varlock 1.0.0 → 1.1.0

package/dist/{chunk-6DXWXIQV.js → chunk-GURKQO4J.js}

@@ -1,30 +1,12 @@
-import { getUserVarlockDir } from './chunk-7WB7HK5Z.js';
+import { isWSL, getUserVarlockDir } from './chunk-O3WTD6L4.js';
 import { __name } from './chunk-6PEHRAEP.js';
 import { spawn, execFileSync, spawnSync } from 'child_process';
-import fs3 from 'fs';
+import fs from 'fs';
 import path from 'path';
 import { fileURLToPath } from 'url';
 import net from 'net';
 import crypto, { webcrypto } from 'crypto';
 
-var _isWSL;
-function isWSL() {
-  if (_isWSL !== void 0) return _isWSL;
-  if (process.env.WSL_DISTRO_NAME) {
-    _isWSL = true;
-    return true;
-  }
-  try {
-    const version = fs3.readFileSync("/proc/version", "utf-8");
-    _isWSL = /microsoft|wsl/i.test(version);
-  } catch {
-    _isWSL = false;
-  }
-  return _isWSL;
-}
-__name(isWSL, "isWSL");
-
-// src/lib/local-encrypt/binary-resolver.ts
 var __dirname$1 = path.dirname(fileURLToPath(import.meta.url));
 function debug(msg) {
   if (process.env.VARLOCK_DEBUG) {
@@ -39,9 +21,9 @@ function resolvePackageRoot() {
   let dir = __dirname$1;
   for (let i = 0; i < 10; i++) {
     const pkgJsonPath = path.join(dir, "package.json");
-    if (fs3.existsSync(pkgJsonPath)) {
+    if (fs.existsSync(pkgJsonPath)) {
       try {
-        const pkgJson = JSON.parse(fs3.readFileSync(pkgJsonPath, "utf-8"));
+        const pkgJson = JSON.parse(fs.readFileSync(pkgJsonPath, "utf-8"));
         if (pkgJson.name === "varlock") return dir;
       } catch {
       }
@@ -67,15 +49,15 @@ function getNativeBinSubdir() {
 __name(getNativeBinSubdir, "getNativeBinSubdir");
 function resolveMacOSBinary(dir) {
   const appBundlePath = path.join(dir, MACOS_APP_BUNDLE, "Contents", "MacOS", BINARY_NAME);
-  if (fs3.existsSync(appBundlePath)) return appBundlePath;
+  if (fs.existsSync(appBundlePath)) return appBundlePath;
   const barePath = path.join(dir, BINARY_NAME);
-  if (fs3.existsSync(barePath)) return barePath;
+  if (fs.existsSync(barePath)) return barePath;
   return void 0;
 }
 __name(resolveMacOSBinary, "resolveMacOSBinary");
 function resolveStandardBinary(dir) {
   const binaryPath = path.join(dir, getPlatformBinaryName());
-  if (fs3.existsSync(binaryPath)) return binaryPath;
+  if (fs.existsSync(binaryPath)) return binaryPath;
   return void 0;
 }
 __name(resolveStandardBinary, "resolveStandardBinary");
@@ -85,7 +67,7 @@ function resolveBinaryFromDir(dir) {
 }
 __name(resolveBinaryFromDir, "resolveBinaryFromDir");
 function resolveSeaSibling() {
-  const execDir = path.dirname(fs3.realpathSync(process.execPath));
+  const execDir = path.dirname(fs.realpathSync(process.execPath));
   const sibling = resolveBinaryFromDir(execDir);
   if (sibling) return sibling;
   const libexecDir = path.join(execDir, "..", "libexec");
@@ -95,9 +77,9 @@ __name(resolveSeaSibling, "resolveSeaSibling");
 function resolveNpmBundled() {
   const packageRoot = resolvePackageRoot();
   const nativeBinsDir = path.join(packageRoot, "native-bins", getNativeBinSubdir());
-  if (fs3.existsSync(nativeBinsDir)) return resolveBinaryFromDir(nativeBinsDir);
+  if (fs.existsSync(nativeBinsDir)) return resolveBinaryFromDir(nativeBinsDir);
   const adjacentNativeBinsDir = path.join(path.dirname(packageRoot), "native-bins", getNativeBinSubdir());
-  if (fs3.existsSync(adjacentNativeBinsDir)) return resolveBinaryFromDir(adjacentNativeBinsDir);
+  if (fs.existsSync(adjacentNativeBinsDir)) return resolveBinaryFromDir(adjacentNativeBinsDir);
   return void 0;
 }
 __name(resolveNpmBundled, "resolveNpmBundled");
@@ -109,20 +91,20 @@ function resolveDevFallback() {
     dir = parent;
     if (process.platform === "darwin") {
       const swiftBuild = path.join(dir, "packages", "encryption-binary-swift", "swift", ".build", "release", "VarlockEnclave");
