shardwire 0.2.0 → 1.0.0

package/dist/index.js

@@ -1,9 +1,7 @@
 "use strict";
-var __create = Object.create;
 var __defProp = Object.defineProperty;
 var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
 var __getOwnPropNames = Object.getOwnPropertyNames;
-var __getProtoOf = Object.getPrototypeOf;
 var __hasOwnProp = Object.prototype.hasOwnProperty;
 var __export = (target, all) => {
   for (var name in all)
@@ -17,51 +15,74 @@ var __copyProps = (to, from, except, desc) => {
   }
   return to;
 };
-var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
-  // If the importer is in node compatibility mode or this is not an ESM
-  // file that has been converted to a CommonJS file using a Babel-
-  // compatible transform (i.e. "__esModule" has not been set), then set
-  // "default" to the CommonJS "module.exports" for node compatibility.
-  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
-  mod
-));
 var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
 
 // src/index.ts
 var index_exports = {};
 __export(index_exports, {
-  createShardwire: () => createShardwire,
-  fromSafeParseSchema: () => fromSafeParseSchema,
-  fromZodSchema: () => fromZodSchema
+  BridgeCapabilityError: () => BridgeCapabilityError,
+  connectBotBridge: () => connectBotBridge,
+  createBotBridge: () => createBotBridge
 });
 module.exports = __toCommonJS(index_exports);
 
-// src/transport/ws/consumer-socket.ts
-var import_ws = require("ws");
-function createNodeWebSocket(url) {
-  return new import_ws.WebSocket(url);
-}
-
-// src/utils/id.ts
-var import_node_crypto = require("crypto");
-function createRequestId() {
-  return (0, import_node_crypto.randomUUID)();
-}
-function createConnectionId() {
-  return (0, import_node_crypto.randomUUID)();
+// src/discord/catalog.ts
+var import_discord = require("discord.js");
+var BOT_EVENT_NAMES = [
+  "ready",
+  "interactionCreate",
+  "messageCreate",
+  "messageUpdate",
+  "messageDelete",
+  "guildMemberAdd",
+  "guildMemberRemove"
+];
+var BOT_ACTION_NAMES = [
+  "sendMessage",
+  "editMessage",
+  "deleteMessage",
+  "replyToInteraction",
+  "deferInteraction",
+  "followUpInteraction",
+  "banMember",
+  "kickMember",
+  "addMemberRole",
+  "removeMemberRole"
+];
+var BOT_INTENT_BITS = {
+  Guilds: import_discord.GatewayIntentBits.Guilds,
+  GuildMembers: import_discord.GatewayIntentBits.GuildMembers,
+  GuildMessages: import_discord.GatewayIntentBits.GuildMessages,
+  MessageContent: import_discord.GatewayIntentBits.MessageContent
+};
+var EVENT_REQUIRED_INTENTS = {
+  ready: [],
+  interactionCreate: ["Guilds"],
+  messageCreate: ["GuildMessages"],
+  messageUpdate: ["GuildMessages"],
+  messageDelete: ["GuildMessages"],
+  guildMemberAdd: ["GuildMembers"],
+  guildMemberRemove: ["GuildMembers"]
+};
+function getAvailableEvents(intents) {
+  const enabled = new Set(intents);
+  return BOT_EVENT_NAMES.filter((eventName) => EVENT_REQUIRED_INTENTS[eventName].every((intent) => enabled.has(intent)));
 }
 
-// src/utils/backoff.ts
-function getBackoffDelay(attempt, config) {
-  const base = Math.min(config.maxDelayMs, config.initialDelayMs * 2 ** attempt);
-  if (!config.jitter) {
-    return base;
+// src/discord/runtime/adapter.ts
+var ActionExecutionError = class extends Error {
+  constructor(code, message, details) {
+    super(message);
+    this.code = code;
+    this.details = details;
+    this.name = "ActionExecutionError";
   }
-  const spread = Math.floor(base * 0.2);
-  const min = Math.max(0, base - spread);
-  const max = base + spread;
-  return Math.floor(Math.random() * (max - min + 1)) + min;
-}
+  code;
+  details;
+};
+
+// src/discord/runtime/discordjs-adapter.ts
+var import_discord2 = require("discord.js");
 
 // src/utils/logger.ts
 function withLogger(logger) {
@@ -73,1052 +94,1704 @@ function withLogger(logger) {
   };
 }
 
-// src/core/protocol.ts
-var PROTOCOL_VERSION = 1;
-function makeEnvelope(type, payload, extras) {
-  const envelope = {
-    v: PROTOCOL_VERSION,
-    type,
-    ts: Date.now(),
-    payload
-  };
-  if (extras?.requestId) {
-    envelope.requestId = extras.requestId;
+// src/utils/cache.ts
+var DedupeCache = class {
+  constructor(ttlMs) {
+    this.ttlMs = ttlMs;
   }
-  if (extras?.source) {
-    envelope.source = extras.source;
+  ttlMs;
+  cache = /* @__PURE__ */ new Map();
+  get(key) {
+    const entry = this.cache.get(key);
+    if (!entry) {
+      return void 0;
+    }
+    if (entry.expiresAt <= Date.now()) {
+      this.cache.delete(key);
+      return void 0;
+    }
+    return entry.value;
   }
-  return envelope;
-}
-function parseEnvelope(raw) {
-  const parsed = JSON.parse(raw);
-  if (!parsed || parsed.v !== PROTOCOL_VERSION || typeof parsed.type !== "string") {
-    throw new Error("Invalid wire envelope.");
+  set(key, value) {
+    this.cache.set(key, { value, expiresAt: Date.now() + this.ttlMs });
   }
-  return parsed;
+};
+
+// src/discord/runtime/serializers.ts
+function serializeEmbeds(message) {
+  return message.embeds.map((embed) => embed.toJSON());
 }
-function stringifyEnvelope(envelope) {
-  return JSON.stringify(envelope);
+function serializeUser(user) {
+  return {
+    id: user.id,
+    username: user.username,
+    discriminator: user.discriminator,
+    ...user.globalName !== void 0 ? { globalName: user.globalName } : {},
+    avatarUrl: user.displayAvatarURL() || null,
+    bot: user.bot,
+    system: user.system ?? false
+  };
 }
-
-// src/runtime/validation.ts
-var PayloadValidationError = class extends Error {
-  constructor(message, details) {
-    super(message);
-    this.details = details;
-    this.name = "PayloadValidationError";
-  }
-  details;
-};
-function isNonEmptyString(value) {
-  return typeof value === "string" && value.trim().length > 0;
+function serializeGuildMember(member) {
+  return {
+    id: member.id,
+    guildId: member.guild.id,
+    ..."user" in member && member.user ? { user: serializeUser(member.user) } : {},
+    ..."displayName" in member && typeof member.displayName === "string" ? { displayName: member.displayName } : {},
+    ..."nickname" in member ? { nickname: member.nickname ?? null } : {},
+    roles: "roles" in member && "cache" in member.roles ? [...member.roles.cache.keys()] : [],
+    ..."joinedAt" in member ? { joinedAt: member.joinedAt?.toISOString() ?? null } : {},
+    ..."premiumSince" in member ? { premiumSince: member.premiumSince?.toISOString() ?? null } : {},
+    ..."pending" in member && typeof member.pending === "boolean" ? { pending: member.pending } : {},
+    ..."communicationDisabledUntil" in member ? { communicationDisabledUntil: member.communicationDisabledUntil?.toISOString() ?? null } : {}
+  };
 }
-function assertPositiveNumber(name, value) {
-  if (typeof value !== "number" || Number.isNaN(value) || value <= 0) {
-    throw new Error(`${name} must be a positive number.`);
-  }
+function serializeMessage(message) {
+  const reference = message.reference ? {
+    ...message.reference.messageId ? { messageId: message.reference.messageId } : {},
+    ...message.reference.channelId ? { channelId: message.reference.channelId } : {},
+    ...message.reference.guildId ? { guildId: message.reference.guildId } : {}
+  } : void 0;
+  return {
+    id: message.id,
+    channelId: message.channelId,
+    ...message.guildId ? { guildId: message.guildId } : {},
+    ..."author" in message && message.author ? { author: serializeUser(message.author) } : {},
+    ..."member" in message && message.member ? { member: serializeGuildMember(message.member) } : {},
+    ..."content" in message && typeof message.content === "string" ? { content: message.content } : {},
+    ..."createdAt" in message ? { createdAt: message.createdAt.toISOString() } : {},
+    ..."editedAt" in message ? { editedAt: message.editedAt ? message.editedAt.toISOString() : null } : {},
+    attachments: "attachments" in message ? [...message.attachments.values()].map((attachment) => ({
+      id: attachment.id,
+      name: attachment.name,
+      url: attachment.url,
+      ...attachment.contentType !== void 0 ? { contentType: attachment.contentType } : {},
+      size: attachment.size
+    })) : [],
+    embeds: serializeEmbeds(message),
+    ...reference ? { reference } : {}
+  };
 }
-function assertHostOptions(options) {
-  if (!options.server) {
-    throw new Error("Host mode requires a server configuration.");
-  }
-  assertPositiveNumber("server.port", options.server.port);
-  if (!Array.isArray(options.server.secrets) || options.server.secrets.length === 0) {
-    throw new Error("server.secrets must contain at least one secret.");
-  }
-  for (const [index, secret] of options.server.secrets.entries()) {
-    if (!isNonEmptyString(secret)) {
-      throw new Error(`server.secrets[${index}] must be a non-empty string.`);
+function serializeDeletedMessage(message) {
+  return {
+    id: message.id,
+    channelId: message.channelId,
+    ...message.guildId ? { guildId: message.guildId } : {},
+    deletedAt: (/* @__PURE__ */ new Date()).toISOString()
+  };
+}
+function serializeChatInputOptions(interaction) {
+  const options = {};
+  for (const option of interaction.options.data) {
+    if (option.options && option.options.length > 0) {
+      options[option.name] = option.options.map((child) => child.value);
+      continue;
     }
+    options[option.name] = option.value ?? null;
   }
-  if (options.server.primarySecretId !== void 0 && !options.server.secrets.some((_, index) => options.server.primarySecretId === `s${index}`)) {
-    throw new Error("server.primarySecretId must reference an existing secret id.");
-  }
-  if (options.server.heartbeatMs !== void 0) {
-    assertPositiveNumber("server.heartbeatMs", options.server.heartbeatMs);
-  }
-  if (options.server.commandTimeoutMs !== void 0) {
-    assertPositiveNumber("server.commandTimeoutMs", options.server.commandTimeoutMs);
-  }
-  if (options.server.maxPayloadBytes !== void 0) {
-    assertPositiveNumber("server.maxPayloadBytes", options.server.maxPayloadBytes);
+  return options;
+}
+function serializeSelectMenu(interaction) {
+  return {
+    customId: interaction.customId,
+    values: [...interaction.values]
+  };
+}
+function serializeModalFields(interaction) {
+  const fields = {};
+  for (const field of interaction.fields.fields.values()) {
+    if ("value" in field && typeof field.value === "string") {
+      fields[field.customId] = field.value;
+      continue;
+    }
+    if ("values" in field && Array.isArray(field.values)) {
+      fields[field.customId] = field.values.join(",");
+    }
   }
+  return fields;
 }
-function assertConsumerOptions(options) {
-  if (!isNonEmptyString(options.url)) {
-    throw new Error("Consumer mode requires `url`.");
+function serializeInteractionMessage(interaction) {
+  if ("message" in interaction && interaction.message) {
+    return serializeMessage(interaction.message);
   }
-  let parsedUrl;
-  try {
-    parsedUrl = new URL(options.url);
-  } catch {
-    throw new Error("Consumer option `url` must be a valid URL.");
+  return void 0;
+}
+function serializeInteraction(interaction) {
+  const base = {
+    id: interaction.id,
+    applicationId: interaction.applicationId,
+    kind: "unknown",
+    ...interaction.guildId ? { guildId: interaction.guildId } : {},
+    ...interaction.channelId ? { channelId: interaction.channelId } : {},
+    user: serializeUser(interaction.user),
+    ...interaction.member && "guild" in interaction.member ? { member: serializeGuildMember(interaction.member) } : {}
+  };
+  if (interaction.isChatInputCommand()) {
+    return {
+      ...base,
+      kind: "chatInput",
+      commandName: interaction.commandName,
+      options: serializeChatInputOptions(interaction)
+    };
   }
-  if (parsedUrl.protocol !== "ws:" && parsedUrl.protocol !== "wss:") {
-    throw new Error("Consumer option `url` must use `ws://` or `wss://`.");
+  if (interaction.isContextMenuCommand()) {
+    return {
+      ...base,
+      kind: "contextMenu",
+      commandName: interaction.commandName
+    };
   }
-  const isLoopbackHost = parsedUrl.hostname === "localhost" || parsedUrl.hostname === "127.0.0.1" || parsedUrl.hostname === "::1";
-  if (parsedUrl.protocol === "ws:" && !isLoopbackHost && !options.allowInsecureWs) {
-    throw new Error(
-      "Insecure `ws://` is only allowed for loopback hosts by default. Use `wss://` or set `allowInsecureWs` to true."
