remote-pi 0.1.3 → 0.2.1

package/README.md

@@ -13,6 +13,13 @@
 `/remote-pi` is a single slash command that wires both at once. Run it; the
 first time it asks a couple of questions and you are done.
 
+## Protocol & Security
+
+For wire format, identity model, ACK protocol, cross-PC routing, mesh
+membership, and the trust model (what the relay sees and doesn't see),
+read [`PROTOCOL.md`](../PROTOCOL.md) at the repo root. It is the canonical
+document — this README only covers user-facing setup.
+
 ---
 
 ## Quick start
@@ -90,19 +97,17 @@ over — the failover is invisible to the LLMs.
 
 The companion mobile app lets you send prompts to Pi and read its responses
 from your phone. The phone and the Pi process find each other through a
-**relay**: a small WebSocket server that ferries end-to-end encrypted
-messages between them. Pairing is one-time and per device, via QR code.
-
-Encryption uses Curve25519 key agreement + ChaCha20-Poly1305 (libsodium).
-The relay sees only ciphertext.
+**relay**: a small WebSocket server that ferries messages between them.
+Pairing is one-time and per device, via QR code.
 
-App downloads:
+Communication: WebSocket over TLS to the relay (ciphertext in transit).
+The relay sees plaintext envelopes at rest and in forwarding — see
+[`PROTOCOL.md`](../PROTOCOL.md) for the trust model.
 
-- **Google Play** — *coming soon*
-- **App Store** — *coming soon*
+**Get the app** — all current download options (Google Play, App Store, and
+direct builds while public releases roll out):
 
-Until the public releases land, follow
-[the repo](https://github.com/jacobaraujo7/remote_pi) for build/beta info.
+<https://remote-pi.jacobmoura.work/#get-the-app>
 
 ---
 
@@ -198,8 +203,9 @@ You have two options:
 ### Option A — Use the community relay
 
 `https://relay-rp1.jacobmoura.work` (default). Zero setup. Good for trying
-things out or for casual use. (Internally the extension uses the WebSocket
-form `wss://…` — both schemes point at the same endpoint.)
+things out or for casual use. (The extension converts to `wss://…`
+internally when opening the connection — both schemes point at the same
+endpoint.)
 
 Caveats:
 
@@ -229,28 +235,27 @@ docker run -d \
 ```
 
 Bind the container to your VPN interface, terminate TLS in a reverse proxy,
-and point both your Pi and your phone at the resulting `wss://…` URL.
+and point both your Pi and your phone at the resulting `https://…` URL.
 
 ### Pointing Pi at your own relay
 
 Once your relay is reachable, tell the extension:
 
