npm - uxnan-bridge - Versions diffs - 0.0.1-alpha.20260621 - Mend

uxnan-bridge 0.0.1-alpha.20260621

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (255) hide show

package/README.md +150 -0
package/dist/src/account-status.d.ts +13 -0
package/dist/src/account-status.js +78 -0
package/dist/src/account-status.js.map +1 -0
package/dist/src/adapters/base-adapter.d.ts +18 -0
package/dist/src/adapters/base-adapter.js +15 -0
package/dist/src/adapters/base-adapter.js.map +1 -0
package/dist/src/adapters/claude-adapter.d.ts +102 -0
package/dist/src/adapters/claude-adapter.js +486 -0
package/dist/src/adapters/claude-adapter.js.map +1 -0
package/dist/src/adapters/claude-tools.d.ts +25 -0
package/dist/src/adapters/claude-tools.js +146 -0
package/dist/src/adapters/claude-tools.js.map +1 -0
package/dist/src/adapters/codex-adapter.d.ts +116 -0
package/dist/src/adapters/codex-adapter.js +912 -0
package/dist/src/adapters/codex-adapter.js.map +1 -0
package/dist/src/adapters/codex-app-server.d.ts +74 -0
package/dist/src/adapters/codex-app-server.js +225 -0
package/dist/src/adapters/codex-app-server.js.map +1 -0
package/dist/src/adapters/codex-approval.d.ts +88 -0
package/dist/src/adapters/codex-approval.js +160 -0
package/dist/src/adapters/codex-approval.js.map +1 -0
package/dist/src/adapters/codex-tools.d.ts +18 -0
package/dist/src/adapters/codex-tools.js +106 -0
package/dist/src/adapters/codex-tools.js.map +1 -0
package/dist/src/adapters/content-blocks.d.ts +68 -0
package/dist/src/adapters/content-blocks.js +205 -0
package/dist/src/adapters/content-blocks.js.map +1 -0
package/dist/src/adapters/echo-agent-adapter.d.ts +23 -0
package/dist/src/adapters/echo-agent-adapter.js +72 -0
package/dist/src/adapters/echo-agent-adapter.js.map +1 -0
package/dist/src/adapters/gemini-adapter.d.ts +87 -0
package/dist/src/adapters/gemini-adapter.js +594 -0
package/dist/src/adapters/gemini-adapter.js.map +1 -0
package/dist/src/adapters/gemini-tools.d.ts +4 -0
package/dist/src/adapters/gemini-tools.js +48 -0
package/dist/src/adapters/gemini-tools.js.map +1 -0
package/dist/src/adapters/opencode-adapter.d.ts +74 -0
package/dist/src/adapters/opencode-adapter.js +418 -0
package/dist/src/adapters/opencode-adapter.js.map +1 -0
package/dist/src/adapters/opencode-tools.d.ts +2 -0
package/dist/src/adapters/opencode-tools.js +41 -0
package/dist/src/adapters/opencode-tools.js.map +1 -0
package/dist/src/adapters/pi-adapter.d.ts +92 -0
package/dist/src/adapters/pi-adapter.js +467 -0
package/dist/src/adapters/pi-adapter.js.map +1 -0
package/dist/src/adapters/pi-tools.d.ts +10 -0
package/dist/src/adapters/pi-tools.js +72 -0
package/dist/src/adapters/pi-tools.js.map +1 -0
package/dist/src/adapters/process-agent-adapter.d.ts +24 -0
package/dist/src/adapters/process-agent-adapter.js +111 -0
package/dist/src/adapters/process-agent-adapter.js.map +1 -0
package/dist/src/adapters/resolve-claude.d.ts +13 -0
package/dist/src/adapters/resolve-claude.js +57 -0
package/dist/src/adapters/resolve-claude.js.map +1 -0
package/dist/src/adapters/resolve-codex.d.ts +13 -0
package/dist/src/adapters/resolve-codex.js +48 -0
package/dist/src/adapters/resolve-codex.js.map +1 -0
package/dist/src/adapters/resolve-gemini.d.ts +13 -0
package/dist/src/adapters/resolve-gemini.js +47 -0
package/dist/src/adapters/resolve-gemini.js.map +1 -0
package/dist/src/adapters/resolve-opencode.d.ts +11 -0
package/dist/src/adapters/resolve-opencode.js +49 -0
package/dist/src/adapters/resolve-opencode.js.map +1 -0
package/dist/src/adapters/resolve-pi.d.ts +13 -0
package/dist/src/adapters/resolve-pi.js +46 -0
package/dist/src/adapters/resolve-pi.js.map +1 -0
package/dist/src/adapters/run-options.d.ts +22 -0
package/dist/src/adapters/run-options.js +48 -0
package/dist/src/adapters/run-options.js.map +1 -0
package/dist/src/adapters/spawn.d.ts +20 -0
package/dist/src/adapters/spawn.js +16 -0
package/dist/src/adapters/spawn.js.map +1 -0
package/dist/src/agents/agent-manager.d.ts +98 -0
package/dist/src/agents/agent-manager.js +433 -0
package/dist/src/agents/agent-manager.js.map +1 -0
package/dist/src/agents/attachments.d.ts +28 -0
package/dist/src/agents/attachments.js +121 -0
package/dist/src/agents/attachments.js.map +1 -0
package/dist/src/bridge-context.d.ts +45 -0
