remote-pi 0.1.2 → 0.2.0

package/dist/mesh/self_revoke.d.ts

@@ -0,0 +1,111 @@
+import type { MeshClient } from "./client.js";
+/**
+ * Background poller that watches each Owner's `mesh_versions` envelope on
+ * the relay and self-revokes this Pi from any Owner that no longer lists
+ * it as a member.
+ *
+ * Behavior per sweep (one entry per unique Owner in peers.json):
+ *   1. Compute `hash = sha256(ownerPk)` (lowercase hex) — the URL slug.
+ *      MUST match the format the relay stores and the app publishes;
+ *      mismatch results in silent 404 forever.
+ *   2. GET /mesh/<hash>?since=<lastSeenVersion>
+ *   3. `null` (304/404) → skip silently (no update, or owner never published)
+ *   4. Verify Ed25519 signature against the embedded `owner_pk`
+ *   5. Defense-in-depth: confirm the blob's `owner_pk` matches what we
+ *      expected (otherwise a malicious relay could swap blobs across slots)
+ *   6. Anti-rollback: drop versions < our last-seen for this Owner
+ *   7. Membership check: decode every `members[].remote_epk` to bytes and
+ *      compare against this Pi's pubkey bytes. Critical: comparing the
+ *      base64 strings directly would falsely revoke when the app emits
+ *      url-safe (`-`/`_`, no padding) and the Pi emits standard
+ *      (`+`/`/`, padded) — same 32 bytes, different strings. See
+ *      `encoding.ts` for the helpers and `plan/24` Wave 3 fix history.
+ *   8. If not a member → `storage.removePeer(ownerEpk)` and fire
+ *      `onRevoke(ownerEpk)` so the caller can tear down any live WS
+ *      sessions for that Owner.
+ *
+ * Backward-compat: an Owner who never published a mesh blob returns 404
+ * forever, which we treat as "no update". Old clients keep working
+ * untouched until they upgrade.
+ *
+ * Spec: plan/24-mesh-membership.md Wave 3.
+ */
+/** Minimum storage surface the poller needs. Concrete impl lives in
+ *  `src/pairing/storage.ts` — injecting it via constructor keeps the class
+ *  testable without filesystem mocking. */
+export interface SelfRevokeStorage {
+    listOwnerPubkeys(): Promise<string[]>;
+    removePeer(remoteEpk: string): Promise<boolean>;
+}
+export interface SelfRevokeOptions {
+    client: MeshClient;
+    storage: SelfRevokeStorage;
+    /** This Pi's long-term Ed25519 pubkey, raw 32 bytes. */
+    myPubkey: Uint8Array;
+    /** Polling cadence. Default 60s — matches the app side (plan/24 Q1). */
+    intervalMs?: number;
+    /** Fired after `storage.removePeer` succeeds, so callers can tear down
+     *  any active WS channel for the revoked owner. Receives the base64
+     *  (standard) of the Owner pubkey that revoked us. */
+    onRevoke?: (ownerEpk: string) => void | Promise<void>;
+    /** Plan/25 Wave D: fired whenever the set of Pi-pubkeys present in any
+     *  Owner's mesh_versions changes (membership added, removed, or
+     *  relabeled). The callback receives the **union** of all current
+     *  Pi-pubkeys across every known Owner, minus this Pi's own pubkey,
+     *  so callers can keep `broker_remote.setSiblings()` in sync without
+     *  re-running discovery themselves. Fires once per `checkOnce()` sweep
+     *  only when the set genuinely differs from the previous sweep. */
+    onMembersChanged?: (siblings: SiblingInfo[]) => void | Promise<void>;
+    /** Logging surface — defaults to `console.*`. Tests inject a fake. */
+    log?: {
+        info(msg: string): void;
+        warn(msg: string): void;
+        error(msg: string): void;
+    };
+}
+/** Sibling info surfaced by `onMembersChanged`. Stays bit-identical to the
+ *  shape `BrokerRemote.setSiblings` accepts so callers can pass through. */
+export interface SiblingInfo {
+    pcLabel: string;
+    pcPubkey: string;
+}
+export declare class SelfRevoke {
+    private readonly client;
+    private readonly storage;
+    /** Raw Ed25519 pubkey bytes (32 B). Membership checks decode each
+     *  `members[].remote_epk` and compare byte-wise — avoids the base64
+     *  encoding-variant trap (standard vs url-safe). */
+    private readonly myPubkey;
+    private readonly intervalMs;
+    private readonly onRevoke?;
+    private readonly onMembersChanged?;
+    private readonly log;
+    /** Anti-rollback floor: never accept a version <= lastSeen per Owner. */
+    private readonly lastSeenVersion;
+    /** Plan/25 Wave D: snapshot of the sibling union from the previous
+     *  sweep, used to detect changes without re-firing `onMembersChanged`
+     *  on every poll. Keyed by `pcPubkey`. */
+    private prevSiblings;
+    /** Latest member raw data per owner, captured during `_checkOwner`.
+     *  Stored as `(pcPubkey, nickname?)` (NOT pre-resolved label) so
+     *  `_computeSiblingUnion` can pick the best nickname across owners
+     *  — nickname always wins over fallback, regardless of owner iteration
+     *  order. See `siblings.ts::discoverSiblings` for the same rule. */
+    private readonly membersByOwner;
+    private timer;
+    constructor(opts: SelfRevokeOptions);
+    /** Starts the periodic sweep. Idempotent — a second call is a no-op.
+     *  Fires one sweep immediately so we don't wait `intervalMs` for the
+     *  first check. */
+    start(): void;
+    /** Stops the periodic sweep. In-flight `checkOnce()` calls complete
+     *  normally — only the timer is cleared. */
+    stop(): void;
+    /** One sweep across all known Owners. Per-Owner errors are logged but
+     *  do not stop iteration — we want to keep checking other Owners even
+     *  if one relay times out or one envelope is malformed. */
+    checkOnce(): Promise<void>;
+    private _computeSiblingUnion;
+    private _siblingSetChanged;
+    private _checkOwner;
+}