 ```text
-/remote-pi relay url wss://relay.yourdomain.tld
+/remote-pi relay url https://relay.yourdomain.tld
 ```
 
-You can also paste an `https://` URL — many hosts (Coolify, Fly, Render,
-Vercel-style PaaS) only expose HTTPS endpoints in their dashboards, but
-WebSocket Secure (`wss://`) runs over the same TLS connection on the same
-port. The extension auto-rewrites `https://` → `wss://` and `http://` →
-`ws://` so you can use whatever URL your provider gives you.
+The URL **must** be `http://` or `https://` — `ws://` / `wss://` are
+rejected at validation. The extension converts to WebSocket internally when
+it opens the connection. Same canonical form for the mobile app and any
+self-hosting docs: paste the URL your reverse proxy exposes.
 
 This writes `~/.pi/remote/config.json` with `{ "relay": "..." }`. Resolution
 order (highest precedence first):
 
 1. `REMOTE_PI_RELAY` environment variable (CI / one-off overrides)
 2. `~/.pi/remote/config.json`
-3. The built-in default (`https://relay-rp1.jacobmoura.work`, used as `wss://…`)
+3. The built-in default (`https://relay-rp1.jacobmoura.work`)
 
 Verify the active URL and its source with:
 
@@ -310,34 +315,149 @@ real name to the peer.
 
 ## Command reference
 
+### Local session (one Pi, one terminal)
+
 | Command | Description |
 |---|---|
-| `/remote-pi` | Connect (join session + start relay), or run setup on first use |
+| `/remote-pi` | Connect (join local mesh + start relay), or run setup on first use |
 | `/remote-pi setup` | Run the setup wizard and update local config |
-| `/remote-pi join [name]` | Join (or create) a local agent session |
-| `/remote-pi leave` | Leave the current agent session |
-| `/remote-pi rename <name>` | Rename this agent in the current session |
-| `/remote-pi sessions` | List local agent sessions |
-| `/remote-pi relay` | Toggle the relay connection on/off |
-| `/remote-pi relay start` | Connect to the relay |
-| `/remote-pi relay stop` | Disconnect from the relay |
-| `/remote-pi relay status` | Show current relay status |
-| `/remote-pi relay url <url>` | Set the relay URL (alias of `/remote-pi set-relay`) |
-| `/remote-pi pair` | Show a QR code to pair a new mobile device |
-| `/remote-pi devices` | List paired mobile devices |
+| `/remote-pi status` | Show local mesh + relay status |
+| `/remote-pi stop` | Stop everything for **this** terminal (mesh + relay) |
+| `/remote-pi pair` | Show QR code + copy-paste pairing URI for a new mobile device |
+| `/remote-pi devices` | List paired mobile devices (online/offline per device) |
 | `/remote-pi revoke <shortid>` | Revoke a paired device by its shortid |
-| `/remote-pi set-relay <url>` | Persist a new relay URL to user config |
-| `/remote-pi config` | Show the effective relay URL and its source |
+| `/remote-pi set-relay <url>` | Persist a new relay URL (http:// or https://) |
 
-The footer in the Pi TUI reflects state live:
+### Daemon fleet (one supervisor, N background Pis — see [Daemon mode](#daemon-mode))
 
-- `📡 <session> (N)` — current agent session and peer count
-- `🟢 relay` — relay connected, at least one device paired
+| Command | Description |
+|---|---|
+| `/remote-pi create <cwd> [--name X]` | Register a folder as a daemon |
+| `/remote-pi remove <id>` | Unregister a daemon (local config preserved) |
+| `/remote-pi daemons` | List registered daemons + state |
+| `/remote-pi daemon start` | Start every registered daemon |
+| `/remote-pi daemon stop` | Stop every running daemon (`/remote-pi stop` stops only the local terminal) |
+| `/remote-pi daemon restart` | Stop + start all daemons |
+| `/remote-pi daemon status` | Detailed runtime status (pid, uptime, restart count) |
+| `/remote-pi daemon send <id> "<text>"` | Send a prompt to a specific daemon |
+| `/remote-pi install` | Install `pi-supervisord` as a system service |
+| `/remote-pi uninstall` | Remove the system service (registry preserved) |
+
+All commands above work both as Pi slash commands (interactive) and as
+shell-level `remote-pi <subcommand>` when the package is installed
+globally (`npm install -g remote-pi`).
+
+### Footer + title
+
+- `📡 local (N)` — current agent session and peer count (local mesh)
+- `🟢 relay` — relay connected, at least one device paired (globally)