package/dist/src/bridge-context.js +2 -0
package/dist/src/bridge-context.js.map +1 -0
package/dist/src/bridge-status.d.ts +12 -0
package/dist/src/bridge-status.js +17 -0
package/dist/src/bridge-status.js.map +1 -0
package/dist/src/bridge.d.ts +37 -0
package/dist/src/bridge.js +446 -0
package/dist/src/bridge.js.map +1 -0
package/dist/src/cli.d.ts +2 -0
package/dist/src/cli.js +194 -0
package/dist/src/cli.js.map +1 -0
package/dist/src/conversation/session-history.d.ts +27 -0
package/dist/src/conversation/session-history.js +1082 -0
package/dist/src/conversation/session-history.js.map +1 -0
package/dist/src/conversation/thread-store.d.ts +74 -0
package/dist/src/conversation/thread-store.js +366 -0
package/dist/src/conversation/thread-store.js.map +1 -0
package/dist/src/daemon-config.d.ts +123 -0
package/dist/src/daemon-config.js +64 -0
package/dist/src/daemon-config.js.map +1 -0
package/dist/src/daemon-state.d.ts +27 -0
package/dist/src/daemon-state.js +76 -0
package/dist/src/daemon-state.js.map +1 -0
package/dist/src/git/git-runner.d.ts +24 -0
package/dist/src/git/git-runner.js +63 -0
package/dist/src/git/git-runner.js.map +1 -0
package/dist/src/git/git-service.d.ts +76 -0
package/dist/src/git/git-service.js +435 -0
package/dist/src/git/git-service.js.map +1 -0
package/dist/src/handler-router.d.ts +34 -0
package/dist/src/handler-router.js +67 -0
package/dist/src/handler-router.js.map +1 -0
package/dist/src/handlers/account-handler.d.ts +4 -0
package/dist/src/handlers/account-handler.js +27 -0
package/dist/src/handlers/account-handler.js.map +1 -0
package/dist/src/handlers/agent-handler.d.ts +2 -0
package/dist/src/handlers/agent-handler.js +8 -0
package/dist/src/handlers/agent-handler.js.map +1 -0
package/dist/src/handlers/bridge-control-handler.d.ts +2 -0
package/dist/src/handlers/bridge-control-handler.js +64 -0
package/dist/src/handlers/bridge-control-handler.js.map +1 -0
package/dist/src/handlers/desktop-handler.d.ts +12 -0
package/dist/src/handlers/desktop-handler.js +5 -0
package/dist/src/handlers/desktop-handler.js.map +1 -0
package/dist/src/handlers/git-handler.d.ts +2 -0
package/dist/src/handlers/git-handler.js +82 -0
package/dist/src/handlers/git-handler.js.map +1 -0
package/dist/src/handlers/index.d.ts +8 -0
package/dist/src/handlers/index.js +22 -0
package/dist/src/handlers/index.js.map +1 -0
package/dist/src/handlers/not-implemented.d.ts +10 -0
package/dist/src/handlers/not-implemented.js +21 -0
package/dist/src/handlers/not-implemented.js.map +1 -0
package/dist/src/handlers/notifications-handler.d.ts +2 -0
package/dist/src/handlers/notifications-handler.js +62 -0
package/dist/src/handlers/notifications-handler.js.map +1 -0
package/dist/src/handlers/params.d.ts +11 -0
package/dist/src/handlers/params.js +72 -0
package/dist/src/handlers/params.js.map +1 -0
package/dist/src/handlers/project-handler.d.ts +2 -0
package/dist/src/handlers/project-handler.js +6 -0
package/dist/src/handlers/project-handler.js.map +1 -0
package/dist/src/handlers/thread-context-handler.d.ts +2 -0
package/dist/src/handlers/thread-context-handler.js +211 -0
package/dist/src/handlers/thread-context-handler.js.map +1 -0
package/dist/src/handlers/workspace-handler.d.ts +2 -0
package/dist/src/handlers/workspace-handler.js +101 -0
package/dist/src/handlers/workspace-handler.js.map +1 -0
package/dist/src/hooks/claude-approval-hook.d.ts +7 -0
package/dist/src/hooks/claude-approval-hook.js +95 -0
package/dist/src/hooks/claude-approval-hook.js.map +1 -0
package/dist/src/hooks/gemini-approval-hook.d.ts +7 -0
package/dist/src/hooks/gemini-approval-hook.js +113 -0
package/dist/src/hooks/gemini-approval-hook.js.map +1 -0
package/dist/src/index.d.ts +62 -0
package/dist/src/index.js +65 -0
package/dist/src/index.js.map +1 -0
package/dist/src/keyring-secret-store.d.ts +36 -0
package/dist/src/keyring-secret-store.js +70 -0
package/dist/src/keyring-secret-store.js.map +1 -0
package/dist/src/lock-file.d.ts +18 -0
package/dist/src/lock-file.js +60 -0
package/dist/src/lock-file.js.map +1 -0
package/dist/src/logger.d.ts +28 -0
package/dist/src/logger.js +99 -0
package/dist/src/logger.js.map +1 -0
package/dist/src/pairing/pairing-code-service.d.ts +45 -0
package/dist/src/pairing/pairing-code-service.js +183 -0
