ssh-mcp-pro 1.0.0 → 1.1.3

package/dist/remote/control-plane.js

@@ -1,161 +1,17 @@
-import { createPublicKey } from "node:crypto";
 import { URL } from "node:url";
-import { ensurePemKeyPair, hashSecret, id, issueAccessToken, keyId, loadJwtKeyPair, nowIso, publicJwkFromPem, randomToken, sha256Base64Url, signEnvelope, verifyEnvelope, verifyRemoteAccessToken, } from "./crypto.js";
+import { ensurePemKeyPair, hashSecret, id, keyId, loadJwtKeyPair, nowIso, randomToken, signEnvelope, verifyRemoteAccessToken, } from "./crypto.js";
 import { loadRemoteConfig } from "./config.js";
+import { isRecord, asString, negotiateMcpProtocolVersion, quotePosixArg, quotePowerShellArg, addNoStore, safeError, isValidEd25519PublicKey, readJson, sanitizeAgent, } from "./http-util.js";
 import { listRemoteToolDescriptors } from "./mcp-tools.js";
 import { createAgentPolicy, mergeCustomPolicy } from "./policy.js";
-import { parseActionResultEnvelope, parseAgentHelloEnvelope, parseAgentHostMetadata, } from "./schemas.js";
-import { hasCapability, parseScopes } from "./scopes.js";
+import { parseAgentHostMetadata } from "./schemas.js";
+import { hasCapability } from "./scopes.js";
 import { RemoteStore } from "./store.js";
-import { REMOTE_SCOPES, TOOL_CAPABILITY_MAP } from "./types.js";
-import { formDecode, jsonResponse } from "./util.js";
-import { acceptWebSocketUpgrade } from "./websocket.js";
+import { OAuthHandler } from "./oauth-handler.js";
+import { AgentWebSocketHandler, } from "./agent-handler.js";
+import { TOOL_CAPABILITY_MAP } from "./types.js";
+import { jsonResponse } from "./util.js";
 import { SERVER_VERSION } from "../mcp.js";
-const AGENT_NONCE_TTL_MS = 300_000;
-const MAX_AGENT_CONNECTION_NONCES = 4096;
-function isRecord(value) {
-    return value !== null && typeof value === "object" && !Array.isArray(value);
-}
-function asString(value) {
-    return typeof value === "string" ? value : undefined;
-}
-function quotePosixArg(value) {
-    return `'${value.replace(/'/gu, `'"'"'`)}'`;
-}
-function quotePowerShellArg(value) {
-    return `'${value.replace(/'/gu, "''")}'`;
-}
-function asStringArray(value) {
-    if (!Array.isArray(value)) {
-        return [];
-    }
-    return value.filter((item) => typeof item === "string");
-}
-function pruneNonceWindow(nonces, now = Date.now()) {
-    for (const [nonce, expiresAt] of nonces.entries()) {
-        if (expiresAt <= now) {
-            nonces.delete(nonce);
-        }
-    }
-}
-function hasSeenNonce(nonces, nonce, now = Date.now()) {
-    pruneNonceWindow(nonces, now);
-    return nonces.has(nonce);
-}
-function rememberNonce(nonces, nonce, now = Date.now()) {
-    pruneNonceWindow(nonces, now);
-    nonces.set(nonce, now + AGENT_NONCE_TTL_MS);
-    while (nonces.size > MAX_AGENT_CONNECTION_NONCES) {
-        const oldest = nonces.keys().next().value;
-        if (typeof oldest !== "string") {
-            break;
-        }
-        nonces.delete(oldest);
-    }
-}
-function addNoStore(headers = {}) {
-    return {
-        "Cache-Control": "no-store",
-        Pragma: "no-cache",
-        ...headers,
-    };
-}
-function redirect(res, location) {
-    res.writeHead(302, { Location: location, "Cache-Control": "no-store" });
-    res.end();
-}
-function safeError(code, message, status = 400) {
-    return { code, message, status };
-}
-function isValidEd25519PublicKey(publicKeyPem) {
-    try {
-        return createPublicKey(publicKeyPem).asymmetricKeyType === "ed25519";
-    }
-    catch {
-        return false;
-    }
-}
-async function readBody(req, maxBytes = 1_000_000) {
-    const chunks = [];
-    let size = 0;
-    for await (const chunk of req) {
-        const buffer = Buffer.isBuffer(chunk) ? chunk : Buffer.from(chunk);
-        size += buffer.byteLength;
-        if (size > maxBytes) {
-            throw safeError("FORBIDDEN", "Request body is too large", 413);
-        }
-        chunks.push(buffer);
-    }
-    return Buffer.concat(chunks).toString("utf8");
-}
-async function readJson(req) {
