e=`/tmp/reley-hook-${process.pid}`;return Je(e,`#!/usr/bin/env node
 const net = require('net');
 // Session isolation: only run for the Reley session that set this env var.
@@ -1039,1476 +590,42 @@ process.stdin.on('end', () => {
 function tryParse(s) {
   try { return JSON.parse(s); } catch { return { raw: s }; }
 }
-`;
-  writeFileSync2(scriptPath, script, { mode: 493 });
-  return scriptPath;
-}
-function installClaudeHooks(hookScriptPath) {
-  const settingsPath = getClaudeSettingsPath();
-  let settings = {};
-  const result = {
-    path: settingsPath,
-    hadHooks: false,
-    originalHooks: void 0
-  };
-  try {
-    if (existsSync2(settingsPath)) {
-      settings = JSON.parse(readFileSync2(settingsPath, "utf-8"));
-    }
-  } catch {
-    settings = {};
-  }
-  if (settings.hooks) {
-    result.hadHooks = true;
-    result.originalHooks = JSON.parse(JSON.stringify(settings.hooks));
-  }
-  if (!settings.hooks) settings.hooks = {};
-  const cbCommand = (type) => `${hookScriptPath} ${type}`;
-  const hookDefs = {
-    PreToolUse: [
-      { matcher: "Bash", type: "pre-tool-use" },
-      { matcher: "Write", type: "pre-tool-use" },
-      { matcher: "Edit", type: "pre-tool-use" }
-    ],
-    Stop: [
-      { matcher: "", type: "stop" }
-    ],
-    Notification: [
-      { matcher: "", type: "notification" }
-    ]
-  };
-  for (const [event, entries] of Object.entries(hookDefs)) {
-    if (!settings.hooks[event]) settings.hooks[event] = [];
-    for (const entry of entries) {
-      const cmd = cbCommand(entry.type);
-      const exists = settings.hooks[event].some(
-        (h) => Array.isArray(h.hooks) && h.hooks.some((hk) => hk.command === cmd)
-      );
-      if (!exists) {
-        const hookEntry = {
-          matcher: entry.matcher,
-          hooks: [{ type: "command", command: cmd }]
-        };
-        settings.hooks[event].push(hookEntry);
-      }
-    }
-  }
-  writeFileSync2(settingsPath, JSON.stringify(settings, null, 2), "utf-8");
-  return result;
-}
-function uninstallClaudeHooks(original, hookScriptPath) {
-  try {
-    const settingsPath = original.path;
-    if (!existsSync2(settingsPath)) return;
-    const settings = JSON.parse(readFileSync2(settingsPath, "utf-8"));
-    if (!settings.hooks) return;
-    for (const event of Object.keys(settings.hooks)) {
-      if (Array.isArray(settings.hooks[event])) {
-        settings.hooks[event] = settings.hooks[event].filter(
-          (h) => !Array.isArray(h.hooks) || !h.hooks.some((hk) => hk.command?.includes(hookScriptPath))
-        );
-        if (settings.hooks[event].length === 0) {
-          delete settings.hooks[event];
-        }
-      }
-    }
-    if (Object.keys(settings.hooks).length === 0) {
-      delete settings.hooks;
-    }
-    writeFileSync2(settingsPath, JSON.stringify(settings, null, 2), "utf-8");
-  } catch {
-  }
-}
-async function runCommand(commandArgs, options) {
-  if (options.online) {
-    return runOnlineCommand(commandArgs, options);
-  }
-  const webPort = parseInt(options.webPort, 10);
-  const releyPort = parseInt(options.releyPort, 10);
-  const releyUrl = `http://localhost:${releyPort}`;
-  const wsReleyUrl = `ws://localhost:${releyPort}/ws`;
-  const command = commandArgs.length > 0 ? commandArgs[0] : process.env.SHELL || "/bin/zsh";
-  const args = commandArgs.length > 1 ? commandArgs.slice(1) : [];
-  console.error("\n\x1B[1m  Reley\x1B[0m");
-  console.error("  \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n");
-  let releyProc = null;
-  if (await isReleyRunning(releyUrl)) {
-    log("RELEY", `Already running on :${releyPort}`);
-  } else {
-    log("RELEY", `Starting on :${releyPort}...`);
-    const releyPath = findReleyServer();
-    releyProc = fork(releyPath, [], {
-      env: { ...process.env, PORT: String(releyPort), LOG_LEVEL: "warn" },
-      stdio: "pipe"
-    });
-    await waitForReley(releyUrl);
-    log("RELEY", "Ready");
-  }
-  const sodium2 = await ensureSodium();
-  const cliKeys = await generateEphemeralKeyPair();
-  const viewerKeys = await generateEphemeralKeyPair();
-  const otc = sodium2.randombytes_buf(32);
-  const otcHash = crypto.createHash("sha256").update(Buffer.from(otc)).digest();
-  const initRes = await fetch(`${releyUrl}/api/v1/pair/initiate`, {
-    method: "POST",
-    headers: { "Content-Type": "application/json" },
-    body: JSON.stringify({
-      publicKey: sodium2.to_base64(cliKeys.publicKey, sodium2.base64_variants.URLSAFE_NO_PADDING),
-      otcHash: Buffer.from(otcHash).toString("base64"),
-      deviceId: crypto.randomUUID()
-    })
-  });
-  const { roomId, token: cliToken } = await initRes.json();
-  const compRes = await fetch(`${releyUrl}/api/v1/pair/complete`, {
-    method: "POST",
-    headers: { "Content-Type": "application/json" },
-    body: JSON.stringify({
-      roomId,
-      otc: Buffer.from(otc).toString("base64"),
-      publicKey: sodium2.to_base64(viewerKeys.publicKey, sodium2.base64_variants.URLSAFE_NO_PADDING),
-      deviceId: crypto.randomUUID()
-    })
-  });
-  const { token: viewerToken } = await compRes.json();
-  log("CRYPTO", "E2E ready");
-  const cliShared = await computeSharedSecret(cliKeys.secretKey, viewerKeys.publicKey);
-  const viewerShared = await computeSharedSecret(viewerKeys.secretKey, cliKeys.publicKey);
-  const cliSessionKeys = await deriveSessionKeys(cliShared);
-  const viewerSessionKeys = await deriveSessionKeys(viewerShared);
-  let cliRatchet = initRatchet(cliSessionKeys.sendKey, cliSessionKeys.recvKey);
-  let viewerRatchet = initRatchet(viewerSessionKeys.recvKey, viewerSessionKeys.sendKey);
-  const cliWs = new WebSocket(wsReleyUrl, { headers: { Authorization: `Bearer ${cliToken}` } });
-  await new Promise((res, rej) => {
-    cliWs.on("open", res);
-    cliWs.on("error", rej);
-  });
-  const viewerWs = new WebSocket(wsReleyUrl, { headers: { Authorization: `Bearer ${viewerToken}` } });
-  await new Promise((res, rej) => {
-    viewerWs.on("open", res);
-    viewerWs.on("error", rej);
-  });
-  const webWss = new WebSocketServer({ noServer: true });
-  const webClients = /* @__PURE__ */ new Set();
-  let ptyCols = process.stdout.columns || 80;
-  let ptyRows = process.stdout.rows || 24;
-  const hookSockPath = `/tmp/reley-hooks-${process.pid}.sock`;
-  try {
-    unlinkSync(hookSockPath);
-  } catch {
-  }
-  const hookServer = createNetServer((socket) => {
-    let buf = "";
-    socket.on("data", (chunk) => {
-      buf += chunk.toString();
-      const nl = buf.indexOf("\n");
-      if (nl === -1) return;
-      const line = buf.substring(0, nl);
-      buf = buf.substring(nl + 1);
-      let json;
-      try {
-        json = JSON.parse(line);
-      } catch {
-        socket.end(JSON.stringify({ action: "approve" }));
-        return;
-      }
-      const requestId = `hook-${Date.now()}-${Math.random().toString(36).slice(2)}`;
-      const payload = JSON.stringify({
-        type: "hook_event",
-        hookType: json.hookType,
-        data: json.data,
-        requestId
-      });
-      for (const c of webClients) {
-        if (c.readyState === WebSocket.OPEN) c.send(payload);
-      }
-      socket.end(JSON.stringify({ action: "approve" }));
-    });
-  });
-  await new Promise((resolve2) => {
-    hookServer.listen(hookSockPath, () => resolve2());
-  });
-  log("HOOKS", `Socket at ${hookSockPath}`);
-  let hookScriptPath = null;
-  let originalSettings = null;
-  const isClaudeCommand = command === "claude" || command.endsWith("/claude");
-  if (isClaudeCommand) {
-    hookScriptPath = createHookScript(hookSockPath);
-    originalSettings = installClaudeHooks(hookScriptPath);
-    log("HOOKS", "Claude hooks installed");
-  }
-  viewerWs.on("message", async (raw) => {
-    if (!Buffer.isBuffer(raw)) return;
-    try {
-      const env = decodeEnvelope(new Uint8Array(raw));
-      const dec = await ratchetDecrypt(viewerRatchet, env.ciphertext, env.nonce, env.counter);
-      viewerRatchet = dec.state;
-      const msg = deserializeMessage(dec.plaintext);
-      if (msg.type === "terminal_data") {
-        const text = Buffer.from(msg.data, "base64").toString();
-        const payload = JSON.stringify({ type: "output", data: text });
-        for (const c of webClients) {
-          if (c.readyState === WebSocket.OPEN) c.send(payload);
-        }
-      }
-    } catch {
-    }
-  });
-  webWss.on("connection", (ws) => {
-    webClients.add(ws);
-    ws.send(JSON.stringify({ type: "sync_size", cols: ptyCols, rows: ptyRows }));
-    ws.on("message", async (raw) => {
-      try {
-        const msg = JSON.parse(raw.toString());
-        if (msg.type === "input") {
-          pty2.write(msg.data);
-        }
-      } catch {
-      }
-    });
-    ws.on("close", () => {
-      webClients.delete(ws);
-    });
-  });
-  const httpServer = createHttpServer((req, res) => {
-    res.writeHead(200, { "Content-Type": "text/html; charset=utf-8" });
-    res.end(getTerminalHtml());
-  });
-  httpServer.on("upgrade", (req, socket, head) => {
-    webWss.handleUpgrade(req, socket, head, (ws) => {
-      webWss.emit("connection", ws, req);
-    });
-  });
-  await new Promise((resolve2) => {
-    httpServer.listen(webPort, () => resolve2());
-  });
-  log("WEB", `http://localhost:${webPort}`);
-  console.error(`
-  \x1B[1m\x1B[36m\u2192 http://localhost:${webPort}\x1B[0m  \uC6F9\uC5D0\uC11C\uB3C4 \uD655\uC778/\uC785\uB825 \uAC00\uB2A5
-`);
-  loggingEnabled = false;
-  const ptyEnv = {
-    ...process.env
-  };
-  if (hookSockPath) {
-    ptyEnv.RELEY_HOOK_SOCK = hookSockPath;
-  }
-  const pty2 = spawn(command, args, {
-    name: "xterm-256color",
-    cols: ptyCols,
-    rows: ptyRows,
-    cwd: process.cwd(),
-    env: ptyEnv
-  });
-  pty2.onData(async (data) => {
-    process.stdout.write(data);
-    try {
-      const msg = {
-        type: "terminal_data",
-        data: Buffer.from(data).toString("base64")
-      };
-      const plain = serializeMessage(msg);
-      const enc = await ratchetEncrypt(cliRatchet, plain);
-      cliRatchet = enc.state;
-      const envelope = encodeEnvelope({
-        version: PROTOCOL_VERSION,
-        type: getWireType("terminal_data"),
-        counter: enc.counter,
-        nonce: enc.nonce,
-        ciphertext: enc.ciphertext
-      });
-      if (cliWs.readyState === WebSocket.OPEN) {
-        cliWs.send(Buffer.from(envelope));
-      }
-    } catch {
-    }
-  });
