remote-pi 0.1.0

package/dist/pairing/storage.js

@@ -0,0 +1,65 @@
+import { mkdir, readFile, writeFile } from "node:fs/promises";
+import { homedir } from "node:os";
+import { dirname, join } from "node:path";
+import keytar from "keytar";
+import { generateEd25519Keypair } from "./crypto.js";
+const KEYCHAIN_SERVICE = "dev.remotepi.mac";
+const PEERS_PATH = join(homedir(), ".pi", "remote", "peers.json");
+// ── Keychain ──────────────────────────────────────────────────────────────────
+async function loadKeypairFromKeychain(account) {
+    const stored = await keytar.getPassword(KEYCHAIN_SERVICE, account);
+    if (!stored)
+        return null;
+    const parsed = JSON.parse(stored);
+    return {
+        publicKey: Buffer.from(parsed.pk, "base64"),
+        secretKey: Buffer.from(parsed.sk, "base64"),
+    };
+}
+async function saveKeypairToKeychain(account, kp) {
+    const data = JSON.stringify({
+        pk: Buffer.from(kp.publicKey).toString("base64"),
+        sk: Buffer.from(kp.secretKey).toString("base64"),
+    });
+    await keytar.setPassword(KEYCHAIN_SERVICE, account, data);
+}
+export async function getOrCreateEd25519Keypair() {
+    const existing = await loadKeypairFromKeychain("longterm-ed25519");
+    if (existing)
+        return existing;
+    const kp = generateEd25519Keypair();
+    await saveKeypairToKeychain("longterm-ed25519", kp);
+    return kp;
+}
+export async function listPeers() {
+    try {
+        const raw = await readFile(PEERS_PATH, "utf8");
+        const parsed = JSON.parse(raw);
+        return parsed.peers ?? [];
+    }
+    catch {
+        return [];
+    }
+}
+export async function addPeer(record) {
+    const peers = await listPeers();
+    const idx = peers.findIndex((p) => p.remote_epk === record.remote_epk);
+    if (idx >= 0) {
+        peers[idx] = record; // idempotent re-pair
+    }
+    else {
+        peers.push(record);
+    }
+    await mkdir(dirname(PEERS_PATH), { recursive: true });
+    await writeFile(PEERS_PATH, JSON.stringify({ peers }, null, 2));
+}
+export async function removePeer(remoteEpk) {
+    const peers = await listPeers();
+    const filtered = peers.filter((p) => p.remote_epk !== remoteEpk);
+    if (filtered.length === peers.length)
+        return false;
+    await mkdir(dirname(PEERS_PATH), { recursive: true });
+    await writeFile(PEERS_PATH, JSON.stringify({ peers: filtered }, null, 2));
+    return true;
+}
+//# sourceMappingURL=storage.js.map