-    const raw = await readBody(req);
-    if (!raw.trim()) {
-        return {};
-    }
-    const parsed = JSON.parse(raw);
-    if (!isRecord(parsed)) {
-        throw safeError("INTERNAL_ERROR", "Expected JSON object");
-    }
-    return parsed;
-}
-async function readJsonOrForm(req) {
-    const raw = await readBody(req);
-    const contentType = req.headers["content-type"] ?? "";
-    if (String(contentType).includes("application/json")) {
-        const parsed = raw ? JSON.parse(raw) : {};
-        if (!isRecord(parsed)) {
-            throw safeError("INTERNAL_ERROR", "Expected JSON object");
-        }
-        return Object.fromEntries(Object.entries(parsed).map(([key, value]) => [
-            key,
-            typeof value === "string" ? value : String(value ?? ""),
-        ]));
-    }
-    try {
-        return formDecode(raw);
-    }
-    catch {
-        throw safeError("INVALID_CLIENT", "Duplicate form parameter");
-    }
-}
-function isSafeRedirectUri(uri) {
-    try {
-        const parsed = new URL(uri);
-        if (parsed.protocol === "https:") {
-            return true;
-        }
-        return (parsed.protocol === "http:" && ["localhost", "127.0.0.1", "::1"].includes(parsed.hostname));
-    }
-    catch {
-        return false;
-    }
-}
-function pkceChallenge(verifier) {
-    return sha256Base64Url(verifier);
-}
-function scopeList(scope) {
-    const valid = new Set(REMOTE_SCOPES);
-    const rawScopes = scope.split(/\s+/u).filter(Boolean);
-    if (rawScopes.some((entry) => !valid.has(entry))) {
-        throw safeError("INVALID_SCOPE", "Requested scope is not supported");
-    }
-    const scopes = parseScopes(scope);
-    return scopes.length > 0 ? scopes : ["hosts:read", "agents:read", "status:read", "logs:read"];
-}
-function sanitizeAgent(agent) {
-    return {
-        id: agent.id,
-        alias: agent.alias,
-        status: agent.status,
-        profile: agent.profile,
-        policy_version: agent.policyVersion,
-        host_metadata: agent.hostMetadata,
-        last_seen_at: agent.lastSeenAt,
-        created_at: agent.createdAt,
-        updated_at: agent.updatedAt,
-    };
-}
 export class RemoteControlPlane {
     config;
     store;
@@ -166,10 +22,14 @@ export class RemoteControlPlane {
     cleanupInterval;
     jwtKeyPair;
     controlPlaneKeyPair;
+    oauth;
+    agentHandler;
     constructor(config = loadRemoteConfig()) {
         this.config = config;
         this.store = new RemoteStore(config.databaseUrl);
         this.controlPlaneKeyPair = ensurePemKeyPair(config.controlPlaneSigningKeyPath);
+        this.oauth = new OAuthHandler(config, this.store, this.authorizeTransactions, () => this.requireJwtKeyPair(), (event) => this.audit(event));
+        this.agentHandler = new AgentWebSocketHandler(config, this.store, this.agentConnections, this.agentHelloNonces, this.pendingActions, (event) => this.audit(event));
         this.cleanupInterval = setInterval(() => this.cleanupEphemeralState(), 60_000);
         this.cleanupInterval.unref?.();
     }
@@ -192,48 +52,36 @@ export class RemoteControlPlane {
         this.store.close();
     }
     cleanupEphemeralState(now = Date.now()) {
-        for (const [transactionId, transaction] of this.authorizeTransactions.entries()) {
-            if (transaction.expiresAt <= now) {
-                this.authorizeTransactions.delete(transactionId);
-            }
-        }
-        for (const [agentId, nonces] of this.agentHelloNonces.entries()) {
-            pruneNonceWindow(nonces, now);
-            if (nonces.size === 0) {
-                this.agentHelloNonces.delete(agentId);
-            }
-        }
-        for (const live of this.agentConnections.values()) {
-            pruneNonceWindow(live.seenNonces, now);
-        }
+        this.oauth.cleanupExpired(now);
+        this.agentHandler.cleanupEphemeralState(now);
     }
     async handleHttp(req, res, pathname) {
         if (pathname === "/.well-known/oauth-protected-resource" && req.method === "GET") {