package/dist/mesh/self_revoke.js

@@ -0,0 +1,182 @@
+import { createHash } from "node:crypto";
+import { verifyEnvelope } from "./verify.js";
+import { bytesEqual, decodeB64Any } from "./encoding.js";
+const DEFAULT_INTERVAL_MS = 60_000;
+const FALLBACK_LABEL_LEN = 8;
+export class SelfRevoke {
+    client;
+    storage;
+    /** Raw Ed25519 pubkey bytes (32 B). Membership checks decode each
+     *  `members[].remote_epk` and compare byte-wise — avoids the base64
+     *  encoding-variant trap (standard vs url-safe). */
+    myPubkey;
+    intervalMs;
+    onRevoke;
+    onMembersChanged;
+    log;
+    /** Anti-rollback floor: never accept a version <= lastSeen per Owner. */
+    lastSeenVersion = new Map();
+    /** Plan/25 Wave D: snapshot of the sibling union from the previous
+     *  sweep, used to detect changes without re-firing `onMembersChanged`
+     *  on every poll. Keyed by `pcPubkey`. */
+    prevSiblings = new Map();
+    /** Latest member raw data per owner, captured during `_checkOwner`.
+     *  Stored as `(pcPubkey, nickname?)` (NOT pre-resolved label) so
+     *  `_computeSiblingUnion` can pick the best nickname across owners
+     *  — nickname always wins over fallback, regardless of owner iteration
+     *  order. See `siblings.ts::discoverSiblings` for the same rule. */
+    membersByOwner = new Map();
+    timer = null;
+    constructor(opts) {
+        this.client = opts.client;
+        this.storage = opts.storage;
+        this.myPubkey = opts.myPubkey;
+        this.intervalMs = opts.intervalMs ?? DEFAULT_INTERVAL_MS;
+        this.onRevoke = opts.onRevoke;
+        this.onMembersChanged = opts.onMembersChanged;
+        this.log = opts.log ?? {
+            info: (msg) => console.info(msg),
+            warn: (msg) => console.warn(msg),
+            error: (msg) => console.error(msg),
+        };
+    }
+    /** Starts the periodic sweep. Idempotent — a second call is a no-op.
+     *  Fires one sweep immediately so we don't wait `intervalMs` for the
+     *  first check. */
+    start() {
+        if (this.timer !== null)
+            return;
+        void this.checkOnce();
+        this.timer = setInterval(() => { void this.checkOnce(); }, this.intervalMs);
+    }
+    /** Stops the periodic sweep. In-flight `checkOnce()` calls complete
+     *  normally — only the timer is cleared. */
+    stop() {
+        if (this.timer !== null) {
+            clearInterval(this.timer);
+            this.timer = null;
+        }
+    }
+    /** One sweep across all known Owners. Per-Owner errors are logged but
+     *  do not stop iteration — we want to keep checking other Owners even
+     *  if one relay times out or one envelope is malformed. */
+    async checkOnce() {
+        const owners = await this.storage.listOwnerPubkeys();
+        for (const ownerEpk of owners) {
+            try {
+                await this._checkOwner(ownerEpk);
+            }
+            catch (err) {
+                this.log.error(`[mesh] self-revoke check failed for ${ownerEpk.slice(0, 8)}…: ${String(err)}`);
+            }
+        }
+        // Plan/25 Wave D: fire onMembersChanged if the union of siblings
+        // across all owners changed since the last sweep. Built outside the
+        // per-owner loop so a single owner removing a member doesn't fire
+        // until we've seen the other owners (which may still list that Pi
+        // and keep it as a sibling overall).
+        if (this.onMembersChanged) {
+            const union = this._computeSiblingUnion();
+            if (this._siblingSetChanged(union)) {
+                this.prevSiblings = union;
+                try {
+                    await this.onMembersChanged([...union.values()]);
+                }
+                catch (err) {
+                    this.log.error(`[mesh] onMembersChanged callback threw: ${String(err)}`);
+                }
+            }
+        }
+    }
+    _computeSiblingUnion() {
+        const myB64 = Buffer.from(this.myPubkey).toString("base64");
+        // pcPubkey → first nickname seen across owners (undefined when no
+        // owner has labeled this Pi yet).
+        const nicknames = new Map();
+        for (const members of this.membersByOwner.values()) {
+            for (const m of members) {
+                if (m.pcPubkey === myB64)
+                    continue;
+                if (nicknames.get(m.pcPubkey))
+                    continue; // existing nickname wins
+                if (m.nickname) {
+                    nicknames.set(m.pcPubkey, m.nickname);
+                }
+                else if (!nicknames.has(m.pcPubkey)) {
+                    nicknames.set(m.pcPubkey, undefined);
+                }
+            }
+        }
+        const out = new Map();
+        for (const [pcPubkey, nickname] of nicknames) {
+            out.set(pcPubkey, {
+                pcPubkey,
+                pcLabel: nickname ?? pcPubkey.slice(0, FALLBACK_LABEL_LEN),
+            });
+        }
+        return out;
+    }
+    _siblingSetChanged(next) {
+        if (next.size !== this.prevSiblings.size)
+            return true;
+        for (const [pk, info] of next) {
+            const prior = this.prevSiblings.get(pk);
+            if (!prior)
+                return true;
+            if (prior.pcLabel !== info.pcLabel)
+                return true;
+        }
+        return false;
+    }
+    async _checkOwner(ownerEpk) {
+        const ownerPk = Uint8Array.from(Buffer.from(ownerEpk, "base64"));
+        // Lowercase hex per the cross-language contract (relay + app). Node's
+        // `digest('hex')` already produces lowercase by default.
+        const hash = createHash("sha256").update(ownerPk).digest("hex");
+        const since = this.lastSeenVersion.get(ownerEpk);
+        const env = await this.client.get(hash, since);
+        if (!env)
+            return; // 304 or 404 — nothing to do
+        const header = await verifyEnvelope(env);
+        // Defense-in-depth: a malicious relay could return a valid-but-different
+        // owner's envelope at our slot. The relay should reject this on upload
+        // (per plan/24), but we double-check here.
+        const headerOwnerB64 = Buffer.from(header.ownerPk).toString("base64");
+        if (headerOwnerB64 !== ownerEpk) {
+            this.log.warn(`[mesh] owner_pk mismatch for slot ${ownerEpk.slice(0, 8)}…: blob says ${headerOwnerB64.slice(0, 8)}… — ignoring`);
+            return;
+        }
+        const lastSeen = this.lastSeenVersion.get(ownerEpk) ?? 0;
+        if (header.version < lastSeen) {
+            this.log.warn(`[mesh] anti-rollback: dropped v${header.version} < lastSeen v${lastSeen} for ${ownerEpk.slice(0, 8)}…`);
+            return;
+        }
+        this.lastSeenVersion.set(ownerEpk, header.version);
+        // Plan/25 Wave D: capture raw nickname (NOT pre-resolved label) per
+        // owner. `_computeSiblingUnion` picks the best label across owners
+        // — nickname always beats fallback. Pre-resolving here was the bug
+        // that produced different pc_labels on different Pis when Owner A
+        // labeled but Owner B didn't.
+        this.membersByOwner.set(ownerEpk, header.members.map((m) => ({
+            pcPubkey: m.remoteEpk,
+            ...(m.nickname ? { nickname: m.nickname } : {}),
+        })));
+        // Decode every member's pubkey to bytes and compare against our own.
+        // The app may emit base64 url-safe (`-`/`_`, no padding) while the Pi
+        // emits standard (`+`/`/`, padded) — same bytes, different strings.
+        // String equality on those would falsely revoke us. See `encoding.ts`.
+        const stillMember = header.members.some((m) => bytesEqual(decodeB64Any(m.remoteEpk), this.myPubkey));
+        if (stillMember)
+            return;
+        // Log the EXACT version observed (from the relay's blob) plus the
+        // `since` cursor we sent — disambiguates poll-time state from any
+        // SQLite snapshot the operator might take later.
+        this.log.info(`[mesh] self-revoked from owner ${ownerEpk.slice(0, 8)}… ` +
+            `(received v${header.version}, since=${since ?? "<none>"}, ` +
+            `members=${header.members.length})`);
+        await this.storage.removePeer(ownerEpk);
+        if (this.onRevoke)
+            await this.onRevoke(ownerEpk);
+    }
+}
+//# sourceMappingURL=self_revoke.js.map