package/dist/pairing/storage.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"storage.js","sourceRoot":"","sources":["../../src/pairing/storage.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAC9D,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAClC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAC1C,OAAO,MAAM,MAAM,QAAQ,CAAC;AAC5B,OAAO,EAAE,sBAAsB,EAAuB,MAAM,aAAa,CAAC;AAE1E,MAAM,gBAAgB,GAAG,kBAAkB,CAAC;AAC5C,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,YAAY,CAAC,CAAC;AAElE,iFAAiF;AAEjF,KAAK,UAAU,uBAAuB,CACpC,OAAe;IAEf,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,WAAW,CAAC,gBAAgB,EAAE,OAAO,CAAC,CAAC;IACnE,IAAI,CAAC,MAAM;QAAE,OAAO,IAAI,CAAC;IACzB,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAA+B,CAAC;IAChE,OAAO;QACL,SAAS,EAAE,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,EAAE,QAAQ,CAAC;QAC3C,SAAS,EAAE,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,EAAE,QAAQ,CAAC;KAC5C,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,qBAAqB,CAClC,OAAe,EACf,EAAoD;IAEpD,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC;QAC1B,EAAE,EAAE,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC;QAChD,EAAE,EAAE,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC;KACjD,CAAC,CAAC;IACH,MAAM,MAAM,CAAC,WAAW,CAAC,gBAAgB,EAAE,OAAO,EAAE,IAAI,CAAC,CAAC;AAC5D,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,yBAAyB;IAC7C,MAAM,QAAQ,GAAG,MAAM,uBAAuB,CAAC,kBAAkB,CAAC,CAAC;IACnE,IAAI,QAAQ;QAAE,OAAO,QAAQ,CAAC;IAC9B,MAAM,EAAE,GAAG,sBAAsB,EAAE,CAAC;IACpC,MAAM,qBAAqB,CAAC,kBAAkB,EAAE,EAAE,CAAC,CAAC;IACpD,OAAO,EAAE,CAAC;AACZ,CAAC;AAUD,MAAM,CAAC,KAAK,UAAU,SAAS;IAC7B,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;QAC/C,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAA4B,CAAC;QAC1D,OAAO,MAAM,CAAC,KAAK,IAAI,EAAE,CAAC;IAC5B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,OAAO,CAAC,MAAkB;IAC9C,MAAM,KAAK,GAAG,MAAM,SAAS,EAAE,CAAC;IAChC,MAAM,GAAG,GAAG,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,KAAK,MAAM,CAAC,UAAU,CAAC,CAAC;IACvE,IAAI,GAAG,IAAI,CAAC,EAAE,CAAC;QACb,KAAK,CAAC,GAAG,CAAC,GAAG,MAAM,CAAC,CAAC,qBAAqB;IAC5C,CAAC;SAAM,CAAC;QACN,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IACrB,CAAC;IACD,MAAM,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACtD,MAAM,SAAS,CAAC,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;AAClE,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,UAAU,CAAC,SAAiB;IAChD,MAAM,KAAK,GAAG,MAAM,SAAS,EAAE,CAAC;IAChC,MAAM,QAAQ,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,KAAK,SAAS,CAAC,CAAC;IACjE,IAAI,QAAQ,CAAC,MAAM,KAAK,KAAK,CAAC,MAAM;QAAE,OAAO,KAAK,CAAC;IACnD,MAAM,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACtD,MAAM,SAAS,CAAC,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,QAAQ,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IAC1E,OAAO,IAAI,CAAC;AACd,CAAC"}

package/dist/protocol/codec.d.ts

@@ -0,0 +1,7 @@
+import type { ClientMessage, ServerMessage } from "./types.js";
+export declare class DecodeError extends Error {
+    readonly code: "invalid_message" | "unsupported_type";
+    constructor(code: "invalid_message" | "unsupported_type", message: string);
+}
+export declare function encodeClient(msg: ClientMessage): string;
+export declare function decodeServer(line: string): ServerMessage;

package/dist/protocol/codec.js

@@ -0,0 +1,46 @@
+const SERVER_TYPES = new Set([
+    "pair_ok",
+    "pair_error",
+    "user_input",
+    "agent_chunk",
+    "agent_done",
+    "agent_message",
+    "tool_request",
+    "tool_result",
+    "error",
+    "cancelled",
+    "pong",
+    "bye",
+    "session_history",
+]);
+export class DecodeError extends Error {
+    code;
+    constructor(code, message) {
+        super(message);
+        this.code = code;
+        this.name = "DecodeError";
+    }
+}
+export function encodeClient(msg) {
+    return JSON.stringify(msg) + "\n";
+}
+export function decodeServer(line) {
+    let obj;
+    try {
+        obj = JSON.parse(line.trim());
+    }
+    catch (e) {
+        throw new DecodeError("invalid_message", `not JSON: ${e.message}`);
+    }
+    if (!obj ||
+        typeof obj !== "object" ||
+        typeof obj.type !== "string") {
+        throw new DecodeError("invalid_message", "missing 'type'");
+    }
+    const t = obj.type;
+    if (!SERVER_TYPES.has(t)) {
+        throw new DecodeError("unsupported_type", `unknown type: ${t}`);
+    }
+    return obj;
+}
+//# sourceMappingURL=codec.js.map