package/dist/src/pairing/pairing-code-service.js.map +1 -0
package/dist/src/projects/project-registry.d.ts +14 -0
package/dist/src/projects/project-registry.js +60 -0
package/dist/src/projects/project-registry.js.map +1 -0
package/dist/src/push/push-sender.d.ts +21 -0
package/dist/src/push/push-sender.js +96 -0
package/dist/src/push/push-sender.js.map +1 -0
package/dist/src/push/push-service.d.ts +122 -0
package/dist/src/push/push-service.js +260 -0
package/dist/src/push/push-service.js.map +1 -0
package/dist/src/qr.d.ts +17 -0
package/dist/src/qr.js +31 -0
package/dist/src/qr.js.map +1 -0
package/dist/src/secret-store.d.ts +23 -0
package/dist/src/secret-store.js +27 -0
package/dist/src/secret-store.js.map +1 -0
package/dist/src/secure-device-state.d.ts +16 -0
package/dist/src/secure-device-state.js +63 -0
package/dist/src/secure-device-state.js.map +1 -0
package/dist/src/service-installer.d.ts +57 -0
package/dist/src/service-installer.js +254 -0
package/dist/src/service-installer.js.map +1 -0
package/dist/src/session-state.d.ts +14 -0
package/dist/src/session-state.js +19 -0
package/dist/src/session-state.js.map +1 -0
package/dist/src/transport/crypto.d.ts +43 -0
package/dist/src/transport/crypto.js +78 -0
package/dist/src/transport/crypto.js.map +1 -0
package/dist/src/transport/lan-server.d.ts +33 -0
package/dist/src/transport/lan-server.js +105 -0
package/dist/src/transport/lan-server.js.map +1 -0
package/dist/src/transport/local-hosts.d.ts +17 -0
package/dist/src/transport/local-hosts.js +30 -0
package/dist/src/transport/local-hosts.js.map +1 -0
package/dist/src/transport/mdns-advertiser.d.ts +83 -0
package/dist/src/transport/mdns-advertiser.js +282 -0
package/dist/src/transport/mdns-advertiser.js.map +1 -0
package/dist/src/transport/message-io.d.ts +33 -0
package/dist/src/transport/message-io.js +87 -0
package/dist/src/transport/message-io.js.map +1 -0
package/dist/src/transport/outbound-log.d.ts +24 -0
package/dist/src/transport/outbound-log.js +78 -0
package/dist/src/transport/outbound-log.js.map +1 -0
package/dist/src/transport/relay-client.d.ts +19 -0
package/dist/src/transport/relay-client.js +27 -0
package/dist/src/transport/relay-client.js.map +1 -0
package/dist/src/transport/secure-channel.d.ts +33 -0
package/dist/src/transport/secure-channel.js +81 -0
package/dist/src/transport/secure-channel.js.map +1 -0
package/dist/src/transport/server-handshake.d.ts +49 -0
package/dist/src/transport/server-handshake.js +137 -0
package/dist/src/transport/server-handshake.js.map +1 -0
package/dist/src/transport/session-handler.d.ts +19 -0
package/dist/src/transport/session-handler.js +134 -0
package/dist/src/transport/session-handler.js.map +1 -0
package/dist/src/transport/session-registry.d.ts +58 -0
package/dist/src/transport/session-registry.js +91 -0
package/dist/src/transport/session-registry.js.map +1 -0
package/dist/src/transport/trust-store.d.ts +23 -0
package/dist/src/transport/trust-store.js +33 -0
package/dist/src/transport/trust-store.js.map +1 -0
package/dist/src/transport/ws-adapter.d.ts +7 -0
package/dist/src/transport/ws-adapter.js +16 -0
package/dist/src/transport/ws-adapter.js.map +1 -0
package/dist/src/version.d.ts +1 -0
package/dist/src/version.js +13 -0
package/dist/src/version.js.map +1 -0
package/dist/src/workspace/browse-service.d.ts +10 -0
package/dist/src/workspace/browse-service.js +97 -0
package/dist/src/workspace/browse-service.js.map +1 -0
package/dist/src/workspace/checkpoint-service.d.ts +21 -0
package/dist/src/workspace/checkpoint-service.js +219 -0
package/dist/src/workspace/checkpoint-service.js.map +1 -0
package/dist/src/workspace/path-guard.d.ts +7 -0
package/dist/src/workspace/path-guard.js +51 -0
package/dist/src/workspace/path-guard.js.map +1 -0
package/dist/src/workspace/workspace-service.d.ts +8 -0
package/dist/src/workspace/workspace-service.js +111 -0
package/dist/src/workspace/workspace-service.js.map +1 -0
package/package.json +46 -0
package/scripts/extract-gemini-hook.mjs +16 -0
package/scripts/fake-approval-bridge.mjs +23 -0
package/scripts/install-service-linux.sh +38 -0
package/scripts/install-service-macos.sh +38 -0
package/scripts/install-service-windows.ps1 +26 -0
package/scripts/test-gemini-hook-e2e.mjs +168 -0
package/scripts/write-gemini-settings.mjs +31 -0