 - `🟡 relay waiting for pairing` — relay connected, no device paired yet
 - `📱 <shortid>` — a mobile device is actively connected right now
 
-The window title becomes `<agent-name> · <session> · relay` so you can tell
-your terminals apart at a glance.
+Window title: `<agent-name> · On` when relay is up, `<agent-name> · Off`
+otherwise. Tells your terminals apart at a glance in `cmux`/`tmux`/iTerm
+tabs.
+
+---
+
+## Daemon mode
+
+When you want a Pi to keep running in the background (responding to
+mobile prompts at 3am, processing cron jobs, monitoring a folder while
+you're not at the keyboard), promote it to a **daemon** managed by a
+single OS-level supervisor.
+
+See [`docs/daemon.md`](./docs/daemon.md) for troubleshooting.
+
+### One-time setup
+
+```bash
+# Install the package globally so `remote-pi` and `pi-supervisord`
+# are on your PATH (`pi install npm:remote-pi` alone makes the Pi
+# extension available but does NOT expose the CLI binaries — see
+# https://docs.npmjs.com/cli/v10/configuring-npm/package-json#bin).
+npm install -g remote-pi
+
+# Install the supervisor as a user-level system service. Linux uses
+# systemd --user; macOS uses launchd LaunchAgent. Both auto-start at
+# login and survive reboots.
+remote-pi install
+```
+
+The `install` command:
+- Writes `~/.config/systemd/user/remote-pi-supervisord.service` (Linux)
+  or `~/Library/LaunchAgents/dev.remotepi.supervisord.plist` (macOS)
+- Activates it via `systemctl --user enable --now` or `launchctl bootstrap`
+- The supervisor starts immediately and re-starts on every login
+
+### Per-folder workflow
+
+For each agent you want to keep alive 24/7:
+
+```bash
+# 1. Configure the agent interactively first (one time).
+cd ~/Movies
+pi                                 # /remote-pi → setup wizard, /remote-pi pair, etc
+
+# 2. Promote to a daemon. The id is derived from the cwd
+#    (sha256(realpath)[:8]), stable across machines.
+remote-pi create ~/Movies --name "Video Editor"
+# → Daemon registered: id=4e39152d name="Video Editor" cwd=/Users/x/Movies
+
+# 3. Start it (supervisor spawns `pi --mode rpc` for this folder).
+remote-pi daemon start
+```
+
+Now you can:
+
+```bash
+remote-pi daemons                  # list + state
+remote-pi daemon status            # uptime, pid, restart count
+remote-pi daemon send 4e39152d "Cut the first 30 seconds of latest clip"
+remote-pi daemon stop              # stop all
+remote-pi daemon restart           # restart all
+```
+
+The agent receives the prompt as if a user typed it; its response flows
+back through the relay/mesh you configured during interactive setup —
+mobile app sees it live, other agents on the same machine can see it
+via the local UDS mesh.
+
+### Removing or uninstalling
+
+```bash
+remote-pi remove <id>              # unregister one daemon (config preserved)
+remote-pi uninstall                # remove the supervisor service (registry kept)
+```
+
+`uninstall` is reversible — re-running `install` later brings every
+registered daemon back. To wipe the registry entirely, `rm
+~/.pi/remote/daemons.json`.
+
+### Where to find logs
+
+| Platform | Command |
+|---|---|
+| Linux | `journalctl --user -u remote-pi-supervisord -f` |
+| macOS | `tail -f ~/.pi/remote/supervisord.log` |
+
+Each spawned daemon's stderr is forwarded into the supervisor's log
+with a `[<cwd>]` prefix, so a single log stream shows every agent.
+
+### Caveats (plan/26 trade-offs)
+
+- **Tool approval is not gated.** Daemons inherit the same Pi config
+  the interactive run uses — Bash, Edit, Write etc. all execute without
+  prompting. Configure Pi's tool permissions to taste before promoting
+  a folder to daemon.
+- **Pairing still happens interactively.** Daemons don't show a QR
+  themselves; the keypair + paired devices come from the prior `pi`
+  session in the same folder.
+- **Single supervisor.** If `pi-supervisord` crashes all daemons go
+  down with it. systemd/launchd restarts it within seconds; daemons
+  come back automatically.
+- **One daemon per cwd.** The `roomIdForCwd` derivation makes daemons
+  by-path; two daemons in the same folder is rejected at `create` time.
 
 ---
 
@@ -354,7 +474,7 @@ your terminals apart at a glance.
 Override the relay for a single run without persisting:
 