-    );
+  if (interaction.isButton()) {
+    const message = serializeInteractionMessage(interaction);
+    return {
+      ...base,
+      kind: "button",
+      customId: interaction.customId,
+      ...message ? { message } : {}
+    };
   }
-  if (!isNonEmptyString(options.secret)) {
-    throw new Error("Consumer mode requires `secret`.");
+  if (interaction.isStringSelectMenu()) {
+    const message = serializeInteractionMessage(interaction);
+    return {
+      ...base,
+      kind: "stringSelect",
+      ...serializeSelectMenu(interaction),
+      ...message ? { message } : {}
+    };
   }
-  if (options.secretId !== void 0 && !isNonEmptyString(options.secretId)) {
-    throw new Error("Consumer option `secretId` must be a non-empty string.");
+  if (interaction.isUserSelectMenu()) {
+    const message = serializeInteractionMessage(interaction);
+    return {
+      ...base,
+      kind: "userSelect",
+      ...serializeSelectMenu(interaction),
+      ...message ? { message } : {}
+    };
   }
-  if (options.clientName !== void 0 && !isNonEmptyString(options.clientName)) {
-    throw new Error("Consumer option `clientName` must be a non-empty string.");
+  if (interaction.isRoleSelectMenu()) {
+    const message = serializeInteractionMessage(interaction);
+    return {
+      ...base,
+      kind: "roleSelect",
+      ...serializeSelectMenu(interaction),
+      ...message ? { message } : {}
+    };
   }
-  if (options.requestTimeoutMs !== void 0) {
-    assertPositiveNumber("requestTimeoutMs", options.requestTimeoutMs);
+  if (interaction.isMentionableSelectMenu()) {
+    const message = serializeInteractionMessage(interaction);
+    return {
+      ...base,
+      kind: "mentionableSelect",
+      ...serializeSelectMenu(interaction),
+      ...message ? { message } : {}
+    };
   }
-  if (options.reconnect?.initialDelayMs !== void 0) {
-    assertPositiveNumber("reconnect.initialDelayMs", options.reconnect.initialDelayMs);
+  if (interaction.isChannelSelectMenu()) {
+    const message = serializeInteractionMessage(interaction);
+    return {
+      ...base,
+      kind: "channelSelect",
+      ...serializeSelectMenu(interaction),
+      ...message ? { message } : {}
+    };
   }
-  if (options.reconnect?.maxDelayMs !== void 0) {
-    assertPositiveNumber("reconnect.maxDelayMs", options.reconnect.maxDelayMs);
+  if (interaction.isModalSubmit()) {
+    return {
+      ...base,
+      kind: "modalSubmit",
+      customId: interaction.customId,
+      fields: serializeModalFields(interaction)
+    };
   }
+  return base;
 }
-function assertMessageName(kind, name) {
-  if (!isNonEmptyString(name)) {
-    throw new Error(`${kind} name must be a non-empty string.`);
-  }
+
+// src/discord/runtime/discordjs-adapter.ts
+function isSendCapableChannel(channel) {
+  return Boolean(channel && typeof channel.send === "function");
 }
-function assertJsonPayload(kind, name, payload) {
-  try {
-    JSON.stringify(payload);
-  } catch {
-    throw new Error(`${kind} "${name}" payload must be JSON-serializable.`);
+function isMessageManageableChannel(channel) {
+  if (!isSendCapableChannel(channel)) {
+    return false;
   }
+  const messages = channel.messages;
+  return Boolean(messages && typeof messages.fetch === "function");
 }
-function normalizeSchemaIssues(error) {
-  if (!error || typeof error !== "object") {
-    return void 0;
+function toSendOptions(input) {
+  return {
+    ...input.content !== void 0 ? { content: input.content } : {},
+    ...input.embeds !== void 0 ? { embeds: input.embeds } : {},
+    ...input.allowedMentions !== void 0 ? { allowedMentions: input.allowedMentions } : {}
+  };
+}
+var DiscordJsRuntimeAdapter = class {
+  constructor(options) {
+    this.options = options;
+    const intentBits = options.intents.map((intent) => BOT_INTENT_BITS[intent]);
+    this.logger = withLogger(options.logger);
+    this.client = new import_discord2.Client({
+      intents: intentBits
+    });
+    this.client.once("ready", () => {
+      this.hasReady = true;
+    });
   }
-  const issues = error.issues;
-  if (!Array.isArray(issues)) {
-    return void 0;
+  options;
+  client;
+  logger;
+  interactionCache = new DedupeCache(15 * 60 * 1e3);
+  readyPromise = null;
+  hasReady = false;
+  isReady() {
+    return this.hasReady && this.client.isReady();
   }
-  const normalized = issues.map((issue) => {
-    if (!issue || typeof issue !== "object") {
-      return null;
+  ready() {
+    if (this.readyPromise) {
+      return this.readyPromise;
     }
-    const message = issue.message;
-    const rawPath = issue.path;
-    if (typeof message !== "string") {
-      return null;
+    if (this.isReady()) {
+      return Promise.resolve();
     }
-    const path = Array.isArray(rawPath) && rawPath.length > 0 ? rawPath.map((segment) => typeof segment === "string" || typeof segment === "number" ? String(segment) : "").filter(Boolean).join(".") : "";
-    return { path, message };
-  }).filter((issue) => Boolean(issue));
-  return normalized.length > 0 ? normalized : void 0;
-}
-function parsePayloadWithSchema(schema, payload, context) {
-  if (!schema) {
-    return payload;
-  }
-  try {
-    return schema.parse(payload);
-  } catch (error) {
-    const message = error instanceof Error && error.message.trim().length > 0 ? error.message : `Payload validation failed for ${context.stage} "${context.name}".`;
-    const issues = normalizeSchemaIssues(error);
-    throw new PayloadValidationError(message, {
-      ...context,
-      ...issues ? { issues } : {}
+    this.readyPromise = new Promise((resolve, reject) => {
+      const onReady = () => {
+        cleanup();
+        this.hasReady = true;
+        resolve();
+      };
+      const onError = (error) => {
+        cleanup();
+        reject(error instanceof Error ? error : new Error(String(error)));
+      };
+      const cleanup = () => {
+        this.client.off("ready", onReady);
+        this.client.off("error", onError);
+      };
+      this.client.once("ready", onReady);
+      this.client.once("error", onError);
+      void this.client.login(this.options.token).catch((error) => {
+        cleanup();
+        reject(error instanceof Error ? error : new Error(String(error)));
+      });
     });
+    return this.readyPromise;
   }
-}
-
-// src/consumer/index.ts
-var DEFAULT_REQUEST_TIMEOUT_MS = 1e4;
-var CommandRequestError = class extends Error {
-  constructor(code, message) {
-    super(message);
-    this.code = code;
-    this.name = "CommandRequestError";
+  async close() {
+    this.client.removeAllListeners();
+    await this.client.destroy();
+    this.readyPromise = null;
+    this.hasReady = false;
   }
-  code;
-};
-function createConsumerShardwire(options) {
-  const logger = withLogger(options.logger);
-  const reconnectEnabled = options.reconnect?.enabled ?? true;
-  const initialDelayMs = options.reconnect?.initialDelayMs ?? 500;
-  const maxDelayMs = options.reconnect?.maxDelayMs ?? 1e4;
-  const jitter = options.reconnect?.jitter ?? true;
-  const requestTimeoutMs = options.requestTimeoutMs ?? DEFAULT_REQUEST_TIMEOUT_MS;
-  let socket = null;
-  let isClosed = false;
-  let isAuthed = false;
-  let reconnectAttempts = 0;
-  let reconnectTimer = null;
-  let connectPromise = null;
-  let connectResolve = null;
-  let connectReject = null;
-  let authTimeoutTimer = null;
-  let currentConnectionId = null;
-  const pendingRequests = /* @__PURE__ */ new Map();
-  const eventHandlers = /* @__PURE__ */ new Map();
-  const connectedHandlers = /* @__PURE__ */ new Set();
-  const disconnectedHandlers = /* @__PURE__ */ new Set();
-  const reconnectingHandlers = /* @__PURE__ */ new Set();
-  function clearAuthTimeout() {
-    if (authTimeoutTimer) {
-      clearTimeout(authTimeoutTimer);
-      authTimeoutTimer = null;
+  on(name, handler) {
+    switch (name) {
+      case "ready": {
+        const listener = () => {
+          if (!this.client.user) {
+            return;
+          }
+          handler({
+            receivedAt: Date.now(),
+            user: serializeUser(this.client.user)
+          });
+        };
+        this.client.on("ready", listener);
+        if (this.client.isReady() && this.client.user) {
+          listener();
+        }
+        return () => {
+          this.client.off("ready", listener);
+        };
+      }
+      case "interactionCreate": {
+        const listener = (interaction) => {
+          if (isReplyCapableInteraction(interaction)) {
+            this.interactionCache.set(interaction.id, interaction);
+          }
+          handler({
+            receivedAt: Date.now(),
+            interaction: serializeInteraction(interaction)
+          });
+        };
+        this.client.on("interactionCreate", listener);
+        return () => {
+          this.client.off("interactionCreate", listener);
+        };
+      }
+      case "messageCreate": {
+        const listener = (message) => {
+          handler({
+            receivedAt: Date.now(),
+            message: serializeMessage(message)
+          });
+        };
+        this.client.on("messageCreate", listener);
+        return () => {
+          this.client.off("messageCreate", listener);
+        };
+      }
+      case "messageUpdate": {
+        const listener = (oldMessage, newMessage) => {
+          handler({
+            receivedAt: Date.now(),
+            oldMessage: serializeMessage(oldMessage),
+            message: serializeMessage(newMessage)
+          });
+        };
+        this.client.on("messageUpdate", listener);
+        return () => {
+          this.client.off("messageUpdate", listener);
+        };
+      }
+      case "messageDelete": {
+        const listener = (message) => {
+          handler({
+            receivedAt: Date.now(),
+            message: serializeDeletedMessage(message)
+          });
+        };
+        this.client.on("messageDelete", listener);
+        return () => {
+          this.client.off("messageDelete", listener);
+        };
+      }
+      case "guildMemberAdd": {
+        const listener = (member) => {
+          handler({
+            receivedAt: Date.now(),
+            member: serializeGuildMember(member)
+          });
+        };
+        this.client.on("guildMemberAdd", listener);
+        return () => {
+          this.client.off("guildMemberAdd", listener);
+        };
+      }
+      case "guildMemberRemove": {
+        const listener = (member) => {
+          handler({
+            receivedAt: Date.now(),
+            member: serializeGuildMember(member)
+          });
+        };
+        this.client.on("guildMemberRemove", listener);
+        return () => {
+          this.client.off("guildMemberRemove", listener);
+        };
+      }
+      default:
+        return () => void 0;
     }
   }
-  function resolveConnect() {
-    clearAuthTimeout();
-    connectResolve?.();
-    connectResolve = null;
-    connectReject = null;
-    connectPromise = null;
+  async executeAction(name, payload) {
+    await this.ready();
+    try {
+      switch (name) {
+        case "sendMessage":
+          return await this.sendMessage(payload);
+        case "editMessage":
+          return await this.editMessage(payload);
+        case "deleteMessage":
+          return await this.deleteMessage(payload);
+        case "replyToInteraction":
+          return await this.replyToInteraction(payload);
+        case "deferInteraction":
+          return await this.deferInteraction(payload);