package/README.md ADDED Viewed

@@ -0,0 +1,150 @@
+# uxnan-bridge
+Local control-plane daemon that connects the Uxnan mobile app to the developer's
+PC over an end-to-end-encrypted channel. It runs Git, reads the workspace, and
+drives AI coding agents on behalf of the phone, routing JSON-RPC methods to
+per-domain handlers.
+> **Status: ALPHA-FUNCTIONAL on the primary path (LAN/Tailscale-direct, bridge-
+> direct push).** The bridge is the **heart of the product** — the product is
+> bridge-first: the mobile app pairs with the bridge and tries direct LAN/
+> Tailscale addresses first; the relay is an optional, self-hosted off-LAN
+> fallback. Background push is sent **by the bridge** (FCM HTTP v1) over any
+> transport, so the phone keeps getting notifications whether the bridge is
+> reached via direct LAN, Tailscale, or relay.
+>
+> **DONE:**
+> - **E2EE transport** (relay `mac` client + direct-LAN `http+ws` server,
+>   handshake, AES-256-GCM channel, byte-for-byte compatible with the mobile
+>   app; background reconnect loop; stable pairing session; mDNS discovery
+>   `_uxnan._tcp.local`; manual-code pairing `GET /pair/resolve?code=`).
+> - **OS-keychain identity persistence** + single-instance lock.
+> - **Real Git + Workspace handlers** (path-traversal-safe, working-tree
+>   checkpoints with **true restore** + retention pruning, `git/revert`,
+>   `git/deleteBranch`, `git/removeWorktree`, `workspace/exists`,
+>   `workspace/browseDirs`).
+> - **Conversation engine** (threads/turns + streaming, per-thread
+>   `Message.blocks`/`Message.thinking`/`Message.usage`).
+> - **5 real agents wired:** OpenCode (default), Claude Code, Codex, pi, and
+>   **Gemini CLI**. Each spawns its **official local CLI** over stdio with
+>   `shell:false`, parses the native stream, and emits structured
+>   `stream/content/block` events (command / diff / tool) plus
+>   `stream/thinking/delta` (reasoning). **Aider** is the only remaining
+>   agent (recipe in [`FOR-DEV.md`](FOR-DEV.md)).
+> - **Per-thread agent/project selection** + per-project agent/model pins
+>   (`projectAgents` config); per-model run-option knobs advertised on
+>   `agent/models`; per-turn token usage on `stream/turn/completed`.
+> - **Full thread lifecycle** (`thread/rename|archive|unarchive|delete`).
+> - **Plug-and-play folder browsing** (`workspace/browseDirs`) with
+>   `browseRoots` config.
+> - **Direct FCM push from the bridge** (primary path, persisted across
+>   restarts, per-phone target, prune-on-untrust). `firebase-admin` is an
+>   `optionalDependency` — no creds = silent no-op, foreground local
+>   notifications still work.
+> - **Sanitized per-agent `auth/status`** (never tokens, login detected by
+>   auth-file existence only).
+> - **Interactive approval intake** (Echo demo + Claude Code opt-in
+>   `PreToolUse` hook + Codex via the `codex app-server` turn protocol
+>   — `applyPatchApproval` / `execCommandApproval` elicitations routed
+>   through the same `requestApproval` round-trip; all validated
+>   end-to-end).
+> - **Image attachments** (CLI-agnostic file-path, sandbox-safe).
+> - **On-disk `turn/list` history fallback** for Claude/Codex/OpenCode/pi/Gemini
+>   JSONL/JSON stores.
+> - **Bridge control:** `bridge/status` (real `relayConnected`),
+>   `bridge/removeTrustedDevice` (revokes + drops session + prunes push
+>   registration), `bridge/trustedDevices`, `bridge/connectedPhones`,
+>   `bridge/generatePairingQr`.
+> - **Autostart** (`install-service`/`uninstall-service` per platform,
+>   never elevated), file logging with secret redaction, CLI
+>   (`start`/`stop`/`status`/`qr`/`code`/`install-service`).
+>
+> **PENDING that matters for a public release (not LAN alpha):** Aider
+> adapter, packaging + `npm publish` (pin `@uxnan/shared`), real-device push
+> validation. **Optional / blocked-on-mobile:** seq catch-up + key rotation