package/dist/protocol/codec.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"codec.js","sourceRoot":"","sources":["../../src/protocol/codec.ts"],"names":[],"mappings":"AAEA,MAAM,YAAY,GAAG,IAAI,GAAG,CAAwB;IAClD,SAAS;IACT,YAAY;IACZ,YAAY;IACZ,aAAa;IACb,YAAY;IACZ,eAAe;IACf,cAAc;IACd,aAAa;IACb,OAAO;IACP,WAAW;IACX,MAAM;IACN,KAAK;IACL,iBAAiB;CAClB,CAAC,CAAC;AAEH,MAAM,OAAO,WAAY,SAAQ,KAAK;IAElB;IADlB,YACkB,IAA4C,EAC5D,OAAe;QAEf,KAAK,CAAC,OAAO,CAAC,CAAC;QAHC,SAAI,GAAJ,IAAI,CAAwC;QAI5D,IAAI,CAAC,IAAI,GAAG,aAAa,CAAC;IAC5B,CAAC;CACF;AAED,MAAM,UAAU,YAAY,CAAC,GAAkB;IAC7C,OAAO,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC;AACpC,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,IAAY;IACvC,IAAI,GAAY,CAAC;IACjB,IAAI,CAAC;QACH,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;IAChC,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,MAAM,IAAI,WAAW,CAAC,iBAAiB,EAAE,aAAc,CAAW,CAAC,OAAO,EAAE,CAAC,CAAC;IAChF,CAAC;IACD,IACE,CAAC,GAAG;QACJ,OAAO,GAAG,KAAK,QAAQ;QACvB,OAAQ,GAA+B,CAAC,IAAI,KAAK,QAAQ,EACzD,CAAC;QACD,MAAM,IAAI,WAAW,CAAC,iBAAiB,EAAE,gBAAgB,CAAC,CAAC;IAC7D,CAAC;IACD,MAAM,CAAC,GAAI,GAA+B,CAAC,IAAc,CAAC;IAC1D,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,CAA0B,CAAC,EAAE,CAAC;QAClD,MAAM,IAAI,WAAW,CAAC,kBAAkB,EAAE,iBAAiB,CAAC,EAAE,CAAC,CAAC;IAClE,CAAC;IACD,OAAO,GAAoB,CAAC;AAC9B,CAAC"}