 ```bash
-REMOTE_PI_RELAY=wss://staging.example.tld pi
+REMOTE_PI_RELAY=https://staging.example.tld pi
 ```
 
 ---

package/dist/bin/supervisord.d.ts

@@ -0,0 +1,2 @@
+#!/usr/bin/env node
+export {};

package/dist/bin/supervisord.js

@@ -0,0 +1,44 @@
+#!/usr/bin/env node
+/**
+ * `pi-supervisord` — long-running daemon supervisor.
+ *
+ * Entry point of the `pi-supervisord` binary (plan/26 W2). Run by
+ * systemd/launchd in production, or directly during dev:
+ *
+ *   pnpm build
+ *   node dist/bin/supervisord.js
+ *
+ * Once running, it:
+ *   - Reads `~/.pi/remote/daemons.json`
+ *   - Spawns `pi --mode rpc -e <remote-pi/dist/index.js>` per entry
+ *   - Listens on `~/.pi/remote/supervisor.sock` for CLI control requests
+ *   - Restarts crashed children with exponential backoff
+ *
+ * Exits cleanly on SIGTERM/SIGINT (used by `remote-pi uninstall`).
+ */
+import { fileURLToPath } from "node:url";
+import { dirname, join } from "node:path";
+import { Supervisor } from "../daemon/supervisor.js";
+async function main() {
+    // The supervisor needs to point each spawned Pi at the extension
+    // entry it's bundled with. We're at `dist/bin/supervisord.js` after
+    // build; the extension is the sibling `dist/index.js`.
+    const here = fileURLToPath(import.meta.url);
+    const distRoot = dirname(dirname(here)); // dist/bin → dist
+    const extensionPath = join(distRoot, "index.js");
+    const supervisor = new Supervisor({ extensionPath });
+    await supervisor.start();
+    process.stderr.write(`[pi-supervisord] up — UDS: ~/.pi/remote/supervisor.sock, extension: ${extensionPath}\n`);
+    const shutdown = async (signal) => {
+        process.stderr.write(`[pi-supervisord] received ${signal}, shutting down\n`);
+        await supervisor.stop();
+        process.exit(0);
+    };
+    process.on("SIGTERM", () => void shutdown("SIGTERM"));
+    process.on("SIGINT", () => void shutdown("SIGINT"));
+}
+main().catch((err) => {
+    process.stderr.write(`[pi-supervisord] fatal: ${String(err)}\n`);
+    process.exit(1);
+});
+//# sourceMappingURL=supervisord.js.map

package/dist/bin/supervisord.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"supervisord.js","sourceRoot":"","sources":["../../src/bin/supervisord.ts"],"names":[],"mappings":";AACA;;;;;;;;;;;;;;;;GAgBG;AACH,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAC1C,OAAO,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAC;AAErD,KAAK,UAAU,IAAI;IACjB,iEAAiE;IACjE,oEAAoE;IACpE,uDAAuD;IACvD,MAAM,IAAI,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC5C,MAAM,QAAQ,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAE,kBAAkB;IAC5D,MAAM,aAAa,GAAG,IAAI,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;IAEjD,MAAM,UAAU,GAAG,IAAI,UAAU,CAAC,EAAE,aAAa,EAAE,CAAC,CAAC;IACrD,MAAM,UAAU,CAAC,KAAK,EAAE,CAAC;IACzB,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,uEAAuE,aAAa,IAAI,CACzF,CAAC;IAEF,MAAM,QAAQ,GAAG,KAAK,EAAE,MAAc,EAAE,EAAE;QACxC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,6BAA6B,MAAM,mBAAmB,CAAC,CAAC;QAC7E,MAAM,UAAU,CAAC,IAAI,EAAE,CAAC;QACxB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC,CAAC;IACF,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,GAAG,EAAE,CAAC,KAAK,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC;IACtD,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,GAAG,EAAE,CAAC,KAAK,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;AACtD,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;IACnB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,2BAA2B,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IACjE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}

package/dist/config.d.ts

@@ -1,3 +1,10 @@
+/**
+ * Default community relay. Stored in canonical http(s):// form — conversion