+> (await a mobile trigger), desktop embedded IPC (desktop Phase 6), Aider in
+> the history reader (no per-session log shipped), log size-rotation. See
+> [`FOR-DEV.md`](./FOR-DEV.md).
+>
+> **How the bridge talks to agents:** it spawns each agent's **official local
+> CLI** (`opencode`, `claude`, `codex`, `pi`, `gemini`) as a child process
+> and drives it over stdio — exactly as you would in a terminal. It does
+> **not** use any provider HTTP API, API key, or language SDK; each CLI runs
+> under the account/subscription you already authenticated it with. Prompts
+> are passed as argv elements with `shell:false` (no shell injection). See
+> [`FOR-HUMAN.md`](./FOR-HUMAN.md) for the per-agent install/login
+> prerequisites.
+## Docs
+Detailed docs live in [`docs/`](./docs/):
+[installation & autostart](./docs/installation.md) ·
+[configuration](./docs/configuration.md) ·
+[connectivity (LAN/Tailscale/relay)](./docs/connectivity.md) ·
+[how agents are driven](./docs/agents.md) ·
+[testing](./docs/testing.md) ·
+[packaging & deploy](./docs/deploy.md) ·
+[push notifications](./docs/push-notifications.md).
+## Install (later, as a global package)
+```bash
+npm install -g uxnan-bridge
+```
+## CLI
+```bash
+uxnan-bridge start            # start the daemon: LAN server + (optional) relay pairing session
+uxnan-bridge status           # print current status as JSON
+uxnan-bridge qr               # print the pairing QR in the terminal (with the manual code)
+uxnan-bridge code             # print just the current pairing code
+uxnan-bridge stop             # stop the running daemon (via the lock file)
+uxnan-bridge install-service  # autostart at logon (Task Scheduler / LaunchAgent / systemd --user)
+uxnan-bridge uninstall-service
+```
+Logs are written to `~/.uxnan/logs/bridge-YYYY-MM-DD.log` (daily rotation, with a
+secret-redaction pass) and to stderr. Autostart at login is configured by the
+platform scripts under `scripts/`.
+The Ed25519 identity is stored in the OS keychain (Windows Credential Manager /
+macOS Keychain / Linux Secret Service) via `@napi-rs/keyring`. If no keychain
+is available the bridge still runs with an in-memory identity (not persisted
+across restarts).
+## Architecture
+- **Contracts:** consumes [`@uxnan/shared`](../shared) for JSON-RPC and E2EE
+  types and runtime validators. The bridge exposes **59 JSON-RPC methods +
+  8 streaming notifications** (see `shared/src/jsonrpc/`). The mobile app
+  keeps manually-synced Dart equivalents of the same shapes.
+- **State:** non-secret JSON under `~/.uxnan/` (atomic writes): `daemon-config.json`,
+  `pairing-session.json`, `threads.json`, `trusted-phones.json`,
+  `push-state.json`, `agent-cache/`, `logs/`. The Ed25519 identity is a
+  secret and is kept in a `SecretStore`, never written in plaintext.
+- **Routing:** `HandlerRouter.dispatchRaw()` validates the envelope and
+  routes to registered handlers; errors map to JSON-RPC error codes
+  (`-32000..-32008` + standard).
+- **Agents:** `IAgentAdapter` per agent (OpenCode / Claude Code / Codex /
+  pi / Gemini CLI); `AgentManager` orchestrates streaming and broadcasts
+  `stream/*` notifications to connected phones.
+- **Push:** `PushService` (persisted by relay `sessionId`) delivers FCM
+  HTTP v1 directly via `createBridgePushSender` (lazy `firebase-admin`),
+  with the relay `/push/notify` as a fallback.
+See `architecture/02a-system-architecture.md` §5.8 and
+`uxnandesktop/architecture/02e-bridge-integration.md`.
+## Develop
+```bash
+# from the repo root (workspaces):
+npm run build      # build @uxnan/shared then uxnan-bridge
+npm test           # build + run all node:test suites (263 bridge + 29 shared + 9 relay)
+npm run typecheck  # tsc --noEmit across packages
+npm run format     # prettier --write
+```
+Requires Node ≥18. ESM-only. Test runner uses `--test-concurrency=1` on
+Windows (see CHANGELOG for why).