package/dist/mesh/self_revoke.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"self_revoke.js","sourceRoot":"","sources":["../../src/mesh/self_revoke.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAEzC,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAC7C,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AA4EzD,MAAM,mBAAmB,GAAG,MAAM,CAAC;AAEnC,MAAM,kBAAkB,GAAG,CAAC,CAAC;AAE7B,MAAM,OAAO,UAAU;IACJ,MAAM,CAAa;IACnB,OAAO,CAAoB;IAC5C;;wDAEoD;IACnC,QAAQ,CAAa;IACrB,UAAU,CAAS;IACnB,QAAQ,CAAiC;IACzC,gBAAgB,CAAyC;IACzD,GAAG,CAAwC;IAC5D,yEAAyE;IACxD,eAAe,GAAG,IAAI,GAAG,EAAkB,CAAC;IAC7D;;8CAE0C;IAClC,YAAY,GAAG,IAAI,GAAG,EAAuB,CAAC;IACtD;;;;wEAIoE;IACnD,cAAc,GAAG,IAAI,GAAG,EAGtC,CAAC;IACI,KAAK,GAA0C,IAAI,CAAC;IAE5D,YAAY,IAAuB;QACjC,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;QAC1B,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC;QAC5B,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC;QAC9B,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,UAAU,IAAI,mBAAmB,CAAC;QACzD,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC;QAC9B,IAAI,CAAC,gBAAgB,GAAG,IAAI,CAAC,gBAAgB,CAAC;QAC9C,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,GAAG,IAAI;YACrB,IAAI,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC;YAChC,IAAI,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC;YAChC,KAAK,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC;SACnC,CAAC;IACJ,CAAC;IAED;;uBAEmB;IACnB,KAAK;QACH,IAAI,IAAI,CAAC,KAAK,KAAK,IAAI;YAAE,OAAO;QAChC,KAAK,IAAI,CAAC,SAAS,EAAE,CAAC;QACtB,IAAI,CAAC,KAAK,GAAG,WAAW,CAAC,GAAG,EAAE,GAAG,KAAK,IAAI,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC;IAC9E,CAAC;IAED;gDAC4C;IAC5C,IAAI;QACF,IAAI,IAAI,CAAC,KAAK,KAAK,IAAI,EAAE,CAAC;YACxB,aAAa,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAC1B,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC;QACpB,CAAC;IACH,CAAC;IAED;;+DAE2D;IAC3D,KAAK,CAAC,SAAS;QACb,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,gBAAgB,EAAE,CAAC;QACrD,KAAK,MAAM,QAAQ,IAAI,MAAM,EAAE,CAAC;YAC9B,IAAI,CAAC;gBACH,MAAM,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;YACnC,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,IAAI,CAAC,GAAG,CAAC,KAAK,CACZ,uCAAuC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,MAAM,MAAM,CAAC,GAAG,CAAC,EAAE,CAC/E,CAAC;YACJ,CAAC;QACH,CAAC;QAED,iEAAiE;QACjE,oEAAoE;QACpE,kEAAkE;QAClE,kEAAkE;QAClE,qCAAqC;QACrC,IAAI,IAAI,CAAC,gBAAgB,EAAE,CAAC;YAC1B,MAAM,KAAK,GAAG,IAAI,CAAC,oBAAoB,EAAE,CAAC;YAC1C,IAAI,IAAI,CAAC,kBAAkB,CAAC,KAAK,CAAC,EAAE,CAAC;gBACnC,IAAI,CAAC,YAAY,GAAG,KAAK,CAAC;gBAC1B,IAAI,CAAC;oBACH,MAAM,IAAI,CAAC,gBAAgB,CAAC,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;gBACnD,CAAC;gBAAC,OAAO,GAAG,EAAE,CAAC;oBACb,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,2CAA2C,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;gBAC3E,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAEO,oBAAoB;QAC1B,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAC5D,kEAAkE;QAClE,kCAAkC;QAClC,MAAM,SAAS,GAAG,IAAI,GAAG,EAA8B,CAAC;QACxD,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,EAAE,CAAC;YACnD,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;gBACxB,IAAI,CAAC,CAAC,QAAQ,KAAK,KAAK;oBAAE,SAAS;gBACnC,IAAI,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC;oBAAE,SAAS,CAAE,yBAAyB;gBACnE,IAAI,CAAC,CAAC,QAAQ,EAAE,CAAC;oBACf,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC;gBACxC,CAAC;qBAAM,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC;oBACtC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;gBACvC,CAAC;YACH,CAAC;QACH,CAAC;QACD,MAAM,GAAG,GAAG,IAAI,GAAG,EAAuB,CAAC;QAC3C,KAAK,MAAM,CAAC,QAAQ,EAAE,QAAQ,CAAC,IAAI,SAAS,EAAE,CAAC;YAC7C,GAAG,CAAC,GAAG,CAAC,QAAQ,EAAE;gBAChB,QAAQ;gBACR,OAAO,EAAE,QAAQ,IAAI,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,kBAAkB,CAAC;aAC3D,CAAC,CAAC;QACL,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC;IAEO,kBAAkB,CAAC,IAA8B;QACvD,IAAI,IAAI,CAAC,IAAI,KAAK,IAAI,CAAC,YAAY,CAAC,IAAI;YAAE,OAAO,IAAI,CAAC;QACtD,KAAK,MAAM,CAAC,EAAE,EAAE,IAAI,CAAC,IAAI,IAAI,EAAE,CAAC;YAC9B,MAAM,KAAK,GAAG,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YACxC,IAAI,CAAC,KAAK;gBAAE,OAAO,IAAI,CAAC;YACxB,IAAI,KAAK,CAAC,OAAO,KAAK,IAAI,CAAC,OAAO;gBAAE,OAAO,IAAI,CAAC;QAClD,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAEO,KAAK,CAAC,WAAW,CAAC,QAAgB;QACxC,MAAM,OAAO,GAAG,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC,CAAC;QACjE,sEAAsE;QACtE,yDAAyD;QACzD,MAAM,IAAI,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAChE,MAAM,KAAK,GAAG,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAEjD,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;QAC/C,IAAI,CAAC,GAAG;YAAE,OAAO,CAAE,6BAA6B;QAEhD,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,GAAG,CAAC,CAAC;QAEzC,yEAAyE;QACzE,uEAAuE;QACvE,2CAA2C;QAC3C,MAAM,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QACtE,IAAI,cAAc,KAAK,QAAQ,EAAE,CAAC;YAChC,IAAI,CAAC,GAAG,CAAC,IAAI,CACX,qCAAqC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,gBAAgB,cAAc,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,cAAc,CAClH,CAAC;YACF,OAAO;QACT,CAAC;QAED,MAAM,QAAQ,GAAG,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QACzD,IAAI,MAAM,CAAC,OAAO,GAAG,QAAQ,EAAE,CAAC;YAC9B,IAAI,CAAC,GAAG,CAAC,IAAI,CACX,kCAAkC,MAAM,CAAC,OAAO,gBAAgB,QAAQ,QAAQ,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,CACxG,CAAC;YACF,OAAO;QACT,CAAC;QACD,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;QAEnD,oEAAoE;QACpE,mEAAmE;QACnE,mEAAmE;QACnE,kEAAkE;QAClE,8BAA8B;QAC9B,IAAI,CAAC,cAAc,CAAC,GAAG,CACrB,QAAQ,EACR,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YACzB,QAAQ,EAAE,CAAC,CAAC,SAAS;YACrB,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SAChD,CAAC,CAAC,CACJ,CAAC;QAEF,qEAAqE;QACrE,sEAAsE;QACtE,oEAAoE;QACpE,uEAAuE;QACvE,MAAM,WAAW,GAAG,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAC5C,UAAU,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS,CAAC,EAAE,IAAI,CAAC,QAAQ,CAAC,CACrD,CAAC;QACF,IAAI,WAAW;YAAE,OAAO;QAExB,kEAAkE;QAClE,kEAAkE;QAClE,iDAAiD;QACjD,IAAI,CAAC,GAAG,CAAC,IAAI,CACX,kCAAkC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI;YAC1D,cAAc,MAAM,CAAC,OAAO,WAAW,KAAK,IAAI,QAAQ,IAAI;YAC5D,WAAW,MAAM,CAAC,OAAO,CAAC,MAAM,GAAG,CACpC,CAAC;QACF,MAAM,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;QACxC,IAAI,IAAI,CAAC,QAAQ;YAAE,MAAM,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IACnD,CAAC;CACF"}