-            jsonResponse(res, 200, this.protectedResourceMetadata(), addNoStore());
+            jsonResponse(res, 200, this.oauth.protectedResourceMetadata(), addNoStore());
             return true;
         }
         if (pathname === "/.well-known/oauth-authorization-server" && req.method === "GET") {
-            jsonResponse(res, 200, this.authorizationServerMetadata(), addNoStore());
+            jsonResponse(res, 200, this.oauth.authorizationServerMetadata(), addNoStore());
             return true;
         }
         if (pathname === "/oauth/register" && req.method === "POST") {
-            await this.handleRegister(req, res);
+            await this.oauth.handleRegister(req, res);
             return true;
         }
         if (pathname === "/oauth/authorize" && req.method === "GET") {
-            await this.handleAuthorize(req, res);
+            await this.oauth.handleAuthorize(req, res);
             return true;
         }
         if (pathname === "/oauth/callback/github" && req.method === "GET") {
-            await this.handleGitHubCallback(req, res);
+            await this.oauth.handleGitHubCallback(req, res);
             return true;
         }
         if (pathname === "/oauth/token" && req.method === "POST") {
-            await this.handleToken(req, res);
+            await this.oauth.handleToken(req, res);
             return true;
         }
         if (pathname === "/oauth/jwks.json" && req.method === "GET") {
-            await this.handleJwks(res);
+            await this.oauth.handleJwks(res);
             return true;
         }
         if (pathname === "/readyz" && req.method === "GET") {
@@ -241,7 +89,7 @@ export class RemoteControlPlane {
                 ok: true,
                 service: "ssh-mcp-pro",
                 control_plane: true,
-                agents_online: this.agentConnections.size,
+                agents_online: this.agentHandler.connectedAgentCount,
             });
             return true;
         }
@@ -256,281 +104,7 @@ export class RemoteControlPlane {
         return false;
     }
     handleUpgrade(req, socket, head, pathname) {
-        if (pathname !== this.config.agentWsPath) {
-            return false;
-        }
-        const connection = acceptWebSocketUpgrade(req, socket, head);
-        connection.onText((message) => {
-            void this.handleAgentMessage(connection, message).catch(() => {
-                connection.sendJson({
-                    type: "error",
-                    code: "INTERNAL_ERROR",
-                    message: "Agent message failed",
-                });
-                connection.close();
-            });
-        });
-        return true;
-    }
-    protectedResourceMetadata() {
-        return {
-            resource: this.config.mcpResourceUrl,
-            resource_name: "SshAutomator MCP",
-            authorization_servers: [this.config.publicBaseUrl],
-            bearer_methods_supported: ["header"],
-            scopes_supported: REMOTE_SCOPES,
-        };
-    }
-    authorizationServerMetadata() {
-        return {
-            issuer: this.config.publicBaseUrl,
-            authorization_endpoint: `${this.config.publicBaseUrl}/oauth/authorize`,
-            token_endpoint: `${this.config.publicBaseUrl}/oauth/token`,
-            registration_endpoint: `${this.config.publicBaseUrl}/oauth/register`,
-            jwks_uri: `${this.config.publicBaseUrl}/oauth/jwks.json`,
-            response_types_supported: ["code"],
-            grant_types_supported: ["authorization_code"],
-            code_challenge_methods_supported: ["S256"],
-            token_endpoint_auth_methods_supported: ["none"],
-            scopes_supported: REMOTE_SCOPES,
-        };
-    }
-    async handleRegister(req, res) {
-        const body = await readJson(req);
-        const redirectUris = asStringArray(body.redirect_uris);
-        if (redirectUris.length === 0 || redirectUris.some((uri) => !isSafeRedirectUri(uri))) {