+ * to ws(s):// happens at the transport layer (see `toWebSocketUrl`). The
+ * community relay's reverse proxy maps `:443 → :3000` (the WS port), so the
+ * URL has no explicit port and the WebSocket upgrade rides on the same TLS
+ * connection as the HTTPS endpoints used by the mesh client.
+ */
 export declare const kDefaultRelayUrl = "https://relay-rp1.jacobmoura.work";
 export type RemotePiConfig = {
     relay?: string;
@@ -9,23 +16,47 @@ export type RelayResolution = {
     source: "env" | "config" | "default";
 };
 /**
- * Resolves the effective relay URL. Precedence:
- *   1. process.env.REMOTE_PI_RELAY (escape hatch for ops/CI)
- *   2. ~/.pi/remote/config.json `relay` field (set via /remote-pi set-relay)
- *   3. kDefaultRelayUrl (production default)
+ * Resolves the effective relay URL in **canonical http(s):// form**.
+ *
+ * Precedence:
+ *   1. `REMOTE_PI_RELAY` env var (ops/CI escape hatch)
+ *   2. `~/.pi/remote/config.json` `relay` field (set via /remote-pi set-relay)
+ *   3. `kDefaultRelayUrl` (community default)
+ *
+ * Any ws(s):// values found (legacy configs or env overrides) are coerced
+ * to http(s):// defensively — the canonical form across the codebase is
+ * http(s)://, and the transport layer converts to ws(s):// at WS-open time.
  */
 export declare function resolveRelayUrl(): RelayResolution;
 /**
- * Accepts ws://, wss://, http://, https://. The http(s) variants are
- * normalized to ws(s) by `normalizeRelayUrl` since WebSocket and HTTP share
- * the same TLS layer and port — many reverse proxies (Coolify, Traefik,
- * Caddy, nginx-proxy) only expose the URL as https:// even though wss://
- * works on the same endpoint via the WebSocket upgrade header.
+ * Strict validator for **user-provided** relay URLs (via `/remote-pi
+ * set-relay` or `/remote-pi relay url`).
+ *
+ * Only accepts `http://` and `https://`. `ws://`/`wss://` are deliberately
+ * **rejected** — the canonical form stored in config is http(s):// and the
+ * extension converts to ws(s):// internally when opening the WebSocket.
+ * Forcing a single scheme at the user boundary avoids two-form drift.
  */
 export declare function isValidRelayUrl(url: string): boolean;
 /**
- * Rewrites http(s):// → ws(s):// so the user can paste whatever URL their
- * hosting provider gives them. Leaves ws(s):// untouched. Assumes the URL
- * passed `isValidRelayUrl` already.
+ * Returns true if the URL uses ws:// or wss:// scheme — for emitting a
+ * targeted error message when the user pastes a WebSocket URL by mistake.
+ */
+export declare function isWebSocketScheme(url: string): boolean;
+/**
+ * Converts an http(s):// URL to the corresponding ws(s):// form. Used by
+ * the transport layer right before opening the WebSocket — config storage
+ * and the mesh HTTP client both stay on http(s)://.
+ *
+ *   https://host  → wss://host
+ *   http://host   → ws://host
+ *   ws(s)://host  → pass-through (defensive — env overrides or legacy
+ *                   configs may still carry ws(s)://)
+ */
+export declare function toWebSocketUrl(url: string): string;
+/**
+ * Inverse of `toWebSocketUrl`. Used by `resolveRelayUrl` to coerce any
+ * ws(s):// values back to canonical http(s):// before returning them to
+ * the rest of the codebase.
  */
-export declare function normalizeRelayUrl(url: string): string;
+export declare function toHttpUrl(url: string): string;

package/dist/config.js

@@ -3,6 +3,13 @@ import path from "node:path";
 import os from "node:os";
 const CONFIG_DIR = path.join(os.homedir(), ".pi", "remote");
 const CONFIG_FILE = path.join(CONFIG_DIR, "config.json");
+/**
+ * Default community relay. Stored in canonical http(s):// form — conversion
+ * to ws(s):// happens at the transport layer (see `toWebSocketUrl`). The