package/dist/mesh/siblings.d.ts

@@ -0,0 +1,62 @@
+import type { MeshClient } from "./client.js";
+/**
+ * Plan/25 — discover Pis-irmãos of every Owner this Pi is paired with.
+ *
+ * For each Owner pubkey (from `peers.json`), pulls the latest signed
+ * `mesh_versions` blob from the relay, verifies it, and walks the members
+ * list to extract all Pi-pubkeys other than this one. The same member may
+ * appear under multiple Owners — we de-dupe by Pi-pubkey.
+ *
+ * Returned `pcLabel` priority:
+ *   1. `member.nickname` (set by the Owner at pairing time)
+ *   2. First 8 chars of the base64-encoded Pi-pubkey (defensive fallback —
+ *      keeps cross-PC addressing working even when nicknames are missing)
+ *
+ * Tolerates per-owner errors: a missing/malformed blob for one Owner does
+ * NOT prevent siblings of other Owners from being discovered. Logs and
+ * continues.
+ */
+export interface SiblingPi {
+    pcLabel: string;
+    pcPubkey: string;
+}
+export interface DiscoverSelfLabelResult {
+    /** This Pi's effective `pc_label` (nickname when any Owner has set one;
+     *  pubkey prefix fallback otherwise). */
+    selfPcLabel: string;
+}
+export interface DiscoverOptions {
+    client: MeshClient;
+    ownerEpks: string[];
+    myPubkey: Uint8Array;
+    log?: {
+        warn(msg: string): void;
+    };
+}
+/** Derive the fallback label from a base64-encoded Pi pubkey. */
+export declare function fallbackLabel(pcPubkey: string): string;
+/**
+ * Resolve self pc_label by scanning every Owner's mesh blob for an entry
+ * matching `myPubkey`. Returns the first nickname found; falls back to the
+ * base64 prefix when no Owner has labeled us.
+ */
+export declare function discoverSelfLabel(opts: DiscoverOptions): Promise<DiscoverSelfLabelResult>;
+/**
+ * Enumerate Pis-irmãos across all Owners. De-duplicated by `pcPubkey`.
+ * Excludes `myPubkey`.
+ *
+ * Label resolution rule (anti-asymmetry — see plan/25 Wave D fix):
+ *   1. Scan EVERY Owner blob first, collecting all distinct sibling
+ *      pubkeys and any nicknames seen for each.
+ *   2. For each pubkey, pick label as: first nickname encountered (if
+ *      any Owner labeled this Pi), else `fallbackLabel(pubkey)`.
+ *
+ * Why: if two Pis are paired to the same set of Owners but only some
+ * Owners labeled them, naive first-wins dedup can pick the unlabeled
+ * occurrence and discard the labeled one — producing different
+ * `pc_label`s between Pis (PC-A's `discoverSelfLabel` skips non-labeled,
+ * but old `discoverSiblings` didn't). The asymmetry triggers anti-spoof
+ * drops in `broker_remote.handleIncoming`. This rule keeps both sides in
+ * sync: nickname always wins over fallback.
+ */
+export declare function discoverSiblings(opts: DiscoverOptions): Promise<SiblingPi[]>;