-            throw safeError("INVALID_REDIRECT_URI", "redirect_uris must contain HTTPS URLs or localhost HTTP URLs");
-        }
-        if (this.store.countOAuthClients() >= this.config.maxOAuthClients) {
-            throw safeError("FORBIDDEN", "OAuth client registration limit reached", 429);
-        }
-        const now = nowIso();
-        const client = {
-            id: id("clirow"),
-            clientId: id("cli"),
-            clientName: asString(body.client_name) ?? "ChatGPT Connector",
-            redirectUris,
-            grantTypes: ["authorization_code"],
-            responseTypes: ["code"],
-            tokenEndpointAuthMethod: "none",
-            createdAt: now,
-        };
-        this.store.insertClient(client);
-        this.audit({
-            eventType: "oauth_client_registered",
-            severity: "info",
-            metadata: { client_id: client.clientId, redirect_uri_count: redirectUris.length },
-        });
-        jsonResponse(res, 201, {
-            client_id: client.clientId,
-            client_name: client.clientName,
-            redirect_uris: client.redirectUris,
-            grant_types: client.grantTypes,
-            response_types: client.responseTypes,
-            token_endpoint_auth_method: client.tokenEndpointAuthMethod,
-        }, addNoStore());
-    }
-    async handleAuthorize(req, res) {
-        const url = new URL(req.url ?? "/oauth/authorize", this.config.publicBaseUrl);
-        const clientId = url.searchParams.get("client_id") ?? "";
-        const redirectUri = url.searchParams.get("redirect_uri") ?? "";
-        const responseType = url.searchParams.get("response_type") ?? "";
-        const codeChallenge = url.searchParams.get("code_challenge") ?? "";
-        const codeChallengeMethod = url.searchParams.get("code_challenge_method") ?? "";
-        const state = url.searchParams.get("state") ?? "";
-        const resource = url.searchParams.get("resource") ?? this.config.mcpResourceUrl;
-        const scope = url.searchParams.get("scope") ?? "hosts:read agents:read status:read logs:read";
-        this.validateAuthorizeParams(clientId, redirectUri, responseType, codeChallenge, codeChallengeMethod, resource, scope);
-        const pending = {
-            clientId,
-            redirectUri,
-            codeChallenge,
-            resource,
-            scope,
-            state,
-            expiresAt: Date.now() + this.config.authCodeTtlSeconds * 1000,
-        };
-        const testUser = this.testGitHubUser();
-        if (testUser) {
-            const user = this.upsertGitHubUser(testUser);
-            const code = this.issueAuthorizationCode(pending, user.id);
-            const destination = new URL(redirectUri);
-            destination.searchParams.set("code", code);
-            if (state) {
-                destination.searchParams.set("state", state);
-            }
-            redirect(res, destination.toString());
-            return;
-        }
-        if (!this.config.githubClientId || !this.config.githubClientSecret) {
-            throw safeError("FORBIDDEN", "GitHub OAuth is not configured", 503);
-        }
-        const transactionId = id("code");
-        this.authorizeTransactions.set(transactionId, pending);
-        const githubUrl = new URL("https://github.com/login/oauth/authorize");
-        githubUrl.searchParams.set("client_id", this.config.githubClientId);
-        githubUrl.searchParams.set("redirect_uri", this.config.githubCallbackUrl);
-        githubUrl.searchParams.set("scope", "read:user");
-        githubUrl.searchParams.set("state", transactionId);
-        redirect(res, githubUrl.toString());
-    }
-    validateAuthorizeParams(clientId, redirectUri, responseType, codeChallenge, codeChallengeMethod, resource, scope) {
-        const client = this.store.getClient(clientId);
-        if (!client) {
-            throw safeError("INVALID_CLIENT", "Unknown client_id");
-        }
-        if (!client.redirectUris.includes(redirectUri) || !isSafeRedirectUri(redirectUri)) {