+ * community relay's reverse proxy maps `:443 → :3000` (the WS port), so the
+ * URL has no explicit port and the WebSocket upgrade rides on the same TLS
+ * connection as the HTTPS endpoints used by the mesh client.
+ */
 export const kDefaultRelayUrl = "https://relay-rp1.jacobmoura.work";
 export function loadConfig() {
     try {
@@ -23,35 +30,40 @@ export function saveConfig(patch) {
     fs.writeFileSync(CONFIG_FILE, JSON.stringify(next, null, 2));
 }
 /**
- * Resolves the effective relay URL. Precedence:
- *   1. process.env.REMOTE_PI_RELAY (escape hatch for ops/CI)
- *   2. ~/.pi/remote/config.json `relay` field (set via /remote-pi set-relay)
- *   3. kDefaultRelayUrl (production default)
+ * Resolves the effective relay URL in **canonical http(s):// form**.
+ *
+ * Precedence:
+ *   1. `REMOTE_PI_RELAY` env var (ops/CI escape hatch)
+ *   2. `~/.pi/remote/config.json` `relay` field (set via /remote-pi set-relay)
+ *   3. `kDefaultRelayUrl` (community default)
+ *
+ * Any ws(s):// values found (legacy configs or env overrides) are coerced
+ * to http(s):// defensively — the canonical form across the codebase is
+ * http(s)://, and the transport layer converts to ws(s):// at WS-open time.
  */
 export function resolveRelayUrl() {
     const env = process.env["REMOTE_PI_RELAY"];
     if (env && env.length > 0)
-        return { url: normalizeRelayUrl(env), source: "env" };
+        return { url: toHttpUrl(env), source: "env" };
     const cfg = loadConfig();
     if (cfg.relay && cfg.relay.length > 0)
-        return { url: normalizeRelayUrl(cfg.relay), source: "config" };
-    return { url: normalizeRelayUrl(kDefaultRelayUrl), source: "default" };
+        return { url: toHttpUrl(cfg.relay), source: "config" };
+    return { url: toHttpUrl(kDefaultRelayUrl), source: "default" };
 }
 /**
- * Accepts ws://, wss://, http://, https://. The http(s) variants are
- * normalized to ws(s) by `normalizeRelayUrl` since WebSocket and HTTP share
- * the same TLS layer and port — many reverse proxies (Coolify, Traefik,
- * Caddy, nginx-proxy) only expose the URL as https:// even though wss://
- * works on the same endpoint via the WebSocket upgrade header.
+ * Strict validator for **user-provided** relay URLs (via `/remote-pi
+ * set-relay` or `/remote-pi relay url`).
+ *
+ * Only accepts `http://` and `https://`. `ws://`/`wss://` are deliberately
+ * **rejected** — the canonical form stored in config is http(s):// and the
+ * extension converts to ws(s):// internally when opening the WebSocket.
+ * Forcing a single scheme at the user boundary avoids two-form drift.
  */
 export function isValidRelayUrl(url) {
     if (!url)
         return false;
     const lower = url.toLowerCase();
-    if (!lower.startsWith("ws://") &&
-        !lower.startsWith("wss://") &&
-        !lower.startsWith("http://") &&
-        !lower.startsWith("https://"))
+    if (!lower.startsWith("http://") && !lower.startsWith("https://"))
         return false;
     try {
         new URL(url);
@@ -62,15 +74,42 @@ export function isValidRelayUrl(url) {
     }
 }
 /**
- * Rewrites http(s):// → ws(s):// so the user can paste whatever URL their
- * hosting provider gives them. Leaves ws(s):// untouched. Assumes the URL
- * passed `isValidRelayUrl` already.
+ * Returns true if the URL uses ws:// or wss:// scheme — for emitting a
+ * targeted error message when the user pastes a WebSocket URL by mistake.
+ */
+export function isWebSocketScheme(url) {
+    const lower = url.toLowerCase();
+    return lower.startsWith("ws://") || lower.startsWith("wss://");
+}
+/**
+ * Converts an http(s):// URL to the corresponding ws(s):// form. Used by
+ * the transport layer right before opening the WebSocket — config storage
+ * and the mesh HTTP client both stay on http(s)://.