package/dist/protocol/types.d.ts

@@ -0,0 +1,119 @@
+export type PairErrorCode = "token_expired" | "token_consumed" | "token_unknown" | "internal_error";
+export type ClientMessage = {
+    type: "pair_request";
+    id: string;
+    token: string;
+    device_name: string;
+} | {
+    type: "user_message";
+    id: string;
+    text: string;
+} | {
+    type: "approve_tool";
+    id: string;
+    tool_call_id: string;
+    decision: "allow" | "deny";
+} | {
+    type: "cancel";
+    id: string;
+    target_id: string;
+} | {
+    type: "ping";
+    id: string;
+} | {
+    type: "session_sync";
+    id: string;
+    limit?: number;
+};
+export type Usage = {
+    input_tokens: number;
+    output_tokens: number;
+};
+export type KnownErrorCode = "tool_approval_required" | "invalid_message" | "unsupported_type" | "too_large" | "rate_limited" | "timeout" | "internal_error";
+export type ErrorCode = KnownErrorCode | (string & {});
+export type SessionHistoryEvent = {
+    ts: number;
+    type: "user_input";
+    id: string;
+    text: string;
+} | {
+    ts: number;
+    type: "tool_request";
+    tool_call_id: string;
+    tool: string;
+    args: Record<string, unknown>;
+} | {
+    ts: number;
+    type: "tool_result";
+    tool_call_id: string;
+    result?: unknown;
+    error?: string;
+} | {
+    ts: number;
+    type: "agent_message";
+    in_reply_to: string;
+    text: string;
+    usage?: Usage;
+};
+export type ServerMessage = {
+    type: "pair_ok";
+    in_reply_to: string;
+    session_name: string;
+    session_started_at: number;
+    room_id: string;
+} | {
+    type: "pair_error";
+    in_reply_to: string;
+    code: PairErrorCode;
+    message: string;
+} | {
+    type: "user_input";
+    id: string;
+    text: string;
+} | {
+    type: "agent_chunk";
+    in_reply_to: string;
+    delta: string;
+} | {
+    type: "agent_done";
+    in_reply_to: string;
+    usage?: Usage;
+} | {
+    type: "agent_message";
+    in_reply_to: string;
+    text: string;
+    usage?: Usage;
+} | {
+    type: "tool_request";
+    tool_call_id: string;
+    tool: string;
+    args: Record<string, unknown>;
+} | {
+    type: "tool_result";
+    tool_call_id: string;
+    result?: unknown;
+    error?: string;
+} | {
+    type: "error";
+    in_reply_to?: string;
+    code: ErrorCode;
+    message: string;
+} | {
+    type: "cancelled";
+    in_reply_to: string;
+    target_id: string;
+} | {
+    type: "pong";
+    in_reply_to: string;
+} | {
+    type: "bye";
+    reason: ByeReason;
+} | {
+    type: "session_history";
+    in_reply_to: string;
+    session_started_at: number;
+    events: SessionHistoryEvent[];
+    eos: boolean;
+    truncated: boolean;
+};
+export type ByeReason = "peer_stop" | "session_replaced" | "shutdown";

package/dist/protocol/types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=types.js.map

package/dist/protocol/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/protocol/types.ts"],"names":[],"mappings":""}

package/dist/rooms.d.ts

@@ -0,0 +1,9 @@
+/**
+ * Deterministic room id derived from a cwd. Two Pi processes in the same
+ * directory produce the same id; different cwds produce different ids
+ * (with cryptographic-strength collision resistance). Symlinks are resolved
+ * via `realpath` so `/a` and `/symlink-to-a` map to the same room.
+ *
+ * Format: first 12 chars of base64url(sha256(realpath)).
+ */
+export declare function roomIdForCwd(cwd: string): string;

package/dist/rooms.js

@@ -0,0 +1,22 @@
+import { createHash } from "node:crypto";
+import { realpathSync } from "node:fs";
+/**
+ * Deterministic room id derived from a cwd. Two Pi processes in the same
+ * directory produce the same id; different cwds produce different ids
+ * (with cryptographic-strength collision resistance). Symlinks are resolved
+ * via `realpath` so `/a` and `/symlink-to-a` map to the same room.
+ *
+ * Format: first 12 chars of base64url(sha256(realpath)).
+ */
+export function roomIdForCwd(cwd) {
+    let target;
+    try {
+        target = realpathSync(cwd);
+    }
+    catch {
+        // cwd doesn't exist (unlikely in production) — fallback to raw path.
+        target = cwd;
+    }
+    return createHash("sha256").update(target).digest("base64url").slice(0, 12);
+}
+//# sourceMappingURL=rooms.js.map

package/dist/rooms.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"rooms.js","sourceRoot":"","sources":["../src/rooms.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAEvC;;;;;;;GAOG;AACH,MAAM,UAAU,YAAY,CAAC,GAAW;IACtC,IAAI,MAAc,CAAC;IACnB,IAAI,CAAC;QACH,MAAM,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC;IAC7B,CAAC;IAAC,MAAM,CAAC;QACP,qEAAqE;QACrE,MAAM,GAAG,GAAG,CAAC;IACf,CAAC;IACD,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AAC9E,CAAC"}