-            throw safeError("INVALID_REDIRECT_URI", "redirect_uri is not registered");
-        }
-        if (responseType !== "code") {
-            throw safeError("INVALID_CLIENT", "response_type must be code");
-        }
-        if (!codeChallenge || codeChallengeMethod !== "S256") {
-            throw safeError("PKCE_VALIDATION_FAILED", "PKCE S256 is required");
-        }
-        if (resource !== this.config.mcpResourceUrl) {
-            throw safeError("INVALID_TOKEN", "resource must match MCP resource URL");
-        }
-        scopeList(scope);
-    }
-    async handleGitHubCallback(req, res) {
-        const url = new URL(req.url ?? "/oauth/callback/github", this.config.publicBaseUrl);
-        const code = url.searchParams.get("code") ?? "";
-        const state = url.searchParams.get("state") ?? "";
-        const pending = this.authorizeTransactions.get(state);
-        this.authorizeTransactions.delete(state);
-        if (!code || !pending || pending.expiresAt < Date.now()) {
-            throw safeError("INVALID_TOKEN", "OAuth transaction is missing or expired");
-        }
-        const githubUser = await this.fetchGitHubUser(code);
-        const user = this.upsertGitHubUser(githubUser);
-        const authCode = this.issueAuthorizationCode(pending, user.id);
-        const destination = new URL(pending.redirectUri);
-        destination.searchParams.set("code", authCode);
-        if (pending.state) {
-            destination.searchParams.set("state", pending.state);
-        }
-        redirect(res, destination.toString());
-    }
-    async fetchGitHubUser(code) {
-        const tokenResponse = await fetch("https://github.com/login/oauth/access_token", {
-            method: "POST",
-            headers: { Accept: "application/json", "Content-Type": "application/json" },
-            body: JSON.stringify({
-                client_id: this.config.githubClientId,
-                client_secret: this.config.githubClientSecret,
-                code,
-                redirect_uri: this.config.githubCallbackUrl,
-            }),
-        });
-        const tokenPayload = (await tokenResponse.json());
-        const accessToken = asString(tokenPayload.access_token);
-        if (!accessToken) {
-            throw safeError("INVALID_TOKEN", "GitHub OAuth token exchange failed", 502);
-        }
-        const userResponse = await fetch("https://api.github.com/user", {
-            headers: { Authorization: `Bearer ${accessToken}`, Accept: "application/vnd.github+json" },
-        });
-        const userPayload = (await userResponse.json());
-        return { id: String(userPayload.id ?? ""), login: String(userPayload.login ?? "") };
-    }
-    testGitHubUser() {
-        const idValue = process.env.SSHAUTOMATOR_TEST_GITHUB_ID;
-        const login = process.env.SSHAUTOMATOR_TEST_GITHUB_LOGIN;
-        return idValue && login ? { id: idValue, login } : undefined;
-    }
-    upsertGitHubUser(githubUser) {
-        if (!this.isGitHubUserAllowed(githubUser)) {
-            throw safeError("FORBIDDEN", "GitHub user is not allowed");
-        }
-        const existing = this.store.getUserByGitHubId(githubUser.id);
-        const internalId = existing?.id ?? `github:${githubUser.id}`;
-        this.store.upsertUser({ ...githubUser, internalId, now: nowIso() });
-        this.audit({
-            userId: internalId,
-            eventType: "user_login",
-            severity: "info",
-            metadata: { github_id: githubUser.id, github_login: githubUser.login },
-        });
-        return { id: internalId, githubId: githubUser.id, githubLogin: githubUser.login };
-    }
-    isGitHubUserAllowed(user) {
-        return (this.config.allowAllUsers ||
-            this.config.allowedGitHubIds.includes(user.id) ||
-            this.config.allowedGitHubLogins.includes(user.login));
-    }
-    issueAuthorizationCode(pending, userId) {
-        const code = randomToken(32);
-        const now = nowIso();