+ *
+ *   https://host  → wss://host
+ *   http://host   → ws://host
+ *   ws(s)://host  → pass-through (defensive — env overrides or legacy
+ *                   configs may still carry ws(s)://)
  */
-export function normalizeRelayUrl(url) {
-    if (url.toLowerCase().startsWith("https://"))
+export function toWebSocketUrl(url) {
+    const lower = url.toLowerCase();
+    if (lower.startsWith("https://"))
         return "wss://" + url.slice("https://".length);
-    if (url.toLowerCase().startsWith("http://"))
+    if (lower.startsWith("http://"))
         return "ws://" + url.slice("http://".length);
     return url;
 }
+/**
+ * Inverse of `toWebSocketUrl`. Used by `resolveRelayUrl` to coerce any
+ * ws(s):// values back to canonical http(s):// before returning them to
+ * the rest of the codebase.
+ */
+export function toHttpUrl(url) {
+    const lower = url.toLowerCase();
+    if (lower.startsWith("wss://"))
+        return "https://" + url.slice("wss://".length);
+    if (lower.startsWith("ws://"))
+        return "http://" + url.slice("ws://".length);
+    return url;
+}
 //# sourceMappingURL=config.js.map

package/dist/config.js.map

@@ -1 +1 @@
-{"version":3,"file":"config.js","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,MAAM,SAAS,CAAC;AAEzB,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,KAAK,EAAE,QAAQ,CAAC,CAAC;AAC5D,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC;AAEzD,MAAM,CAAC,MAAM,gBAAgB,GAAG,mCAAmC,CAAC;AAIpE,MAAM,UAAU,UAAU;IACxB,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC;QACjD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAY,CAAC;QAC1C,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ;YAAE,OAAO,EAAE,CAAC;QACrD,OAAO,MAAwB,CAAC;IAClC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED,MAAM,UAAU,UAAU,CAAC,KAA8B;IACvD,EAAE,CAAC,SAAS,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC9C,MAAM,OAAO,GAAG,UAAU,EAAE,CAAC;IAC7B,MAAM,IAAI,GAAG,EAAE,GAAG,OAAO,EAAE,GAAG,KAAK,EAAE,CAAC;IACtC,EAAE,CAAC,aAAa,CAAC,WAAW,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;AAC/D,CAAC;AAID;;;;;GAKG;AACH,MAAM,UAAU,eAAe;IAC7B,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;IAC3C,IAAI,GAAG,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,EAAE,GAAG,EAAE,iBAAiB,CAAC,GAAG,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;IACjF,MAAM,GAAG,GAAG,UAAU,EAAE,CAAC;IACzB,IAAI,GAAG,CAAC,KAAK,IAAI,GAAG,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,EAAE,GAAG,EAAE,iBAAiB,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC;IACtG,OAAO,EAAE,GAAG,EAAE,iBAAiB,CAAC,gBAAgB,CAAC,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC;AACzE,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,eAAe,CAAC,GAAW;IACzC,IAAI,CAAC,GAAG;QAAE,OAAO,KAAK,CAAC;IACvB,MAAM,KAAK,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC;IAChC,IACE,CAAC,KAAK,CAAC,UAAU,CAAC,OAAO,CAAC;QAC1B,CAAC,KAAK,CAAC,UAAU,CAAC,QAAQ,CAAC;QAC3B,CAAC,KAAK,CAAC,UAAU,CAAC,SAAS,CAAC;QAC5B,CAAC,KAAK,CAAC,UAAU,CAAC,UAAU,CAAC;QAC7B,OAAO,KAAK,CAAC;IACf,IAAI,CAAC;QAAC,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QAAC,OAAO,IAAI,CAAC;IAAC,CAAC;IAAC,MAAM,CAAC;QAAC,OAAO,KAAK,CAAC;IAAC,CAAC;AAC5D,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,iBAAiB,CAAC,GAAW;IAC3C,IAAI,GAAG,CAAC,WAAW,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC;QAAE,OAAO,QAAQ,GAAG,GAAG,CAAC,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;IAC7F,IAAI,GAAG,CAAC,WAAW,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC;QAAG,OAAO,OAAO,GAAI,GAAG,CAAC,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;IAC5F,OAAO,GAAG,CAAC;AACb,CAAC"}