package/dist/session/agent_bridge.d.ts

@@ -0,0 +1,55 @@
+import type { AgentSession } from "@mariozechner/pi-coding-agent";
+import type { ClientMessage, ServerMessage } from "../protocol/types.js";
+/**
+ * Abstraction over the Noise-encrypted transport.
+ * Wave 3 plugs the real channel; tests use a mock.
+ */
+export interface PeerChannel {
+    send(msg: ServerMessage): void;
+}
+/**
+ * Minimal subset of BeforeToolCallContext consumed by the bridge.
+ * Shape-compatible with @mariozechner/pi-agent-core BeforeToolCallContext.
+ */
+export interface BridgeToolCallContext {
+    toolCall: {
+        toolCallId: string;
+        toolCall: {
+            name: string;
+            arguments: Record<string, unknown>;
+        };
+    };
+    args: unknown;
+}
+/**
+ * Bridges an AgentSession (Pi SDK) and a PeerChannel (remote app).
+ *
+ * Wire-up at session creation:
+ *   const bridge = new AgentBridge(session, channel)
+ *   // pass bridge.beforeToolCallHook to createAgentSession as beforeToolCall
+ *
+ * Then route incoming client messages:
+ *   channel.on('message', msg => bridge.onClientMessage(msg))
+ */
+export declare class AgentBridge {
+    private readonly session;
+    private readonly channel;
+    /** ID of the active user_message turn, used as in_reply_to for streaming. */
+    private currentTurnId;
+    /** Pending tool approvals keyed by tool_call_id. */
+    private readonly pendingApprovals;
+    private readonly unsubscribe;
+    constructor(session: AgentSession, channel: PeerChannel);
+    /**
+     * Pass this as `beforeToolCall` in createAgentSession options.
+     * Auto-approves whitelisted tools; pauses everything else for user approval.
+     */
+    readonly beforeToolCallHook: (ctx: BridgeToolCallContext, signal?: AbortSignal) => Promise<{
+        block?: boolean;
+        reason?: string;
+    } | undefined>;
+    onClientMessage(msg: ClientMessage): void;
+    dispose(): void;
+    private awaitApproval;
+    private onSessionEvent;
+}