-  if (process.stdin.isTTY) {
-    process.stdin.setRawMode(true);
-  }
-  process.stdin.resume();
-  process.stdin.on("data", (data) => {
-    pty2.write(data.toString());
-  });
-  process.stdout.on("resize", () => {
-    ptyCols = process.stdout.columns || 80;
-    ptyRows = process.stdout.rows || 24;
-    pty2.resize(ptyCols, ptyRows);
-    const sizeMsg = JSON.stringify({ type: "sync_size", cols: ptyCols, rows: ptyRows });
-    for (const c of webClients) {
-      if (c.readyState === WebSocket.OPEN) c.send(sizeMsg);
-    }
-  });
-  const cleanup = () => {
-    hookServer.close();
-    try {
-      unlinkSync(hookSockPath);
-    } catch {
-    }
-    if (hookScriptPath) {
-      try {
-        unlinkSync(hookScriptPath);
-      } catch {
-      }
-    }
-    if (originalSettings && hookScriptPath) {
-      uninstallClaudeHooks(originalSettings, hookScriptPath);
-    }
-    cliWs.close();
-    viewerWs.close();
-    httpServer.close();
-    if (releyProc) releyProc.kill();
-  };
-  pty2.onExit(() => {
-    cleanup();
-    process.exit(0);
-  });
-  process.on("SIGINT", () => pty2.kill());
-  process.on("SIGTERM", () => pty2.kill());
-}
-async function runOnlineCommand(commandArgs, options) {
-  const { loadConfig: loadConfig2 } = await Promise.resolve().then(() => (init_config(), config_exports));
-  const config = loadConfig2();
-  if (!config?.device_token || !config?.reley_url) {
-    console.error("\x1B[31mError:\x1B[0m Not logged in. Run `reley login` first.");
-    process.exit(1);
-  }
-  const command = commandArgs.length > 0 ? commandArgs[0] : process.env.SHELL || "/bin/zsh";
-  const args = commandArgs.length > 1 ? commandArgs.slice(1) : [];
-  console.error("\n\x1B[1m  Reley\x1B[0m \x1B[36m(online)\x1B[0m");
-  console.error("  \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n");
-  console.error(`  \x1B[2mUser: ${config.user_email}\x1B[0m`);
-  console.error(`  \x1B[2mServer: ${config.reley_url}\x1B[0m
-`);
-  const sodium2 = await ensureSodium();
-  const cliKeys = await generateEphemeralKeyPair();
-  const cliPkB64 = sodium2.to_base64(cliKeys.publicKey, sodium2.base64_variants.URLSAFE_NO_PADDING);
-  log("RELEY", "Creating session...");
-  const sessionName = commandArgs.length > 0 ? commandArgs.join(" ") : "Terminal session";
-  const res = await fetch(`${config.reley_url}/api/v1/sessions`, {
-    method: "POST",
-    headers: {
-      "Content-Type": "application/json",
-      Authorization: `Bearer ${config.device_token}`
-    },
-    body: JSON.stringify({ name: sessionName, publicKey: cliPkB64 })
-  });
-  if (!res.ok) {
-    const body = await res.json().catch(() => ({}));
-    console.error(`\x1B[31mError:\x1B[0m Failed to create session: ${body.error || res.statusText}`);
-    process.exit(1);
-  }
-  const { roomId, cliToken, sessionId } = await res.json();
-  log("RELEY", `Session: ${sessionId}`);
-  log("RELEY", `Room: ${roomId}`);
-  const wsProtocol = config.reley_url.startsWith("https") ? "wss" : "ws";
-  const wsHost = config.reley_url.replace(/^https?:\/\//, "");
-  const wsUrl = `${wsProtocol}://${wsHost}/ws`;
-  const cliWs = new WebSocket(wsUrl, { headers: { Authorization: `Bearer ${cliToken}` } });
-  await new Promise((resolve2, reject) => {
-    cliWs.on("open", resolve2);
-    cliWs.on("error", reject);
-  });
-  log("RELEY", "WebSocket connected");
-  let ratchetState = null;
-  let e2eReady = false;
-  const pendingData = [];
-  let ratchetQueue = Promise.resolve();
-  function withRatchet(fn) {
-    const p = ratchetQueue.then(fn, () => fn());
-    ratchetQueue = p.then(() => {
-    }, () => {
-    });
-    return p;
-  }
-  const SCROLLBACK_MAX = 100 * 1024;
-  let scrollbackBuf = Buffer.alloc(0);
-  function appendScrollback(data) {
-    scrollbackBuf = Buffer.concat([scrollbackBuf, data]);
-    if (scrollbackBuf.length > SCROLLBACK_MAX) {
-      scrollbackBuf = scrollbackBuf.slice(scrollbackBuf.length - SCROLLBACK_MAX);
-    }
-  }
-  async function initE2E(viewerPkB64) {
-    const viewerPk = sodium2.from_base64(viewerPkB64, sodium2.base64_variants.URLSAFE_NO_PADDING);
-    const shared = await computeSharedSecret(cliKeys.secretKey, viewerPk);
-    const sessionKeys = await deriveSessionKeys(shared);
-    ratchetState = initRatchet(sessionKeys.sendKey, sessionKeys.recvKey);
-    const fp = computeFingerprint(sodium2, cliKeys.publicKey, viewerPk);
-    console.error(`  \x1B[33m\u{1F510} E2E Fingerprint: ${fp}\x1B[0m`);
-    sodium2.memzero(shared);
-    if (cliWs.readyState === WebSocket.OPEN) {
-      cliWs.send(JSON.stringify({
-        type: "key_exchange",
-        publicKey: cliPkB64,
-        role: "cli"
-      }));
-    }
-    await withRatchet(async () => {
-      if (!ratchetState) return;
-      if (scrollbackBuf.length > 0) {
-        const msg = {
-          type: "terminal_data",
-          data: scrollbackBuf.toString("base64")
-        };
-        const plain = serializeMessage(msg);
-        const enc = await ratchetEncrypt(ratchetState, plain);
-        ratchetState = enc.state;
-        const envelope = encodeEnvelope({
-          version: PROTOCOL_VERSION,
-          type: getWireType("terminal_data"),
-          counter: enc.counter,
-          nonce: enc.nonce,
-          ciphertext: enc.ciphertext
-        });
-        if (cliWs.readyState === WebSocket.OPEN) {
-          cliWs.send(Buffer.from(envelope));
-        }
-      }
-    });
-    e2eReady = true;
-    pendingData.length = 0;
-  }
-  function sendEncrypted(data) {
-    if (!ratchetState || !e2eReady) {
-      pendingData.push(data);
-      return;
-    }
-    withRatchet(async () => {
-      if (!ratchetState || cliWs.readyState !== WebSocket.OPEN) return;
-      try {
-        const msg = {
-          type: "terminal_data",
-          data: data.toString("base64")
-        };
-        const plain = serializeMessage(msg);
-        const enc = await ratchetEncrypt(ratchetState, plain);
-        ratchetState = enc.state;
-        const envelope = encodeEnvelope({
-          version: PROTOCOL_VERSION,
-          type: getWireType("terminal_data"),
-          counter: enc.counter,
-          nonce: enc.nonce,
-          ciphertext: enc.ciphertext
-        });
-        cliWs.send(Buffer.from(envelope));
-      } catch {
-      }
-    });
-  }
-  const hookSockPath = `/tmp/reley-hooks-${process.pid}.sock`;
-  try {
-    unlinkSync(hookSockPath);
-  } catch {
-  }
-  const hookServer = createNetServer((socket) => {
-    let buf = "";
-    socket.on("data", (chunk) => {
-      buf += chunk.toString();
-      const nl = buf.indexOf("\n");
-      if (nl === -1) return;
-      const line = buf.substring(0, nl);
-      buf = buf.substring(nl + 1);
-      let json;
-      try {
-        json = JSON.parse(line);
-      } catch {
-        socket.end(JSON.stringify({ action: "approve" }));
-        return;
-      }
-      if (e2eReady && ratchetState && cliWs.readyState === WebSocket.OPEN) {
-        withRatchet(async () => {
-          if (!ratchetState || cliWs.readyState !== WebSocket.OPEN) return;
-          const hookMsg = {
-            type: "hook_event",
-            hookType: json.hookType === "pre-tool-use" ? "pre_tool_use" : json.hookType,
-            sessionId,
-            payload: json.data ?? { kind: json.hookType, raw: true }
-          };
-          const plain = serializeMessage(hookMsg);
-          const enc = await ratchetEncrypt(ratchetState, plain);
-          ratchetState = enc.state;
-          const envelope = encodeEnvelope({
-            version: PROTOCOL_VERSION,
-            type: getWireType("hook_event"),
-            counter: enc.counter,
-            nonce: enc.nonce,
-            ciphertext: enc.ciphertext
-          });
-          cliWs.send(Buffer.from(envelope));
-        });
-      } else if (cliWs.readyState === WebSocket.OPEN) {
-        cliWs.send(JSON.stringify({
-          type: "hook_event",
-          hookType: json.hookType,
-          data: json.data
-        }));
-      }
-      socket.end(JSON.stringify({ action: "approve" }));
-    });
-  });
-  await new Promise((resolve2) => {
-    hookServer.listen(hookSockPath, () => resolve2());
-  });
-  log("HOOKS", `Socket at ${hookSockPath}`);
-  let hookScriptPath = null;
-  let originalSettings = null;
-  const isClaudeCommand = command === "claude" || command.endsWith("/claude");
-  if (isClaudeCommand) {
-    hookScriptPath = createHookScript(hookSockPath);
-    originalSettings = installClaudeHooks(hookScriptPath);
-    log("HOOKS", "Claude hooks installed");
-  }
-  let ptyCols = process.stdout.columns || 80;
-  let ptyRows = process.stdout.rows || 24;
-  console.error(`
+`,{mode:493}),e}function ut(t){let e=Wt(),o={},r={path:e,hadHooks:!1,originalHooks:void 0};try{Ge(e)&&(o=JSON.parse(ct(e,"utf-8")))}catch{o={}}o.hooks&&(r.hadHooks=!0,r.originalHooks=JSON.parse(JSON.stringify(o.hooks))),o.hooks||(o.hooks={});let n=i=>`${t} ${i}`,s={PreToolUse:[{matcher:"Bash",type:"pre-tool-use"},{matcher:"Write",type:"pre-tool-use"},{matcher:"Edit",type:"pre-tool-use"}],Stop:[{matcher:"",type:"stop"}],Notification:[{matcher:"",type:"notification"}]};for(let[i,c]of Object.entries(s)){o.hooks[i]||(o.hooks[i]=[]);for(let a of c){let u=n(a.type);if(!o.hooks[i].some(p=>Array.isArray(p.hooks)&&p.hooks.some(v=>v.command===u))){let p={matcher:a.matcher,hooks:[{type:"command",command:u}]};o.hooks[i].push(p)}}}return Je(e,JSON.stringify(o,null,2),"utf-8"),r}function ht(t,e){try{let o=t.path;if(!Ge(o))return;let r=JSON.parse(ct(o,"utf-8"));if(!r.hooks)return;for(let n of Object.keys(r.hooks))Array.isArray(r.hooks[n])&&(r.hooks[n]=r.hooks[n].filter(s=>!Array.isArray(s.hooks)||!s.hooks.some(i=>i.command?.includes(e))),r.hooks[n].length===0&&delete r.hooks[n]);Object.keys(r.hooks).length===0&&delete r.hooks,Je(o,JSON.stringify(r,null,2),"utf-8")}catch{}}async function mt(t,e){if(e.online)return Yt(t,e);let o=parseInt(e.webPort,10),r=parseInt(e.releyPort,10),n=`http://localhost:${r}`,s=`ws://localhost:${r}/ws`,i=t.length>0?t[0]:process.env.SHELL||"/bin/zsh",c=t.length>1?t.slice(1):[];console.error(`
+\x1B[1m  Reley\x1B[0m`),console.error(`  \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500
+`);let a=null;if(await dt(n))E("RELEY",`Already running on :${r}`);else{E("RELEY",`Starting on :${r}...`);let l;try{l=zt()}catch{console.error("  \x1B[33mLocal server not found.\x1B[0m"),console.error(`  Run \x1B[1mreley login\x1B[0m to connect to the remote server.