-      if (fs3.existsSync(swiftBuild)) return swiftBuild;
+      if (fs.existsSync(swiftBuild)) return swiftBuild;
     }
     const rustBuild = path.join(dir, "packages", "encryption-binary-rust", "target", "release", getPlatformBinaryName());
-    if (fs3.existsSync(rustBuild)) return rustBuild;
+    if (fs.existsSync(rustBuild)) return rustBuild;
   }
   return void 0;
 }
 __name(resolveDevFallback, "resolveDevFallback");
 function ensureExecutable(binaryPath) {
   try {
-    fs3.accessSync(binaryPath, fs3.constants.X_OK);
+    fs.accessSync(binaryPath, fs.constants.X_OK);
   } catch {
     if (process.platform !== "win32") {
-      fs3.chmodSync(binaryPath, 493);
+      fs.chmodSync(binaryPath, 493);
     }
   }
   return binaryPath;
@@ -163,6 +145,10 @@ function resolveNativeBinary() {
   return void 0;
 }
 __name(resolveNativeBinary, "resolveNativeBinary");
+var SEND_TIMEOUT_MS = 3e4;
+var BIOMETRIC_TIMEOUT_MS = 9e4;
+var INTERACTIVE_TIMEOUT_MS = 5 * 6e4;
+var KILL_GRACE_MS = 2e3;
 function debug2(msg) {
   if (process.env.VARLOCK_DEBUG) {
     process.stderr.write(`[varlock:daemon-client] ${msg}
@@ -170,6 +156,40 @@ function debug2(msg) {
   }
 }
 __name(debug2, "debug");
+function killDaemonProcess(pid) {
+  try {
+    process.kill(pid, "SIGTERM");
+  } catch {
+    return true;
+  }
+  const start = Date.now();
+  while (Date.now() - start < KILL_GRACE_MS) {
+    try {
+      process.kill(pid, 0);
+    } catch {
+      return true;
+    }
+    Atomics.wait(new Int32Array(new SharedArrayBuffer(4)), 0, 0, 100);
+  }
+  debug2(`daemon pid ${pid} didn't respond to SIGTERM, sending SIGKILL`);
+  try {
+    process.kill(pid, "SIGKILL");
+  } catch {
+    return true;
+  }
+  const killStart = Date.now();
+  while (Date.now() - killStart < 500) {
+    try {
+      process.kill(pid, 0);
+    } catch {
+      return true;
+    }
+    Atomics.wait(new Int32Array(new SharedArrayBuffer(4)), 0, 0, 50);
+  }
+  debug2(`daemon pid ${pid} is unkillable (likely in uninterruptible kernel wait) \u2014 proceeding anyway`);
+  return false;
+}
+__name(killDaemonProcess, "killDaemonProcess");
 function getSocketDir() {
   return path.join(getUserVarlockDir(), "local-encrypt");
 }
@@ -181,6 +201,10 @@ function getSocketPath() {
   return path.join(getSocketDir(), "daemon.sock");
 }
 __name(getSocketPath, "getSocketPath");
+function getLockPath() {
+  return `${getSocketPath()}.lock`;
+}
+__name(getLockPath, "getLockPath");
 function getPidPath() {
   return path.join(getSocketDir(), "daemon.pid");
 }
@@ -189,12 +213,29 @@ function getDaemonInfoPath() {
   return path.join(getSocketDir(), "daemon.info");
 }
 __name(getDaemonInfoPath, "getDaemonInfoPath");
+function getDaemonStateFiles() {
+  const files = [getPidPath(), getDaemonInfoPath()];
+  if (process.platform !== "win32") {
+    files.push(getSocketPath(), getLockPath());
+  }
+  return files;
+}
+__name(getDaemonStateFiles, "getDaemonStateFiles");
+function cleanupDaemonFiles() {
+  for (const file of getDaemonStateFiles()) {
+    try {
+      fs.unlinkSync(file);
+    } catch {
+    }
+  }
+}
+__name(cleanupDaemonFiles, "cleanupDaemonFiles");
 function checkDaemonBinaryStale() {
   const infoPath = getDaemonInfoPath();
   const pidPath = getPidPath();
   let info;
   try {
-    info = JSON.parse(fs3.readFileSync(infoPath, "utf-8"));
+    info = JSON.parse(fs.readFileSync(infoPath, "utf-8"));
   } catch {
   }
   const currentBinaryPath = resolveNativeBinary();
@@ -204,7 +245,7 @@ function checkDaemonBinaryStale() {
       debug2(`daemon binary path changed: ${info.binaryPath} \u2192 ${currentBinaryPath}`);
     } else {
       try {
-        const stat = fs3.statSync(currentBinaryPath);
+        const stat = fs.statSync(currentBinaryPath);
         if (stat.mtimeMs === info.binaryMtimeMs) {