package/dist/session/agent_bridge.js

@@ -0,0 +1,146 @@
+import { decide } from "./tool_gate.js";
+const APPROVAL_TIMEOUT_MS = 60_000;
+// ── AgentBridge ───────────────────────────────────────────────────────────────
+/**
+ * Bridges an AgentSession (Pi SDK) and a PeerChannel (remote app).
+ *
+ * Wire-up at session creation:
+ *   const bridge = new AgentBridge(session, channel)
+ *   // pass bridge.beforeToolCallHook to createAgentSession as beforeToolCall
+ *
+ * Then route incoming client messages:
+ *   channel.on('message', msg => bridge.onClientMessage(msg))
+ */
+export class AgentBridge {
+    session;
+    channel;
+    /** ID of the active user_message turn, used as in_reply_to for streaming. */
+    currentTurnId = null;
+    /** Pending tool approvals keyed by tool_call_id. */
+    pendingApprovals = new Map();
+    unsubscribe;
+    constructor(session, channel) {
+        this.session = session;
+        this.channel = channel;
+        this.unsubscribe = session.subscribe(this.onSessionEvent.bind(this));
+    }
+    // ── beforeToolCall hook ────────────────────────────────────────────────────
+    /**
+     * Pass this as `beforeToolCall` in createAgentSession options.
+     * Auto-approves whitelisted tools; pauses everything else for user approval.
+     */
+    beforeToolCallHook = async (ctx, signal) => {
+        const toolName = ctx.toolCall.toolCall.name;
+        const toolCallId = ctx.toolCall.toolCallId;
+        if (decide(toolName) === "auto") {
+            return undefined; // proceed immediately
+        }
+        // Needs user approval: emit tool_request and block until response
+        this.channel.send({
+            type: "tool_request",
+            tool_call_id: toolCallId,
+            tool: toolName,
+            args: ctx.args,
+        });
+        const decision = await this.awaitApproval(toolCallId, signal);
+        if (decision === "deny") {
+            // Cancel the whole turn — user denied execution
+            void this.session.abort();
+            return { block: true, reason: "denied by user" };
+        }
+        return undefined; // allow
+    };
+    // ── Incoming client messages ───────────────────────────────────────────────
+    onClientMessage(msg) {
+        switch (msg.type) {
+            case "user_message":
+                this.currentTurnId = msg.id;
+                void this.session.prompt(msg.text);
+                break;
+            case "approve_tool": {
+                const resolve = this.pendingApprovals.get(msg.tool_call_id);
+                if (resolve)
+                    resolve(msg.decision);
+                break;
+            }
+            case "cancel":
+                void this.session.abort();
+                this.channel.send({
+                    type: "cancelled",
+                    in_reply_to: msg.id,
+                    target_id: msg.target_id,
+                });
+                break;
+            case "ping":
+                this.channel.send({ type: "pong", in_reply_to: msg.id });
+                break;
+        }
+    }
+    // ── Cleanup ────────────────────────────────────────────────────────────────
+    dispose() {
+        this.unsubscribe();
+        for (const resolve of this.pendingApprovals.values()) {
+            resolve("deny");
+        }
+        this.pendingApprovals.clear();
+    }
+    // ── Private ────────────────────────────────────────────────────────────────
+    awaitApproval(toolCallId, signal) {
+        return new Promise((resolve) => {
+            let settled = false;
+            const settle = (d) => {
+                if (settled)
+                    return;
+                settled = true;
+                clearTimeout(timer);
+                this.pendingApprovals.delete(toolCallId);
+                resolve(d);
+            };
+            // 60 s timeout → auto-deny + inform remote peer
+            const timer = setTimeout(() => {
+                this.channel.send({
+                    type: "error",
+                    code: "timeout",
+                    message: `tool approval timeout: ${toolCallId}`,
+                });
+                settle("deny");
+            }, APPROVAL_TIMEOUT_MS);
+            this.pendingApprovals.set(toolCallId, settle);
+            signal?.addEventListener("abort", () => settle("deny"), { once: true });
+        });
+    }
+    onSessionEvent(event) {
+        // ── text streaming ─────────────────────────────────────────────────────
+        if (event.type === "message_update" && this.currentTurnId !== null) {
+            const ae = event.assistantMessageEvent;
+            if (ae.type === "text_delta") {
+                this.channel.send({
+                    type: "agent_chunk",
+                    in_reply_to: this.currentTurnId,
+                    delta: ae.delta,
+                });
+            }
+        }
+        // ── tool result ────────────────────────────────────────────────────────
+        if (event.type === "tool_execution_end") {
+            const toolResult = event.isError
+                ? {
+                    type: "tool_result",
+                    tool_call_id: event.toolCallId,
+                    error: String(event.result),
+                }
+                : {
+                    type: "tool_result",
+                    tool_call_id: event.toolCallId,
+                    result: event.result,
+                };
+            this.channel.send(toolResult);
+        }
+        // ── turn complete ──────────────────────────────────────────────────────
+        if (event.type === "agent_end" && this.currentTurnId !== null) {
+            this.channel.send({ type: "agent_done", in_reply_to: this.currentTurnId });
+            this.currentTurnId = null;
+        }
+    }
+}
+//# sourceMappingURL=agent_bridge.js.map