+`),process.exit(1)}a=Mt(l,[],{env:{...process.env,PORT:String(r),LOG_LEVEL:"warn"},stdio:"pipe"}),await Gt(n),E("RELEY","Ready")}let u=await f(),m=await re(),p=await re(),v=u.randombytes_buf(32),y=Fe.createHash("sha256").update(Buffer.from(v)).digest(),k=await fetch(`${n}/api/v1/pair/initiate`,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({publicKey:u.to_base64(m.publicKey,u.base64_variants.URLSAFE_NO_PADDING),otcHash:Buffer.from(y).toString("base64"),deviceId:Fe.randomUUID()})}),{roomId:C,token:j}=await k.json(),x=await fetch(`${n}/api/v1/pair/complete`,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({roomId:C,otc:Buffer.from(v).toString("base64"),publicKey:u.to_base64(p.publicKey,u.base64_variants.URLSAFE_NO_PADDING),deviceId:Fe.randomUUID()})}),{token:S}=await x.json();E("CRYPTO","E2E ready");let B=await J(m.secretKey,p.publicKey),O=await J(p.secretKey,m.publicKey),U=await W(B),te=await W(O),ue=Y(U.sendKey,U.recvKey),D=Y(te.recvKey,te.sendKey),oe=new R(s,{headers:{Authorization:`Bearer ${j}`}});await new Promise((l,d)=>{oe.on("open",l),oe.on("error",d)});let ne=new R(s,{headers:{Authorization:`Bearer ${S}`}});await new Promise((l,d)=>{ne.on("open",l),ne.on("error",d)});let he=new Ft({noServer:!0}),T=new Set,z=process.stdout.columns||80,N=process.stdout.rows||24,L=`/tmp/reley-hooks-${process.pid}.sock`;try{de(L)}catch{}let Te=at(l=>{let d="";l.on("data",w=>{d+=w.toString();let g=d.indexOf(`
+`);if(g===-1)return;let P=d.substring(0,g);d=d.substring(g+1);let I;try{I=JSON.parse(P)}catch{l.end(JSON.stringify({action:"approve"}));return}let M=`hook-${Date.now()}-${Math.random().toString(36).slice(2)}`,Re=JSON.stringify({type:"hook_event",hookType:I.hookType,data:I.data,requestId:M});for(let Ye of T)Ye.readyState===R.OPEN&&Ye.send(Re);l.end(JSON.stringify({action:"approve"}))})});await new Promise(l=>{Te.listen(L,()=>l())}),E("HOOKS",`Socket at ${L}`);let H=null,G=null;(i==="claude"||i.endsWith("/claude"))&&(H=pt(L),G=ut(H),E("HOOKS","Claude hooks installed")),ne.on("message",async l=>{if(Buffer.isBuffer(l))try{let d=ae(new Uint8Array(l)),w=await se(D,d.ciphertext,d.nonce,d.counter);D=w.state;let g=ce(w.plaintext);if(g.type==="terminal_data"){let P=Buffer.from(g.data,"base64").toString(),I=JSON.stringify({type:"output",data:P});for(let M of T)M.readyState===R.OPEN&&M.send(I)}}catch{}}),he.on("connection",l=>{T.add(l),l.send(JSON.stringify({type:"sync_size",cols:z,rows:N})),l.on("message",async d=>{try{let w=JSON.parse(d.toString());w.type==="input"&&h.write(w.data)}catch{}}),l.on("close",()=>{T.delete(l)})});let A=Ht((l,d)=>{d.writeHead(200,{"Content-Type":"text/html; charset=utf-8"}),d.end(Jt())});A.on("upgrade",(l,d,w)=>{he.handleUpgrade(l,d,w,g=>{he.emit("connection",g,l)})}),await new Promise(l=>{A.listen(o,()=>l())}),E("WEB",`http://localhost:${o}`),console.error(`
+  \x1B[1m\x1B[36m\u2192 http://localhost:${o}\x1B[0m  \uC6F9\uC5D0\uC11C\uB3C4 \uD655\uC778/\uC785\uB825 \uAC00\uB2A5
+`),We=!1;let fe={...process.env};L&&(fe.RELEY_HOOK_SOCK=L);let h=lt(i,c,{name:"xterm-256color",cols:z,rows:N,cwd:process.cwd(),env:fe});h.onData(async l=>{process.stdout.write(l);try{let d={type:"terminal_data",data:Buffer.from(l).toString("base64")},w=Z(d),g=await V(ue,w);ue=g.state;let P=Q({version:1,type:X("terminal_data"),counter:g.counter,nonce:g.nonce,ciphertext:g.ciphertext});oe.readyState===R.OPEN&&oe.send(Buffer.from(P))}catch{}}),process.stdin.isTTY&&process.stdin.setRawMode(!0),process.stdin.resume(),process.stdin.on("data",l=>{h.write(l.toString())}),process.stdout.on("resize",()=>{z=process.stdout.columns||80,N=process.stdout.rows||24,h.resize(z,N);let l=JSON.stringify({type:"sync_size",cols:z,rows:N});for(let d of T)d.readyState===R.OPEN&&d.send(l)});let b=()=>{Te.close();try{de(L)}catch{}if(H)try{de(H)}catch{}G&&H&&ht(G,H),oe.close(),ne.close(),A.close(),a&&a.kill()};h.onExit(()=>{b(),process.exit(0)}),process.on("SIGINT",()=>h.kill()),process.on("SIGTERM",()=>h.kill())}async function Yt(t,e){let{loadConfig:o}=await Promise.resolve().then(()=>(we(),st)),r=o();(!r?.device_token||!r?.reley_url)&&(console.error("\x1B[31mError:\x1B[0m Not logged in. Run `reley login` first."),process.exit(1));let n=t.length>0?t[0]:process.env.SHELL||"/bin/zsh",s=t.length>1?t.slice(1):[];console.error(`
+\x1B[1m  Reley\x1B[0m \x1B[36m(online)\x1B[0m`),console.error(`  \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500
+`),console.error(`  \x1B[2mUser: ${r.user_email}\x1B[0m`),console.error(`  \x1B[2mServer: ${r.reley_url}\x1B[0m
+`);let i=await f(),c=await re(),a=i.to_base64(c.publicKey,i.base64_variants.URLSAFE_NO_PADDING);E("RELEY","Creating session...");let u=t.length>0?t.join(" "):"Terminal session",m=await fetch(`${r.reley_url}/api/v1/sessions`,{method:"POST",headers:{"Content-Type":"application/json",Authorization:`Bearer ${r.device_token}`},body:JSON.stringify({name:u,publicKey:a})});if(!m.ok){let h=await m.json().catch(()=>({}));h.code==="SUBSCRIPTION_REQUIRED"&&(console.error("  \x1B[33mSubscription required.\x1B[0m"),console.error(`  Subscribe at \x1B[1m\x1B[4mhttps://reley.sh/dashboard\x1B[0m
+`),process.exit(1)),h.code==="SUBSCRIPTION_INACTIVE"&&(console.error(`  \x1B[33mSubscription ${h.status||"inactive"}.\x1B[0m`),console.error(`  Update your subscription at \x1B[1m\x1B[4mhttps://reley.sh/dashboard\x1B[0m
+`),process.exit(1)),m.status===401&&(console.error(`  \x1B[31mSession expired.\x1B[0m Run \x1B[1mreley login\x1B[0m to re-authenticate.
+`),process.exit(1)),console.error(`  \x1B[31mFailed to create session:\x1B[0m ${h.error||m.statusText}
+`),process.exit(1)}let{roomId:p,cliToken:v,sessionId:y}=await m.json();E("RELEY",`Session: ${y}`),E("RELEY",`Room: ${p}`);let k=r.reley_url.startsWith("https")?"wss":"ws",C=r.reley_url.replace(/^https?:\/\//,""),j=`${k}://${C}/ws`,x=new R(j,{headers:{Authorization:`Bearer ${v}`}});await new Promise((h,b)=>{x.on("open",h),x.on("error",b)}),E("RELEY","WebSocket connected");let S=null,B=!1,O=[],U=Promise.resolve();function te(h){let b=U.then(h,()=>h());return U=b.then(()=>{},()=>{}),b}let ue=100*1024,D=Buffer.alloc(0);function oe(h){D=Buffer.concat([D,h]),D.length>ue&&(D=D.slice(D.length-ue))}async function ne(h){let b=i.from_base64(h,i.base64_variants.URLSAFE_NO_PADDING),l=await J(c.secretKey,b),d=await W(l);S=Y(d.sendKey,d.recvKey);let w=Vt(i,c.publicKey,b);console.error(`  \x1B[33m\u{1F510} E2E Fingerprint: ${w}\x1B[0m`),i.memzero(l),x.readyState===R.OPEN&&x.send(JSON.stringify({type:"key_exchange",publicKey:a,role:"cli"})),await te(async()=>{if(S&&D.length>0){let g={type:"terminal_data",data:D.toString("base64")},P=Z(g),I=await V(S,P);S=I.state;let M=Q({version:1,type:X("terminal_data"),counter:I.counter,nonce:I.nonce,ciphertext:I.ciphertext});x.readyState===R.OPEN&&x.send(Buffer.from(M))}}),B=!0,O.length=0}function he(h){if(!S||!B){O.push(h);return}te(async()=>{if(!(!S||x.readyState!==R.OPEN))try{let b={type:"terminal_data",data:h.toString("base64")},l=Z(b),d=await V(S,l);S=d.state;let w=Q({version:1,type:X("terminal_data"),counter:d.counter,nonce:d.nonce,ciphertext:d.ciphertext});x.send(Buffer.from(w))}catch{}})}let T=`/tmp/reley-hooks-${process.pid}.sock`;try{de(T)}catch{}let z=at(h=>{let b="";h.on("data",l=>{b+=l.toString();let d=b.indexOf(`
+`);if(d===-1)return;let w=b.substring(0,d);b=b.substring(d+1);let g;try{g=JSON.parse(w)}catch{h.end(JSON.stringify({action:"approve"}));return}B&&S&&x.readyState===R.OPEN?te(async()=>{if(!S||x.readyState!==R.OPEN)return;let P={type:"hook_event",hookType:g.hookType==="pre-tool-use"?"pre_tool_use":g.hookType,sessionId:y,payload:g.data??{kind:g.hookType,raw:!0}},I=Z(P),M=await V(S,I);S=M.state;let Re=Q({version:1,type:X("hook_event"),counter:M.counter,nonce:M.nonce,ciphertext:M.ciphertext});x.send(Buffer.from(Re))}):x.readyState===R.OPEN&&x.send(JSON.stringify({type:"hook_event",hookType:g.hookType,data:g.data})),h.end(JSON.stringify({action:"approve"}))})});await new Promise(h=>{z.listen(T,()=>h())}),E("HOOKS",`Socket at ${T}`);let N=null,L=null;(n==="claude"||n.endsWith("/claude"))&&(N=pt(T),L=ut(N),E("HOOKS","Claude hooks installed"));let H=process.stdout.columns||80,G=process.stdout.rows||24;console.error(`
   \x1B[1m\x1B[36m\u2192 View in web dashboard\x1B[0m
-`);
-  loggingEnabled = false;
-  const ptyEnv = {
-    ...process.env
-  };
-  if (hookSockPath) {
-    ptyEnv.RELEY_HOOK_SOCK = hookSockPath;
-  }
-  const pty2 = spawn(command, args, {
-    name: "xterm-256color",
-    cols: ptyCols,
-    rows: ptyRows,
-    cwd: process.cwd(),
-    env: ptyEnv
-  });
-  pty2.onData((data) => {
-    process.stdout.write(data);
-    const buf = Buffer.from(data);
-    appendScrollback(buf);
-    sendEncrypted(buf);
-  });
-  cliWs.on("message", async (raw, isBinary) => {
-    if (!isBinary) {
-      try {
-        const msg = JSON.parse(raw.toString());
-        if (msg.type === "key_exchange" && msg.publicKey && msg.role === "viewer") {
-          await initE2E(msg.publicKey);
-          log("CRYPTO", "E2E established with viewer");
-        } else if (msg.type === "peer_joined") {
-          e2eReady = false;
-          ratchetState = null;
-        }
-      } catch {
-      }
-      return;
-    }
-    if (!e2eReady || !ratchetState) return;
-    withRatchet(async () => {
-      if (!ratchetState) return;
-      try {
-        const env = decodeEnvelope(new Uint8Array(raw));
-        const dec = await ratchetDecrypt(ratchetState, env.ciphertext, env.nonce, env.counter);
-        ratchetState = dec.state;
-        const msg = deserializeMessage(dec.plaintext);
-        if (msg.type === "terminal_input") {
-          const input = Buffer.from(msg.data, "base64").toString();
-          pty2.write(input);
-        } else if (msg.type === "terminal_resize") {
-          const { cols, rows } = msg;
-          if (cols && rows) {
-            ptyCols = cols;
-            ptyRows = rows;
-            pty2.resize(cols, rows);
-          }
-        }
-      } catch {
-      }
-    });
-  });
-  if (process.stdin.isTTY) {
-    process.stdin.setRawMode(true);
-  }
-  process.stdin.resume();
-  process.stdin.on("data", (data) => {
-    pty2.write(data.toString());
-  });
-  process.stdout.on("resize", () => {
-    ptyCols = process.stdout.columns || 80;
-    ptyRows = process.stdout.rows || 24;
-    pty2.resize(ptyCols, ptyRows);
-  });
-  const cleanup = () => {
-    hookServer.close();
-    try {
-      unlinkSync(hookSockPath);
-    } catch {
-    }
-    if (hookScriptPath) {
-      try {
-        unlinkSync(hookScriptPath);
-      } catch {
-      }
-    }
-    if (originalSettings && hookScriptPath) {
-      uninstallClaudeHooks(originalSettings, hookScriptPath);
-    }
-    cliWs.close();
-    fetch(`${config.reley_url}/api/v1/sessions/${sessionId}`, {
-      method: "PATCH",
-      headers: {
-        "Content-Type": "application/json",
-        Authorization: `Bearer ${config.device_token}`
-      },
-      body: JSON.stringify({ status: "closed" })
-    }).catch(() => {
-    });
-  };
-  pty2.onExit(() => {
-    cleanup();
-    process.exit(0);
-  });
-  process.on("SIGINT", () => pty2.kill());
-  process.on("SIGTERM", () => pty2.kill());
-}
-function computeFingerprint(sodium2, pk1, pk2) {
-  const sorted = [pk1, pk2].sort((a, b) => {