           debug2("daemon binary is current \u2014 no restart needed");
           return void 0;
@@ -218,18 +259,20 @@ function checkDaemonBinaryStale() {
     debug2("no daemon.info file \u2014 treating running daemon as stale");
   }
   try {
-    const pid = parseInt(fs3.readFileSync(pidPath, "utf-8").trim(), 10);
+    const pid = parseInt(fs.readFileSync(pidPath, "utf-8").trim(), 10);
     process.kill(pid, 0);
     return pid;
   } catch {
+    debug2("stale PID file points to dead process \u2014 cleaning up");
+    cleanupDaemonFiles();
     return void 0;
   }
 }
 __name(checkDaemonBinaryStale, "checkDaemonBinaryStale");
 function writeDaemonInfo(binaryPath) {
   try {
-    const stat = fs3.statSync(binaryPath);
-    fs3.writeFileSync(getDaemonInfoPath(), JSON.stringify({
+    const stat = fs.statSync(binaryPath);
+    fs.writeFileSync(getDaemonInfoPath(), JSON.stringify({
       binaryPath,
       binaryMtimeMs: stat.mtimeMs
     }));
@@ -277,22 +320,8 @@ var DaemonClient = class {
     const stalePid = this.spawnedInThisProcess ? void 0 : checkDaemonBinaryStale();
     if (stalePid) {
       debug2(`killing stale daemon (pid ${stalePid}) \u2014 binary has been updated`);
-      try {
-        process.kill(stalePid, "SIGTERM");
-      } catch {
-      }
-      for (const file of [getPidPath(), getDaemonInfoPath()]) {
-        try {
-          fs3.unlinkSync(file);
-        } catch {
-        }
-      }
-      if (process.platform !== "win32") {
-        try {
-          fs3.unlinkSync(socketPath);
-        } catch {
-        }
-      }
+      killDaemonProcess(stalePid);
+      cleanupDaemonFiles();
     } else {
       try {
         await this.connectToSocket(socketPath);
@@ -302,7 +331,8 @@ var DaemonClient = class {
     }
     try {
       await this.spawnDaemon();
-    } catch {
+    } catch (err) {
+      debug2(`spawnDaemon failed: ${err instanceof Error ? err.message : err}`);
       await new Promise((r) => {
         setTimeout(r, 1e3);
       });
@@ -310,76 +340,88 @@ var DaemonClient = class {
     await this.connectToSocket(socketPath);
   }
   async decrypt(ciphertext, keyId = "varlock-default") {
-    await this.ensureConnected();
-    const result = await this.sendMessage({
-      action: "decrypt",
-      payload: { ciphertext, keyId }
+    return this.withRetry(async () => {
+      await this.ensureConnected();
+      const result = await this.sendMessage({
+        action: "decrypt",
+        payload: { ciphertext, keyId }
+      }, BIOMETRIC_TIMEOUT_MS);
+      if (typeof result === "string") return result;
+      if (result && typeof result === "object" && "error" in result) {
+        throw new Error(String(result.error));
+      }
+      return String(result);
     });
-    if (typeof result === "string") return result;
-    if (result && typeof result === "object" && "error" in result) {
-      throw new Error(String(result.error));
-    }
-    return String(result);
   }
   async promptSecret(opts) {
-    await this.ensureConnected();
-    try {
-      const result = await this.sendMessage({
-        action: "prompt-secret",
-        payload: {
-          itemKey: opts?.itemKey,
-          message: opts?.message,
-          keyId: opts?.keyId
+    return this.withRetry(async () => {
+      await this.ensureConnected();
+      try {
+        const result = await this.sendMessage({
+          action: "prompt-secret",
+          payload: {
+            itemKey: opts?.itemKey,
+            message: opts?.message,
+            keyId: opts?.keyId
+          }
+        }, INTERACTIVE_TIMEOUT_MS);
+        if (result && typeof result === "object" && "ciphertext" in result) {
+          return result.ciphertext;
         }
-      });
-      if (result && typeof result === "object" && "ciphertext" in result) {
-        return result.ciphertext;