package/dist/session/agent_bridge.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"agent_bridge.js","sourceRoot":"","sources":["../../src/session/agent_bridge.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,MAAM,EAAE,MAAM,gBAAgB,CAAC;AA2BxC,MAAM,mBAAmB,GAAG,MAAM,CAAC;AAEnC,iFAAiF;AAEjF;;;;;;;;;GASG;AACH,MAAM,OAAO,WAAW;IACL,OAAO,CAAe;IACtB,OAAO,CAAc;IACtC,6EAA6E;IACrE,aAAa,GAAkB,IAAI,CAAC;IAC5C,oDAAoD;IACnC,gBAAgB,GAAG,IAAI,GAAG,EAGxC,CAAC;IACa,WAAW,CAAa;IAEzC,YAAY,OAAqB,EAAE,OAAoB;QACrD,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;QACvB,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;QACvB,IAAI,CAAC,WAAW,GAAG,OAAO,CAAC,SAAS,CAAC,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;IACvE,CAAC;IAED,8EAA8E;IAE9E;;;OAGG;IACM,kBAAkB,GAAG,KAAK,EACjC,GAA0B,EAC1B,MAAoB,EACuC,EAAE;QAC7D,MAAM,QAAQ,GAAG,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC;QAC5C,MAAM,UAAU,GAAG,GAAG,CAAC,QAAQ,CAAC,UAAU,CAAC;QAE3C,IAAI,MAAM,CAAC,QAAQ,CAAC,KAAK,MAAM,EAAE,CAAC;YAChC,OAAO,SAAS,CAAC,CAAC,sBAAsB;QAC1C,CAAC;QAED,kEAAkE;QAClE,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC;YAChB,IAAI,EAAE,cAAc;YACpB,YAAY,EAAE,UAAU;YACxB,IAAI,EAAE,QAAQ;YACd,IAAI,EAAE,GAAG,CAAC,IAA+B;SAC1C,CAAC,CAAC;QAEH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;QAE9D,IAAI,QAAQ,KAAK,MAAM,EAAE,CAAC;YACxB,gDAAgD;YAChD,KAAK,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;YAC1B,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,gBAAgB,EAAE,CAAC;QACnD,CAAC;QAED,OAAO,SAAS,CAAC,CAAC,QAAQ;IAC5B,CAAC,CAAC;IAEF,8EAA8E;IAE9E,eAAe,CAAC,GAAkB;QAChC,QAAQ,GAAG,CAAC,IAAI,EAAE,CAAC;YACjB,KAAK,cAAc;gBACjB,IAAI,CAAC,aAAa,GAAG,GAAG,CAAC,EAAE,CAAC;gBAC5B,KAAK,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;gBACnC,MAAM;YAER,KAAK,cAAc,CAAC,CAAC,CAAC;gBACpB,MAAM,OAAO,GAAG,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;gBAC5D,IAAI,OAAO;oBAAE,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;gBACnC,MAAM;YACR,CAAC;YAED,KAAK,QAAQ;gBACX,KAAK,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;gBAC1B,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC;oBAChB,IAAI,EAAE,WAAW;oBACjB,WAAW,EAAE,GAAG,CAAC,EAAE;oBACnB,SAAS,EAAE,GAAG,CAAC,SAAS;iBACzB,CAAC,CAAC;gBACH,MAAM;YAER,KAAK,MAAM;gBACT,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,WAAW,EAAE,GAAG,CAAC,EAAE,EAAE,CAAC,CAAC;gBACzD,MAAM;QACV,CAAC;IACH,CAAC;IAED,8EAA8E;IAE9E,OAAO;QACL,IAAI,CAAC,WAAW,EAAE,CAAC;QACnB,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,gBAAgB,CAAC,MAAM,EAAE,EAAE,CAAC;YACrD,OAAO,CAAC,MAAM,CAAC,CAAC;QAClB,CAAC;QACD,IAAI,CAAC,gBAAgB,CAAC,KAAK,EAAE,CAAC;IAChC,CAAC;IAED,8EAA8E;IAEtE,aAAa,CACnB,UAAkB,EAClB,MAAoB;QAEpB,OAAO,IAAI,OAAO,CAAmB,CAAC,OAAO,EAAE,EAAE;YAC/C,IAAI,OAAO,GAAG,KAAK,CAAC;YAEpB,MAAM,MAAM,GAAG,CAAC,CAAmB,EAAE,EAAE;gBACrC,IAAI,OAAO;oBAAE,OAAO;gBACpB,OAAO,GAAG,IAAI,CAAC;gBACf,YAAY,CAAC,KAAK,CAAC,CAAC;gBACpB,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;gBACzC,OAAO,CAAC,CAAC,CAAC,CAAC;YACb,CAAC,CAAC;YAEF,gDAAgD;YAChD,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE;gBAC5B,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC;oBAChB,IAAI,EAAE,OAAO;oBACb,IAAI,EAAE,SAAS;oBACf,OAAO,EAAE,0BAA0B,UAAU,EAAE;iBAChD,CAAC,CAAC;gBACH,MAAM,CAAC,MAAM,CAAC,CAAC;YACjB,CAAC,EAAE,mBAAmB,CAAC,CAAC;YAExB,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;YAE9C,MAAM,EAAE,gBAAgB,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;QAC1E,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,cAAc,CAAC,KAAwB;QAC7C,0EAA0E;QAC1E,IAAI,KAAK,CAAC,IAAI,KAAK,gBAAgB,IAAI,IAAI,CAAC,aAAa,KAAK,IAAI,EAAE,CAAC;YACnE,MAAM,EAAE,GAAG,KAAK,CAAC,qBAAqB,CAAC;YACvC,IAAI,EAAE,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;gBAC7B,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC;oBAChB,IAAI,EAAE,aAAa;oBACnB,WAAW,EAAE,IAAI,CAAC,aAAa;oBAC/B,KAAK,EAAE,EAAE,CAAC,KAAK;iBAChB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,0EAA0E;QAC1E,IAAI,KAAK,CAAC,IAAI,KAAK,oBAAoB,EAAE,CAAC;YACxC,MAAM,UAAU,GAAkB,KAAK,CAAC,OAAO;gBAC7C,CAAC,CAAC;oBACE,IAAI,EAAE,aAAa;oBACnB,YAAY,EAAE,KAAK,CAAC,UAAU;oBAC9B,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC;iBAC5B;gBACH,CAAC,CAAC;oBACE,IAAI,EAAE,aAAa;oBACnB,YAAY,EAAE,KAAK,CAAC,UAAU;oBAC9B,MAAM,EAAE,KAAK,CAAC,MAAiB;iBAChC,CAAC;YACN,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAChC,CAAC;QAED,0EAA0E;QAC1E,IAAI,KAAK,CAAC,IAAI,KAAK,WAAW,IAAI,IAAI,CAAC,aAAa,KAAK,IAAI,EAAE,CAAC;YAC9D,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,WAAW,EAAE,IAAI,CAAC,aAAa,EAAE,CAAC,CAAC;YAC3E,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC;QAC5B,CAAC;IACH,CAAC;CACF"}