package/dist/mesh/siblings.js

@@ -0,0 +1,95 @@
+import { createHash } from "node:crypto";
+import { verifyEnvelope } from "./verify.js";
+import { bytesEqual, decodeB64Any } from "./encoding.js";
+const FALLBACK_LABEL_LEN = 8;
+/** Derive the fallback label from a base64-encoded Pi pubkey. */
+export function fallbackLabel(pcPubkey) {
+    return pcPubkey.slice(0, FALLBACK_LABEL_LEN);
+}
+/**
+ * Resolve self pc_label by scanning every Owner's mesh blob for an entry
+ * matching `myPubkey`. Returns the first nickname found; falls back to the
+ * base64 prefix when no Owner has labeled us.
+ */
+export async function discoverSelfLabel(opts) {
+    const log = opts.log ?? { warn: (m) => console.warn(m) };
+    const myB64 = Buffer.from(opts.myPubkey).toString("base64");
+    for (const ownerEpk of opts.ownerEpks) {
+        try {
+            const env = await _fetchOwnerBlob(opts.client, ownerEpk);
+            if (!env)
+                continue;
+            const header = await verifyEnvelope(env);
+            for (const m of header.members) {
+                if (bytesEqual(decodeB64Any(m.remoteEpk), opts.myPubkey) && m.nickname) {
+                    return { selfPcLabel: m.nickname };
+                }
+            }
+        }
+        catch (err) {
+            log.warn(`[siblings] self-label fetch failed for owner ${ownerEpk.slice(0, 8)}…: ${String(err)}`);
+        }
+    }
+    return { selfPcLabel: fallbackLabel(myB64) };
+}
+/**
+ * Enumerate Pis-irmãos across all Owners. De-duplicated by `pcPubkey`.
+ * Excludes `myPubkey`.
+ *
+ * Label resolution rule (anti-asymmetry — see plan/25 Wave D fix):
+ *   1. Scan EVERY Owner blob first, collecting all distinct sibling
+ *      pubkeys and any nicknames seen for each.
+ *   2. For each pubkey, pick label as: first nickname encountered (if
+ *      any Owner labeled this Pi), else `fallbackLabel(pubkey)`.
+ *
+ * Why: if two Pis are paired to the same set of Owners but only some
+ * Owners labeled them, naive first-wins dedup can pick the unlabeled
+ * occurrence and discard the labeled one — producing different
+ * `pc_label`s between Pis (PC-A's `discoverSelfLabel` skips non-labeled,
+ * but old `discoverSiblings` didn't). The asymmetry triggers anti-spoof
+ * drops in `broker_remote.handleIncoming`. This rule keeps both sides in
+ * sync: nickname always wins over fallback.
+ */
+export async function discoverSiblings(opts) {
+    const log = opts.log ?? { warn: (m) => console.warn(m) };
+    // pcPubkey → first nickname seen across owners (or undefined if none).
+    const labels = new Map();
+    for (const ownerEpk of opts.ownerEpks) {
+        try {
+            const env = await _fetchOwnerBlob(opts.client, ownerEpk);
+            if (!env)
+                continue;
+            const header = await verifyEnvelope(env);
+            for (const m of header.members) {
+                if (bytesEqual(decodeB64Any(m.remoteEpk), opts.myPubkey))
+                    continue;
+                const existing = labels.get(m.remoteEpk);
+                if (existing)
+                    continue; // first-nickname wins; never overwrite a real label
+                if (m.nickname) {
+                    labels.set(m.remoteEpk, m.nickname);
+                }
+                else if (!labels.has(m.remoteEpk)) {
+                    // Seen pubkey for the first time, no nickname yet — record the
+                    // slot so later iterations may upgrade it via the `if (existing)
+                    // continue` check above only matching truthy nicknames.
+                    labels.set(m.remoteEpk, undefined);
+                }
+            }
+        }
+        catch (err) {
+            log.warn(`[siblings] discover failed for owner ${ownerEpk.slice(0, 8)}…: ${String(err)}`);
+        }
+    }
+    const out = [];
+    for (const [pcPubkey, nickname] of labels) {
+        out.push({ pcPubkey, pcLabel: nickname ?? fallbackLabel(pcPubkey) });
+    }
+    return out;
+}
+async function _fetchOwnerBlob(client, ownerEpk) {
+    const ownerPk = Uint8Array.from(Buffer.from(ownerEpk, "base64"));
+    const hash = createHash("sha256").update(ownerPk).digest("hex");
+    return client.get(hash);
+}
+//# sourceMappingURL=siblings.js.map

package/dist/mesh/siblings.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"siblings.js","sourceRoot":"","sources":["../../src/mesh/siblings.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAEzC,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAC7C,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AAsCzD,MAAM,kBAAkB,GAAG,CAAC,CAAC;AAE7B,iEAAiE;AACjE,MAAM,UAAU,aAAa,CAAC,QAAgB;IAC5C,OAAO,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,kBAAkB,CAAC,CAAC;AAC/C,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,IAAqB;IAErB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;IACzD,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAE5D,KAAK,MAAM,QAAQ,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;QACtC,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,eAAe,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;YACzD,IAAI,CAAC,GAAG;gBAAE,SAAS;YACnB,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,GAAG,CAAC,CAAC;YACzC,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;gBAC/B,IAAI,UAAU,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS,CAAC,EAAE,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,CAAC;oBACvE,OAAO,EAAE,WAAW,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC;gBACrC,CAAC;YACH,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,GAAG,CAAC,IAAI,CAAC,gDAAgD,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,MAAM,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QACpG,CAAC;IACH,CAAC;IACD,OAAO,EAAE,WAAW,EAAE,aAAa,CAAC,KAAK,CAAC,EAAE,CAAC;AAC/C,CAAC;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAAC,IAAqB;IAC1D,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;IACzD,uEAAuE;IACvE,MAAM,MAAM,GAAG,IAAI,GAAG,EAA8B,CAAC;IAErD,KAAK,MAAM,QAAQ,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;QACtC,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,eAAe,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;YACzD,IAAI,CAAC,GAAG;gBAAE,SAAS;YACnB,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,GAAG,CAAC,CAAC;YACzC,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;gBAC/B,IAAI,UAAU,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS,CAAC,EAAE,IAAI,CAAC,QAAQ,CAAC;oBAAE,SAAS;gBACnE,MAAM,QAAQ,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;gBACzC,IAAI,QAAQ;oBAAE,SAAS,CAAE,oDAAoD;gBAC7E,IAAI,CAAC,CAAC,QAAQ,EAAE,CAAC;oBACf,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC;gBACtC,CAAC;qBAAM,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC,EAAE,CAAC;oBACpC,+DAA+D;oBAC/D,iEAAiE;oBACjE,wDAAwD;oBACxD,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;gBACrC,CAAC;YACH,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,GAAG,CAAC,IAAI,CAAC,wCAAwC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,MAAM,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAC5F,CAAC;IACH,CAAC;IAED,MAAM,GAAG,GAAgB,EAAE,CAAC;IAC5B,KAAK,MAAM,CAAC,QAAQ,EAAE,QAAQ,CAAC,IAAI,MAAM,EAAE,CAAC;QAC1C,GAAG,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,OAAO,EAAE,QAAQ,IAAI,aAAa,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;IACvE,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,KAAK,UAAU,eAAe,CAAC,MAAkB,EAAE,QAAgB;IACjE,MAAM,OAAO,GAAG,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC,CAAC;IACjE,MAAM,IAAI,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAChE,OAAO,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC"}