+        return void 0;
+      } catch (err) {
+        if (err instanceof Error && err.message === "cancelled") return void 0;
+        throw err;
       }
-      return void 0;
-    } catch (err) {
-      if (err instanceof Error && err.message === "cancelled") return void 0;
-      throw err;
-    }
+    });
   }
   async invalidateSession() {
-    await this.ensureConnected();
-    await this.sendMessage({ action: "invalidate-session" });
+    return this.withRetry(async () => {
+      await this.ensureConnected();
+      await this.sendMessage({ action: "invalidate-session" });
+    });
   }
   async keychainGet(opts) {
-    await this.ensureConnected();
-    const result = await this.sendMessage({
-      action: "keychain-get",
-      payload: opts
+    return this.withRetry(async () => {
+      await this.ensureConnected();
+      const result = await this.sendMessage({
+        action: "keychain-get",
+        payload: opts
+      }, BIOMETRIC_TIMEOUT_MS);
+      if (typeof result === "string") return result;
+      if (result && typeof result === "object" && "error" in result) {
+        throw new Error(String(result.error));
+      }
+      return String(result);
     });
-    if (typeof result === "string") return result;
-    if (result && typeof result === "object" && "error" in result) {
-      throw new Error(String(result.error));
-    }
-    return String(result);
   }
   async keychainSearch(opts) {
-    await this.ensureConnected();
-    const result = await this.sendMessage({
-      action: "keychain-search",
-      payload: opts ?? {}
+    return this.withRetry(async () => {
+      await this.ensureConnected();
+      const result = await this.sendMessage({
+        action: "keychain-search",
+        payload: opts ?? {}
+      });
+      return result ?? [];
     });
-    return result ?? [];
   }
   async keychainPick(opts) {
-    await this.ensureConnected();
-    try {
-      const result = await this.sendMessage({
-        action: "keychain-pick",
-        payload: { itemKey: opts?.itemKey }
-      });
-      if (result && typeof result === "object" && "service" in result) {
-        return result;
+    return this.withRetry(async () => {
+      await this.ensureConnected();
+      try {
+        const result = await this.sendMessage({
+          action: "keychain-pick",
+          payload: { itemKey: opts?.itemKey }
+        }, INTERACTIVE_TIMEOUT_MS);
+        if (result && typeof result === "object" && "service" in result) {
+          return result;
+        }
+        return void 0;
+      } catch (err) {
+        if (err instanceof Error && err.message === "cancelled") return void 0;
+        throw err;
       }
-      return void 0;
-    } catch (err) {
-      if (err instanceof Error && err.message === "cancelled") return void 0;
-      throw err;
-    }
+    });
   }
   cleanup() {
     for (const { reject } of this.messageQueue.values()) {
@@ -392,6 +434,37 @@ var DaemonClient = class {
     this.buffer = Buffer.alloc(0);
   }
   // -- Private --
+  /**
+   * Run an async operation, and on recoverable failure (timeout, connection
+   * closed) clean up, reconnect to the daemon, and retry once.
+   */
+  async withRetry(fn) {
+    try {
+      return await fn();
+    } catch (err) {
+      const msg = err instanceof Error ? err.message : "";
+      const recoverable = msg.includes("timed out") || msg.includes("connection closed") || msg.includes("Not connected");
+      if (!recoverable) throw err;
+      debug2(`recoverable error, reconnecting: ${msg}`);
+      this.forceCleanup();
+      await this.ensureConnected();
+      return await fn();
+    }
+  }
+  /**
+   * Aggressive cleanup: kill the daemon process if we know its PID,
+   * then reset client state so the next ensureConnected spawns fresh.