package/dist/session/broker.d.ts

@@ -0,0 +1,37 @@
+import type { Server } from "node:net";
+import { type Envelope } from "./envelope.js";
+/**
+ * Broker hosted by the session leader. Accepts UDS connections, maintains a
+ * `name → connection` map, routes envelopes per the `to` field, and appends
+ * each routed message to an `audit.jsonl` log.
+ *
+ * Auto-suffix on name collision: when a peer registers a name already taken,
+ * the broker assigns `<name>#N` and returns it in the register ack.
+ */
+export interface BrokerOptions {
+    server: Server;
+    auditPath?: string;
+    /** Optional callback invoked after each successful route (testing/observability). */
+    onRouted?: (env: Envelope, deliveredTo: string[]) => void;
+}
+export declare class Broker {
+    private readonly peers;
+    private readonly auditPath?;
+    private readonly onRouted?;
+    private readonly server;
+    constructor(opts: BrokerOptions);
+    /** Peers currently registered. Snapshot, safe to read. */
+    peerNames(): string[];
+    close(): Promise<void>;
+    private _handleConnection;
+    private _onData;
+    private _handleLine;
+    private _handleRegister;
+    private _uniqueName;
+    private _onClose;
+    private _route;
+    private _resolveTargets;
+    private _handleBrokerMessage;
+    private _broadcastSystem;
+    private _appendAudit;
+}