+        case "followUpInteraction":
+          return await this.followUpInteraction(payload);
+        case "banMember":
+          return await this.banMember(payload);
+        case "kickMember":
+          return await this.kickMember(payload);
+        case "addMemberRole":
+          return await this.addMemberRole(payload);
+        case "removeMemberRole":
+          return await this.removeMemberRole(payload);
+        default:
+          throw new ActionExecutionError("INVALID_REQUEST", `Unsupported action "${String(name)}".`);
+      }
+    } catch (error) {
+      if (error instanceof ActionExecutionError) {
+        throw error;
+      }
+      this.logger.error("Discord action execution failed.", { action: name, error: String(error) });
+      throw new ActionExecutionError("INTERNAL_ERROR", error instanceof Error ? error.message : "Discord action failed.");
+    }
   }
-  function rejectConnect(message) {
-    clearAuthTimeout();
-    if (connectReject) {
-      connectReject(new Error(message));
+  async fetchSendableChannel(channelId) {
+    const channel = await this.client.channels.fetch(channelId);
+    if (!isSendCapableChannel(channel)) {
+      throw new ActionExecutionError("NOT_FOUND", `Channel "${channelId}" cannot send messages.`);
     }
-    connectResolve = null;
-    connectReject = null;
-    connectPromise = null;
+    return channel;
   }
-  function sendRaw(data) {
-    if (!socket || socket.readyState !== 1) {
-      throw new Error("Shardwire consumer is not connected.");
+  async fetchMessageChannel(channelId) {
+    const channel = await this.client.channels.fetch(channelId);
+    if (!isMessageManageableChannel(channel)) {
+      throw new ActionExecutionError("NOT_FOUND", `Channel "${channelId}" does not support message operations.`);
     }
-    socket.send(data);
+    return channel;
   }
-  function rejectAllPending(code, reason) {
-    for (const [requestId, pending] of pendingRequests.entries()) {
-      clearTimeout(pending.timer);
-      pending.reject(new CommandRequestError(code, reason));
-      pendingRequests.delete(requestId);
+  getInteraction(interactionId) {
+    const interaction = this.interactionCache.get(interactionId);
+    if (!interaction) {
+      throw new ActionExecutionError("NOT_FOUND", `Interaction "${interactionId}" is no longer available.`);
     }
+    return interaction;
   }
-  function scheduleReconnect() {
-    if (isClosed || !reconnectEnabled || reconnectTimer) {
-      return;
+  async sendMessage(payload) {
+    const channel = await this.fetchSendableChannel(payload.channelId);
+    const message = await channel.send(toSendOptions(payload));
+    return serializeMessage(message);
+  }
+  async editMessage(payload) {
+    const channel = await this.fetchMessageChannel(payload.channelId);
+    const message = await channel.messages.fetch(payload.messageId);
+    const edited = await message.edit(toSendOptions(payload));
+    return serializeMessage(edited);
+  }
+  async deleteMessage(payload) {
+    const channel = await this.fetchMessageChannel(payload.channelId);
+    const message = await channel.messages.fetch(payload.messageId);
+    await message.delete();
+    return {
+      deleted: true,
+      channelId: payload.channelId,
+      messageId: payload.messageId
+    };
+  }
+  async replyToInteraction(payload) {
+    const interaction = this.getInteraction(payload.interactionId);
+    if (interaction.replied || interaction.deferred) {
+      throw new ActionExecutionError("INVALID_REQUEST", `Interaction "${payload.interactionId}" has already been acknowledged.`);
     }
-    const delay = getBackoffDelay(reconnectAttempts, { initialDelayMs, maxDelayMs, jitter });
-    reconnectAttempts += 1;
-    for (const handler of reconnectingHandlers) {
-      try {
-        handler({ attempt: reconnectAttempts, delayMs: delay, at: Date.now() });
-      } catch (error) {
-        logger.warn("Reconnect handler threw an error.", { error: String(error) });
-      }
+    const reply = await interaction.reply({
+      ...toSendOptions(payload),
+      fetchReply: true,
+      ...payload.ephemeral ? { flags: import_discord2.MessageFlags.Ephemeral } : {}
+    });
+    return serializeMessage(reply);
+  }
+  async deferInteraction(payload) {
+    const interaction = this.getInteraction(payload.interactionId);
+    if (interaction.replied) {
+      throw new ActionExecutionError("INVALID_REQUEST", `Interaction "${payload.interactionId}" has already been replied to.`);
     }
-    reconnectTimer = setTimeout(() => {
-      reconnectTimer = null;
-      void connect().catch((error) => {
-        logger.warn("Reconnect attempt failed.", { error: String(error) });
+    if (!interaction.deferred) {
+      await interaction.deferReply({
+        ...payload.ephemeral ? { flags: import_discord2.MessageFlags.Ephemeral } : {}
       });
-    }, delay);
-  }
-  function handleEvent(name, payload, meta) {
-    const handlers = eventHandlers.get(name);
-    if (!handlers || handlers.size === 0) {
-      return;
     }
-    for (const handler of handlers) {
-      try {
-        handler(payload, meta);
-      } catch (error) {
-        logger.warn("Event handler threw an error.", { name, error: String(error) });
-      }
+    return {
+      deferred: true,
+      interactionId: payload.interactionId
+    };
+  }
+  async followUpInteraction(payload) {
+    const interaction = this.getInteraction(payload.interactionId);
+    if (!interaction.replied && !interaction.deferred) {
+      throw new ActionExecutionError("INVALID_REQUEST", `Interaction "${payload.interactionId}" has not been acknowledged yet.`);
     }
+    const followUp = await interaction.followUp({
+      ...toSendOptions(payload),
+      ...payload.ephemeral ? { flags: import_discord2.MessageFlags.Ephemeral } : {}
+    });
+    return serializeMessage(followUp);
   }
-  async function connect() {
-    if (isClosed) {
-      return;
+  async banMember(payload) {
+    const guild = await this.client.guilds.fetch(payload.guildId);
+    await guild.members.ban(payload.userId, {
+      ...payload.reason ? { reason: payload.reason } : {},
+      ...payload.deleteMessageSeconds !== void 0 ? { deleteMessageSeconds: payload.deleteMessageSeconds } : {}
+    });
+    return {
+      guildId: payload.guildId,
+      userId: payload.userId
+    };
+  }
+  async kickMember(payload) {
+    const guild = await this.client.guilds.fetch(payload.guildId);
+    const member = await guild.members.fetch(payload.userId);
+    await member.kick(payload.reason);
+    return {
+      guildId: payload.guildId,
+      userId: payload.userId
+    };
+  }
+  async addMemberRole(payload) {
+    const guild = await this.client.guilds.fetch(payload.guildId);
+    const member = await guild.members.fetch(payload.userId);
+    await member.roles.add(payload.roleId, payload.reason);
+    const refreshed = await member.fetch();
+    return serializeGuildMember(refreshed);
+  }
+  async removeMemberRole(payload) {
+    const guild = await this.client.guilds.fetch(payload.guildId);
+    const member = await guild.members.fetch(payload.userId);
+    await member.roles.remove(payload.roleId, payload.reason);
+    const refreshed = await member.fetch();
+    return serializeGuildMember(refreshed);
+  }
+};
+function createDiscordJsRuntimeAdapter(options) {
+  return new DiscordJsRuntimeAdapter(options);
+}
+function isReplyCapableInteraction(interaction) {
+  return interaction.isRepliable() && typeof interaction.reply === "function" && typeof interaction.deferReply === "function" && typeof interaction.followUp === "function";
+}
+
+// src/bridge/transport/server.ts
+var import_ws = require("ws");
+
+// src/utils/id.ts
+var import_node_crypto = require("crypto");
+function createRequestId() {
+  return (0, import_node_crypto.randomUUID)();
+}
+function createConnectionId() {
+  return (0, import_node_crypto.randomUUID)();
+}
+
+// src/bridge/subscriptions.ts
+function normalizeStringList(value) {
+  if (value === void 0) {
+    return void 0;
+  }
+  const rawValues = Array.isArray(value) ? value : [value];
+  const normalized = [...new Set(rawValues.filter((entry) => typeof entry === "string" && entry.length > 0))].sort();
+  return normalized.length > 0 ? normalized : void 0;
+}
+function normalizeEventSubscriptionFilter(filter) {
+  if (!filter) {
+    return void 0;
+  }
+  const normalized = {};
+  const guildIds = normalizeStringList(filter.guildId);
+  const channelIds = normalizeStringList(filter.channelId);
+  const userIds = normalizeStringList(filter.userId);
+  const commandNames = normalizeStringList(filter.commandName);
+  if (guildIds) {
+    normalized.guildId = guildIds;
+  }
+  if (channelIds) {
+    normalized.channelId = channelIds;
+  }
+  if (userIds) {
+    normalized.userId = userIds;
+  }
+  if (commandNames) {
+    normalized.commandName = commandNames;
+  }
+  return Object.keys(normalized).length > 0 ? normalized : void 0;
+}
+function normalizeEventSubscription(subscription) {
+  const normalizedFilter = normalizeEventSubscriptionFilter(subscription.filter);
+  return {
+    name: subscription.name,
+    ...normalizedFilter ? { filter: normalizedFilter } : {}
+  };
+}
+function serializeEventSubscription(subscription) {
+  return JSON.stringify(normalizeEventSubscription(subscription));
+}
+function matchesField(value, allowed) {
+  if (!allowed) {
+    return true;
+  }
+  if (!value) {
+    return false;
+  }
+  return allowed.includes(value);
+}
+function eventMetadata(name, payload) {
+  switch (name) {
+    case "ready":
+      return {};
+    case "interactionCreate": {
+      const interactionPayload = payload;
+      return {
+        ...interactionPayload.interaction.guildId ? { guildId: interactionPayload.interaction.guildId } : {},
+        ...interactionPayload.interaction.channelId ? { channelId: interactionPayload.interaction.channelId } : {},
+        userId: interactionPayload.interaction.user.id,
+        ...interactionPayload.interaction.commandName ? { commandName: interactionPayload.interaction.commandName } : {}
+      };
     }
-    if (socket && socket.readyState === 1 && isAuthed) {
-      return;
+    case "messageCreate": {
+      const messagePayload = payload;
+      return {
+        ...messagePayload.message.guildId ? { guildId: messagePayload.message.guildId } : {},
+        channelId: messagePayload.message.channelId,
+        ...messagePayload.message.author ? { userId: messagePayload.message.author.id } : {}
+      };
     }
-    if (connectPromise) {
-      return connectPromise;
+    case "messageUpdate": {
+      const messagePayload = payload;
+      return {
+        ...messagePayload.message.guildId ? { guildId: messagePayload.message.guildId } : {},
+        channelId: messagePayload.message.channelId,
+        ...messagePayload.message.author ? { userId: messagePayload.message.author.id } : {}
+      };
     }
-    connectPromise = new Promise((resolve, reject) => {
-      connectResolve = resolve;
-      connectReject = reject;
+    case "messageDelete": {
+      const messagePayload = payload;
+      return {
+        ...messagePayload.message.guildId ? { guildId: messagePayload.message.guildId } : {},
+        channelId: messagePayload.message.channelId
+      };
+    }
+    case "guildMemberAdd": {
+      const memberPayload = payload;
+      return {
+        guildId: memberPayload.member.guildId,