-    for (let i = 0; i < a.length; i++) {
-      if (a[i] !== b[i]) return a[i] - b[i];
-    }
-    return 0;
-  });
-  const combined = new Uint8Array(sorted[0].length + sorted[1].length);
-  combined.set(sorted[0], 0);
-  combined.set(sorted[1], sorted[0].length);
-  const hash = sodium2.crypto_generichash(16, combined, null);
-  const hex = sodium2.to_hex(hash).toUpperCase();
-  return hex.match(/.{4}/g).join("-");
-}
-// src/commands/pair.ts
-import * as fs from "node:fs/promises";
-import * as path from "node:path";
-import * as crypto2 from "node:crypto";
-import qrcode from "qrcode-terminal";
-async function pairCommand(options) {
-  const { releyUrl, configDir } = options;
-  const sodium2 = await ensureSodium();
-  console.log("Generating identity key pair...");
-  const identityKp = await generateIdentityKeyPair();
-  console.log("Generating ephemeral key pair...");
-  const ephemeralKp = await generateEphemeralKeyPair();
-  console.log("Generating one-time pairing code...");
-  const oneTimeCode = await generateOneTimeCode(32);
-  const otcHash = await hashOneTimeCode(oneTimeCode);
-  const deviceId = crypto2.randomUUID();
-  console.log("Initiating pairing with reley...");
-  const initiateBody = {
-    publicKey: sodium2.to_base64(identityKp.publicKey, sodium2.base64_variants.URLSAFE_NO_PADDING),
-    otcHash: sodium2.to_base64(otcHash, sodium2.base64_variants.URLSAFE_NO_PADDING),
-    deviceId
-  };
-  const initiateRes = await fetch(`${releyUrl}/api/v1/pair/initiate`, {
-    method: "POST",
-    headers: { "Content-Type": "application/json" },
-    body: JSON.stringify(initiateBody)
-  });
-  if (!initiateRes.ok) {
-    const errText = await initiateRes.text();
-    throw new Error(`Failed to initiate pairing: ${initiateRes.status} ${errText}`);
-  }
-  const { sessionId, jwt } = await initiateRes.json();
-  console.log(`Pairing session created: ${sessionId}`);
-  const qrPayloadStr = await encodeQRPayload({
-    releyUrl,
-    publicKey: ephemeralKp.publicKey,
-    oneTimeCode,
-    jwt
-  });
-  console.log("\nScan this QR code with the Reley mobile app:\n");
-  await new Promise((resolve2) => {
-    qrcode.generate(qrPayloadStr, { small: true }, (output) => {
-      console.log(output);
-      resolve2();
-    });
-  });
-  console.log("\nWaiting for mobile device to complete pairing...");
-  const POLL_INTERVAL_MS = 2e3;
-  const MAX_POLL_DURATION_MS = 5 * 60 * 1e3;
-  const startTime = Date.now();
-  let peerPublicKey;
-  while (Date.now() - startTime < MAX_POLL_DURATION_MS) {
-    await sleep(POLL_INTERVAL_MS);
-    const statusRes = await fetch(`${releyUrl}/api/v1/pair/status/${sessionId}`, {
-      headers: { Authorization: `Bearer ${jwt}` }
-    });
-    if (!statusRes.ok) {
-      console.error(`Poll error: ${statusRes.status}`);
-      continue;
-    }
-    const statusData = await statusRes.json();
-    if (statusData.status === "completed") {
-      peerPublicKey = statusData.peerPublicKey;
-      break;
-    }
-    if (statusData.status === "expired") {
-      throw new Error("Pairing session expired. Please try again.");
-    }
-    process.stdout.write(".");
-  }
-  if (!peerPublicKey) {
-    throw new Error("Pairing timed out after 5 minutes.");
-  }
-  console.log("\n\nPairing successful!");
-  const sessionConfig = {
-    deviceId,
-    sessionId,
-    releyUrl,
-    jwt,
-    identityPublicKey: sodium2.to_base64(identityKp.publicKey, sodium2.base64_variants.URLSAFE_NO_PADDING),
-    identitySecretKey: sodium2.to_base64(identityKp.secretKey, sodium2.base64_variants.URLSAFE_NO_PADDING),
-    ephemeralPublicKey: sodium2.to_base64(ephemeralKp.publicKey, sodium2.base64_variants.URLSAFE_NO_PADDING),
-    ephemeralSecretKey: sodium2.to_base64(ephemeralKp.secretKey, sodium2.base64_variants.URLSAFE_NO_PADDING),
-    peerPublicKey,
-    pairedAt: (/* @__PURE__ */ new Date()).toISOString()
-  };
-  await fs.mkdir(configDir, { recursive: true });
-  const configPath = path.join(configDir, "session.json");
-  await fs.writeFile(configPath, JSON.stringify(sessionConfig, null, 2), "utf-8");
-  console.log(`Session saved to ${configPath}`);
-  console.log(`Device ID: ${deviceId}`);
-  console.log(`Session ID: ${sessionId}`);
-}
-function sleep(ms) {
-  return new Promise((resolve2) => setTimeout(resolve2, ms));
-}
-// src/commands/wrap.ts
-import * as fs3 from "node:fs/promises";
-import * as path3 from "node:path";
-// src/daemon/pty-manager.ts
-import pty from "node-pty";
-var PtyManager = class {
-  process = null;
-  dataCallbacks = [];
-  exitCallbacks = [];
-  /**
-   * Spawn a command in a pseudo-terminal.
-   */
-  spawn(command, args, options = {}) {
-    const { cols = 80, rows = 24, cwd, env } = options;
-    this.process = pty.spawn(command, args, {
-      name: "xterm-256color",
-      cols,
-      rows,
-      cwd: cwd || process.cwd(),
-      env: env || process.env
-    });
-    this.process.onData((data) => {
-      for (const cb of this.dataCallbacks) {
-        cb(data);
-      }
-    });
-    this.process.onExit(({ exitCode, signal }) => {
-      for (const cb of this.exitCallbacks) {
-        cb(exitCode, signal);
-      }
-      this.process = null;
-    });
-    return this.process;
-  }
-  /**
-   * Register a callback for PTY data output.
-   */
-  onData(callback) {
-    this.dataCallbacks.push(callback);
-  }
-  /**
-   * Register a callback for PTY exit.
-   */
-  onExit(callback) {
-    this.exitCallbacks.push(callback);
-  }
-  /**
-   * Write data to the PTY input.
-   */
-  write(data) {
-    if (!this.process) {
-      throw new Error("PTY process not running");
-    }
-    this.process.write(data);
-  }
-  /**
-   * Resize the PTY to the given dimensions.
-   */
-  resize(cols, rows) {
-    if (!this.process) {
-      return;
-    }
-    this.process.resize(cols, rows);
-  }
-  /**
-   * Kill the PTY process.
-   */
-  kill(signal) {
-    if (!this.process) {
-      return;
-    }
-    try {
-      this.process.kill(signal);
-    } catch {
-    }
-    this.process = null;
-  }
-  /**
-   * Get the PID of the PTY process.
-   */
-  get pid() {
-    return this.process?.pid;
-  }
-  /**
-   * Check if the PTY process is running.
-   */
-  get isRunning() {
-    return this.process !== null;
-  }
-  /**
-   * Clean shutdown: kill process and clear callbacks.
-   */
-  shutdown() {
-    this.kill();
-    this.dataCallbacks = [];
-    this.exitCallbacks = [];
-  }
-};
-// src/daemon/ws-client.ts
-import { EventEmitter } from "node:events";
-import WebSocket2 from "ws";
-var WsClient = class extends EventEmitter {
-  ws = null;
-  url = "";
-  token = "";
-  releyHttpUrl = "";
-  reconnectAttempts = 0;
-  reconnectTimer = null;
-  pingTimer = null;
-  pongTimer = null;
-  tokenRefreshTimer = null;
-  shouldReconnect = true;
-  messageCallbacks = [];
-  connectCallbacks = [];
-  disconnectCallbacks = [];
-  /**
-   * Connect to a WebSocket reley server.
-   */
-  async connect(url, token) {
-    this.url = url;
-    this.token = token;
-    this.shouldReconnect = true;
-    this.releyHttpUrl = url.replace(/^ws:/, "http:").replace(/^wss:/, "https:").replace(/\/ws\??.*$/, "");
-    this.scheduleTokenRefresh();
-    return this.doConnect();
-  }
-  doConnect() {
-    return new Promise((resolve2, reject) => {
-      const ws = new WebSocket2(this.url, {
-        headers: {
-          Authorization: `Bearer ${this.token}`
-        }
-      });
-      ws.binaryType = "arraybuffer";
-      ws.on("open", () => {
-        this.ws = ws;
-        this.reconnectAttempts = 0;
-        this.startPingInterval();
-        for (const cb of this.connectCallbacks) {
-          cb();
-        }
-        this.emit("connect");
-        resolve2(ws);
-      });
-      ws.on("message", (data) => {
-        let bytes;
-        if (data instanceof ArrayBuffer) {
-          bytes = new Uint8Array(data);
-        } else if (Buffer.isBuffer(data)) {
-          bytes = new Uint8Array(data);
-        } else if (Array.isArray(data)) {
-          bytes = new Uint8Array(Buffer.concat(data));
-        } else {
-          return;
-        }
-        for (const cb of this.messageCallbacks) {
-          cb(bytes);
-        }
-        this.emit("message", bytes);
-      });
-      ws.on("pong", () => {
-        this.clearPongTimeout();
-      });
-      ws.on("close", (code, reason) => {
-        const reasonStr = reason.toString("utf-8");
-        this.ws = null;
-        this.stopPingInterval();
-        for (const cb of this.disconnectCallbacks) {
-          cb(code, reasonStr);
-        }
-        this.emit("disconnect", code, reasonStr);
-        if (this.shouldReconnect) {
-          this.scheduleReconnect();
-        }
-      });
-      ws.on("error", (err) => {
-        this.emit("error", err);
-        if (!this.ws && this.reconnectAttempts === 0) {
-          reject(err);
-        }
-      });
-    });
-  }
-  /**
-   * Register a callback for incoming binary messages.
-   */
-  onMessage(callback) {
-    this.messageCallbacks.push(callback);
-  }
-  /**
-   * Register a callback for successful connection.
-   */
-  onConnect(callback) {
-    this.connectCallbacks.push(callback);
-  }
-  /**
-   * Register a callback for disconnection.
-   */
-  onDisconnect(callback) {
-    this.disconnectCallbacks.push(callback);
-  }
-  /**
-   * Send binary data through the WebSocket.
-   */
-  send(data) {
-    if (!this.ws || this.ws.readyState !== WebSocket2.OPEN) {
-      throw new Error("WebSocket is not connected");
-    }
-    this.ws.send(data);
-  }
-  /**
-   * Close the WebSocket connection and stop reconnecting.
-   */
-  /**
-   * Update the token (called after refresh).
-   */
-  updateToken(newToken) {
-    this.token = newToken;
-  }
-  close() {
-    this.shouldReconnect = false;
-    if (this.reconnectTimer) {
-      clearTimeout(this.reconnectTimer);
-      this.reconnectTimer = null;
-    }
-    if (this.tokenRefreshTimer) {
-      clearTimeout(this.tokenRefreshTimer);
-      this.tokenRefreshTimer = null;
-    }
-    this.stopPingInterval();
-    if (this.ws) {
-      this.ws.close(1e3, "Client closing");
-      this.ws = null;
-    }
-  }
-  /**
-   * Check if the WebSocket is currently connected.
-   */
-  get isConnected() {
-    return this.ws !== null && this.ws.readyState === WebSocket2.OPEN;
-  }
-  /**
-   * Schedule a reconnection attempt with exponential backoff.
-   */
-  scheduleReconnect() {
-    const baseDelay = TIMEOUTS.WS_RECONNECT_BASE;
-    const maxDelay = TIMEOUTS.WS_RECONNECT_MAX;
-    const delay = Math.min(baseDelay * Math.pow(2, this.reconnectAttempts), maxDelay);
-    const jitter = Math.random() * delay * 0.25;
-    const actualDelay = delay + jitter;
-    this.reconnectAttempts++;
-    this.reconnectTimer = setTimeout(async () => {
-      try {
-        await this.doConnect();
-      } catch {
-      }
-    }, actualDelay);
-  }
-  /**
-   * Start sending periodic ping frames.
-   */
-  startPingInterval() {
-    this.stopPingInterval();
-    this.pingTimer = setInterval(() => {
-      if (this.ws && this.ws.readyState === WebSocket2.OPEN) {
-        this.ws.ping();
-        this.startPongTimeout();
-      }
-    }, TIMEOUTS.PING_INTERVAL);
-  }
-  /**
-   * Stop the ping interval.