package/dist/src/account-status.d.ts ADDED Viewed

@@ -0,0 +1,13 @@
+import type { AgentId, AuthStatus } from '@uxnan/shared';
+export interface AccountStatusDeps {
+    /** Whether the agent's binary resolved (from the AgentManager). */
+    isAvailable(agentId: AgentId): boolean;
+    /** Injectable home dir (defaults to the OS home) — for tests. */
+    homeDir?: string;
+    /** Injectable existence check (defaults to fs `access`) — for tests. */
+    fileExists?: (path: string) => Promise<boolean>;
+    /** Injectable platform (defaults to `process.platform`) — for tests. */
+    platform?: NodeJS.Platform | string;
+}
+/** Build the sanitized {@link AuthStatus} for one agent. */
+export declare function getAuthStatus(agentId: AgentId, deps: AccountStatusDeps): Promise<AuthStatus>;

package/dist/src/account-status.js ADDED Viewed

@@ -0,0 +1,78 @@
+/**
+ * Sanitized account/auth status per agent (architecture/02a §5.8.9).
+ *
+ * Reports whether an agent's CLI looks logged in on this PC WITHOUT ever reading
+ * or exposing tokens/keys: detection is by **existence only** of each agent's
+ * well-known auth file (never its contents), and the response carries only the
+ * agent id, booleans, the public provider name, the transport mode and the OS
+ * platform. There is intentionally no `displayName` — deriving it would mean
+ * reading an account/credentials file, which may hold secrets.
+ *
+ * Heuristic, not authoritative: an installed-but-logged-out CLI whose auth file
+ * is absent reports `requiresLogin: true`; an agent we have no auth-file mapping
+ * for falls back to its binary availability. FOR-DEV: for an authoritative
+ * answer, run the agent CLI's own auth/whoami command (out of MVP scope — it is
+ * slower and per-CLI).
+ */
+import { homedir } from 'node:os';
+import { join } from 'node:path';
+import { access } from 'node:fs/promises';
+/** Public provider name surfaced per agent (never a secret). */
+const PROVIDER_BY_AGENT = {
+    codex: 'openai',
+    'claude-code': 'anthropic',
+    opencode: 'opencode',
+};
+/**
+ * Auth-presence files per agent, relative to the user's home. EXISTENCE is the
+ * only signal read — contents (which hold the token) are never opened. Multiple
+ * candidates cover platform/version differences; the first that exists wins.
+ */
+const AUTH_FILES = {
+    codex: ['.codex/auth.json'],
+    'claude-code': ['.claude/.credentials.json', '.claude.json'],
+    opencode: ['.local/share/opencode/auth.json', '.config/opencode/auth.json'],
+    // pi stores per-provider credentials (OAuth/API keys) in one auth file; its
+    // existence means at least one provider is logged in. pi is multi-provider, so
+    // no single public provider name is surfaced.
+    'pi-agent': ['.pi/agent/auth.json'],
+};
+async function defaultExists(path) {
+    try {
+        await access(path);
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+/** Build the sanitized {@link AuthStatus} for one agent. */
+export async function getAuthStatus(agentId, deps) {
+    const available = deps.isAvailable(agentId);
+    const provider = PROVIDER_BY_AGENT[agentId];
+    const authFiles = AUTH_FILES[agentId] ?? [];
+    let authenticated = false;
+    if (available && authFiles.length > 0) {
+        const home = deps.homeDir ?? homedir();
+        const exists = deps.fileExists ?? defaultExists;
+        for (const relative of authFiles) {
+            if (await exists(join(home, relative))) {
+                authenticated = true;
+                break;
+            }
+        }
+    }
+    // No binary → must be set up on the PC. Binary present with an auth-file
+    // mapping → trust the existence check. Binary present without a mapping →
+    // assume usable (we can't cheaply tell, and blocking would be wrong).
+    const requiresLogin = available ? (authFiles.length > 0 ? !authenticated : false) : true;
+    return {
+        agentId,
+        requiresLogin,
+        loginInProgress: false,
+        ...(provider !== undefined && authenticated ? { authenticatedProvider: provider } : {}),
+        transportMode: 'local',
+        platform: deps.platform ?? process.platform,
+    };
+}
+//# sourceMappingURL=account-status.js.map