+        userId: memberPayload.member.id
+      };
+    }
+    case "guildMemberRemove": {
+      const memberPayload = payload;
+      return {
+        guildId: memberPayload.member.guildId,
+        userId: memberPayload.member.id
+      };
+    }
+    default:
+      return {};
+  }
+}
+function matchesEventSubscription(subscription, payload) {
+  const normalized = normalizeEventSubscription(subscription);
+  if (!normalized.filter) {
+    return true;
+  }
+  const metadata = eventMetadata(normalized.name, payload);
+  return matchesField(metadata.guildId, normalized.filter.guildId) && matchesField(metadata.channelId, normalized.filter.channelId) && matchesField(metadata.userId, normalized.filter.userId) && matchesField(metadata.commandName, normalized.filter.commandName);
+}
+
+// src/bridge/transport/security.ts
+var import_node_crypto2 = require("crypto");
+function isSecretValid(provided, expected) {
+  const providedBuffer = Buffer.from(provided);
+  const expectedBuffer = Buffer.from(expected);
+  if (providedBuffer.length !== expectedBuffer.length) {
+    return false;
+  }
+  return (0, import_node_crypto2.timingSafeEqual)(providedBuffer, expectedBuffer);
+}
+
+// src/bridge/transport/protocol.ts
+var PROTOCOL_VERSION = 2;
+function makeEnvelope(type, payload, extras) {
+  return {
+    v: PROTOCOL_VERSION,
+    type,
+    ts: Date.now(),
+    ...extras?.requestId ? { requestId: extras.requestId } : {},
+    payload
+  };
+}
+function parseEnvelope(raw) {
+  const parsed = JSON.parse(raw);
+  if (!parsed || parsed.v !== PROTOCOL_VERSION || typeof parsed.type !== "string") {
+    throw new Error("Invalid bridge envelope.");
+  }
+  return parsed;
+}
+function stringifyEnvelope(envelope) {
+  return JSON.stringify(envelope);
+}
+
+// src/bridge/transport/server.ts
+var CLOSE_AUTH_REQUIRED = 4001;
+var CLOSE_AUTH_FAILED = 4003;
+var CLOSE_INVALID_PAYLOAD = 4004;
+var BridgeTransportServer = class {
+  constructor(config) {
+    this.config = config;
+    this.logger = withLogger(config.logger);
+    this.heartbeatMs = config.options.server.heartbeatMs ?? 3e4;
+    this.wss = new import_ws.WebSocketServer({
+      host: config.options.server.host,
+      port: config.options.server.port,
+      path: config.options.server.path ?? "/shardwire",
+      maxPayload: config.options.server.maxPayloadBytes ?? 65536
     });
-    socket = options.webSocketFactory ? options.webSocketFactory(options.url) : createNodeWebSocket(options.url);
-    socket.on("open", () => {
-      reconnectAttempts = 0;
-      isAuthed = false;
-      currentConnectionId = null;
-      const hello = makeEnvelope("auth.hello", {
-        secret: options.secret,
-        secretId: options.secretId,
-        clientName: options.clientName
+    this.wss.on("connection", (socket) => this.handleConnection(socket));
+    this.wss.on("error", (error) => this.logger.error("Bridge transport server error.", { error: String(error) }));
+    this.interval = setInterval(() => {
+      this.checkHeartbeats();
+    }, this.heartbeatMs);
+  }
+  config;
+  wss;
+  logger;
+  heartbeatMs;
+  authTimeoutMs = 5e3;
+  interval;
+  connections = /* @__PURE__ */ new Map();
+  stickyEvents = /* @__PURE__ */ new Map();
+  connectionCount() {
+    let count = 0;
+    for (const state of this.connections.values()) {
+      if (state.authenticated) {
+        count += 1;
+      }
+    }
+    return count;
+  }
+  setStickyEvent(name, payload) {
+    this.stickyEvents.set(name, payload);
+  }
+  publishEvent(name, payload) {
+    const envelope = stringifyEnvelope(makeEnvelope("discord.event", { name, data: payload }));
+    for (const state of this.connections.values()) {
+      if (!state.authenticated) {
+        continue;
+      }
+      const shouldReceive = [...state.subscriptions.values()].some((subscription) => {
+        return subscription.name === name && matchesEventSubscription(subscription, payload);
       });
-      socket?.send(stringifyEnvelope(hello));
-      authTimeoutTimer = setTimeout(() => {
-        if (!isAuthed) {
-          rejectConnect("Shardwire auth timed out.");
-          socket?.close();
+      if (!shouldReceive) {
+        continue;
+      }
+      this.safeSend(state.socket, envelope);
+    }
+  }
+  async close() {
+    clearInterval(this.interval);
+    for (const state of this.connections.values()) {
+      state.socket.close();
+    }
+    this.connections.clear();
+    await new Promise((resolve, reject) => {
+      this.wss.close((error) => {
+        if (error) {
+          reject(error);
+          return;
         }
-      }, requestTimeoutMs);
+        resolve();
+      });
     });
+  }
+  handleConnection(socket) {
+    const state = {
+      id: createConnectionId(),
+      socket,
+      authenticated: false,
+      lastHeartbeatAt: Date.now(),
+      subscriptions: /* @__PURE__ */ new Map()
+    };
+    this.connections.set(socket, state);
+    const authTimer = setTimeout(() => {
+      if (!state.authenticated) {
+        socket.close(CLOSE_AUTH_REQUIRED, "Authentication required.");
+      }
+    }, this.authTimeoutMs);
     socket.on("message", (raw) => {
+      const serialized = typeof raw === "string" ? raw : Buffer.isBuffer(raw) ? raw.toString("utf8") : void 0;
+      if (!serialized) {
+        socket.close(CLOSE_INVALID_PAYLOAD, "Invalid payload.");
+        return;
+      }
+      let envelope;
       try {
-        const serialized = typeof raw === "string" ? raw : String(raw);
-        const envelope = parseEnvelope(serialized);
-        switch (envelope.type) {
-          case "auth.ok":
-            isAuthed = true;
-            if (envelope.payload && typeof envelope.payload === "object" && "connectionId" in envelope.payload && typeof envelope.payload.connectionId === "string") {
-              currentConnectionId = envelope.payload.connectionId;
-            }
-            if (currentConnectionId) {
-              for (const handler of connectedHandlers) {
-                try {
-                  handler({ connectionId: currentConnectionId, connectedAt: Date.now() });
-                } catch (error) {
-                  logger.warn("Connected handler threw an error.", { error: String(error) });
-                }
-              }
-            }
-            resolveConnect();
-            break;
-          case "auth.error": {
-            const payload = envelope.payload;
-            logger.error("Authentication failed for consumer.", {
-              code: payload.code,
-              message: payload.message
-            });
-            rejectConnect(payload.message);
-            rejectAllPending("UNAUTHORIZED", "Shardwire authentication failed.");
-            socket?.close();
-            break;
-          }
-          case "command.result":
-          case "command.error": {
-            const requestId = envelope.requestId;
-            if (!requestId) {
-              return;
-            }
-            const pending = pendingRequests.get(requestId);
-            if (!pending) {
-              return;
-            }
-            clearTimeout(pending.timer);
-            pending.resolve(envelope.payload);
-            pendingRequests.delete(requestId);
-            break;
-          }
-          case "event.emit": {
-            const payload = envelope.payload;
-            const meta = { ts: envelope.ts };
-            if (envelope.source) {
-              meta.source = envelope.source;
-            }
-            handleEvent(payload.name, payload.data, meta);
-            break;
-          }
-          case "ping":
-            sendRaw(stringifyEnvelope(makeEnvelope("pong", {})));
-            break;
-          default:
-            break;
-        }
+        envelope = parseEnvelope(serialized);
       } catch (error) {
-        logger.warn("Failed to parse consumer message.", { error: String(error) });
+        this.logger.warn("Invalid transport envelope from app.", { error: String(error) });
+        socket.close(CLOSE_INVALID_PAYLOAD, "Invalid payload.");
+        return;
       }
+      void this.handleMessage(state, envelope).catch((error) => {
+        this.logger.warn("Failed to handle transport message.", { error: String(error) });
+        socket.close(CLOSE_INVALID_PAYLOAD, "Invalid payload.");
+      });
     });
     socket.on("close", () => {
-      const willReconnect = !isClosed && reconnectEnabled;
-      rejectConnect("Shardwire connection closed.");
-      isAuthed = false;
-      currentConnectionId = null;
-      rejectAllPending("DISCONNECTED", "Shardwire connection closed before command completed.");
-      for (const handler of disconnectedHandlers) {
-        try {
-          handler({
-            reason: "Shardwire connection closed.",
-            at: Date.now(),
-            willReconnect
-          });
-        } catch (error) {
-          logger.warn("Disconnected handler threw an error.", { error: String(error) });
-        }
-      }
-      if (!isClosed) {
-        scheduleReconnect();
-      }
+      clearTimeout(authTimer);
+      this.connections.delete(socket);
     });
     socket.on("error", (error) => {
-      logger.warn("Consumer socket error.", { error: String(error) });
+      this.logger.warn("Transport socket error.", { connectionId: state.id, error: String(error) });
     });
-    return connectPromise;
   }
-  void connect().catch((error) => {
-    logger.warn("Initial connection attempt failed.", { error: String(error) });
-  });
-  return {
-    mode: "consumer",
-    async send(name, payload, sendOptions) {
-      assertMessageName("command", name);
-      assertJsonPayload("command", name, payload);
-      if (!isAuthed) {
-        try {
-          await connect();
-        } catch (error) {
-          return {
-            ok: false,
-            requestId: sendOptions?.requestId ?? "unknown",
-            ts: Date.now(),
-            error: {
+  async handleMessage(state, envelope) {
+    if (envelope.type === "ping") {
+      state.lastHeartbeatAt = Date.now();
+      this.safeSend(state.socket, stringifyEnvelope(makeEnvelope("pong", {})));
+      return;
+    }
+    if (envelope.type === "pong") {
+      state.lastHeartbeatAt = Date.now();
+      return;
+    }
+    if (!state.authenticated) {
+      if (envelope.type !== "auth.hello") {
+        state.socket.close(CLOSE_AUTH_REQUIRED, "Authentication required.");
+        return;
+      }
+      const authResult = this.config.authenticate(envelope.payload);
+      if (!authResult.ok) {
+        const message = authResult.reason === "ambiguous_secret" ? "Authentication failed: secret matches multiple configured scopes. Supply secretId or use unique secret values." : "Authentication failed.";
+        this.safeSend(
+          state.socket,
+          stringifyEnvelope(
+            makeEnvelope("auth.error", {
               code: "UNAUTHORIZED",
-              message: error instanceof Error ? error.message : "Failed to authenticate."
-            }
-          };
-        }
+              reason: authResult.reason,
+              message
+            })
+          )
+        );
+        state.socket.close(CLOSE_AUTH_FAILED, "Invalid secret.");
+        return;
       }
-      if (!socket || socket.readyState !== 1) {
-        return {
-          ok: false,
-          requestId: sendOptions?.requestId ?? "unknown",
-          ts: Date.now(),
-          error: {
-            code: "DISCONNECTED",
-            message: "Not connected to Shardwire host."