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,MAAM,SAAS,CAAC;AAEzB,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,KAAK,EAAE,QAAQ,CAAC,CAAC;AAC5D,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC;AAEzD;;;;;;GAMG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAG,mCAAmC,CAAC;AAIpE,MAAM,UAAU,UAAU;IACxB,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC;QACjD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAY,CAAC;QAC1C,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ;YAAE,OAAO,EAAE,CAAC;QACrD,OAAO,MAAwB,CAAC;IAClC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED,MAAM,UAAU,UAAU,CAAC,KAA8B;IACvD,EAAE,CAAC,SAAS,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC9C,MAAM,OAAO,GAAG,UAAU,EAAE,CAAC;IAC7B,MAAM,IAAI,GAAG,EAAE,GAAG,OAAO,EAAE,GAAG,KAAK,EAAE,CAAC;IACtC,EAAE,CAAC,aAAa,CAAC,WAAW,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;AAC/D,CAAC;AAID;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,eAAe;IAC7B,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;IAC3C,IAAI,GAAG,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,EAAE,GAAG,EAAE,SAAS,CAAC,GAAG,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;IACzE,MAAM,GAAG,GAAG,UAAU,EAAE,CAAC;IACzB,IAAI,GAAG,CAAC,KAAK,IAAI,GAAG,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,EAAE,GAAG,EAAE,SAAS,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC;IAC9F,OAAO,EAAE,GAAG,EAAE,SAAS,CAAC,gBAAgB,CAAC,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC;AACjE,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,eAAe,CAAC,GAAW;IACzC,IAAI,CAAC,GAAG;QAAE,OAAO,KAAK,CAAC;IACvB,MAAM,KAAK,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC;IAChC,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,UAAU,CAAC;QAAE,OAAO,KAAK,CAAC;IAChF,IAAI,CAAC;QAAC,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QAAC,OAAO,IAAI,CAAC;IAAC,CAAC;IAAC,MAAM,CAAC;QAAC,OAAO,KAAK,CAAC;IAAC,CAAC;AAC5D,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,iBAAiB,CAAC,GAAW;IAC3C,MAAM,KAAK,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC;IAChC,OAAO,KAAK,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,KAAK,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;AACjE,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,cAAc,CAAC,GAAW;IACxC,MAAM,KAAK,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC;IAChC,IAAI,KAAK,CAAC,UAAU,CAAC,UAAU,CAAC;QAAE,OAAO,QAAQ,GAAG,GAAG,CAAC,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;IACjF,IAAI,KAAK,CAAC,UAAU,CAAC,SAAS,CAAC;QAAG,OAAO,OAAO,GAAI,GAAG,CAAC,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;IAChF,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,SAAS,CAAC,GAAW;IACnC,MAAM,KAAK,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC;IAChC,IAAI,KAAK,CAAC,UAAU,CAAC,QAAQ,CAAC;QAAE,OAAO,UAAU,GAAG,GAAG,CAAC,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IAC/E,IAAI,KAAK,CAAC,UAAU,CAAC,OAAO,CAAC;QAAG,OAAO,SAAS,GAAI,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IAC9E,OAAO,GAAG,CAAC;AACb,CAAC"}

package/dist/daemon/client.d.ts

@@ -0,0 +1,20 @@
+import { type ControlReplyFor, type ControlRequest } from "./control_protocol.js";
+export declare class SupervisorOfflineError extends Error {
+    readonly sockPath: string;
+    constructor(sockPath: string);
+}
+/**
+ * Sends a single request and returns the typed reply data.
+ *
+ * Throws:
+ *   - `SupervisorOfflineError` when the supervisor isn't reachable.
+ *   - `Error` from `parseReply` when the reply line is malformed.
+ *   - The supervisor's own error string when `ok: false`.
+ */
+export declare function callSupervisor<Op extends ControlRequest["op"]>(req: Extract<ControlRequest, {
+    op: Op;
+}>): Promise<ControlReplyFor<Op>>;
+/** Returns true when the supervisor is reachable. Used by `/remote-pi
+ *  daemons` to decide whether to query runtime state or fall back to
+ *  registry-only listing. */
+export declare function supervisorOnline(): Promise<boolean>;