-   */
-  stopPingInterval() {
-    if (this.pingTimer) {
-      clearInterval(this.pingTimer);
-      this.pingTimer = null;
-    }
-    this.clearPongTimeout();
-  }
-  /**
-   * Start a timeout waiting for pong response.
-   */
-  startPongTimeout() {
-    this.clearPongTimeout();
-    this.pongTimer = setTimeout(() => {
-      if (this.ws) {
-        this.ws.terminate();
-      }
-    }, TIMEOUTS.PONG_TIMEOUT);
-  }
-  /**
-   * Clear the pong timeout.
-   */
-  clearPongTimeout() {
-    if (this.pongTimer) {
-      clearTimeout(this.pongTimer);
-      this.pongTimer = null;
-    }
-  }
-  /**
-   * Schedule automatic token refresh 1 hour before expiry (i.e., every 23 hours).
-   */
-  scheduleTokenRefresh() {
-    if (this.tokenRefreshTimer) {
-      clearTimeout(this.tokenRefreshTimer);
-    }
-    const refreshInterval = 23 * 60 * 60 * 1e3;
-    this.tokenRefreshTimer = setTimeout(async () => {
-      await this.refreshToken();
-    }, refreshInterval);
-    this.tokenRefreshTimer.unref();
-  }
-  /**
-   * Refresh the JWT token via the reley's refresh endpoint.
-   */
-  async refreshToken() {
-    try {
-      const response = await fetch(`${this.releyHttpUrl}/api/v1/auth/refresh`, {
-        method: "POST",
-        headers: { "Content-Type": "application/json" },
-        body: JSON.stringify({ token: this.token })
-      });
-      if (response.ok) {
-        const data = await response.json();
-        this.token = data.token;
-        this.scheduleTokenRefresh();
-      }
-    } catch {
-      this.tokenRefreshTimer = setTimeout(async () => {
-        await this.refreshToken();
-      }, 5 * 60 * 1e3);
-      this.tokenRefreshTimer?.unref();
-    }
-  }
-};
-// src/daemon/crypto-session.ts
-import * as fs2 from "node:fs/promises";
-import * as path2 from "node:path";
-var CryptoSession = class {
-  ratchetState = null;
-  isInitialized = false;
-  /**
-   * Initialize the crypto session from saved pairing configuration.
-   */
-  async initFromConfig(configDir) {
-    const sodium2 = await ensureSodium();
-    const ratchetPath = path2.join(configDir, "ratchet-state.json");
-    try {
-      const raw2 = await fs2.readFile(ratchetPath, "utf-8");
-      const serialized = JSON.parse(raw2);
-      this.ratchetState = {
-        sendChainKey: sodium2.from_base64(serialized.sendChainKey, sodium2.base64_variants.URLSAFE_NO_PADDING),
-        recvChainKey: sodium2.from_base64(serialized.recvChainKey, sodium2.base64_variants.URLSAFE_NO_PADDING),
-        sendCounter: serialized.sendCounter,
-        recvCounter: serialized.recvCounter,
-        maxRecvCounter: serialized.maxRecvCounter
-      };
-      this.isInitialized = true;
-      return;
-    } catch {
-    }
-    const configPath = path2.join(configDir, "session.json");
-    const raw = await fs2.readFile(configPath, "utf-8");
-    const config = JSON.parse(raw);
-    const ourSecretKey = sodium2.from_base64(config.ephemeralSecretKey, sodium2.base64_variants.URLSAFE_NO_PADDING);
-    const peerPublicKey = sodium2.from_base64(config.peerPublicKey, sodium2.base64_variants.URLSAFE_NO_PADDING);
-    const sharedSecret = await computeSharedSecret(ourSecretKey, peerPublicKey);
-    const { sendKey, recvKey } = await deriveSessionKeys(sharedSecret);
-    this.ratchetState = initRatchet(sendKey, recvKey);
-    this.isInitialized = true;
-  }
-  /**
-   * Initialize from raw keys (for testing or manual setup).
-   */
-  async initFromKeys(ourSecretKey, peerPublicKey) {
-    const sharedSecret = await computeSharedSecret(ourSecretKey, peerPublicKey);
-    const { sendKey, recvKey } = await deriveSessionKeys(sharedSecret);
-    this.ratchetState = initRatchet(sendKey, recvKey);
-    this.isInitialized = true;
-  }
-  /**
-   * Encrypt a protocol message and build a wire-format envelope.
-   */
-  async encryptMessage(message) {
-    if (!this.ratchetState) {
-      throw new Error("Crypto session not initialized");
-    }
-    const plaintext = serializeMessage(message);
-    const wireType = getWireType(message.type);
-    const { ciphertext, nonce, counter, state } = await ratchetEncrypt(
-      this.ratchetState,
-      plaintext
-    );
-    this.ratchetState = state;
-    const envelope = {
-      version: PROTOCOL_VERSION,
-      type: wireType,
-      counter,
-      nonce,
-      ciphertext
-    };
-    if (needsKeyRotation(this.ratchetState)) {
-      await this.performKeyRotation();
-    }
-    return encodeEnvelope(envelope);
-  }
-  /**
-   * Decrypt a wire-format envelope and return the protocol message.
-   */
-  async decryptMessage(data) {
-    if (!this.ratchetState) {
-      throw new Error("Crypto session not initialized");
-    }
-    const envelope = decodeEnvelope(data);
-    const { plaintext, state } = await ratchetDecrypt(
-      this.ratchetState,
-      envelope.ciphertext,
-      envelope.nonce,
-      envelope.counter
-    );
-    this.ratchetState = state;
-    return deserializeMessage(plaintext);
-  }
-  /**
-   * Save the current ratchet state to disk.
-   */
-  async saveState(configDir) {
-    if (!this.ratchetState) {
-      return;
-    }
-    const sodium2 = await ensureSodium();
-    const serialized = {
-      sendChainKey: sodium2.to_base64(this.ratchetState.sendChainKey, sodium2.base64_variants.URLSAFE_NO_PADDING),
-      recvChainKey: sodium2.to_base64(this.ratchetState.recvChainKey, sodium2.base64_variants.URLSAFE_NO_PADDING),
-      sendCounter: this.ratchetState.sendCounter,
-      recvCounter: this.ratchetState.recvCounter,
-      maxRecvCounter: this.ratchetState.maxRecvCounter
-    };
-    const ratchetPath = path2.join(configDir, "ratchet-state.json");
-    await fs2.writeFile(ratchetPath, JSON.stringify(serialized, null, 2), "utf-8");
-  }
-  /**
-   * Load ratchet state from disk.
-   */
-  async loadState(configDir) {
-    const sodium2 = await ensureSodium();
-    const ratchetPath = path2.join(configDir, "ratchet-state.json");
-    try {
-      const raw = await fs2.readFile(ratchetPath, "utf-8");
-      const serialized = JSON.parse(raw);
-      this.ratchetState = {
-        sendChainKey: sodium2.from_base64(serialized.sendChainKey, sodium2.base64_variants.URLSAFE_NO_PADDING),
-        recvChainKey: sodium2.from_base64(serialized.recvChainKey, sodium2.base64_variants.URLSAFE_NO_PADDING),
-        sendCounter: serialized.sendCounter,
-        recvCounter: serialized.recvCounter,
-        maxRecvCounter: serialized.maxRecvCounter
-      };
-      this.isInitialized = true;
-      return true;
-    } catch {
-      return false;
-    }
-  }
-  /**
-   * Get current ratchet state (for diagnostics).
-   */
-  getRatchetInfo() {
-    return {
-      sendCounter: this.ratchetState?.sendCounter ?? 0,
-      recvCounter: this.ratchetState?.recvCounter ?? 0,
-      initialized: this.isInitialized
-    };
-  }
-  /**
-   * Perform key rotation by generating new ephemeral keys.
-   * This is triggered automatically when the ratchet reaches KEY_ROTATION_INTERVAL.
-   */
-  async performKeyRotation() {
-  }
-};
-// src/commands/wrap.ts
-async function wrapCommand(commandArgs, options) {
-  const { configDir } = options;
-  const configPath = path3.join(configDir, "session.json");
-  let sessionConfig;
-  try {
-    const raw = await fs3.readFile(configPath, "utf-8");
-    sessionConfig = JSON.parse(raw);
-  } catch {
-    console.error('No active session found. Run "reley pair" first.');
-    process.exit(1);
-  }
-  const cryptoSession = new CryptoSession();
-  await cryptoSession.initFromConfig(configDir);
-  const command = commandArgs[0];
-  const args = commandArgs.slice(1);
-  console.log(`Wrapping command: ${commandArgs.join(" ")}`);
-  const ptyManager = new PtyManager();
-  const pty2 = ptyManager.spawn(command, args, {
-    cols: process.stdout.columns || 80,
-    rows: process.stdout.rows || 24,
-    cwd: process.cwd(),
-    env: process.env
-  });
-  const wsUrl = sessionConfig.releyUrl.replace(/^http/, "ws");
-  const wsClient = new WsClient();
-  await wsClient.connect(`${wsUrl}/api/v1/ws/${sessionConfig.sessionId}`, sessionConfig.jwt);
-  console.log("Connected to reley. Forwarding terminal output...");
-  ptyManager.onData(async (data) => {
-    process.stdout.write(data);
-    const message = {
-      type: "terminal_data",
-      data: Buffer.from(data, "utf-8").toString("base64")
-    };
-    try {
-      const encrypted = await cryptoSession.encryptMessage(message);
-      wsClient.send(encrypted);
-    } catch (err) {
-      console.error("Encryption error:", err);
-    }
-  });
-  if (process.stdin.isTTY) {
-    process.stdin.setRawMode(true);
-  }
-  process.stdin.resume();
-  process.stdin.on("data", (data) => {
-    ptyManager.write(data.toString("utf-8"));
-  });
-  process.stdout.on("resize", () => {
-    const cols = process.stdout.columns || 80;
-    const rows = process.stdout.rows || 24;
-    ptyManager.resize(cols, rows);
-  });
-  wsClient.onMessage(async (data) => {
-    try {
-      const message = await cryptoSession.decryptMessage(data);
-      switch (message.type) {
-        case "terminal_input": {
-          const inputMsg = message;
-          const inputData = Buffer.from(inputMsg.data, "base64").toString("utf-8");
-          ptyManager.write(inputData);
-          break;
-        }
-        case "terminal_resize": {
-          const resizeMsg = message;
-          ptyManager.resize(resizeMsg.cols, resizeMsg.rows);
-          break;
-        }
-        case "session_close": {
-          const closeMsg = message;
-          console.log(`
-Remote session closed: ${closeMsg.reason}`);
-          cleanup();
-          break;
-        }
-        default:
-          break;
-      }
-    } catch (err) {
-      console.error("Decryption/handling error:", err);
-    }
-  });
-  ptyManager.onExit(async (exitCode, signal) => {
-    console.log(`
-Process exited with code ${exitCode}${signal ? ` (signal ${signal})` : ""}`);
-    const closeMessage = {
-      type: "session_close",
-      reason: `Process exited with code ${exitCode}`
-    };
-    try {
-      const encrypted = await cryptoSession.encryptMessage(closeMessage);
-      wsClient.send(encrypted);
-    } catch {