-          }
-        };
+      state.authenticated = true;
+      state.lastHeartbeatAt = Date.now();
+      state.secret = authResult.secret;
+      state.capabilities = authResult.capabilities;
+      const payload = envelope.payload;
+      if (payload.appName) {
+        state.appName = payload.appName;
       }
-      const requestId = sendOptions?.requestId ?? createRequestId();
-      const timeoutMs = sendOptions?.timeoutMs ?? requestTimeoutMs;
-      const promise = new Promise((resolve, reject) => {
-        const timer = setTimeout(() => {
-          pendingRequests.delete(requestId);
-          reject(new CommandRequestError("TIMEOUT", `Command "${name}" timed out after ${timeoutMs}ms.`));
-        }, timeoutMs);
-        pendingRequests.set(requestId, {
-          resolve,
-          reject: (error) => reject(error),
-          timer
-        });
-      });
-      sendRaw(
+      this.safeSend(
+        state.socket,
         stringifyEnvelope(
-          makeEnvelope(
-            "command.request",
-            {
-              name,
-              data: payload
-            },
-            { requestId }
-          )
+          makeEnvelope("auth.ok", {
+            connectionId: state.id,
+            capabilities: authResult.capabilities
+          })
         )
       );
-      try {
-        return await promise;
-      } catch (error) {
-        const failureCode = error instanceof CommandRequestError ? error.code : !socket || socket.readyState !== 1 ? "DISCONNECTED" : "TIMEOUT";
-        return {
-          ok: false,
-          requestId,
-          ts: Date.now(),
-          error: {
-            code: failureCode,
-            message: error instanceof Error ? error.message : "Command request failed."
+      return;
+    }
+    if (!state.secret || !state.capabilities) {
+      state.socket.close(CLOSE_AUTH_FAILED, "Invalid state.");
+      return;
+    }
+    switch (envelope.type) {
+      case "subscribe": {
+        const rawSubscriptions = envelope.payload.subscriptions;
+        if (!Array.isArray(rawSubscriptions)) {
+          return;
+        }
+        const allowedEvents = new Set(state.capabilities.events);
+        for (const rawSubscription of rawSubscriptions) {
+          if (!rawSubscription || typeof rawSubscription !== "object" || typeof rawSubscription.name !== "string") {
+            continue;
           }
-        };
-      }
-    },
-    on(name, handler) {
-      assertMessageName("event", name);
-      const casted = handler;
-      const existing = eventHandlers.get(name);
-      if (existing) {
-        existing.add(casted);
-      } else {
-        eventHandlers.set(name, /* @__PURE__ */ new Set([casted]));
+          const typedEvent = rawSubscription.name;
+          if (!allowedEvents.has(typedEvent)) {
+            continue;
+          }
+          const signature = serializeEventSubscription(rawSubscription);
+          state.subscriptions.set(signature, rawSubscription);
+          const stickyPayload = this.stickyEvents.get(typedEvent);
+          if (stickyPayload && matchesEventSubscription(rawSubscription, stickyPayload)) {
+            this.safeSend(
+              state.socket,
+              stringifyEnvelope(makeEnvelope("discord.event", { name: typedEvent, data: stickyPayload }))
+            );
+          }
+        }
+        return;
       }
-      return () => {
-        const handlers = eventHandlers.get(name);
-        if (!handlers) {
+      case "unsubscribe": {
+        const rawSubscriptions = envelope.payload.subscriptions;
+        if (!Array.isArray(rawSubscriptions)) {
           return;
         }
-        handlers.delete(casted);
-        if (handlers.size === 0) {
-          eventHandlers.delete(name);
+        for (const rawSubscription of rawSubscriptions) {
+          if (!rawSubscription || typeof rawSubscription !== "object" || typeof rawSubscription.name !== "string") {
+            continue;
+          }
+          state.subscriptions.delete(serializeEventSubscription(rawSubscription));
         }
-      };
-    },
-    off(name, handler) {
-      assertMessageName("event", name);
-      const handlers = eventHandlers.get(name);
-      if (!handlers) {
         return;
       }
-      handlers.delete(handler);
-      if (handlers.size === 0) {
-        eventHandlers.delete(name);
-      }
-    },
-    onConnected(handler) {
-      connectedHandlers.add(handler);
-      return () => {
-        connectedHandlers.delete(handler);
-      };
-    },
-    onDisconnected(handler) {
-      disconnectedHandlers.add(handler);
-      return () => {
-        disconnectedHandlers.delete(handler);
-      };
-    },
-    onReconnecting(handler) {
-      reconnectingHandlers.add(handler);
-      return () => {
-        reconnectingHandlers.delete(handler);
-      };
-    },
-    ready() {
-      return connect();
-    },
-    connected() {
-      return Boolean(socket && socket.readyState === 1 && isAuthed);
-    },
-    connectionId() {
-      return currentConnectionId;
-    },
-    async close() {
-      isClosed = true;
-      isAuthed = false;
-      currentConnectionId = null;
-      rejectConnect("Shardwire consumer has been closed.");
-      if (reconnectTimer) {
-        clearTimeout(reconnectTimer);
-        reconnectTimer = null;
+      case "action.request": {
+        const requestId = envelope.requestId;
+        const payload = envelope.payload;
+        if (!requestId || !payload || typeof payload.name !== "string") {
+          return;
+        }
+        const result = await this.config.onActionRequest(
+          {
+            id: state.id,
+            ...state.appName ? { appName: state.appName } : {},
+            secret: state.secret,
+            capabilities: state.capabilities
+          },
+          payload.name,
+          payload.data,
+          requestId
+        );
+        this.safeSend(
+          state.socket,
+          stringifyEnvelope(makeEnvelope(result.ok ? "action.result" : "action.error", result, { requestId }))
+        );
+        return;
       }
-      rejectAllPending("DISCONNECTED", "Shardwire consumer has been closed.");
-      if (!socket) {
+      default:
         return;
+    }
+  }
+  checkHeartbeats() {
+    const now = Date.now();
+    const threshold = this.heartbeatMs * 2;
+    for (const state of this.connections.values()) {
+      if (!state.authenticated) {
+        continue;
       }
-      await new Promise((resolve) => {
-        const current = socket;
-        if (!current) {
-          resolve();
-          return;
-        }
-        current.once("close", () => resolve());
-        current.close();
-      });
-      socket = null;
+      if (now - state.lastHeartbeatAt > threshold) {
+        state.socket.terminate();
+        this.connections.delete(state.socket);
+        continue;
+      }
+      this.safeSend(state.socket, stringifyEnvelope(makeEnvelope("ping", {})));
+    }
+  }
+  safeSend(socket, payload) {
+    if (socket.readyState === 1) {
+      socket.send(payload);
+    }
+  }
+};
+function authenticateSecret(payload, secrets, resolver) {
+  if (!payload.secret) {
+    return { ok: false, reason: "invalid_secret" };
+  }
+  let matchedSecret;
+  if (payload.secretId) {
+    matchedSecret = secrets.find((secret) => secret.id === payload.secretId);
+    if (!matchedSecret) {
+      return { ok: false, reason: "unknown_secret_id" };
     }
+    if (!isSecretValid(payload.secret, matchedSecret.value)) {
+      return { ok: false, reason: "invalid_secret" };
+    }
+  } else {
+    const matches = secrets.filter((secret) => isSecretValid(payload.secret, secret.value));
+    if (matches.length === 0) {
+      return { ok: false, reason: "invalid_secret" };
+    }
+    if (matches.length > 1) {
+      return { ok: false, reason: "ambiguous_secret" };
+    }
+    matchedSecret = matches[0];
+  }
+  if (!matchedSecret) {
+    return { ok: false, reason: "invalid_secret" };
+  }
+  return {
+    ok: true,
+    secret: matchedSecret,
+    capabilities: resolver(matchedSecret)
   };
 }
 
-// src/discord/client.ts
-async function resolveDiscordClient(options) {
-  if (options.client) {
-    return { client: options.client, owned: false };
+// src/bridge/validation.ts
+function isNonEmptyString(value) {
+  return typeof value === "string" && value.trim().length > 0;
+}
+function assertPositiveNumber(name, value) {
+  if (typeof value !== "number" || Number.isNaN(value) || value <= 0) {
+    throw new Error(`${name} must be a positive number.`);
+  }
+}
+function normalizeScopeList(value, known, label) {
+  if (value === void 0 || value === "*") {
+    return "*";
+  }
+  if (!Array.isArray(value)) {
+    throw new Error(`${label} must be "*" or an array.`);
+  }
+  const knownSet = new Set(known);
+  const entries = /* @__PURE__ */ new Set();
+  for (const rawItem of value) {
+    if (typeof rawItem !== "string") {
+      throw new Error(`${label} contains a non-string value.`);
+    }
+    const item = rawItem;
+    if (!knownSet.has(item)) {
+      throw new Error(`${label} contains unsupported value "${String(item)}".`);
+    }
+    entries.add(item);
+  }
+  return entries;
+}
+function normalizeSecretEntry(secret, index) {
+  const defaultId = `s${index}`;
+  if (typeof secret === "string") {
+    if (!isNonEmptyString(secret)) {
+      throw new Error(`server.secrets[${index}] must be a non-empty string.`);
+    }
+    return {
+      id: defaultId,
+      value: secret,
+      scope: {
+        events: "*",
+        actions: "*"
+      }
+    };
+  }
+  const scoped = secret;
+  if (!isNonEmptyString(scoped.value)) {
+    throw new Error(`server.secrets[${index}].value must be a non-empty string.`);
+  }
+  if (scoped.id !== void 0 && !isNonEmptyString(scoped.id)) {
+    throw new Error(`server.secrets[${index}].id must be a non-empty string when provided.`);
+  }
+  return {
+    id: scoped.id ?? defaultId,
+    value: scoped.value,
+    scope: {
+      events: normalizeScopeList(scoped.allow?.events, BOT_EVENT_NAMES, `server.secrets[${index}].allow.events`),
+      actions: normalizeScopeList(
+        scoped.allow?.actions,
+        BOT_ACTION_NAMES,
+        `server.secrets[${index}].allow.actions`
+      )
+    }
+  };
+}
+function assertBotBridgeOptions(options) {
+  if (!isNonEmptyString(options.token)) {
+    throw new Error("Bot bridge requires `token`.");
+  }
+  if (!Array.isArray(options.intents) || options.intents.length === 0) {
+    throw new Error("Bot bridge requires at least one intent.");
+  }
+  assertPositiveNumber("server.port", options.server.port);
+  if (options.server.heartbeatMs !== void 0) {
+    assertPositiveNumber("server.heartbeatMs", options.server.heartbeatMs);
+  }
+  if (options.server.maxPayloadBytes !== void 0) {
+    assertPositiveNumber("server.maxPayloadBytes", options.server.maxPayloadBytes);
+  }
+  if (!Array.isArray(options.server.secrets) || options.server.secrets.length === 0) {
+    throw new Error("server.secrets must contain at least one secret.");
+  }
+  const ids = /* @__PURE__ */ new Set();
+  const values = /* @__PURE__ */ new Set();
+  options.server.secrets.forEach((secret, index) => {
+    const normalized = normalizeSecretEntry(secret, index);
+    if (ids.has(normalized.id)) {
+      throw new Error(`server.secrets contains duplicate secret id "${normalized.id}".`);
+    }
+    if (values.has(normalized.value)) {
+      throw new Error(`server.secrets contains duplicate secret value at index ${index}.`);
+    }
+    ids.add(normalized.id);
+    values.add(normalized.value);
+  });
+}
+function normalizeSecrets(options) {
+  return options.server.secrets.map((secret, index) => normalizeSecretEntry(secret, index));
+}
+function assertAppBridgeOptions(options) {
+  if (!isNonEmptyString(options.url)) {
+    throw new Error("App bridge requires `url`.");
+  }
+  let parsedUrl;
+  try {
+    parsedUrl = new URL(options.url);
+  } catch {
+    throw new Error("App bridge option `url` must be a valid URL.");
+  }
+  if (parsedUrl.protocol !== "ws:" && parsedUrl.protocol !== "wss:") {
+    throw new Error("App bridge option `url` must use `ws://` or `wss://`.");
+  }
+  const isLoopbackHost = parsedUrl.hostname === "localhost" || parsedUrl.hostname === "127.0.0.1" || parsedUrl.hostname === "::1";
+  if (parsedUrl.protocol === "ws:" && !isLoopbackHost) {
+    throw new Error("Non-loopback app bridge URLs must use `wss://`.");
+  }
+  if (!isNonEmptyString(options.secret)) {
+    throw new Error("App bridge requires `secret`.");
+  }
+  if (options.secretId !== void 0 && !isNonEmptyString(options.secretId)) {
+    throw new Error("App bridge option `secretId` must be a non-empty string.");
+  }
+  if (options.appName !== void 0 && !isNonEmptyString(options.appName)) {
+    throw new Error("App bridge option `appName` must be a non-empty string.");
+  }
+  if (options.requestTimeoutMs !== void 0) {
+    assertPositiveNumber("requestTimeoutMs", options.requestTimeoutMs);
+  }
+  if (options.reconnect?.initialDelayMs !== void 0) {