package/dist/src/account-status.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"account-status.js","sourceRoot":"","sources":["../../src/account-status.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AACH,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAClC,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAC;AAG1C,gEAAgE;AAChE,MAAM,iBAAiB,GAAqC;IAC1D,KAAK,EAAE,QAAQ;IACf,aAAa,EAAE,WAAW;IAC1B,QAAQ,EAAE,UAAU;CACrB,CAAC;AAEF;;;;GAIG;AACH,MAAM,UAAU,GAAuC;IACrD,KAAK,EAAE,CAAC,kBAAkB,CAAC;IAC3B,aAAa,EAAE,CAAC,2BAA2B,EAAE,cAAc,CAAC;IAC5D,QAAQ,EAAE,CAAC,iCAAiC,EAAE,4BAA4B,CAAC;IAC3E,4EAA4E;IAC5E,+EAA+E;IAC/E,8CAA8C;IAC9C,UAAU,EAAE,CAAC,qBAAqB,CAAC;CACpC,CAAC;AAaF,KAAK,UAAU,aAAa,CAAC,IAAY;IACvC,IAAI,CAAC;QACH,MAAM,MAAM,CAAC,IAAI,CAAC,CAAC;QACnB,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,4DAA4D;AAC5D,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,OAAgB,EAChB,IAAuB;IAEvB,MAAM,SAAS,GAAG,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;IAC5C,MAAM,QAAQ,GAAG,iBAAiB,CAAC,OAAO,CAAC,CAAC;IAC5C,MAAM,SAAS,GAAG,UAAU,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;IAE5C,IAAI,aAAa,GAAG,KAAK,CAAC;IAC1B,IAAI,SAAS,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,IAAI,OAAO,EAAE,CAAC;QACvC,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,IAAI,aAAa,CAAC;QAChD,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;YACjC,IAAI,MAAM,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC,EAAE,CAAC;gBACvC,aAAa,GAAG,IAAI,CAAC;gBACrB,MAAM;YACR,CAAC;QACH,CAAC;IACH,CAAC;IAED,yEAAyE;IACzE,0EAA0E;IAC1E,sEAAsE;IACtE,MAAM,aAAa,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IAEzF,OAAO;QACL,OAAO;QACP,aAAa;QACb,eAAe,EAAE,KAAK;QACtB,GAAG,CAAC,QAAQ,KAAK,SAAS,IAAI,aAAa,CAAC,CAAC,CAAC,EAAE,qBAAqB,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACvF,aAAa,EAAE,OAAO;QACtB,QAAQ,EAAE,IAAI,CAAC,QAAQ,IAAI,OAAO,CAAC,QAAQ;KAC5C,CAAC;AACJ,CAAC"}

package/dist/src/adapters/base-adapter.d.ts ADDED Viewed

@@ -0,0 +1,18 @@
+/**
+ * Base class for agent CLI adapters: event fan-out plus the {@link IAgentAdapter}
+ * surface. Concrete adapters implement the lifecycle and turn methods.
+ *
+ * Source: architecture/02a-system-architecture.md §5.8.2 (adapters/base-adapter).
+ */
+import type { AgentCapabilities, AgentConfig, AgentId, AgentStreamEvent, IAgentAdapter, SendTurnOptions } from '@uxnan/shared';
+export declare abstract class BaseAgentAdapter implements IAgentAdapter {
+    #private;
+    abstract readonly agentId: AgentId;
+    abstract readonly capabilities: AgentCapabilities;
+    onEvent(listener: (event: AgentStreamEvent) => void): () => void;
+    protected emit(event: AgentStreamEvent): void;
+    abstract start(config: AgentConfig): Promise<void>;
+    abstract stop(): Promise<void>;
+    abstract sendTurn(options: SendTurnOptions): Promise<void>;
+    abstract cancelTurn(threadId: string, turnId: string): Promise<void>;
+}

package/dist/src/adapters/base-adapter.js ADDED Viewed

@@ -0,0 +1,15 @@
+export class BaseAgentAdapter {
+    #listeners = new Set();
+    onEvent(listener) {
+        this.#listeners.add(listener);
+        return () => {
+            this.#listeners.delete(listener);
+        };
+    }
+    emit(event) {
+        for (const listener of this.#listeners) {
+            listener(event);
+        }
+    }
+}
+//# sourceMappingURL=base-adapter.js.map

package/dist/src/adapters/base-adapter.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"base-adapter.js","sourceRoot":"","sources":["../../../src/adapters/base-adapter.ts"],"names":[],"mappings":"AAeA,MAAM,OAAgB,gBAAgB;IAI3B,UAAU,GAAG,IAAI,GAAG,EAAqC,CAAC;IAEnE,OAAO,CAAC,QAA2C;QACjD,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAC9B,OAAO,GAAG,EAAE;YACV,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QACnC,CAAC,CAAC;IACJ,CAAC;IAES,IAAI,CAAC,KAAuB;QACpC,KAAK,MAAM,QAAQ,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YACvC,QAAQ,CAAC,KAAK,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;CAMF"}