-        const record = {
-            id: id("code"),
-            codeHash: hashSecret(code),
-            clientId: pending.clientId,
-            userId,
-            redirectUri: pending.redirectUri,
-            codeChallenge: pending.codeChallenge,
-            codeChallengeMethod: "S256",
-            resource: pending.resource,
-            scope: pending.scope,
-            expiresAt: new Date(Date.now() + this.config.authCodeTtlSeconds * 1000).toISOString(),
-            createdAt: now,
-        };
-        this.store.insertAuthorizationCode(record);
-        return code;
-    }
-    async handleToken(req, res) {
-        const body = await readJsonOrForm(req);
-        if (body.grant_type !== "authorization_code") {
-            throw safeError("INVALID_CLIENT", "grant_type must be authorization_code");
-        }
-        const clientId = body.client_id ?? "";
-        const client = this.store.getClient(clientId);
-        if (!client) {
-            throw safeError("INVALID_CLIENT", "Unknown client_id");
-        }
-        const code = body.code ?? "";
-        const redirectUri = body.redirect_uri ?? "";
-        const verifier = body.code_verifier ?? "";
-        const codeRecord = this.store.getAuthorizationCodeByHash(hashSecret(code));
-        if (codeRecord?.clientId !== clientId || codeRecord?.redirectUri !== redirectUri) {
-            throw safeError("INVALID_TOKEN", "Invalid authorization code");
-        }
-        if (codeRecord.usedAt || new Date(codeRecord.expiresAt).getTime() < Date.now()) {
-            throw safeError("INVALID_TOKEN", "Authorization code is expired or already used");
-        }
-        if (!verifier || pkceChallenge(verifier) !== codeRecord.codeChallenge) {
-            throw safeError("PKCE_VALIDATION_FAILED", "Invalid PKCE code_verifier");
-        }
-        const jwtKeyPair = this.requireJwtKeyPair();
-        const user = this.userFromId(codeRecord.userId);
-        const scopes = scopeList(codeRecord.scope);
-        try {
-            this.store.markAuthorizationCodeUsed(codeRecord.codeHash, nowIso());
-        }
-        catch {
-            throw safeError("INVALID_TOKEN", "Authorization code is expired or already used");
-        }
-        const token = await issueAccessToken(this.config, jwtKeyPair, user, scopes);
-        jsonResponse(res, 200, {
-            access_token: token.token,
-            token_type: "Bearer",
-            expires_in: this.config.accessTokenTtlSeconds,
-            scope: scopes.join(" "),
-        }, addNoStore());
-    }
-    userFromId(userId) {
-        if (userId.startsWith("github:")) {
-            const githubId = userId.slice("github:".length);
-            const user = this.store.getUserByGitHubId(githubId);
-            if (user) {
-                return user;
-            }
-        }
-        throw safeError("UNAUTHORIZED", "User no longer exists", 401);
-    }
-    async handleJwks(res) {
-        const jwtKeyPair = this.requireJwtKeyPair();
-        jsonResponse(res, 200, { keys: [await publicJwkFromPem(jwtKeyPair.publicKeyPem)] }, addNoStore());
+        return this.agentHandler.handleUpgrade(req, socket, head, pathname);
     }
     async handleMcp(req, res) {
         if (req.method === "OPTIONS") {
@@ -558,7 +132,7 @@ export class RemoteControlPlane {
                 jsonrpc: "2.0",
                 id: rpcId,
                 result: {
-                    protocolVersion: "2025-06-18",
+                    protocolVersion: negotiateMcpProtocolVersion(body.params),
                     capabilities: { tools: {} },
                     serverInfo: { name: "sshautomator-remote-agent", version: SERVER_VERSION },
                 },
@@ -699,207 +273,6 @@ export class RemoteControlPlane {
             control_plane_public_key: this.controlPlaneKeyPair.publicKeyPem,
         }, addNoStore());
     }
-    async handleAgentMessage(connection, message) {
-        const payload = JSON.parse(message);
-        if (!isRecord(payload)) {