+    assertPositiveNumber("reconnect.initialDelayMs", options.reconnect.initialDelayMs);
   }
-  if (!options.token) {
-    return { owned: false };
+  if (options.reconnect?.maxDelayMs !== void 0) {
+    assertPositiveNumber("reconnect.maxDelayMs", options.reconnect.maxDelayMs);
   }
-  const discordModule = await import("discord.js");
-  const created = new discordModule.Client({
-    intents: []
+}
+function resolveCapabilitiesForSecret(intents, secret) {
+  const availableEvents = getAvailableEvents(intents);
+  const events = secret.scope.events === "*" ? [...availableEvents] : availableEvents.filter((eventName) => {
+    return secret.scope.events !== "*" && secret.scope.events.has(eventName);
+  });
+  const actions = secret.scope.actions === "*" ? [...BOT_ACTION_NAMES] : BOT_ACTION_NAMES.filter((action) => {
+    return secret.scope.actions !== "*" && secret.scope.actions.has(action);
   });
-  await created.login(options.token);
-  return { client: created, owned: true };
+  return {
+    events: [...events],
+    actions: [...actions]
+  };
 }
 
-// src/runtime/reliability.ts
-async function withTimeout(promise, timeoutMs, timeoutMessage = "Operation timed out.") {
-  return new Promise((resolve, reject) => {
-    const timeout = setTimeout(() => {
-      reject(new Error(timeoutMessage));
-    }, timeoutMs);
-    promise.then((value) => {
-      clearTimeout(timeout);
-      resolve(value);
-    }).catch((error) => {
-      clearTimeout(timeout);
-      reject(error instanceof Error ? error : new Error(String(error)));
-    });
+// src/bot/index.ts
+function createBotBridge(options) {
+  const runtime = createDiscordJsRuntimeAdapter({
+    token: options.token,
+    intents: options.intents,
+    ...options.logger ? { logger: options.logger } : {}
   });
+  return createBotBridgeWithRuntime(options, runtime);
 }
-var DedupeCache = class {
-  constructor(ttlMs) {
-    this.ttlMs = ttlMs;
-  }
-  ttlMs;
-  cache = /* @__PURE__ */ new Map();
-  get(key) {
-    const entry = this.cache.get(key);
-    if (!entry) {
-      return void 0;
+function createBotBridgeWithRuntime(options, runtime) {
+  assertBotBridgeOptions(options);
+  const secrets = normalizeSecrets(options);
+  const availableEvents = getAvailableEvents(options.intents);
+  const server = new BridgeTransportServer({
+    options,
+    ...options.logger ? { logger: options.logger } : {},
+    authenticate: (payload) => authenticateSecret(payload, secrets, (secret) => resolveCapabilitiesForSecret(options.intents, secret)),
+    onActionRequest: async (connection, actionName, payload, requestId) => {
+      if (!connection.capabilities.actions.includes(actionName)) {
+        return {
+          ok: false,
+          requestId,
+          ts: Date.now(),
+          error: {
+            code: "FORBIDDEN",
+            message: `Action "${actionName}" is not allowed for this app.`
+          }
+        };
+      }
+      try {
+        const result = await runtime.executeAction(actionName, payload);
+        return {
+          ok: true,
+          requestId,
+          ts: Date.now(),
+          data: result
+        };
+      } catch (error) {
+        if (error instanceof ActionExecutionError) {
+          return {
+            ok: false,
+            requestId,
+            ts: Date.now(),
+            error: {
+              code: error.code,
+              message: error.message,
+              ...error.details !== void 0 ? { details: error.details } : {}
+            }
+          };
+        }
+        return {
+          ok: false,
+          requestId,
+          ts: Date.now(),
+          error: {
+            code: "INTERNAL_ERROR",
+            message: error instanceof Error ? error.message : "Unknown action failure."
+          }
+        };
+      }
     }
-    if (entry.expiresAt <= Date.now()) {
-      this.cache.delete(key);
-      return void 0;
+  });
+  const unsubscribers = availableEvents.map(
+    (eventName) => runtime.on(eventName, (payload) => {
+      if (eventName === "ready") {
+        server.setStickyEvent("ready", payload);
+      }
+      server.publishEvent(eventName, payload);
+    })
+  );
+  return {
+    async ready() {
+      await runtime.ready();
+    },
+    async close() {
+      for (const unsubscribe of unsubscribers) {
+        unsubscribe();
+      }
+      await Promise.all([server.close(), runtime.close()]);
+    },
+    status() {
+      return {
+        ready: runtime.isReady(),
+        connectionCount: server.connectionCount()
+      };
     }
-    return entry.value;
-  }
-  set(key, value) {
-    this.cache.set(key, { value, expiresAt: Date.now() + this.ttlMs });
+  };
+}
+
+// src/discord/types.ts
+var BridgeCapabilityError = class extends Error {
+  constructor(kind, name, message) {
+    super(message ?? `Capability "${name}" is not available for ${kind}.`);
+    this.kind = kind;
+    this.name = name;
+    this.name = "BridgeCapabilityError";
   }
+  kind;
+  name;
 };
 
-// src/transport/ws/host-server.ts
+// src/bridge/transport/socket.ts
 var import_ws2 = require("ws");
+function createNodeWebSocket(url) {
+  return new import_ws2.WebSocket(url);
+}
 
-// src/runtime/security.ts
-var import_node_crypto2 = require("crypto");
-function isSecretValid(provided, expected) {
-  const providedBuffer = Buffer.from(provided);
-  const expectedBuffer = Buffer.from(expected);
-  if (providedBuffer.length !== expectedBuffer.length) {
-    return false;
+// src/utils/backoff.ts
+function getBackoffDelay(attempt, config) {
+  const base = Math.min(config.maxDelayMs, config.initialDelayMs * 2 ** attempt);
+  if (!config.jitter) {
+    return base;
   }
-  return (0, import_node_crypto2.timingSafeEqual)(providedBuffer, expectedBuffer);
-}
-function getSecretId(secretIndex) {
-  return `s${secretIndex}`;
+  const spread = Math.floor(base * 0.2);
+  const min = Math.max(0, base - spread);
+  const max = base + spread;
+  return Math.floor(Math.random() * (max - min + 1)) + min;
 }
 
-// src/transport/ws/host-server.ts
-var CLOSE_AUTH_REQUIRED = 4001;
-var CLOSE_AUTH_FAILED = 4003;
-var CLOSE_INVALID_PAYLOAD = 4004;
-var HostWebSocketServer = class {
-  constructor(config) {
-    this.config = config;
-    const serverConfig = config.options.server;
-    this.heartbeatMs = serverConfig.heartbeatMs ?? 3e4;
-    this.logger = withLogger(config.options.logger);
-    this.wss = new import_ws2.WebSocketServer({
-      host: serverConfig.host,
-      port: serverConfig.port,
-      path: serverConfig.path ?? "/shardwire",
-      maxPayload: serverConfig.maxPayloadBytes ?? 65536
-    });
-    this.wss.on("connection", (socket, request) => this.handleConnection(socket, request));
-    this.wss.on(
-      "error",
-      (error) => this.logger.error("Shardwire host server error.", { error: String(error) })
-    );
-    this.interval = setInterval(() => {
-      this.checkHeartbeats();
-    }, this.heartbeatMs);
+// src/app/index.ts
+var AppRequestError = class extends Error {
+  constructor(code, message) {
+    super(message);
+    this.code = code;
+    this.name = "AppRequestError";
   }
-  config;
-  wss;
-  connections = /* @__PURE__ */ new Map();
-  logger;
-  heartbeatMs;
-  authTimeoutMs = 5e3;
-  interval;
-  emitEvent(name, data, source) {
-    const envelope = makeEnvelope(
-      "event.emit",
-      { name, data },
-      source ? { source } : void 0
-    );
-    const raw = stringifyEnvelope(envelope);
-    for (const state of this.connections.values()) {
-      if (!state.authenticated) {
-        continue;
-      }
-      this.safeSend(state.socket, raw);
+  code;
+};
+var DEFAULT_REQUEST_TIMEOUT_MS = 1e4;
+function connectBotBridge(options) {
+  assertAppBridgeOptions(options);
+  const logger = withLogger(options.logger);
+  const reconnectEnabled = options.reconnect?.enabled ?? true;
+  const initialDelayMs = options.reconnect?.initialDelayMs ?? 500;
+  const maxDelayMs = options.reconnect?.maxDelayMs ?? 1e4;
+  const jitter = options.reconnect?.jitter ?? true;
+  const requestTimeoutMs = options.requestTimeoutMs ?? DEFAULT_REQUEST_TIMEOUT_MS;
+  let socket = null;
+  let isClosed = false;
+  let isAuthed = false;
+  let currentConnectionId = null;
+  let currentCapabilities = { events: [], actions: [] };
+  let reconnectAttempts = 0;
+  let reconnectTimer = null;
+  let connectPromise = null;
+  let connectResolve = null;
+  let connectReject = null;
+  let authTimeoutTimer = null;
+  let capabilityError = null;
+  const pendingRequests = /* @__PURE__ */ new Map();
+  const eventHandlers = /* @__PURE__ */ new Map();
+  const subscribedEntries = /* @__PURE__ */ new Map();
+  function clearAuthTimeout() {
+    if (authTimeoutTimer) {
+      clearTimeout(authTimeoutTimer);
+      authTimeoutTimer = null;
     }
   }
-  async close() {
-    clearInterval(this.interval);
-    for (const connection of this.connections.values()) {
-      connection.socket.close();
-    }
-    this.connections.clear();
-    await new Promise((resolve, reject) => {
-      this.wss.close((error) => {
-        if (error) {
-          reject(error);
-          return;
-        }
-        resolve();
-      });
-    });
+  function resolveConnect() {
+    clearAuthTimeout();
+    connectResolve?.();
+    connectResolve = null;
+    connectReject = null;
+    connectPromise = null;
   }
-  handleConnection(socket, request) {
-    const allowlist = this.config.options.server.corsOrigins;
-    if (allowlist && allowlist.length > 0) {
-      const origin = request.headers.origin;
-      if (!origin || !allowlist.includes(origin)) {
-        socket.close(CLOSE_AUTH_FAILED, "Origin not allowed.");
-        return;
-      }
+  function rejectConnect(message) {
+    clearAuthTimeout();
+    if (connectReject) {
+      connectReject(new Error(message));
     }
-    const state = {
-      id: createConnectionId(),
-      socket,
-      authenticated: false,
-      lastHeartbeatAt: Date.now()
-    };
-    this.connections.set(socket, state);
-    const authTimer = setTimeout(() => {
-      if (!state.authenticated) {
-        socket.close(CLOSE_AUTH_REQUIRED, "Authentication required.");
-      }
-    }, this.authTimeoutMs);
-    socket.on("message", (raw) => {
-      const serialized = typeof raw === "string" ? raw : Buffer.isBuffer(raw) ? raw.toString("utf8") : void 0;
-      if (!serialized) {
-        this.logger.warn("Invalid message payload from client.", { error: "Unsupported payload type." });
-        socket.close(CLOSE_INVALID_PAYLOAD, "Invalid payload.");
-        return;
-      }
-      let parsed;
-      try {
-        parsed = parseEnvelope(serialized);
-      } catch (error) {
-        this.logger.warn("Invalid message payload from client.", { error: String(error) });
-        socket.close(CLOSE_INVALID_PAYLOAD, "Invalid payload.");
-        return;
-      }
-      void this.handleMessage(state, parsed).catch((error) => {
-        this.logger.warn("Invalid message payload from client.", { error: String(error) });
-        socket.close(CLOSE_INVALID_PAYLOAD, "Invalid payload.");
-      });
-    });
-    socket.on("close", () => {
-      clearTimeout(authTimer);
-      this.connections.delete(socket);
-    });
-    socket.on(
-      "error",
-      (error) => this.logger.warn("Socket error.", { connectionId: state.id, error: String(error) })
-    );
+    connectResolve = null;
+    connectReject = null;
+    connectPromise = null;
   }
-  async handleMessage(state, envelope) {
-    if (envelope.type === "ping") {
-      state.lastHeartbeatAt = Date.now();
-      this.safeSend(state.socket, stringifyEnvelope(makeEnvelope("pong", {})));
-      return;
-    }
-    if (envelope.type === "pong") {
-      state.lastHeartbeatAt = Date.now();
-      return;
-    }
-    if (!state.authenticated) {
-      if (envelope.type !== "auth.hello") {
-        state.socket.close(CLOSE_AUTH_REQUIRED, "Authentication required.");
-        return;
-      }
-      const payload = envelope.payload;
-      const providedSecret = payload?.secret;
-      const knownSecrets = this.config.options.server.secrets;
-      const secretId = payload?.secretId;
-      let authReason = null;
-      if (!providedSecret) {
-        authReason = "invalid_secret";
-      } else if (secretId) {
-        const secretIndex = knownSecrets.findIndex((_, index) => getSecretId(index) === secretId);
-        if (secretIndex < 0) {
-          authReason = "unknown_secret_id";
-        } else {
-          const expectedSecret = knownSecrets[secretIndex];
-          if (!expectedSecret || !isSecretValid(providedSecret, expectedSecret)) {
-            authReason = "invalid_secret";
-          }
-        }
-      } else if (!knownSecrets.some((secret) => isSecretValid(providedSecret, secret))) {
-        authReason = "invalid_secret";
-      }
-      if (authReason) {
-        this.safeSend(
-          state.socket,
-          stringifyEnvelope(
-            makeEnvelope("auth.error", {
-              code: "UNAUTHORIZED",
-              reason: authReason,
-              message: "Authentication failed."