package/dist/src/adapters/claude-adapter.d.ts ADDED Viewed

@@ -0,0 +1,102 @@
+import type { AgentCapabilities, AgentConfig, AgentId, AgentModel, SendTurnOptions } from '@uxnan/shared';
+import { BaseAgentAdapter } from './base-adapter.js';
+import { type ClaudeToolResult, type ClaudeToolUse } from './claude-tools.js';
+import { type SpawnFn } from './spawn.js';
+/**
+ * Headless permission posture passed to the CLI:
+ *  - `default`           → no flag (tools needing approval are auto-denied headless);
+ *  - `acceptEdits`       → `--permission-mode acceptEdits` (file edits auto-apply);
+ *  - `bypassPermissions` → `--dangerously-skip-permissions` (all tools run).
+ */
+export type ClaudePermissionMode = 'default' | 'acceptEdits' | 'bypassPermissions';
+/** An explicit, concrete model to add to the picker beyond the stable aliases. */
+export interface ClaudeModelSpec {
+    /** Exact model id passed to `--model` (e.g. `claude-opus-4-8`). */
+    id: string;
+    /** Human-facing label (defaults to `id`). */
+    displayName?: string;
+    /** Optional one-line description. */
+    description?: string;
+}
+export interface ClaudeCodeAdapterOptions {
+    /** Executable to spawn (resolved path; see resolve-claude.ts). */
+    binaryPath?: string;
+    /** Args prepended before the adapter args (e.g. `[cli.js]` when running via node). */
+    prependArgs?: string[];
+    /** Default model (`alias` or full id) when the thread/turn doesn't pick one. */
+    defaultModel?: string;
+    /**
+     * Concrete, versioned models to surface in the picker **in addition** to the
+     * stable `opus`/`sonnet`/`haiku` aliases — declared in daemon config
+     * (`agents.claude-code.models`). Lets users pick an exact/older version while
+     * the aliases keep tracking "latest". Deduplicated against the aliases by id.
+     */
+    pinnedModels?: ClaudeModelSpec[];
+    /** Headless permission posture (default `acceptEdits`). */
+    permissionMode?: ClaudePermissionMode;
+    /**
+     * Opt-in interactive approvals: inject a `PreToolUse` hook (via `--settings`)
+     * so every tool round-trips to the bridge for the user's approval. Requires
+     * {@link approvalHook} to be set and resolvable (the bridge's local endpoint).
+     */
+    interactiveApprovals?: boolean;
+    /**
+     * The local approval-hook endpoint + token + the path to the shipped hook
+     * script. `url()` is lazy because the LAN port is known only after the server
+     * starts; it returns `undefined` until then (the turn runs without the hook).
+     */
+    approvalHook?: {
+        token: string;
+        scriptPath: string;
+        url: () => string | undefined;
+    };
+    /** Injected spawn function for the one-shot path (tests). */
+    spawnFn?: SpawnFn;
+}
+/** A normalized Claude Code event extracted from one stream-json line. */
+export interface ClaudeEvent {
+    kind: 'init' | 'delta' | 'thinking' | 'assistant_text' | 'tool_result' | 'result' | 'other';
+    sessionId?: string;
+    text?: string;
+    /** Only set for `init`: the concrete model id the run resolved the alias to. */
+    model?: string;
+    /** Only set for `result`: whether the turn ended in error. */
+    isError?: boolean;
+    /** Only set for `result`: the raw `usage` object (token counts), if present. */
+    usage?: unknown;
+    /** Only set for `assistant_text`: any tool invocations in the message. */
+    toolUses?: ClaudeToolUse[];
+    /** Only set for `tool_result`: results the agent fed back from its tools. */
+    toolResults?: ClaudeToolResult[];
+}
+/**
+ * Context-window size (tokens) for a Claude model id or alias, so the phone can
+ * show context usage as a percentage. Fable/Opus/Sonnet are 1M, Haiku is 200K
+ * (matches the current model catalog); unknown ids return undefined.
+ */
+export declare function claudeContextWindow(model: string | undefined): number | undefined;
+/** Sum the context-occupying token counts from a Claude `result.usage` object. */
+export declare function claudeUsageTokens(usage: unknown): number | undefined;
+/** Parse one `claude … --output-format stream-json` line, or null if it isn't JSON. */
+export declare function parseClaudeLine(line: string): ClaudeEvent | null;
+export declare class ClaudeCodeAdapter extends BaseAgentAdapter {
+    #private;
+    readonly agentId: AgentId;
+    readonly capabilities: AgentCapabilities;
+    /** Native Claude session id for a thread (on-disk history-fallback locator). */
+    nativeSessionId(threadId: string): string | undefined;
+    constructor(options?: ClaudeCodeAdapterOptions);
+    get defaultModel(): string | undefined;
+    start(config: AgentConfig): Promise<void>;
+    stop(): Promise<void>;
+    sendTurn(options: SendTurnOptions): Promise<void>;
+    cancelTurn(threadId: string, turnId: string): Promise<void>;
+    /**
+     * Claude Code has no model-list command. Expose the stable `--model` aliases
+     * (each tracks the latest model of its tier the account can use — the concrete
+     * version is reported per-run via the `model_resolved` event), followed by any
+     * concrete versions pinned in config. Pinned ids that collide with an alias
+     * are dropped so the alias (the "latest" entry) wins.
+     */
+    listModels(): Promise<AgentModel[]>;
+}