+   */
+  forceCleanup() {
+    this.cleanup();
+    this.spawnedInThisProcess = false;
+    try {
+      const pid = parseInt(fs.readFileSync(getPidPath(), "utf-8").trim(), 10);
+      killDaemonProcess(pid);
+    } catch {
+    }
+    cleanupDaemonFiles();
+  }
   connectToSocket(socketPath) {
     return new Promise((resolve, reject) => {
       const socket = new net.Socket();
@@ -417,6 +490,11 @@ var DaemonClient = class {
       socket.on("close", () => {
         this.isConnected = false;
         this.socket = null;
+        for (const { reject: rej } of this.messageQueue.values()) {
+          rej(new Error("Daemon connection closed"));
+        }
+        this.messageQueue.clear();
+        this.buffer = Buffer.alloc(0);
       });
       socket.connect(socketPath);
     });
@@ -443,7 +521,7 @@ var DaemonClient = class {
       }
     }
   }
-  sendMessage(message) {
+  sendMessage(message, timeoutMs = SEND_TIMEOUT_MS) {
     return new Promise((resolve, reject) => {
       if (!this.isConnected || !this.socket) {
         reject(new Error("Not connected to daemon"));
@@ -455,7 +533,20 @@ var DaemonClient = class {
       const messageBytes = Buffer.from(jsonData, "utf-8");
       const lengthBuf = Buffer.alloc(4);
       lengthBuf.writeUInt32LE(messageBytes.length, 0);
-      this.messageQueue.set(messageId, { resolve, reject });
+      const timeout = setTimeout(() => {
+        this.messageQueue.delete(messageId);
+        reject(new Error(`Daemon message timed out after ${timeoutMs}ms (action: ${message.action})`));
+      }, timeoutMs);
+      this.messageQueue.set(messageId, {
+        resolve: /* @__PURE__ */ __name((value) => {
+          clearTimeout(timeout);
+          resolve(value);
+        }, "resolve"),
+        reject: /* @__PURE__ */ __name((err) => {
+          clearTimeout(timeout);
+          reject(err);
+        }, "reject")
+      });
       this.socket.write(Buffer.concat([lengthBuf, messageBytes]));
     });
   }
@@ -468,35 +559,26 @@ var DaemonClient = class {
     const pidPath = getPidPath();
     const isWindows = process.platform === "win32";
     if (!isWindows) {
-      fs3.mkdirSync(path.dirname(socketPath), { recursive: true });
+      fs.mkdirSync(path.dirname(socketPath), { recursive: true });
     }
-    fs3.mkdirSync(path.dirname(pidPath), { recursive: true });
-    if (fs3.existsSync(pidPath)) {
+    fs.mkdirSync(path.dirname(pidPath), { recursive: true });
+    if (fs.existsSync(pidPath)) {
       try {
-        const pid = parseInt(fs3.readFileSync(pidPath, "utf-8").trim(), 10);
+        const pid = parseInt(fs.readFileSync(pidPath, "utf-8").trim(), 10);
         process.kill(pid, 0);
-        await new Promise((r) => {
-          setTimeout(r, 500);
-        });
-        return;
+        try {
+          await this.connectToSocket(socketPath);
+          return;
+        } catch {
+          debug2(`daemon pid ${pid} alive but socket unresponsive \u2014 killing`);
+          killDaemonProcess(pid);
+        }
       } catch {
       }
     }
-    if (!isWindows) {
-      for (const file of [socketPath, pidPath, getDaemonInfoPath()]) {
-        if (fs3.existsSync(file)) {
-          fs3.unlinkSync(file);
-        }
-      }
-      if (fs3.existsSync(socketPath)) {
-        throw new Error(`Failed to clean up stale socket file: ${socketPath}`);
-      }
-    } else {
-      for (const file of [pidPath, getDaemonInfoPath()]) {
-        if (fs3.existsSync(file)) {
-          fs3.unlinkSync(file);
-        }
-      }
+    cleanupDaemonFiles();
+    if (!isWindows && fs.existsSync(socketPath)) {
+      throw new Error(`Failed to clean up stale socket file: ${socketPath}`);
     }
     return new Promise((resolve, reject) => {
       const child = spawn(binaryPath, [
@@ -708,7 +790,7 @@ function getKeyFilePath(keyId) {
 }
 __name(getKeyFilePath, "getKeyFilePath");
 function keyExists(keyId = DEFAULT_KEY_ID) {