-            })
-          )
-        );
-        state.socket.close(CLOSE_AUTH_FAILED, "Invalid secret.");
-        return;
-      }
-      state.authenticated = true;
-      state.lastHeartbeatAt = Date.now();
-      if (payload.clientName) {
-        state.clientName = payload.clientName;
-      }
-      this.safeSend(
-        state.socket,
-        stringifyEnvelope(makeEnvelope("auth.ok", { connectionId: state.id }))
-      );
-      return;
+  function sendRaw(data) {
+    if (!socket || socket.readyState !== 1) {
+      throw new Error("App bridge is not connected.");
     }
-    if (envelope.type === "command.request") {
-      const payload = envelope.payload;
-      if (!envelope.requestId || !payload?.name) {
-        const invalid = {
-          ok: false,
-          requestId: envelope.requestId ?? "unknown",
-          ts: Date.now(),
-          error: {
-            code: "VALIDATION_ERROR",
-            message: "Invalid command request envelope."
-          }
-        };
-        this.safeSend(
-          state.socket,
-          stringifyEnvelope(makeEnvelope("command.error", invalid, { requestId: invalid.requestId }))
-        );
-        return;
-      }
-      const response = await this.config.onCommandRequest(
-        state,
-        payload,
-        envelope.requestId,
-        envelope.source
-      );
-      const responseType = response.ok ? "command.result" : "command.error";
-      this.safeSend(
-        state.socket,
-        stringifyEnvelope(makeEnvelope(responseType, response, { requestId: response.requestId }))
-      );
+    socket.send(data);
+  }
+  function rejectAllPending(code, reason) {
+    for (const [requestId, pending] of pendingRequests.entries()) {
+      clearTimeout(pending.timer);
+      pending.reject(new AppRequestError(code, reason));
+      pendingRequests.delete(requestId);
+    }
+  }
+  function scheduleReconnect() {
+    if (isClosed || !reconnectEnabled || reconnectTimer) {
       return;
     }
+    const delay = getBackoffDelay(reconnectAttempts, { initialDelayMs, maxDelayMs, jitter });
+    reconnectAttempts += 1;
+    reconnectTimer = setTimeout(() => {
+      reconnectTimer = null;
+      void connect().catch((error) => {
+        logger.warn("Reconnect attempt failed.", { error: String(error) });
+      });
+    }, delay);
   }
-  checkHeartbeats() {
-    const now = Date.now();
-    const threshold = this.heartbeatMs * 2;
-    for (const state of this.connections.values()) {
-      if (!state.authenticated) {
-        continue;
+  function evaluateSubscriptions() {
+    const desiredSubscriptions = /* @__PURE__ */ new Map();
+    if (currentCapabilities.events.length === 0) {
+      capabilityError = null;
+      for (const handlers of eventHandlers.values()) {
+        for (const entry of handlers) {
+          desiredSubscriptions.set(entry.signature, entry.subscription);
+        }
       }
-      if (now - state.lastHeartbeatAt > threshold) {
-        state.socket.terminate();
-        this.connections.delete(state.socket);
+      return desiredSubscriptions;
+    }
+    const allowedEvents = new Set(currentCapabilities.events);
+    const invalidEvents = [...eventHandlers.keys()].filter((eventName) => !allowedEvents.has(eventName));
+    const firstInvalid = invalidEvents[0];
+    capabilityError = firstInvalid !== void 0 ? new BridgeCapabilityError("event", firstInvalid, `Event "${firstInvalid}" is not available for this app.`) : null;
+    for (const [eventName, handlers] of eventHandlers.entries()) {
+      if (!allowedEvents.has(eventName)) {
         continue;
       }
-      this.safeSend(state.socket, stringifyEnvelope(makeEnvelope("ping", {})));
+      for (const entry of handlers) {
+        desiredSubscriptions.set(entry.signature, entry.subscription);
+      }
     }
+    return desiredSubscriptions;
   }
-  safeSend(socket, payload) {
-    if (socket.readyState === 1) {
-      socket.send(payload);
+  function syncSubscriptions() {
+    if (!isAuthed || !socket || socket.readyState !== 1) {
+      return;
     }
-  }
-};
-
-// src/host/index.ts
-var DEFAULT_COMMAND_TIMEOUT_MS = 1e4;
-function createHostShardwire(options, runtimeHooks) {
-  const commandHandlers = /* @__PURE__ */ new Map();
-  const commandTimeoutMs = options.server.commandTimeoutMs ?? DEFAULT_COMMAND_TIMEOUT_MS;
-  const dedupeCache = new DedupeCache(commandTimeoutMs * 2);
-  const hostServer = new HostWebSocketServer({
-    options,
-    onCommandRequest: async (connection, payload, requestId, source) => {
-      const cacheKey = `${connection.id}:${requestId}:${payload.name}`;
-      const cached = dedupeCache.get(cacheKey);
-      if (cached) {
-        return cached;
-      }
-      const handler = commandHandlers.get(payload.name);
-      if (!handler) {
-        const failure = {
-          ok: false,
-          requestId,
-          ts: Date.now(),
-          error: {
-            code: "COMMAND_NOT_FOUND",
-            message: `No command handler registered for "${payload.name}".`
-          }
-        };
-        dedupeCache.set(cacheKey, failure);
-        return failure;
+    const desiredSubscriptions = evaluateSubscriptions();
+    const toSubscribe = [...desiredSubscriptions.entries()].filter(([signature]) => !subscribedEntries.has(signature)).map(([, subscription]) => subscription);
+    if (toSubscribe.length > 0) {
+      sendRaw(stringifyEnvelope(makeEnvelope("subscribe", { subscriptions: toSubscribe })));
+      for (const subscription of toSubscribe) {
+        subscribedEntries.set(serializeEventSubscription(subscription), subscription);
       }
-      const context = {
-        requestId,
-        connectionId: connection.id,
-        receivedAt: Date.now()
-      };
-      if (source) {
-        context.source = source;
+    }
+    const toUnsubscribe = [...subscribedEntries.entries()].filter(([signature]) => !desiredSubscriptions.has(signature)).map(([, subscription]) => subscription);
+    if (toUnsubscribe.length > 0) {
+      sendRaw(stringifyEnvelope(makeEnvelope("unsubscribe", { subscriptions: toUnsubscribe })));
+      for (const subscription of toUnsubscribe) {
+        subscribedEntries.delete(serializeEventSubscription(subscription));
       }
+    }
+  }
+  function handleEvent(name, payload) {
+    const handlers = eventHandlers.get(name);
+    if (!handlers || handlers.size === 0) {
+      return;
+    }
+    for (const entry of handlers) {
       try {
-        const commandValidation = options.validation?.commands?.[payload.name];
-        const validatedRequest = parsePayloadWithSchema(commandValidation?.request, payload.data, {
-          name: payload.name,
-          stage: "command.request"
-        });
-        const maybePromise = Promise.resolve(handler(validatedRequest, context));
-        const value = await withTimeout(
-          maybePromise,
-          commandTimeoutMs,
-          `Command "${payload.name}" timed out after ${commandTimeoutMs}ms.`
-        );
-        const validatedResponse = parsePayloadWithSchema(commandValidation?.response, value, {
-          name: payload.name,
-          stage: "command.response"
-        });
-        const success = {
-          ok: true,
-          requestId,
-          ts: Date.now(),
-          data: validatedResponse
-        };
-        dedupeCache.set(cacheKey, success);
-        return success;
-      } catch (error) {
-        if (error instanceof PayloadValidationError) {
-          const failure2 = {
-            ok: false,
-            requestId,
-            ts: Date.now(),
-            error: {
-              code: "VALIDATION_ERROR",
-              message: error.message,
-              details: error.details
-            }
-          };
-          dedupeCache.set(cacheKey, failure2);
-          return failure2;
+        if (!matchesEventSubscription(entry.subscription, payload)) {
+          continue;
         }
-        const isTimeout = error instanceof Error && /timed out/i.test(error.message);
-        const failure = {
-          ok: false,
-          requestId,
-          ts: Date.now(),
-          error: {
-            code: isTimeout ? "TIMEOUT" : "INTERNAL_ERROR",
-            message: error instanceof Error ? error.message : "Unknown command execution error."