package/dist/mesh/types.d.ts

@@ -0,0 +1,34 @@
+/**
+ * Mesh-membership types — pi-extension side. Mirrors the wire shape defined
+ * in plan/24-mesh-membership.md and must stay bit-compatible with the Dart
+ * (app) and Rust (relay) implementations of the same protocol.
+ *
+ * On the wire, JSON field names are `snake_case` (per the plan); this module
+ * exposes `camelCase` for ergonomic TS use. Conversion happens at the
+ * (de)serialization boundary in `verify.ts` / `canonical.ts`.
+ */
+export interface MeshMember {
+    /** Pi long-term Ed25519 pubkey, base64 standard (matches PeerRecord.remote_epk). */
+    remoteEpk: string;
+    /** Relay URL where this member registers. */
+    relayUrl: string;
+    /** ISO-8601 timestamp of when the pairing happened. */
+    pairedAt: string;
+    /** Optional Owner-set label. */
+    nickname?: string;
+}
+export interface MeshHeader {
+    /** Owner-scoped monotonic counter. Higher = newer. */
+    version: number;
+    /** Issued-at, ms since epoch. */
+    issuedAt: number;
+    /** Owner's Ed25519 pubkey, raw 32 bytes. */
+    ownerPk: Uint8Array;
+    members: MeshMember[];
+}
+export interface MeshEnvelope {
+    /** Canonical JSON bytes of the header (snake_case keys, sorted, no whitespace). */
+    blob: Uint8Array;
+    /** Ed25519 signature of `blob`, 64 bytes. */
+    sig: Uint8Array;
+}

package/dist/mesh/types.js

@@ -0,0 +1,11 @@
+/**
+ * Mesh-membership types — pi-extension side. Mirrors the wire shape defined
+ * in plan/24-mesh-membership.md and must stay bit-compatible with the Dart
+ * (app) and Rust (relay) implementations of the same protocol.
+ *
+ * On the wire, JSON field names are `snake_case` (per the plan); this module
+ * exposes `camelCase` for ergonomic TS use. Conversion happens at the
+ * (de)serialization boundary in `verify.ts` / `canonical.ts`.
+ */
+export {};
+//# sourceMappingURL=types.js.map

package/dist/mesh/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/mesh/types.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG"}

package/dist/mesh/verify.d.ts

@@ -0,0 +1,17 @@
+import type { MeshEnvelope, MeshHeader } from "./types.js";
+/**
+ * Verifies the Ed25519 signature on a mesh envelope and decodes the blob
+ * into a typed `MeshHeader`.
+ *
+ * The verification key is extracted *from the blob* (`owner_pk` field) —
+ * the caller MUST then check that `sha256(header.ownerPk)` matches the
+ * URL hash they queried with. Otherwise a malicious relay could serve a
+ * valid-but-different-owner blob at our hash slot.
+ *
+ * Throws on:
+ *   - JSON parse failure
+ *   - Missing or wrong-type required fields
+ *   - `owner_pk` not 32 bytes
+ *   - Signature mismatch
+ */
+export declare function verifyEnvelope(env: MeshEnvelope): Promise<MeshHeader>;

package/dist/mesh/verify.js

@@ -0,0 +1,77 @@
+import { ed25519Verify } from "../pairing/crypto.js";
+/**
+ * Verifies the Ed25519 signature on a mesh envelope and decodes the blob
+ * into a typed `MeshHeader`.
+ *
+ * The verification key is extracted *from the blob* (`owner_pk` field) —
+ * the caller MUST then check that `sha256(header.ownerPk)` matches the
+ * URL hash they queried with. Otherwise a malicious relay could serve a
+ * valid-but-different-owner blob at our hash slot.
+ *
+ * Throws on:
+ *   - JSON parse failure
+ *   - Missing or wrong-type required fields
+ *   - `owner_pk` not 32 bytes
+ *   - Signature mismatch
+ */
+export async function verifyEnvelope(env) {
+    let parsed;
+    try {
+        parsed = JSON.parse(new TextDecoder().decode(env.blob));
+    }
+    catch (e) {
+        throw new Error(`mesh: blob is not valid JSON: ${e.message}`);
+    }
+    if (!parsed || typeof parsed !== "object") {
+        throw new Error("mesh: blob is not a JSON object");
+    }
+    const o = parsed;
+    if (typeof o["owner_pk"] !== "string") {
+        throw new Error("mesh: owner_pk missing or not a string");
+    }
+    if (typeof o["version"] !== "number" || !Number.isInteger(o["version"])) {
+        throw new Error("mesh: version missing or not an integer");
+    }
+    if (typeof o["issued_at"] !== "number" || !Number.isInteger(o["issued_at"])) {
+        throw new Error("mesh: issued_at missing or not an integer");
+    }
+    if (!Array.isArray(o["members"])) {
+        throw new Error("mesh: members missing or not an array");
+    }
+    const ownerPk = Uint8Array.from(Buffer.from(o["owner_pk"], "base64"));
+    if (ownerPk.length !== 32) {
+        throw new Error(`mesh: owner_pk wrong length (${ownerPk.length}, expected 32)`);
+    }
+    if (!ed25519Verify(ownerPk, env.blob, env.sig)) {
+        throw new Error("mesh: signature verification failed");
+    }
+    const members = o["members"].map((raw, i) => {
+        if (!raw || typeof raw !== "object") {
+            throw new Error(`mesh: members[${i}] is not an object`);
+        }
+        const m = raw;
+        if (typeof m["remote_epk"] !== "string") {
+            throw new Error(`mesh: members[${i}].remote_epk invalid`);
+        }
+        if (typeof m["relay_url"] !== "string") {
+            throw new Error(`mesh: members[${i}].relay_url invalid`);
+        }
+        if (typeof m["paired_at"] !== "string") {
+            throw new Error(`mesh: members[${i}].paired_at invalid`);
+        }
+        const nickname = m["nickname"];
+        return {
+            remoteEpk: m["remote_epk"],
+            relayUrl: m["relay_url"],
+            pairedAt: m["paired_at"],
+            ...(typeof nickname === "string" ? { nickname } : {}),
+        };
+    });
+    return {
+        version: o["version"],
+        issuedAt: o["issued_at"],
+        ownerPk,
+        members,
+    };
+}
+//# sourceMappingURL=verify.js.map