-  return fs3.existsSync(getKeyFilePath(keyId));
+  return fs.existsSync(getKeyFilePath(keyId));
 }
 __name(keyExists, "keyExists");
 async function generateKey(keyId = DEFAULT_KEY_ID) {
@@ -720,18 +802,18 @@ async function generateKey(keyId = DEFAULT_KEY_ID) {
     createdAt: (/* @__PURE__ */ new Date()).toISOString()
   };
   const keyStorePath = getKeyStorePath();
-  fs3.mkdirSync(keyStorePath, { recursive: true });
+  fs.mkdirSync(keyStorePath, { recursive: true });
   const filePath = getKeyFilePath(keyId);
-  fs3.writeFileSync(filePath, JSON.stringify(stored, null, 2), { mode: 384 });
+  fs.writeFileSync(filePath, JSON.stringify(stored, null, 2), { mode: 384 });
   return { keyId, publicKey: keyPair.publicKey };
 }
 __name(generateKey, "generateKey");
 function loadKeyPair(keyId) {
   const filePath = getKeyFilePath(keyId);
-  if (!fs3.existsSync(filePath)) {
+  if (!fs.existsSync(filePath)) {
     throw new Error(`Key not found: ${keyId}`);
   }
-  const data = fs3.readFileSync(filePath, "utf-8");
+  const data = fs.readFileSync(filePath, "utf-8");
   const parsed = JSON.parse(data);
   const privateKey = parsed.privateKey ?? (parsed.protection === "none" ? parsed.protectedPrivateKey : void 0) ?? parsed.protectedPrivateKey;
   if (!parsed.publicKey || !privateKey) {
@@ -771,21 +853,49 @@ function debug3(msg) {
   }
 }
 __name(debug3, "debug");
-var _cachedTtyId;
-function getSelfTtyId() {
-  if (_cachedTtyId) return _cachedTtyId;
+var _cachedSessionId;
+function getSelfSessionId() {
+  if (_cachedSessionId) return _cachedSessionId;
   try {
-    const ttyPath = fs3.readlinkSync("/proc/self/fd/0");
+    const ttyPath = fs.readlinkSync("/proc/self/fd/0");
     if (ttyPath && ttyPath.startsWith("/dev/")) {
-      _cachedTtyId = ttyPath;
+      _cachedSessionId = ttyPath;
       return ttyPath;
     }
   } catch {
   }
-  _cachedTtyId = `pid:${process.pid}`;
-  return _cachedTtyId;
+  try {
+    const chain = [process.pid];
+    let current = process.pid;
+    for (let i = 0; i < 64; i++) {
+      const stat = fs.readFileSync(`/proc/${current}/stat`, "utf-8");
+      const fields = stat.split(") ");
+      if (fields.length < 2) break;
+      const ppid = parseInt(fields[1].split(" ")[1], 10);
+      if (!ppid || ppid <= 1) break;
+      chain.push(ppid);
+      current = ppid;
+    }
+    if (chain.length >= 4) {
+      const scopePid = chain[chain.length - 3];
+      let startTime = 0;
+      try {
+        const scopeStat = fs.readFileSync(`/proc/${scopePid}/stat`, "utf-8");
+        const scopeFields = scopeStat.split(") ");
+        if (scopeFields.length >= 2) {
+          startTime = parseInt(scopeFields[1].split(" ")[19], 10) || 0;
+        }
+      } catch {
+      }
+      _cachedSessionId = `ptree:${scopePid}:${startTime}`;
+      return _cachedSessionId;
+    }
+  } catch {
+  }
+  _cachedSessionId = `pid:${process.pid}`;
+  return _cachedSessionId;
 }
-__name(getSelfTtyId, "getSelfTtyId");
+__name(getSelfSessionId, "getSelfSessionId");
 var _wslDaemonPrestartAttempted = false;
 function toWindowsPathFromWsl(pathInWsl) {
   if (!isWSL()) return void 0;
@@ -1029,7 +1139,7 @@ async function decryptValue2(ciphertext, keyId = DEFAULT_KEY_ID2) {
       }
       const stdinPayload = JSON.stringify({
         data: ciphertext,
-        ttyId: getSelfTtyId()
+        ttyId: getSelfSessionId()
       });
       const runViaDaemon = /* @__PURE__ */ __name((timeout) => spawnSync(binaryPath, ["decrypt", "--key-id", keyId, "--data-stdin", "--via-daemon"], {
         input: stdinPayload,
@@ -1088,5 +1198,5 @@ async function lockSession() {
 __name(lockSession, "lockSession");
 
 export { decryptValue2 as decryptValue, encryptValue2 as encryptValue, ensureKey, getBackendInfo, getDaemonClient, lockSession };
-//# sourceMappingURL=chunk-6DXWXIQV.js.map
-//# sourceMappingURL=chunk-6DXWXIQV.js.map
+//# sourceMappingURL=chunk-GURKQO4J.js.map
+//# sourceMappingURL=chunk-GURKQO4J.js.map