-    }
-    await cryptoSession.saveState(configDir);
-    cleanup();
-  });
-  wsClient.onDisconnect(() => {
-    console.log("\nDisconnected from reley. Attempting reconnection...");
-  });
-  wsClient.onConnect(() => {
-    console.log("Reconnected to reley.");
-  });
-  function cleanup() {
-    ptyManager.kill();
-    wsClient.close();
-    if (process.stdin.isTTY) {
-      process.stdin.setRawMode(false);
-    }
-    process.stdin.pause();
-    process.exit(0);
-  }
-  process.on("SIGINT", cleanup);
-  process.on("SIGTERM", cleanup);
-}
-// src/commands/status.ts
-import * as fs4 from "node:fs/promises";
-import * as path4 from "node:path";
-async function statusCommand(options) {
-  const { configDir } = options;
-  console.log("Reley Status");
-  console.log("=================\n");
-  const configPath = path4.join(configDir, "session.json");
-  let sessionConfig = null;
-  try {
-    const raw = await fs4.readFile(configPath, "utf-8");
-    sessionConfig = JSON.parse(raw);
-  } catch {
-  }
-  if (!sessionConfig) {
-    console.log("Pairing:    Not paired");
-    console.log('\nRun "reley pair" to pair with a mobile device.\n');
-  } else {
-    console.log("Pairing:    Paired");
-    console.log(`Device ID:  ${sessionConfig.deviceId}`);
-    console.log(`Session ID: ${sessionConfig.sessionId}`);
-    console.log(`Reley URL:  ${sessionConfig.releyUrl}`);
-    console.log(`Paired at:  ${sessionConfig.pairedAt || "Unknown"}`);
-    if (sessionConfig.peerPublicKey) {
-      const truncatedKey = sessionConfig.peerPublicKey.substring(0, 16) + "...";
-      console.log(`Peer key:   ${truncatedKey}`);
-    }
-    console.log(`Identity:   ${sessionConfig.identityPublicKey.substring(0, 16)}...`);
-  }
-  const releyUrl = sessionConfig?.releyUrl || options.releyUrl;
-  console.log(`
-Reley Health (${releyUrl}):`);
-  try {
-    const healthRes = await fetch(`${releyUrl}/api/v1/health`, {
-      signal: AbortSignal.timeout(5e3)
-    });
-    if (healthRes.ok) {
-      const healthData = await healthRes.json();
-      console.log(`  Status:  ${healthData.status}`);
-      if (healthData.version) {
-        console.log(`  Version: ${healthData.version}`);
-      }
-      if (healthData.uptime !== void 0) {
-        console.log(`  Uptime:  ${Math.round(healthData.uptime)}s`);
-      }
-    } else {
-      console.log(`  Status:  Error (HTTP ${healthRes.status})`);
-    }
-  } catch (err) {
-    const errorMessage = err instanceof Error ? err.message : String(err);
-    console.log(`  Status:  Unreachable (${errorMessage})`);
-  }
-  const ratchetPath = path4.join(configDir, "ratchet-state.json");
-  try {
-    await fs4.access(ratchetPath);
-    console.log("\nCrypto:     Ratchet state saved");
-  } catch {
-    console.log("\nCrypto:     No ratchet state (new session)");
-  }
-  const hooksSocketPath = path4.join(configDir, "hooks.sock");
-  try {
-    await fs4.access(hooksSocketPath);
-    console.log("Hooks:      Socket exists");
-  } catch {
-    console.log("Hooks:      Not active");
-  }
-  console.log("");
-}
-// src/commands/install-hooks.ts
-import * as fs5 from "node:fs/promises";
-import * as path5 from "node:path";
-import { fileURLToPath as fileURLToPath2 } from "node:url";
-async function installHooksCommand(options) {
-  const { configDir } = options;
-  console.log("Installing Claude Code hooks for Reley...\n");
-  const __filename = fileURLToPath2(import.meta.url);
-  const __dirname2 = path5.dirname(__filename);
-  const hooksTemplatePath = path5.resolve(__dirname2, "..", "hooks", "hooks.json");
-  let hooksConfig;
-  try {
-    const raw = await fs5.readFile(hooksTemplatePath, "utf-8");
-    hooksConfig = JSON.parse(raw);
-  } catch {
-    hooksConfig = {
-      hooks: {
-        Stop: [{ matcher: "", command: "reley-hook stop" }],
-        Notification: [{ matcher: "", command: "reley-hook notification" }],
-        PreToolUse: [
-          { matcher: "Bash", command: "reley-hook pre-tool-use" },
-          { matcher: "Write", command: "reley-hook pre-tool-use" },
-          { matcher: "Edit", command: "reley-hook pre-tool-use" }
-        ]
-      }
-    };
-  }
-  const claudeConfigDir = path5.join(process.env.HOME || "~", ".claude");
-  const hooksDir = path5.join(claudeConfigDir, "hooks");
-  await fs5.mkdir(hooksDir, { recursive: true });
-  const hooksOutputPath = path5.join(hooksDir, "reley-hooks.json");
-  await fs5.writeFile(hooksOutputPath, JSON.stringify(hooksConfig, null, 2), "utf-8");
-  const socketPath = path5.join(configDir, "hooks.sock");
-  const hookScript = createHookScript2(socketPath);
-  const binDir = path5.join(configDir, "bin");
-  await fs5.mkdir(binDir, { recursive: true });
-  const hookScriptPath = path5.join(binDir, "reley-hook");
-  await fs5.writeFile(hookScriptPath, hookScript, { mode: 493 });
-  console.log("Installed files:");
-  console.log(`  Hooks config:  ${hooksOutputPath}`);
-  console.log(`  Hook script:   ${hookScriptPath}`);
-  console.log(`  Socket path:   ${socketPath}`);
-  console.log("");
-  console.log("Hook configuration:");
-  console.log("  Stop:         Sends stop events to mobile");
-  console.log("  Notification: Forwards notifications to mobile");
-  console.log("  PreToolUse:   Requires mobile approval for Bash, Write, Edit");
-  console.log("");
-  console.log("To activate, add to your PATH:");
-  console.log(`  export PATH="${binDir}:$PATH"`);
-  console.log("");
-  console.log("Or create a symlink:");
-  console.log(`  ln -sf ${hookScriptPath} /usr/local/bin/reley-hook`);
-  console.log("");
-}
-function createHookScript2(socketPath) {
-  return `#!/usr/bin/env node
+`),We=!1;let Pe={...process.env};T&&(Pe.RELEY_HOOK_SOCK=T);let A=lt(n,s,{name:"xterm-256color",cols:H,rows:G,cwd:process.cwd(),env:Pe});A.onData(h=>{process.stdout.write(h);let b=Buffer.from(h);oe(b),he(b)}),x.on("message",async(h,b)=>{if(!b){try{let l=JSON.parse(h.toString());l.type==="key_exchange"&&l.publicKey&&l.role==="viewer"?(await ne(l.publicKey),E("CRYPTO","E2E established with viewer")):l.type==="peer_joined"&&(B=!1,S=null)}catch{}return}!B||!S||te(async()=>{if(S)try{let l=ae(new Uint8Array(h)),d=await se(S,l.ciphertext,l.nonce,l.counter);S=d.state;let w=ce(d.plaintext);if(w.type==="terminal_input"){let g=Buffer.from(w.data,"base64").toString();A.write(g)}else if(w.type==="terminal_resize"){let{cols:g,rows:P}=w;g&&P&&(H=g,G=P,A.resize(g,P))}}catch{}})}),process.stdin.isTTY&&process.stdin.setRawMode(!0),process.stdin.resume(),process.stdin.on("data",h=>{A.write(h.toString())}),process.stdout.on("resize",()=>{H=process.stdout.columns||80,G=process.stdout.rows||24,A.resize(H,G)});let fe=()=>{z.close();try{de(T)}catch{}if(N)try{de(N)}catch{}L&&N&&ht(L,N),x.close(),fetch(`${r.reley_url}/api/v1/sessions/${y}`,{method:"PATCH",headers:{"Content-Type":"application/json",Authorization:`Bearer ${r.device_token}`},body:JSON.stringify({status:"closed"})}).catch(()=>{})};A.onExit(()=>{fe(),process.exit(0)}),process.on("SIGINT",()=>A.kill()),process.on("SIGTERM",()=>A.kill())}function Vt(t,e,o){let r=[e,o].sort((c,a)=>{for(let u=0;u<c.length;u++)if(c[u]!==a[u])return c[u]-a[u];return 0}),n=new Uint8Array(r[0].length+r[1].length);n.set(r[0],0),n.set(r[1],r[0].length);let s=t.crypto_generichash(16,n,null);return t.to_hex(s).toUpperCase().match(/.{4}/g).join("-")}import*as xe from"node:fs/promises";import*as yt from"node:path";import*as gt from"node:crypto";import qt from"qrcode-terminal";async function ft(t){let{releyUrl:e,configDir:o}=t,r=await f();console.log("Generating identity key pair...");let n=await Ne();console.log("Generating ephemeral key pair...");let s=await re();console.log("Generating one-time pairing code...");let i=await Ae(32),c=await He(i),a=gt.randomUUID();console.log("Initiating pairing with reley...");let u={publicKey:r.to_base64(n.publicKey,r.base64_variants.URLSAFE_NO_PADDING),otcHash:r.to_base64(c,r.base64_variants.URLSAFE_NO_PADDING),deviceId:a},m=await fetch(`${e}/api/v1/pair/initiate`,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify(u)});if(!m.ok){let O=await m.text();throw new Error(`Failed to initiate pairing: ${m.status} ${O}`)}let{sessionId:p,jwt:v}=await m.json();console.log(`Pairing session created: ${p}`);let y=await Le({releyUrl:e,publicKey:s.publicKey,oneTimeCode:i,jwt:v});console.log(`
+Scan this QR code with the Reley mobile app:
+`),await new Promise(O=>{qt.generate(y,{small:!0},U=>{console.log(U),O()})}),console.log(`
+Waiting for mobile device to complete pairing...`);let k=2e3,C=5*60*1e3,j=Date.now(),x;for(;Date.now()-j<C;){await Xt(k);let O=await fetch(`${e}/api/v1/pair/status/${p}`,{headers:{Authorization:`Bearer ${v}`}});if(!O.ok){console.error(`Poll error: ${O.status}`);continue}let U=await O.json();if(U.status==="completed"){x=U.peerPublicKey;break}if(U.status==="expired")throw new Error("Pairing session expired. Please try again.");process.stdout.write(".")}if(!x)throw new Error("Pairing timed out after 5 minutes.");console.log(`