-            connection.sendJson({ type: "error", code: "INTERNAL_ERROR", message: "Invalid message" });
-            connection.close();
-            return;
-        }
-        if (payload.type === "agent.hello") {
-            await this.handleAgentHello(connection, parseAgentHelloEnvelope(payload));
-            return;
-        }
-        if (payload.type === "action.result") {
-            await this.handleActionResult(connection, parseActionResultEnvelope(payload));
-            return;
-        }
-        connection.sendJson({ type: "error", code: "INTERNAL_ERROR", message: "Unknown message type" });
-        connection.close();
-    }
-    async handleAgentHello(connection, hello) {
-        const agent = this.store.getAgent(hello.agent_id);
-        if (!agent || agent.status === "revoked" || !agent.publicKey) {
-            connection.sendJson({
-                type: "error",
-                code: "AGENT_NOT_FOUND",
-                message: "Agent is not enrolled",
-            });
-            connection.close();
-            return;
-        }
-        if (!verifyEnvelope(hello, agent.publicKey)) {
-            this.audit({
-                userId: agent.userId,
-                agentId: agent.id,
-                eventType: "agent_signature_invalid",
-                severity: "warn",
-                metadata: { message_type: "agent.hello" },
-            });
-            connection.sendJson({
-                type: "error",
-                code: "SIGNATURE_INVALID",
-                message: "Agent signature is invalid",
-            });
-            connection.close();
-            return;
-        }
-        const timestampAgeMs = Math.abs(Date.now() - new Date(hello.timestamp).getTime());
-        if (timestampAgeMs > 300_000) {
-            this.audit({
-                userId: agent.userId,
-                agentId: agent.id,
-                eventType: "agent_hello_expired",
-                severity: "warn",
-                metadata: {},
-            });
-            connection.sendJson({
-                type: "error",
-                code: "ACTION_EXPIRED",
-                message: "Agent hello timestamp is stale",
-            });
-            connection.close();
-            return;
-        }
-        const now = Date.now();
-        this.cleanupEphemeralState(now);
-        const existingConnection = this.agentConnections.get(agent.id);
-        if (existingConnection?.connection === connection) {
-            this.audit({
-                userId: agent.userId,
-                agentId: agent.id,
-                eventType: "agent_duplicate_hello_rejected",
-                severity: "warn",
-                metadata: {},
-            });
-            connection.sendJson({
-                type: "error",
-                code: "ACTION_REPLAY_DETECTED",
-                message: "Agent hello was already processed on this connection",
-            });
-            connection.close();
-            return;
-        }
-        const helloNonces = this.agentHelloNonces.get(agent.id) ?? new Map();
-        if (helloNonces.has(hello.nonce)) {
-            this.audit({
-                userId: agent.userId,
-                agentId: agent.id,
-                eventType: "agent_hello_replay_detected",
-                severity: "warn",
-                metadata: {},
-            });
-            connection.sendJson({
-                type: "error",
-                code: "ACTION_REPLAY_DETECTED",
-                message: "Agent hello nonce was already used",
-            });
-            connection.close();
-            return;
-        }
-        helloNonces.set(hello.nonce, now + AGENT_NONCE_TTL_MS);
-        this.agentHelloNonces.set(agent.id, helloNonces);
-        if (existingConnection) {
-            existingConnection.connection.close();
-        }
-        const seenNonces = new Map();
-        rememberNonce(seenNonces, hello.nonce, now);
-        this.agentConnections.set(agent.id, { agent, connection, seenNonces });