package/dist/mesh/verify.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"verify.js","sourceRoot":"","sources":["../../src/mesh/verify.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AAGrD;;;;;;;;;;;;;;GAcG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,GAAiB;IACpD,IAAI,MAAe,CAAC;IACpB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC;IAC1D,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,MAAM,IAAI,KAAK,CAAC,iCAAkC,CAAW,CAAC,OAAO,EAAE,CAAC,CAAC;IAC3E,CAAC;IACD,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;QAC1C,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;IACrD,CAAC;IACD,MAAM,CAAC,GAAG,MAAiC,CAAC;IAE5C,IAAI,OAAO,CAAC,CAAC,UAAU,CAAC,KAAK,QAAQ,EAAE,CAAC;QACtC,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAC;IAC5D,CAAC;IACD,IAAI,OAAO,CAAC,CAAC,SAAS,CAAC,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC;QACxE,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;IAC7D,CAAC;IACD,IAAI,OAAO,CAAC,CAAC,WAAW,CAAC,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,EAAE,CAAC;QAC5E,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;IAC/D,CAAC;IACD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC;QACjC,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;IAC3D,CAAC;IAED,MAAM,OAAO,GAAG,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,UAAU,CAAW,EAAE,QAAQ,CAAC,CAAC,CAAC;IAChF,IAAI,OAAO,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QAC1B,MAAM,IAAI,KAAK,CAAC,gCAAgC,OAAO,CAAC,MAAM,gBAAgB,CAAC,CAAC;IAClF,CAAC;IAED,IAAI,CAAC,aAAa,CAAC,OAAO,EAAE,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;QAC/C,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;IACzD,CAAC;IAED,MAAM,OAAO,GAAkB,CAAC,CAAC,SAAS,CAAe,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE;QACvE,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;YACpC,MAAM,IAAI,KAAK,CAAC,iBAAiB,CAAC,oBAAoB,CAAC,CAAC;QAC1D,CAAC;QACD,MAAM,CAAC,GAAG,GAA8B,CAAC;QACzC,IAAI,OAAO,CAAC,CAAC,YAAY,CAAC,KAAK,QAAQ,EAAE,CAAC;YACxC,MAAM,IAAI,KAAK,CAAC,iBAAiB,CAAC,sBAAsB,CAAC,CAAC;QAC5D,CAAC;QACD,IAAI,OAAO,CAAC,CAAC,WAAW,CAAC,KAAK,QAAQ,EAAE,CAAC;YACvC,MAAM,IAAI,KAAK,CAAC,iBAAiB,CAAC,qBAAqB,CAAC,CAAC;QAC3D,CAAC;QACD,IAAI,OAAO,CAAC,CAAC,WAAW,CAAC,KAAK,QAAQ,EAAE,CAAC;YACvC,MAAM,IAAI,KAAK,CAAC,iBAAiB,CAAC,qBAAqB,CAAC,CAAC;QAC3D,CAAC;QACD,MAAM,QAAQ,GAAG,CAAC,CAAC,UAAU,CAAC,CAAC;QAC/B,OAAO;YACL,SAAS,EAAE,CAAC,CAAC,YAAY,CAAW;YACpC,QAAQ,EAAE,CAAC,CAAC,WAAW,CAAW;YAClC,QAAQ,EAAE,CAAC,CAAC,WAAW,CAAW;YAClC,GAAG,CAAC,OAAO,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACtD,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,OAAO;QACL,OAAO,EAAE,CAAC,CAAC,SAAS,CAAW;QAC/B,QAAQ,EAAE,CAAC,CAAC,WAAW,CAAW;QAClC,OAAO;QACP,OAAO;KACR,CAAC;AACJ,CAAC"}

package/dist/pairing/qr.d.ts

@@ -26,11 +26,22 @@ sessionName: string,
  */
 roomId?: string): string;
 /**
- * Renders the QR + URI in the Pi TUI's output pane via stderr. `ctx.ui.notify`
- * collapses multi-line content into a single toast, so for ASCII art we need
- * the raw stderr capture that the Pi TUI exposes as scrollable log. Post
- * plano 14 the QR carries only `t/epk/n`, fits comfortably in the panel
- * without needing a separate Terminal window.
+ * Returns the QR ASCII as a string (pure Unicode block characters —
+ * `█ ▀ ▄` and space, NO ANSI escapes — qrcode-terminal v0.12 small mode
+ * is escape-free, see lib/main.js:48-53).
+ *
+ * The caller can either write the string to stderr (legacy path, breaks
+ * the Pi TUI layout) or inject it via `pi.sendMessage` (renders inside
+ * the chat panel as proper content).
+ */
+export declare function renderQRAscii(uri: string): string;
+/**
+ * Legacy stderr writer — kept for the standalone CLI mode
+ * (`pi-extension/src/index.ts` bottom block, which runs outside a Pi TUI).
+ * Inside the Pi TUI extension flow, use `renderQRAscii` + `pi.sendMessage`
+ * instead — direct stderr writes from inside an extension break the TUI's
+ * scrollable output widget (the QR overflows the panel and other writes
+ * collide with the prompt area).
  */
 export declare function displayQR(uri: string): void;
 /**