+Pairing successful!`);let S={deviceId:a,sessionId:p,releyUrl:e,jwt:v,identityPublicKey:r.to_base64(n.publicKey,r.base64_variants.URLSAFE_NO_PADDING),identitySecretKey:r.to_base64(n.secretKey,r.base64_variants.URLSAFE_NO_PADDING),ephemeralPublicKey:r.to_base64(s.publicKey,r.base64_variants.URLSAFE_NO_PADDING),ephemeralSecretKey:r.to_base64(s.secretKey,r.base64_variants.URLSAFE_NO_PADDING),peerPublicKey:x,pairedAt:new Date().toISOString()};await xe.mkdir(o,{recursive:!0});let B=yt.join(o,"session.json");await xe.writeFile(B,JSON.stringify(S,null,2),"utf-8"),console.log(`Session saved to ${B}`),console.log(`Device ID: ${a}`),console.log(`Session ID: ${p}`)}function Xt(t){return new Promise(e=>setTimeout(e,t))}import*as vt from"node:fs/promises";import*as bt from"node:path";import Qt from"node-pty";var Se=class{process=null;dataCallbacks=[];exitCallbacks=[];spawn(e,o,r={}){let{cols:n=80,rows:s=24,cwd:i,env:c}=r;return this.process=Qt.spawn(e,o,{name:"xterm-256color",cols:n,rows:s,cwd:i||process.cwd(),env:c||process.env}),this.process.onData(a=>{for(let u of this.dataCallbacks)u(a)}),this.process.onExit(({exitCode:a,signal:u})=>{for(let m of this.exitCallbacks)m(a,u);this.process=null}),this.process}onData(e){this.dataCallbacks.push(e)}onExit(e){this.exitCallbacks.push(e)}write(e){if(!this.process)throw new Error("PTY process not running");this.process.write(e)}resize(e,o){this.process&&this.process.resize(e,o)}kill(e){if(this.process){try{this.process.kill(e)}catch{}this.process=null}}get pid(){return this.process?.pid}get isRunning(){return this.process!==null}shutdown(){this.kill(),this.dataCallbacks=[],this.exitCallbacks=[]}};import{EventEmitter as Zt}from"node:events";import ke from"ws";var Ce=class extends Zt{ws=null;url="";token="";releyHttpUrl="";reconnectAttempts=0;reconnectTimer=null;pingTimer=null;pongTimer=null;tokenRefreshTimer=null;shouldReconnect=!0;messageCallbacks=[];connectCallbacks=[];disconnectCallbacks=[];async connect(e,o){return this.url=e,this.token=o,this.shouldReconnect=!0,this.releyHttpUrl=e.replace(/^ws:/,"http:").replace(/^wss:/,"https:").replace(/\/ws\??.*$/,""),this.scheduleTokenRefresh(),this.doConnect()}doConnect(){return new Promise((e,o)=>{let r=new ke(this.url,{headers:{Authorization:`Bearer ${this.token}`}});r.binaryType="arraybuffer",r.on("open",()=>{this.ws=r,this.reconnectAttempts=0,this.startPingInterval();for(let n of this.connectCallbacks)n();this.emit("connect"),e(r)}),r.on("message",n=>{let s;if(n instanceof ArrayBuffer)s=new Uint8Array(n);else if(Buffer.isBuffer(n))s=new Uint8Array(n);else if(Array.isArray(n))s=new Uint8Array(Buffer.concat(n));else return;for(let i of this.messageCallbacks)i(s);this.emit("message",s)}),r.on("pong",()=>{this.clearPongTimeout()}),r.on("close",(n,s)=>{let i=s.toString("utf-8");this.ws=null,this.stopPingInterval();for(let c of this.disconnectCallbacks)c(n,i);this.emit("disconnect",n,i),this.shouldReconnect&&this.scheduleReconnect()}),r.on("error",n=>{this.emit("error",n),!this.ws&&this.reconnectAttempts===0&&o(n)})})}onMessage(e){this.messageCallbacks.push(e)}onConnect(e){this.connectCallbacks.push(e)}onDisconnect(e){this.disconnectCallbacks.push(e)}send(e){if(!this.ws||this.ws.readyState!==ke.OPEN)throw new Error("WebSocket is not connected");this.ws.send(e)}updateToken(e){this.token=e}close(){this.shouldReconnect=!1,this.reconnectTimer&&(clearTimeout(this.reconnectTimer),this.reconnectTimer=null),this.tokenRefreshTimer&&(clearTimeout(this.tokenRefreshTimer),this.tokenRefreshTimer=null),this.stopPingInterval(),this.ws&&(this.ws.close(1e3,"Client closing"),this.ws=null)}get isConnected(){return this.ws!==null&&this.ws.readyState===ke.OPEN}scheduleReconnect(){let e=ie.WS_RECONNECT_BASE,o=ie.WS_RECONNECT_MAX,r=Math.min(e*Math.pow(2,this.reconnectAttempts),o),n=Math.random()*r*.25,s=r+n;this.reconnectAttempts++,this.reconnectTimer=setTimeout(async()=>{try{await this.doConnect()}catch{}},s)}startPingInterval(){this.stopPingInterval(),this.pingTimer=setInterval(()=>{this.ws&&this.ws.readyState===ke.OPEN&&(this.ws.ping(),this.startPongTimeout())},ie.PING_INTERVAL)}stopPingInterval(){this.pingTimer&&(clearInterval(this.pingTimer),this.pingTimer=null),this.clearPongTimeout()}startPongTimeout(){this.clearPongTimeout(),this.pongTimer=setTimeout(()=>{this.ws&&this.ws.terminate()},ie.PONG_TIMEOUT)}clearPongTimeout(){this.pongTimer&&(clearTimeout(this.pongTimer),this.pongTimer=null)}scheduleTokenRefresh(){this.tokenRefreshTimer&&clearTimeout(this.tokenRefreshTimer);let e=23*60*60*1e3;this.tokenRefreshTimer=setTimeout(async()=>{await this.refreshToken()},e),this.tokenRefreshTimer.unref()}async refreshToken(){try{let e=await fetch(`${this.releyHttpUrl}/api/v1/auth/refresh`,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({token:this.token})});if(e.ok){let o=await e.json();this.token=o.token,this.scheduleTokenRefresh()}}catch{this.tokenRefreshTimer=setTimeout(async()=>{await this.refreshToken()},5*60*1e3),this.tokenRefreshTimer?.unref()}}};import*as pe from"node:fs/promises";import*as ye from"node:path";var Ee=class{ratchetState=null;isInitialized=!1;async initFromConfig(e){let o=await f(),r=ye.join(e,"ratchet-state.json");try{let v=await pe.readFile(r,"utf-8"),y=JSON.parse(v);this.ratchetState={sendChainKey:o.from_base64(y.sendChainKey,o.base64_variants.URLSAFE_NO_PADDING),recvChainKey:o.from_base64(y.recvChainKey,o.base64_variants.URLSAFE_NO_PADDING),sendCounter:y.sendCounter,recvCounter:y.recvCounter,maxRecvCounter:y.maxRecvCounter},this.isInitialized=!0;return}catch{}let n=ye.join(e,"session.json"),s=await pe.readFile(n,"utf-8"),i=JSON.parse(s),c=o.from_base64(i.ephemeralSecretKey,o.base64_variants.URLSAFE_NO_PADDING),a=o.from_base64(i.peerPublicKey,o.base64_variants.URLSAFE_NO_PADDING),u=await J(c,a),{sendKey:m,recvKey:p}=await W(u);this.ratchetState=Y(m,p),this.isInitialized=!0}async initFromKeys(e,o){let r=await J(e,o),{sendKey:n,recvKey:s}=await W(r);this.ratchetState=Y(n,s),this.isInitialized=!0}async encryptMessage(e){if(!this.ratchetState)throw new Error("Crypto session not initialized");let o=Z(e),r=X(e.type),{ciphertext:n,nonce:s,counter:i,state:c}=await V(this.ratchetState,o);this.ratchetState=c;let a={version:1,type:r,counter:i,nonce:s,ciphertext:n};return Ue(this.ratchetState)&&await this.performKeyRotation(),Q(a)}async decryptMessage(e){if(!this.ratchetState)throw new Error("Crypto session not initialized");let o=ae(e),{plaintext:r,state:n}=await se(this.ratchetState,o.ciphertext,o.nonce,o.counter);return this.ratchetState=n,ce(r)}async saveState(e){if(!this.ratchetState)return;let o=await f(),r={sendChainKey:o.to_base64(this.ratchetState.sendChainKey,o.base64_variants.URLSAFE_NO_PADDING),recvChainKey:o.to_base64(this.ratchetState.recvChainKey,o.base64_variants.URLSAFE_NO_PADDING),sendCounter:this.ratchetState.sendCounter,recvCounter:this.ratchetState.recvCounter,maxRecvCounter:this.ratchetState.maxRecvCounter},n=ye.join(e,"ratchet-state.json");await pe.writeFile(n,JSON.stringify(r,null,2),"utf-8")}async loadState(e){let o=await f(),r=ye.join(e,"ratchet-state.json");try{let n=await pe.readFile(r,"utf-8"),s=JSON.parse(n);return this.ratchetState={sendChainKey:o.from_base64(s.sendChainKey,o.base64_variants.URLSAFE_NO_PADDING),recvChainKey:o.from_base64(s.recvChainKey,o.base64_variants.URLSAFE_NO_PADDING),sendCounter:s.sendCounter,recvCounter:s.recvCounter,maxRecvCounter:s.maxRecvCounter},this.isInitialized=!0,!0}catch{return!1}}getRatchetInfo(){return{sendCounter:this.ratchetState?.sendCounter??0,recvCounter:this.ratchetState?.recvCounter??0,initialized:this.isInitialized}}async performKeyRotation(){}};async function wt(t,e){let{configDir:o}=e,r=bt.join(o,"session.json"),n;try{let y=await vt.readFile(r,"utf-8");n=JSON.parse(y)}catch{console.error('No active session found. Run "reley pair" first.'),process.exit(1)}let s=new Ee;await s.initFromConfig(o);let i=t[0],c=t.slice(1);console.log(`Wrapping command: ${t.join(" ")}`);let a=new Se,u=a.spawn(i,c,{cols:process.stdout.columns||80,rows:process.stdout.rows||24,cwd:process.cwd(),env:process.env}),m=n.releyUrl.replace(/^http/,"ws"),p=new Ce;await p.connect(`${m}/api/v1/ws/${n.sessionId}`,n.jwt),console.log("Connected to reley. Forwarding terminal output..."),a.onData(async y=>{process.stdout.write(y);let k={type:"terminal_data",data:Buffer.from(y,"utf-8").toString("base64")};try{let C=await s.encryptMessage(k);p.send(C)}catch(C){console.error("Encryption error:",C)}}),process.stdin.isTTY&&process.stdin.setRawMode(!0),process.stdin.resume(),process.stdin.on("data",y=>{a.write(y.toString("utf-8"))}),process.stdout.on("resize",()=>{let y=process.stdout.columns||80,k=process.stdout.rows||24;a.resize(y,k)}),p.onMessage(async y=>{try{let k=await s.decryptMessage(y);switch(k.type){case"terminal_input":{let C=k,j=Buffer.from(C.data,"base64").toString("utf-8");a.write(j);break}case"terminal_resize":{let C=k;a.resize(C.cols,C.rows);break}case"session_close":{console.log(`
+Remote session closed: ${k.reason}`),v();break}default:break}}catch(k){console.error("Decryption/handling error:",k)}}),a.onExit(async(y,k)=>{console.log(`
+Process exited with code ${y}${k?` (signal ${k})`:""}`);let C={type:"session_close",reason:`Process exited with code ${y}`};try{let j=await s.encryptMessage(C);p.send(j)}catch{}await s.saveState(o),v()}),p.onDisconnect(()=>{console.log(`
+Disconnected from reley. Attempting reconnection...`)}),p.onConnect(()=>{console.log("Reconnected to reley.")});function v(){a.kill(),p.close(),process.stdin.isTTY&&process.stdin.setRawMode(!1),process.stdin.pause(),process.exit(0)}process.on("SIGINT",v),process.on("SIGTERM",v)}import*as ge from"node:fs/promises";import*as _e from"node:path";async function xt(t){let{configDir:e}=t;console.log("Reley Status"),console.log(`=================
+`);let o=_e.join(e,"session.json"),r=null;try{let c=await ge.readFile(o,"utf-8");r=JSON.parse(c)}catch{}if(!r)console.log("Pairing:    Not paired"),console.log(`
+Run "reley pair" to pair with a mobile device.
+`);else{if(console.log("Pairing:    Paired"),console.log(`Device ID:  ${r.deviceId}`),console.log(`Session ID: ${r.sessionId}`),console.log(`Reley URL:  ${r.releyUrl}`),console.log(`Paired at:  ${r.pairedAt||"Unknown"}`),r.peerPublicKey){let c=r.peerPublicKey.substring(0,16)+"...";console.log(`Peer key:   ${c}`)}console.log(`Identity:   ${r.identityPublicKey.substring(0,16)}...`)}let n=r?.releyUrl||t.releyUrl;console.log(`
+Reley Health (${n}):`);try{let c=await fetch(`${n}/api/v1/health`,{signal:AbortSignal.timeout(5e3)});if(c.ok){let a=await c.json();console.log(`  Status:  ${a.status}`),a.version&&console.log(`  Version: ${a.version}`),a.uptime!==void 0&&console.log(`  Uptime:  ${Math.round(a.uptime)}s`)}else console.log(`  Status:  Error (HTTP ${c.status})`)}catch(c){let a=c instanceof Error?c.message:String(c);console.log(`  Status:  Unreachable (${a})`)}let s=_e.join(e,"ratchet-state.json");try{await ge.access(s),console.log(`
+Crypto:     Ratchet state saved`)}catch{console.log(`
+Crypto:     No ratchet state (new session)`)}let i=_e.join(e,"hooks.sock");try{await ge.access(i),console.log("Hooks:      Socket exists")}catch{console.log("Hooks:      Not active")}console.log("")}import*as ee from"node:fs/promises";import*as $ from"node:path";import{fileURLToPath as eo}from"node:url";async function St(t){let{configDir:e}=t;console.log(`Installing Claude Code hooks for Reley...