-        const online = {
-            ...agent,
-            status: "online",
-            lastSeenAt: nowIso(),
-            hostMetadata: hello.host,
-            updatedAt: nowIso(),
-        };
-        this.store.updateAgent(online);
-        connection.onClose(() => {
-            const live = this.agentConnections.get(agent.id);
-            if (live?.connection !== connection) {
-                return;
-            }
-            this.agentConnections.delete(agent.id);
-            const latest = this.store.getAgent(agent.id);
-            if (latest && latest.status !== "revoked") {
-                this.store.updateAgent({ ...latest, status: "offline", updatedAt: nowIso() });
-            }
-            this.audit({
-                userId: agent.userId,
-                agentId: agent.id,
-                eventType: "agent_disconnected",
-                severity: "info",
-                metadata: {},
-            });
-        });
-        this.audit({
-            userId: agent.userId,
-            agentId: agent.id,
-            eventType: "agent_connected",
-            severity: "info",
-            metadata: { agent_version: hello.agent_version, host: hello.host.hostname },
-        });
-        connection.sendJson({ type: "agent.ready", agent_id: agent.id, policy: agent.policy });
-    }
-    async handleActionResult(connection, result) {
-        const pending = this.pendingActions.get(result.action_id);
-        if (!pending) {
-            return;
-        }
-        const agent = this.store.getAgent(result.agent_id);
-        if (!agent?.publicKey ||
-            !verifyEnvelope(result, agent.publicKey)) {
-            clearTimeout(pending.timeout);
-            this.pendingActions.delete(result.action_id);
-            this.audit({
-                userId: pending.action.userId,
-                agentId: pending.action.agentId,
-                actionId: pending.action.id,
-                eventType: "agent_result_signature_invalid",
-                severity: "warn",
-                metadata: {},
-            });
-            pending.reject(new Error("Agent result signature is invalid"));
-            return;
-        }
-        const live = this.agentConnections.get(result.agent_id);
-        if (pending.action.agentId !== result.agent_id || live?.connection !== connection) {
-            clearTimeout(pending.timeout);
-            this.pendingActions.delete(result.action_id);
-            this.audit({
-                userId: pending.action.userId,
-                agentId: pending.action.agentId,
-                actionId: pending.action.id,
-                eventType: "agent_result_connection_invalid",
-                severity: "warn",
-                metadata: {},
-            });
-            pending.reject(Object.assign(new Error("Agent result came from an unexpected connection"), {
-                code: "SIGNATURE_INVALID",
-            }));
-            return;
-        }
-        const now = Date.now();
-        if (hasSeenNonce(live.seenNonces, result.nonce, now)) {
-            clearTimeout(pending.timeout);
-            this.pendingActions.delete(result.action_id);
-            this.audit({
-                userId: pending.action.userId,
-                agentId: pending.action.agentId,
-                actionId: pending.action.id,
-                eventType: "agent_result_replay_detected",
-                severity: "warn",
-                metadata: {},
-            });
-            pending.reject(Object.assign(new Error("Agent result nonce was already used"), {
-                code: "ACTION_REPLAY_DETECTED",
-            }));
-            return;
-        }
-        rememberNonce(live.seenNonces, result.nonce, now);
-        clearTimeout(pending.timeout);
-        this.pendingActions.delete(result.action_id);
-        pending.resolve(result);
-    }
     async authenticate(req) {
         try {
             return await verifyRemoteAccessToken(req.headers.authorization, this.config, this.requireJwtKeyPair());