-          }
-        };
-        dedupeCache.set(cacheKey, failure);
-        return failure;
+        entry.handler(payload);
+      } catch (error) {
+        logger.warn("App event handler threw an error.", { event: name, error: String(error) });
       }
     }
-  });
-  return {
-    mode: "host",
-    onCommand(name, handler) {
-      assertMessageName("command", name);
-      commandHandlers.set(name, handler);
-      return () => {
-        commandHandlers.delete(name);
-      };
-    },
-    emitEvent(name, payload) {
-      assertMessageName("event", name);
-      const validatedPayload = parsePayloadWithSchema(options.validation?.events?.[name], payload, {
-        name,
-        stage: "event.emit"
-      });
-      assertJsonPayload("event", name, validatedPayload);
-      hostServer.emitEvent(name, validatedPayload, options.name);
-    },
-    broadcast(name, payload) {
-      assertMessageName("event", name);
-      const validatedPayload = parsePayloadWithSchema(options.validation?.events?.[name], payload, {
-        name,
-        stage: "event.emit"
-      });
-      assertJsonPayload("event", name, validatedPayload);
-      hostServer.emitEvent(name, validatedPayload, options.name);
-    },
-    close() {
-      return hostServer.close().then(async () => {
-        await runtimeHooks?.onClose?.();
-      });
+  }
+  async function connect() {
+    if (isClosed) {
+      return;
     }
-  };
-}
-
-// src/schema/index.ts
-function fromSafeParseSchema(schema) {
-  return {
-    parse(value) {
-      const result = schema.safeParse(value);
-      if (result.success) {
-        return result.data;
+    if (socket && socket.readyState === 1 && isAuthed) {
+      return;
+    }
+    if (connectPromise) {
+      return connectPromise;
+    }
+    connectPromise = new Promise((resolve, reject) => {
+      connectResolve = resolve;
+      connectReject = reject;
+    });
+    socket = createNodeWebSocket(options.url);
+    socket.on("open", () => {
+      reconnectAttempts = 0;
+      isAuthed = false;
+      subscribedEntries.clear();
+      currentConnectionId = null;
+      currentCapabilities = { events: [], actions: [] };
+      capabilityError = null;
+      sendRaw(
+        stringifyEnvelope(
+          makeEnvelope("auth.hello", {
+            secret: options.secret,
+            ...options.secretId ? { secretId: options.secretId } : {},
+            ...options.appName ? { appName: options.appName } : {}
+          })
+        )
+      );
+      authTimeoutTimer = setTimeout(() => {
+        if (!isAuthed) {
+          rejectConnect("App bridge authentication timed out.");
+          socket?.close();
+        }
+      }, requestTimeoutMs);
+    });
+    socket.on("message", (raw) => {
+      try {
+        const serialized = typeof raw === "string" ? raw : String(raw);
+        const envelope = parseEnvelope(serialized);
+        switch (envelope.type) {
+          case "auth.ok": {
+            const payload = envelope.payload;
+            isAuthed = true;
+            currentConnectionId = payload.connectionId;
+            currentCapabilities = payload.capabilities;
+            syncSubscriptions();
+            resolveConnect();
+            break;
+          }
+          case "auth.error": {
+            const payload = envelope.payload;
+            rejectConnect(payload.message);
+            rejectAllPending("UNAUTHORIZED", payload.message);
+            socket?.close();
+            break;
+          }
+          case "action.result":
+          case "action.error": {
+            const requestId = envelope.requestId;
+            if (!requestId) {
+              return;
+            }
+            const pending = pendingRequests.get(requestId);
+            if (!pending) {
+              return;
+            }
+            clearTimeout(pending.timer);
+            pending.resolve(envelope.payload);
+            pendingRequests.delete(requestId);
+            break;
+          }
+          case "discord.event": {
+            const payload = envelope.payload;
+            handleEvent(payload.name, payload.data);
+            break;
+          }
+          case "ping":
+            sendRaw(stringifyEnvelope(makeEnvelope("pong", {})));
+            break;
+          default:
+            break;
+        }
+      } catch (error) {
+        logger.warn("Failed to parse app bridge message.", { error: String(error) });
       }
-      const error = new Error(result.error.message);
-      if (result.error.issues) {
-        error.issues = result.error.issues;
+    });
+    socket.on("close", () => {
+      rejectConnect("App bridge connection closed.");
+      isAuthed = false;
+      currentConnectionId = null;
+      currentCapabilities = { events: [], actions: [] };
+      subscribedEntries.clear();
+      rejectAllPending("DISCONNECTED", "App bridge connection closed before action completed.");
+      if (!isClosed) {
+        scheduleReconnect();
       }
-      throw error;
-    }
-  };
-}
-
-// src/schema/zod.ts
-function normalizeZodPath(path) {
-  if (path.length === 0) {
-    return "";
+    });
+    socket.on("error", (error) => {
+      logger.warn("App bridge socket error.", { error: String(error) });
+    });
+    return connectPromise;
   }
-  return path.filter((segment) => typeof segment === "string" || typeof segment === "number").map((segment) => String(segment)).join(".");
-}
-function fromZodSchema(schema) {
-  return fromSafeParseSchema({
-    safeParse(value) {
-      const result = schema.safeParse(value);
-      if (result.success) {
-        return { success: true, data: result.data };
-      }
-      const issues = result.error.issues.map((issue) => ({
-        path: normalizeZodPath(issue.path),
-        message: issue.message
-      }));
+  async function invokeAction(name, payload, sendOptions) {
+    try {
+      await connect();
+    } catch (error) {
       return {
-        success: false,
+        ok: false,
+        requestId: sendOptions?.requestId ?? "unknown",
+        ts: Date.now(),
         error: {
-          message: "Schema validation failed.",
-          issues
+          code: "UNAUTHORIZED",
+          message: error instanceof Error ? error.message : "Failed to authenticate."
         }
       };
     }
-  });
-}
-
-// src/index.ts
-function isHostOptions(options) {
-  return "server" in options;
-}
-function createShardwire(options) {
-  if (!isHostOptions(options)) {
-    assertConsumerOptions(options);
-    return createConsumerShardwire(options);
-  }
-  assertHostOptions(options);
-  let ownedClientPromise;
-  if (!options.client && options.token) {
-    ownedClientPromise = resolveDiscordClient(options).then((state) => {
-      if (!state.owned || !state.client) {
-        return void 0;
-      }
+    if (!currentCapabilities.actions.includes(name)) {
+      return {
+        ok: false,
+        requestId: sendOptions?.requestId ?? "unknown",
+        ts: Date.now(),
+        error: {
+          code: "FORBIDDEN",
+          message: `Action "${name}" is not available for this app.`
+        }
+      };
+    }
+    if (!socket || socket.readyState !== 1 || !isAuthed) {
       return {
-        destroy: () => state.client?.destroy()
+        ok: false,
+        requestId: sendOptions?.requestId ?? "unknown",
+        ts: Date.now(),
+        error: {
+          code: "DISCONNECTED",
+          message: "Not connected to the bot bridge."
+        }
       };
-    }).catch((error) => {
-      options.logger?.error?.("Failed to initialize discord.js client from token.", {
-        error: String(error)
+    }
+    const requestId = sendOptions?.requestId ?? createRequestId();
+    const timeoutMs = sendOptions?.timeoutMs ?? requestTimeoutMs;
+    const promise = new Promise((resolve, reject) => {
+      const timer = setTimeout(() => {
+        pendingRequests.delete(requestId);
+        reject(new AppRequestError("TIMEOUT", `Action "${name}" timed out after ${timeoutMs}ms.`));
+      }, timeoutMs);
+      pendingRequests.set(requestId, {
+        resolve,
+        reject: (error) => reject(error),
+        timer
       });
-      return void 0;
     });
+    sendRaw(
+      stringifyEnvelope(
+        makeEnvelope(
+          "action.request",
+          {
+            name,
+            data: payload
+          },
+          { requestId }
+        )
+      )
+    );
+    try {
+      return await promise;
+    } catch (error) {
+      const code = error instanceof AppRequestError ? error.code : !socket || socket.readyState !== 1 ? "DISCONNECTED" : "TIMEOUT";
+      return {
+        ok: false,
+        requestId,
+        ts: Date.now(),
+        error: {
+          code,
+          message: error instanceof Error ? error.message : "Action request failed."
+        }
+      };
+    }
   }
-  return createHostShardwire(options, {
-    onClose: async () => {
-      const owned = await ownedClientPromise;
-      owned?.destroy();
+  const actions = {
+    sendMessage: (payload, sendOptions) => invokeAction("sendMessage", payload, sendOptions),
+    editMessage: (payload, sendOptions) => invokeAction("editMessage", payload, sendOptions),
+    deleteMessage: (payload, sendOptions) => invokeAction("deleteMessage", payload, sendOptions),
+    replyToInteraction: (payload, sendOptions) => invokeAction("replyToInteraction", payload, sendOptions),
+    deferInteraction: (payload, sendOptions) => invokeAction("deferInteraction", payload, sendOptions),
+    followUpInteraction: (payload, sendOptions) => invokeAction("followUpInteraction", payload, sendOptions),
+    banMember: (payload, sendOptions) => invokeAction("banMember", payload, sendOptions),
+    kickMember: (payload, sendOptions) => invokeAction("kickMember", payload, sendOptions),
+    addMemberRole: (payload, sendOptions) => invokeAction("addMemberRole", payload, sendOptions),
+    removeMemberRole: (payload, sendOptions) => invokeAction("removeMemberRole", payload, sendOptions)
+  };
+  return {
+    actions,
+    async ready() {
+      await connect();
+      if (capabilityError) {
+        throw capabilityError;
+      }
+    },
+    async close() {
+      isClosed = true;
+      isAuthed = false;
+      currentConnectionId = null;
+      currentCapabilities = { events: [], actions: [] };
+      capabilityError = null;
+      subscribedEntries.clear();
+      rejectConnect("App bridge has been closed.");
+      if (reconnectTimer) {
+        clearTimeout(reconnectTimer);
+        reconnectTimer = null;
+      }
+      rejectAllPending("DISCONNECTED", "App bridge has been closed.");
+      if (!socket) {
+        return;
+      }
+      await new Promise((resolve) => {
+        const current = socket;
+        if (!current) {
+          resolve();
+          return;
+        }
+        current.once("close", () => resolve());
+        current.close();
+      });
+      socket = null;
+    },
+    connected() {
+      return Boolean(socket && socket.readyState === 1 && isAuthed);
+    },
+    connectionId() {
+      return currentConnectionId;
+    },
+    capabilities() {
+      return {
+        events: [...currentCapabilities.events],
+        actions: [...currentCapabilities.actions]
+      };
+    },
+    on(name, handler, filter) {
+      if (currentCapabilities.events.length > 0 && !currentCapabilities.events.includes(name)) {
+        throw new BridgeCapabilityError("event", name, `Event "${name}" is not available for this app.`);
+      }
+      const casted = handler;
+      const subscription = filter ? { name, filter } : { name };
+      const entry = {
+        handler: casted,
+        subscription,
+        signature: serializeEventSubscription(subscription)
+      };
+      const existing = eventHandlers.get(name);
+      if (existing) {
+        existing.add(entry);
+      } else {
+        eventHandlers.set(name, /* @__PURE__ */ new Set([entry]));
+      }
+      if (this.connected()) {
+        syncSubscriptions();
+      }
+      return () => {
+        const handlers = eventHandlers.get(name);
+        if (!handlers) {
+          return;
+        }
+        handlers.delete(entry);
+        if (handlers.size === 0) {
+          eventHandlers.delete(name);
+        }
+        if (this.connected()) {
+          syncSubscriptions();
+        }
+      };
+    },
+    off(name, handler) {
+      const handlers = eventHandlers.get(name);
+      if (!handlers) {
+        return;
+      }
+      for (const entry of [...handlers]) {
+        if (entry.handler === handler) {
+          handlers.delete(entry);
+        }
+      }
+      if (handlers.size === 0) {
+        eventHandlers.delete(name);
+      }
+      if (this.connected()) {
+        syncSubscriptions();
+      }
     }
-  });
+  };
 }
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
-  createShardwire,
-  fromSafeParseSchema,
-  fromZodSchema
+  BridgeCapabilityError,
+  connectBotBridge,
+  createBotBridge
 });
 //# sourceMappingURL=index.js.map