+`);let o=eo(import.meta.url),r=$.dirname(o),n=$.resolve(r,"..","hooks","hooks.json"),s;try{let y=await ee.readFile(n,"utf-8");s=JSON.parse(y)}catch{s={hooks:{Stop:[{matcher:"",command:"reley-hook stop"}],Notification:[{matcher:"",command:"reley-hook notification"}],PreToolUse:[{matcher:"Bash",command:"reley-hook pre-tool-use"},{matcher:"Write",command:"reley-hook pre-tool-use"},{matcher:"Edit",command:"reley-hook pre-tool-use"}]}}}let i=$.join(process.env.HOME||"~",".claude"),c=$.join(i,"hooks");await ee.mkdir(c,{recursive:!0});let a=$.join(c,"reley-hooks.json");await ee.writeFile(a,JSON.stringify(s,null,2),"utf-8");let u=$.join(e,"hooks.sock"),m=to(u),p=$.join(e,"bin");await ee.mkdir(p,{recursive:!0});let v=$.join(p,"reley-hook");await ee.writeFile(v,m,{mode:493}),console.log("Installed files:"),console.log(`  Hooks config:  ${a}`),console.log(`  Hook script:   ${v}`),console.log(`  Socket path:   ${u}`),console.log(""),console.log("Hook configuration:"),console.log("  Stop:         Sends stop events to mobile"),console.log("  Notification: Forwards notifications to mobile"),console.log("  PreToolUse:   Requires mobile approval for Bash, Write, Edit"),console.log(""),console.log("To activate, add to your PATH:"),console.log(`  export PATH="${p}:$PATH"`),console.log(""),console.log("Or create a symlink:"),console.log(`  ln -sf ${v} /usr/local/bin/reley-hook`),console.log("")}function to(t){return`#!/usr/bin/env node
 import * as net from 'node:net';
 import * as process from 'node:process';
-const SOCKET_PATH = ${JSON.stringify(socketPath)};
+const SOCKET_PATH = ${JSON.stringify(t)};
 const HOOK_TYPE = process.argv[2]; // stop, notification, pre-tool-use
 const TIMEOUT_MS = 5 * 60 * 1000; // 5 minutes
@@ -2567,76 +684,10 @@ main().catch((err) => {
   // Default to approve on error
   console.log(JSON.stringify({ action: 'approve' }));
 });
-`;
-}
-// src/commands/login.ts
-init_config();
-import { createServer } from "node:http";
-import { URL } from "node:url";
-import { hostname } from "node:os";
-var DEFAULT_RELEY_URL = "https://api.reley.sh";
-async function loginCommand(opts) {
-  const releyUrl = opts.releyUrl || process.env.RELEY_URL || DEFAULT_RELEY_URL;
-  let supabaseUrl = process.env.SUPABASE_URL;
-  let supabaseAnonKey = process.env.SUPABASE_ANON_KEY;
-  if (!supabaseUrl || !supabaseAnonKey) {
-    try {
-      const configRes = await fetch(`${releyUrl}/api/v1/auth/config`);
-      if (!configRes.ok) throw new Error(`HTTP ${configRes.status}`);
-      const config = await configRes.json();
-      supabaseUrl = config.supabaseUrl;
-      supabaseAnonKey = config.supabaseAnonKey;
-    } catch {
-      console.error(
-        "\x1B[31mError:\x1B[0m Could not connect to reley server at " + releyUrl
-      );
-      console.error("Check that the server is running and the URL is correct.");
-      process.exit(1);
-    }
-  }
-  console.log("\x1B[36m[Reley]\x1B[0m Starting Google login...\n");
-  const { token, email } = await startOAuthFlow(supabaseUrl, supabaseAnonKey);
-  console.log(`\x1B[32m\u2713\x1B[0m Logged in as \x1B[1m${email}\x1B[0m
-`);
-  console.log("\x1B[36m[Reley]\x1B[0m Registering device...");
-  const deviceName = hostname() || "Unknown Device";
-  const res = await fetch(`${releyUrl}/api/v1/devices/register`, {
-    method: "POST",
-    headers: {
-      "Content-Type": "application/json",
-      Authorization: `Bearer ${token}`
-    },
-    body: JSON.stringify({ name: deviceName })
-  });
-  if (!res.ok) {
-    const body = await res.json().catch(() => ({}));
-    console.error(
-      `\x1B[31mError:\x1B[0m Failed to register device: ${body.error || res.statusText}`
-    );
-    process.exit(1);
-  }
-  const { deviceId, deviceToken } = await res.json();
-  saveConfig({
-    reley_url: releyUrl,
-    device_token: deviceToken,
-    device_id: deviceId,
-    user_email: email
-  });
-  console.log(`\x1B[32m\u2713\x1B[0m Device registered: \x1B[1m${deviceName}\x1B[0m`);
-  console.log(`\x1B[32m\u2713\x1B[0m Config saved to ${getConfigPath()}
-`);
-  console.log("You can now run \x1B[1mreley\x1B[0m to start a session.");
-}
-async function startOAuthFlow(supabaseUrl, supabaseAnonKey) {
-  return new Promise((resolve2, reject) => {
-    const CALLBACK_PORT = 54321;
-    const redirectUri = `http://localhost:${CALLBACK_PORT}/auth/callback`;
-    const server = createServer((req, res) => {
-      const url = new URL(req.url, `http://localhost:${CALLBACK_PORT}`);
-      if (url.pathname === "/auth/callback") {
-        res.writeHead(200, { "Content-Type": "text/html" });
-        res.end(`<!DOCTYPE html>
+`}we();import{createServer as oo}from"node:http";import{URL as ro}from"node:url";import{hostname as no}from"node:os";var so="https://api.reley.sh";async function kt(t){let e=t.releyUrl||process.env.RELEY_URL||so,o=process.env.SUPABASE_URL,r=process.env.SUPABASE_ANON_KEY;if(!o||!r)try{let m=await fetch(`${e}/api/v1/auth/config`);if(!m.ok)throw new Error(`HTTP ${m.status}`);let p=await m.json();o=p.supabaseUrl,r=p.supabaseAnonKey}catch{console.error("\x1B[31mError:\x1B[0m Could not connect to reley server at "+e),console.error("Check that the server is running and the URL is correct."),process.exit(1)}console.log(`\x1B[36m[Reley]\x1B[0m Starting Google login...
+`);let{token:n,email:s}=await io(o,r);console.log(`\x1B[32m\u2713\x1B[0m Logged in as \x1B[1m${s}\x1B[0m
+`),console.log("\x1B[36m[Reley]\x1B[0m Registering device...");let i=no()||"Unknown Device",c=await fetch(`${e}/api/v1/devices/register`,{method:"POST",headers:{"Content-Type":"application/json",Authorization:`Bearer ${n}`},body:JSON.stringify({name:i})});if(!c.ok){let m=await c.json().catch(()=>({}));console.error(`\x1B[31mError:\x1B[0m Failed to register device: ${m.error||c.statusText}`),process.exit(1)}let{deviceId:a,deviceToken:u}=await c.json();Be({reley_url:e,device_token:u,device_id:a,user_email:s}),console.log(`\x1B[32m\u2713\x1B[0m Device registered: \x1B[1m${i}\x1B[0m`),console.log(`\x1B[32m\u2713\x1B[0m Config saved to ${$e()}
+`),console.log("You can now run \x1B[1mreley\x1B[0m to start a session.")}async function io(t,e){return new Promise((o,r)=>{let s="http://localhost:54321/auth/callback",i=oo((c,a)=>{let u=new ro(c.url,"http://localhost:54321");if(u.pathname==="/auth/callback"){a.writeHead(200,{"Content-Type":"text/html"}),a.end(`<!DOCTYPE html>
 <html><body>
 <script>
   // Supabase puts tokens in the hash fragment
@@ -2657,96 +708,7 @@ async function startOAuthFlow(supabaseUrl, supabaseAnonKey) {
   }
 </script>
 <h2 style="font-family:system-ui;text-align:center;margin-top:100px">Processing login...</h2>
-</body></html>`);
-        return;
-      }
-      if (url.pathname === "/auth/token" && req.method === "POST") {
-        let body = "";
-        req.on("data", (chunk) => {
-          body += chunk.toString();
-        });
-        req.on("end", async () => {
-          res.writeHead(200, { "Content-Type": "application/json" });
-          res.end(JSON.stringify({ ok: true }));
-          try {
-            const { access_token } = JSON.parse(body);
-            const userRes = await fetch(`${supabaseUrl}/auth/v1/user`, {
-              headers: {
-                Authorization: `Bearer ${access_token}`,
-                apikey: supabaseAnonKey
-              }
-            });
-            if (!userRes.ok) {
-              reject(new Error("Failed to verify token"));
-              return;
-            }
-            const user = await userRes.json();
-            server.close();
-            resolve2({ token: access_token, email: user.email });
-          } catch (err) {
-            reject(err);
-          }
-        });
-        return;
-      }
-      res.writeHead(404);
-      res.end("Not found");
-    });
-    server.listen(CALLBACK_PORT, () => {
-      const authUrl = `${supabaseUrl}/auth/v1/authorize?` + new URLSearchParams({
-        provider: "google",
-        redirect_to: redirectUri
-      }).toString();
-      console.log(
-        `\x1B[36m[Reley]\x1B[0m Opening browser for Google login...`
-      );
-      console.log(`\x1B[2m${authUrl}\x1B[0m
-`);
-      const openCmd = process.platform === "darwin" ? "open" : process.platform === "win32" ? "start" : "xdg-open";
-      import("node:child_process").then(({ spawn: spawnChild }) => {
-        spawnChild(openCmd, [authUrl], { stdio: "ignore", detached: true }).unref();
-      });
-      setTimeout(() => {
-        server.close();
-        reject(new Error("Login timed out (5 minutes)"));
-      }, 5 * 60 * 1e3);
-    });
-    server.on("error", (err) => {
-      reject(new Error(`Failed to start callback server: ${err.message}`));
-    });
-  });
-}
-// src/index.ts
-init_config();
-var program = new Command();
-program.name("reley").description("Bridge your terminal to mobile/web with E2E encryption").version("0.1.0");
-program.option("--reley-url <url>", "Reley server URL", "http://localhost:3100").option("--config-dir <path>", "Configuration directory", `${process.env.HOME}/.reley`);
-program.command("run [command...]", { isDefault: true }).description("Run a command with web terminal sync (default)").option("--web-port <port>", "Web UI port", "3200").option("--reley-port <port>", "Reley server port", "3100").option("--online", "Use online reley server (requires `reley login` first)").action(async (commandArgs, opts) => {
-  const online = opts.online ?? isConfigured();
-  await runCommand(commandArgs, { webPort: opts.webPort, releyPort: opts.releyPort, online });
-});
-program.command("login").description("Login with Google and register this device").option("--reley-url <url>", "Reley server URL").action(async (opts) => {
-  const parentOpts = program.opts();
-  await loginCommand({ releyUrl: opts.releyUrl || parentOpts.releyUrl });
-});
-program.command("pair").description("Pair this device with a mobile client").action(async () => {
-  const opts = program.opts();
-  await pairCommand({ releyUrl: opts.releyUrl, configDir: opts.configDir });
-});
-program.command("wrap <command...>").description("Wrap a command with existing session (requires prior pairing)").action(async (commandArgs) => {
-  const opts = program.opts();
-  await wrapCommand(commandArgs, { releyUrl: opts.releyUrl, configDir: opts.configDir });
-});
-program.command("status").description("Show pairing and connection status").action(async () => {
-  const opts = program.opts();
-  await statusCommand({ releyUrl: opts.releyUrl, configDir: opts.configDir });
-});
-program.command("install-hooks").description("Install Claude Code hooks for Reley integration").action(async () => {
-  const opts = program.opts();
-  await installHooksCommand({ releyUrl: opts.releyUrl, configDir: opts.configDir });
-});
-program.parseAsync(process.argv).catch((err) => {
-  console.error("Fatal error:", err);
-  process.exit(1);
-});
+</body></html>`);return}if(u.pathname==="/auth/token"&&c.method==="POST"){let m="";c.on("data",p=>{m+=p.toString()}),c.on("end",async()=>{a.writeHead(200,{"Content-Type":"application/json"}),a.end(JSON.stringify({ok:!0}));try{let{access_token:p}=JSON.parse(m),v=await fetch(`${t}/auth/v1/user`,{headers:{Authorization:`Bearer ${p}`,apikey:e}});if(!v.ok){r(new Error("Failed to verify token"));return}let y=await v.json();i.close(),o({token:p,email:y.email})}catch(p){r(p)}});return}a.writeHead(404),a.end("Not found")});i.listen(54321,()=>{let c=`${t}/auth/v1/authorize?`+new URLSearchParams({provider:"google",redirect_to:s}).toString();console.log("\x1B[36m[Reley]\x1B[0m Opening browser for Google login..."),console.log(`\x1B[2m${c}\x1B[0m
+`);let a=process.platform==="darwin"?"open":process.platform==="win32"?"start":"xdg-open";import("node:child_process").then(({spawn:u})=>{u(a,[c],{stdio:"ignore",detached:!0}).unref()}),setTimeout(()=>{i.close(),r(new Error("Login timed out (5 minutes)"))},5*60*1e3)}),i.on("error",c=>{r(new Error(`Failed to start callback server: ${c.message}`))})})}we();var _=new ao;_.name("reley").description("Bridge your terminal to mobile/web with E2E encryption").version("0.1.4");_.option("--reley-url <url>","Reley server URL","https://api.reley.sh").option("--config-dir <path>","Configuration directory",`${process.env.HOME}/.reley`);_.command("run [command...]",{isDefault:!0}).description("Run a command with web terminal sync (default)").option("--web-port <port>","Web UI port","3200").option("--reley-port <port>","Reley server port","3100").option("--online","Use online reley server (requires `reley login` first)").action(async(t,e)=>{let o=e.online??je();await mt(t,{webPort:e.webPort,releyPort:e.releyPort,online:o})});_.command("login").description("Login with Google and register this device").option("--reley-url <url>","Reley server URL").action(async t=>{let e=_.opts();await kt({releyUrl:t.releyUrl||e.releyUrl})});_.command("pair").description("Pair this device with a mobile client").action(async()=>{let t=_.opts();await ft({releyUrl:t.releyUrl,configDir:t.configDir})});_.command("wrap <command...>").description("Wrap a command with existing session (requires prior pairing)").action(async t=>{let e=_.opts();await wt(t,{releyUrl:e.releyUrl,configDir:e.configDir})});_.command("status").description("Show pairing and connection status").action(async()=>{let t=_.opts();await xt({releyUrl:t.releyUrl,configDir:t.configDir})});_.command("install-hooks").description("Install Claude Code hooks for Reley integration").action(async()=>{let t=_.opts();await St({releyUrl:t.releyUrl,configDir:t.configDir})});_.parseAsync(process.argv).catch(t=>{let e=t instanceof Error?t.message:String(t);console.error(`
+  \x1B[31m\x1B[1mError:\x1B[0m ${e}
+`),process.exit(1)});