import { z } from 'zod'; import { EventEmitter } from 'node:events'; import { Socket } from 'socket.io-client'; import { ExpoPushMessage } from 'expo-server-sdk'; /** * Simplified schema that only validates fields actually used in the codebase * while preserving all other fields through passthrough() */ declare const UsageSchema: z.ZodObject<{ input_tokens: z.ZodNumber; cache_creation_input_tokens: z.ZodOptional; cache_read_input_tokens: z.ZodOptional; output_tokens: z.ZodNumber; service_tier: z.ZodOptional; }, "passthrough", z.ZodTypeAny, z.objectOutputType<{ input_tokens: z.ZodNumber; cache_creation_input_tokens: z.ZodOptional; cache_read_input_tokens: z.ZodOptional; output_tokens: z.ZodNumber; service_tier: z.ZodOptional; }, z.ZodTypeAny, "passthrough">, z.objectInputType<{ input_tokens: z.ZodNumber; cache_creation_input_tokens: z.ZodOptional; cache_read_input_tokens: z.ZodOptional; output_tokens: z.ZodNumber; service_tier: z.ZodOptional; }, z.ZodTypeAny, "passthrough">>; declare const RawJSONLinesSchema: z.ZodDiscriminatedUnion<"type", [z.ZodObject<{ type: z.ZodLiteral<"user">; isSidechain: z.ZodOptional; isMeta: z.ZodOptional; uuid: z.ZodString; message: z.ZodObject<{ content: z.ZodUnion<[z.ZodString, z.ZodAny]>; }, "passthrough", z.ZodTypeAny, z.objectOutputType<{ content: z.ZodUnion<[z.ZodString, z.ZodAny]>; }, z.ZodTypeAny, "passthrough">, z.objectInputType<{ content: z.ZodUnion<[z.ZodString, z.ZodAny]>; }, z.ZodTypeAny, "passthrough">>; }, "passthrough", z.ZodTypeAny, z.objectOutputType<{ type: z.ZodLiteral<"user">; isSidechain: z.ZodOptional; isMeta: z.ZodOptional; uuid: z.ZodString; message: z.ZodObject<{ content: z.ZodUnion<[z.ZodString, z.ZodAny]>; }, "passthrough", z.ZodTypeAny, z.objectOutputType<{ content: z.ZodUnion<[z.ZodString, z.ZodAny]>; }, z.ZodTypeAny, "passthrough">, z.objectInputType<{ content: z.ZodUnion<[z.ZodString, z.ZodAny]>; }, z.ZodTypeAny, "passthrough">>; }, z.ZodTypeAny, "passthrough">, z.objectInputType<{ type: z.ZodLiteral<"user">; isSidechain: z.ZodOptional; isMeta: z.ZodOptional; uuid: z.ZodString; message: z.ZodObject<{ content: z.ZodUnion<[z.ZodString, z.ZodAny]>; }, "passthrough", z.ZodTypeAny, z.objectOutputType<{ content: z.ZodUnion<[z.ZodString, z.ZodAny]>; }, z.ZodTypeAny, "passthrough">, z.objectInputType<{ content: z.ZodUnion<[z.ZodString, z.ZodAny]>; }, z.ZodTypeAny, "passthrough">>; }, z.ZodTypeAny, "passthrough">>, z.ZodObject<{ uuid: z.ZodString; type: z.ZodLiteral<"assistant">; message: z.ZodOptional; cache_read_input_tokens: z.ZodOptional; output_tokens: z.ZodNumber; service_tier: z.ZodOptional; }, "passthrough", z.ZodTypeAny, z.objectOutputType<{ input_tokens: z.ZodNumber; cache_creation_input_tokens: z.ZodOptional; cache_read_input_tokens: z.ZodOptional; output_tokens: z.ZodNumber; service_tier: z.ZodOptional; }, z.ZodTypeAny, "passthrough">, z.objectInputType<{ input_tokens: z.ZodNumber; cache_creation_input_tokens: z.ZodOptional; cache_read_input_tokens: z.ZodOptional; output_tokens: z.ZodNumber; service_tier: z.ZodOptional; }, z.ZodTypeAny, "passthrough">>>; model: z.ZodOptional; }, "passthrough", z.ZodTypeAny, z.objectOutputType<{ usage: z.ZodOptional; cache_read_input_tokens: z.ZodOptional; output_tokens: z.ZodNumber; service_tier: z.ZodOptional; }, "passthrough", z.ZodTypeAny, z.objectOutputType<{ input_tokens: z.ZodNumber; cache_creation_input_tokens: z.ZodOptional; cache_read_input_tokens: z.ZodOptional; output_tokens: z.ZodNumber; service_tier: z.ZodOptional; }, z.ZodTypeAny, "passthrough">, z.objectInputType<{ input_tokens: z.ZodNumber; cache_creation_input_tokens: z.ZodOptional; cache_read_input_tokens: z.ZodOptional; output_tokens: z.ZodNumber; service_tier: z.ZodOptional; }, z.ZodTypeAny, "passthrough">>>; model: z.ZodOptional; }, z.ZodTypeAny, "passthrough">, z.objectInputType<{ usage: z.ZodOptional; cache_read_input_tokens: z.ZodOptional; output_tokens: z.ZodNumber; service_tier: z.ZodOptional; }, "passthrough", z.ZodTypeAny, z.objectOutputType<{ input_tokens: z.ZodNumber; cache_creation_input_tokens: z.ZodOptional; cache_read_input_tokens: z.ZodOptional; output_tokens: z.ZodNumber; service_tier: z.ZodOptional; }, z.ZodTypeAny, "passthrough">, z.objectInputType<{ input_tokens: z.ZodNumber; cache_creation_input_tokens: z.ZodOptional; cache_read_input_tokens: z.ZodOptional; output_tokens: z.ZodNumber; service_tier: z.ZodOptional; }, z.ZodTypeAny, "passthrough">>>; model: z.ZodOptional; }, z.ZodTypeAny, "passthrough">>>; }, "passthrough", z.ZodTypeAny, z.objectOutputType<{ uuid: z.ZodString; type: z.ZodLiteral<"assistant">; message: z.ZodOptional; cache_read_input_tokens: z.ZodOptional; output_tokens: z.ZodNumber; service_tier: z.ZodOptional; }, "passthrough", z.ZodTypeAny, z.objectOutputType<{ input_tokens: z.ZodNumber; cache_creation_input_tokens: z.ZodOptional; cache_read_input_tokens: z.ZodOptional; output_tokens: z.ZodNumber; service_tier: z.ZodOptional; }, z.ZodTypeAny, "passthrough">, z.objectInputType<{ input_tokens: z.ZodNumber; cache_creation_input_tokens: z.ZodOptional; cache_read_input_tokens: z.ZodOptional; output_tokens: z.ZodNumber; service_tier: z.ZodOptional; }, z.ZodTypeAny, "passthrough">>>; model: z.ZodOptional; }, "passthrough", z.ZodTypeAny, z.objectOutputType<{ usage: z.ZodOptional; cache_read_input_tokens: z.ZodOptional; output_tokens: z.ZodNumber; service_tier: z.ZodOptional; }, "passthrough", z.ZodTypeAny, z.objectOutputType<{ input_tokens: z.ZodNumber; cache_creation_input_tokens: z.ZodOptional; cache_read_input_tokens: z.ZodOptional; output_tokens: z.ZodNumber; service_tier: z.ZodOptional; }, z.ZodTypeAny, "passthrough">, z.objectInputType<{ input_tokens: z.ZodNumber; cache_creation_input_tokens: z.ZodOptional; cache_read_input_tokens: z.ZodOptional; output_tokens: z.ZodNumber; service_tier: z.ZodOptional; }, z.ZodTypeAny, "passthrough">>>; model: z.ZodOptional; }, z.ZodTypeAny, "passthrough">, z.objectInputType<{ usage: z.ZodOptional; cache_read_input_tokens: z.ZodOptional; output_tokens: z.ZodNumber; service_tier: z.ZodOptional; }, "passthrough", z.ZodTypeAny, z.objectOutputType<{ input_tokens: z.ZodNumber; cache_creation_input_tokens: z.ZodOptional; cache_read_input_tokens: z.ZodOptional; output_tokens: z.ZodNumber; service_tier: z.ZodOptional; }, z.ZodTypeAny, "passthrough">, z.objectInputType<{ input_tokens: z.ZodNumber; cache_creation_input_tokens: z.ZodOptional; cache_read_input_tokens: z.ZodOptional; output_tokens: z.ZodNumber; service_tier: z.ZodOptional; }, z.ZodTypeAny, "passthrough">>>; model: z.ZodOptional; }, z.ZodTypeAny, "passthrough">>>; }, z.ZodTypeAny, "passthrough">, z.objectInputType<{ uuid: z.ZodString; type: z.ZodLiteral<"assistant">; message: z.ZodOptional; cache_read_input_tokens: z.ZodOptional; output_tokens: z.ZodNumber; service_tier: z.ZodOptional; }, "passthrough", z.ZodTypeAny, z.objectOutputType<{ input_tokens: z.ZodNumber; cache_creation_input_tokens: z.ZodOptional; cache_read_input_tokens: z.ZodOptional; output_tokens: z.ZodNumber; service_tier: z.ZodOptional; }, z.ZodTypeAny, "passthrough">, z.objectInputType<{ input_tokens: z.ZodNumber; cache_creation_input_tokens: z.ZodOptional; cache_read_input_tokens: z.ZodOptional; output_tokens: z.ZodNumber; service_tier: z.ZodOptional; }, z.ZodTypeAny, "passthrough">>>; model: z.ZodOptional; }, "passthrough", z.ZodTypeAny, z.objectOutputType<{ usage: z.ZodOptional; cache_read_input_tokens: z.ZodOptional; output_tokens: z.ZodNumber; service_tier: z.ZodOptional; }, "passthrough", z.ZodTypeAny, z.objectOutputType<{ input_tokens: z.ZodNumber; cache_creation_input_tokens: z.ZodOptional; cache_read_input_tokens: z.ZodOptional; output_tokens: z.ZodNumber; service_tier: z.ZodOptional; }, z.ZodTypeAny, "passthrough">, z.objectInputType<{ input_tokens: z.ZodNumber; cache_creation_input_tokens: z.ZodOptional; cache_read_input_tokens: z.ZodOptional; output_tokens: z.ZodNumber; service_tier: z.ZodOptional; }, z.ZodTypeAny, "passthrough">>>; model: z.ZodOptional; }, z.ZodTypeAny, "passthrough">, z.objectInputType<{ usage: z.ZodOptional; cache_read_input_tokens: z.ZodOptional; output_tokens: z.ZodNumber; service_tier: z.ZodOptional; }, "passthrough", z.ZodTypeAny, z.objectOutputType<{ input_tokens: z.ZodNumber; cache_creation_input_tokens: z.ZodOptional; cache_read_input_tokens: z.ZodOptional; output_tokens: z.ZodNumber; service_tier: z.ZodOptional; }, z.ZodTypeAny, "passthrough">, z.objectInputType<{ input_tokens: z.ZodNumber; cache_creation_input_tokens: z.ZodOptional; cache_read_input_tokens: z.ZodOptional; output_tokens: z.ZodNumber; service_tier: z.ZodOptional; }, z.ZodTypeAny, "passthrough">>>; model: z.ZodOptional; }, z.ZodTypeAny, "passthrough">>>; }, z.ZodTypeAny, "passthrough">>, z.ZodObject<{ type: z.ZodLiteral<"summary">; summary: z.ZodString; leafUuid: z.ZodString; }, "passthrough", z.ZodTypeAny, z.objectOutputType<{ type: z.ZodLiteral<"summary">; summary: z.ZodString; leafUuid: z.ZodString; }, z.ZodTypeAny, "passthrough">, z.objectInputType<{ type: z.ZodLiteral<"summary">; summary: z.ZodString; leafUuid: z.ZodString; }, z.ZodTypeAny, "passthrough">>, z.ZodObject<{ type: z.ZodLiteral<"system">; uuid: z.ZodString; }, "passthrough", z.ZodTypeAny, z.objectOutputType<{ type: z.ZodLiteral<"system">; uuid: z.ZodString; }, z.ZodTypeAny, "passthrough">, z.objectInputType<{ type: z.ZodLiteral<"system">; uuid: z.ZodString; }, z.ZodTypeAny, "passthrough">>]>; type RawJSONLines = z.infer; /** * Permission mode type - includes both Claude and Codex modes * Must match MessageMetaSchema.permissionMode enum values * * Claude modes: default, acceptEdits, bypassPermissions, plan * Codex modes: read-only, safe-yolo, yolo * * When calling Claude SDK, Codex modes are mapped at the SDK boundary: * - yolo → bypassPermissions * - safe-yolo → default * - read-only → default */ type PermissionMode = 'default' | 'acceptEdits' | 'bypassPermissions' | 'plan' | 'read-only' | 'safe-yolo' | 'yolo'; /** * Usage data type from Claude */ type Usage = z.infer; /** * Update event from server */ declare const UpdateSchema: z.ZodObject<{ id: z.ZodString; seq: z.ZodNumber; body: z.ZodUnion<[z.ZodObject<{ message: z.ZodObject<{ id: z.ZodString; seq: z.ZodNumber; content: z.ZodObject<{ c: z.ZodString; t: z.ZodLiteral<"encrypted">; }, "strip", z.ZodTypeAny, { c: string; t: "encrypted"; }, { c: string; t: "encrypted"; }>; }, "strip", z.ZodTypeAny, { content: { c: string; t: "encrypted"; }; id: string; seq: number; }, { content: { c: string; t: "encrypted"; }; id: string; seq: number; }>; sid: z.ZodString; t: z.ZodLiteral<"new-message">; }, "strip", z.ZodTypeAny, { message: { content: { c: string; t: "encrypted"; }; id: string; seq: number; }; t: "new-message"; sid: string; }, { message: { content: { c: string; t: "encrypted"; }; id: string; seq: number; }; t: "new-message"; sid: string; }>, z.ZodObject<{ t: z.ZodLiteral<"update-session">; sid: z.ZodString; metadata: z.ZodOptional>>; agentState: z.ZodOptional>>; }, "strip", z.ZodTypeAny, { t: "update-session"; sid: string; metadata?: { value: string; version: number; } | null | undefined; agentState?: { value: string; version: number; } | null | undefined; }, { t: "update-session"; sid: string; metadata?: { value: string; version: number; } | null | undefined; agentState?: { value: string; version: number; } | null | undefined; }>, z.ZodObject<{ t: z.ZodLiteral<"update-machine">; machineId: z.ZodString; metadata: z.ZodOptional>>; daemonState: z.ZodOptional>>; }, "strip", z.ZodTypeAny, { t: "update-machine"; machineId: string; metadata?: { value: string; version: number; } | null | undefined; daemonState?: { value: string; version: number; } | null | undefined; }, { t: "update-machine"; machineId: string; metadata?: { value: string; version: number; } | null | undefined; daemonState?: { value: string; version: number; } | null | undefined; }>]>; createdAt: z.ZodNumber; }, "strip", z.ZodTypeAny, { id: string; seq: number; body: { message: { content: { c: string; t: "encrypted"; }; id: string; seq: number; }; t: "new-message"; sid: string; } | { t: "update-session"; sid: string; metadata?: { value: string; version: number; } | null | undefined; agentState?: { value: string; version: number; } | null | undefined; } | { t: "update-machine"; machineId: string; metadata?: { value: string; version: number; } | null | undefined; daemonState?: { value: string; version: number; } | null | undefined; }; createdAt: number; }, { id: string; seq: number; body: { message: { content: { c: string; t: "encrypted"; }; id: string; seq: number; }; t: "new-message"; sid: string; } | { t: "update-session"; sid: string; metadata?: { value: string; version: number; } | null | undefined; agentState?: { value: string; version: number; } | null | undefined; } | { t: "update-machine"; machineId: string; metadata?: { value: string; version: number; } | null | undefined; daemonState?: { value: string; version: number; } | null | undefined; }; createdAt: number; }>; type Update = z.infer; /** * Session information */ type Session = { id: string; /** * Server-side idempotency tag for this session. Two `getOrCreateSession` * calls with the same `tag` return the same row, so callers who want * to resume an existing session (e.g. `consortium code --resume `) * must pass the original tag — not a fresh random one. Surfacing it * here so the TUI wizard can hand it to the spawned agent process. */ tag: string; seq: number; encryptionKey: Uint8Array; encryptionVariant: 'legacy' | 'dataKey'; metadata: Metadata; metadataVersion: number; agentState: AgentState | null; agentStateVersion: number; }; /** * Machine metadata - static information (rarely changes) */ declare const MachineMetadataSchema: z.ZodObject<{ host: z.ZodString; platform: z.ZodString; consortiumCliVersion: z.ZodString; homeDir: z.ZodString; consortiumHomeDir: z.ZodString; consortiumLibDir: z.ZodString; cpuCount: z.ZodOptional; memoryTotalMb: z.ZodOptional; openclawInstalled: z.ZodOptional; openclawVersion: z.ZodOptional>; openclawWorkspaceExists: z.ZodOptional; openclawGatewayRunning: z.ZodOptional; openclawGatewayPort: z.ZodOptional; openclawChannels: z.ZodOptional>; openclawAgentCount: z.ZodOptional; openclawAgents: z.ZodOptional, "many">>; terminalCapabilities: z.ZodOptional>; }, "strip", z.ZodTypeAny, { host: string; platform: string; consortiumCliVersion: string; homeDir: string; consortiumHomeDir: string; consortiumLibDir: string; cpuCount?: number | undefined; memoryTotalMb?: number | undefined; openclawInstalled?: boolean | undefined; openclawVersion?: string | null | undefined; openclawWorkspaceExists?: boolean | undefined; openclawGatewayRunning?: boolean | undefined; openclawGatewayPort?: number | undefined; openclawChannels?: string[] | undefined; openclawAgentCount?: number | undefined; openclawAgents?: { model: string; name: string; workspace: string; agentDir: string; routingRules: number; isDefault: boolean; }[] | undefined; terminalCapabilities?: { tmux: boolean; zellij: boolean; } | undefined; }, { host: string; platform: string; consortiumCliVersion: string; homeDir: string; consortiumHomeDir: string; consortiumLibDir: string; cpuCount?: number | undefined; memoryTotalMb?: number | undefined; openclawInstalled?: boolean | undefined; openclawVersion?: string | null | undefined; openclawWorkspaceExists?: boolean | undefined; openclawGatewayRunning?: boolean | undefined; openclawGatewayPort?: number | undefined; openclawChannels?: string[] | undefined; openclawAgentCount?: number | undefined; openclawAgents?: { model: string; name: string; workspace: string; agentDir: string; routingRules: number; isDefault: boolean; }[] | undefined; terminalCapabilities?: { tmux: boolean; zellij: boolean; } | undefined; }>; type MachineMetadata = z.infer; /** * Daemon state - dynamic runtime information (frequently updated) */ declare const DaemonStateSchema: z.ZodObject<{ status: z.ZodUnion<[z.ZodEnum<["running", "shutting-down"]>, z.ZodString]>; pid: z.ZodOptional; httpPort: z.ZodOptional; startedAt: z.ZodOptional; shutdownRequestedAt: z.ZodOptional; shutdownSource: z.ZodOptional, z.ZodString]>>; }, "strip", z.ZodTypeAny, { status: string; pid?: number | undefined; httpPort?: number | undefined; startedAt?: number | undefined; shutdownRequestedAt?: number | undefined; shutdownSource?: string | undefined; }, { status: string; pid?: number | undefined; httpPort?: number | undefined; startedAt?: number | undefined; shutdownRequestedAt?: number | undefined; shutdownSource?: string | undefined; }>; type DaemonState = z.infer; type Machine = { id: string; encryptionKey: Uint8Array; encryptionVariant: 'legacy' | 'dataKey'; metadata: MachineMetadata; metadataVersion: number; daemonState: DaemonState | null; daemonStateVersion: number; }; declare const UserMessageSchema: z.ZodObject<{ role: z.ZodLiteral<"user">; content: z.ZodObject<{ type: z.ZodLiteral<"text">; text: z.ZodString; attachmentIds: z.ZodOptional>; localId: z.ZodOptional; driveId: z.ZodOptional; driveNodeIds: z.ZodOptional>; driveDek: z.ZodOptional; }, "strip", z.ZodTypeAny, { type: "text"; text: string; attachmentIds?: string[] | undefined; localId?: string | undefined; driveId?: string | undefined; driveNodeIds?: string[] | undefined; driveDek?: string | undefined; }, { type: "text"; text: string; attachmentIds?: string[] | undefined; localId?: string | undefined; driveId?: string | undefined; driveNodeIds?: string[] | undefined; driveDek?: string | undefined; }>; localKey: z.ZodOptional; meta: z.ZodOptional; permissionMode: z.ZodOptional>; model: z.ZodOptional>; fallbackModel: z.ZodOptional>; customSystemPrompt: z.ZodOptional>; appendSystemPrompt: z.ZodOptional>; allowedTools: z.ZodOptional>>; disallowedTools: z.ZodOptional>>; }, "strip", z.ZodTypeAny, { model?: string | null | undefined; sentFrom?: string | undefined; permissionMode?: "default" | "acceptEdits" | "bypassPermissions" | "plan" | "read-only" | "safe-yolo" | "yolo" | undefined; fallbackModel?: string | null | undefined; customSystemPrompt?: string | null | undefined; appendSystemPrompt?: string | null | undefined; allowedTools?: string[] | null | undefined; disallowedTools?: string[] | null | undefined; }, { model?: string | null | undefined; sentFrom?: string | undefined; permissionMode?: "default" | "acceptEdits" | "bypassPermissions" | "plan" | "read-only" | "safe-yolo" | "yolo" | undefined; fallbackModel?: string | null | undefined; customSystemPrompt?: string | null | undefined; appendSystemPrompt?: string | null | undefined; allowedTools?: string[] | null | undefined; disallowedTools?: string[] | null | undefined; }>>; attachmentIds: z.ZodOptional>; localId: z.ZodOptional; driveId: z.ZodOptional; driveDek: z.ZodOptional; }, "strip", z.ZodTypeAny, { content: { type: "text"; text: string; attachmentIds?: string[] | undefined; localId?: string | undefined; driveId?: string | undefined; driveNodeIds?: string[] | undefined; driveDek?: string | undefined; }; role: "user"; attachmentIds?: string[] | undefined; localId?: string | undefined; driveId?: string | undefined; driveDek?: string | undefined; localKey?: string | undefined; meta?: { model?: string | null | undefined; sentFrom?: string | undefined; permissionMode?: "default" | "acceptEdits" | "bypassPermissions" | "plan" | "read-only" | "safe-yolo" | "yolo" | undefined; fallbackModel?: string | null | undefined; customSystemPrompt?: string | null | undefined; appendSystemPrompt?: string | null | undefined; allowedTools?: string[] | null | undefined; disallowedTools?: string[] | null | undefined; } | undefined; }, { content: { type: "text"; text: string; attachmentIds?: string[] | undefined; localId?: string | undefined; driveId?: string | undefined; driveNodeIds?: string[] | undefined; driveDek?: string | undefined; }; role: "user"; attachmentIds?: string[] | undefined; localId?: string | undefined; driveId?: string | undefined; driveDek?: string | undefined; localKey?: string | undefined; meta?: { model?: string | null | undefined; sentFrom?: string | undefined; permissionMode?: "default" | "acceptEdits" | "bypassPermissions" | "plan" | "read-only" | "safe-yolo" | "yolo" | undefined; fallbackModel?: string | null | undefined; customSystemPrompt?: string | null | undefined; appendSystemPrompt?: string | null | undefined; allowedTools?: string[] | null | undefined; disallowedTools?: string[] | null | undefined; } | undefined; }>; type UserMessage = z.infer; type Metadata = { path: string; host: string; version?: string; name?: string; os?: string; summary?: { text: string; updatedAt: number; }; machineId?: string; claudeSessionId?: string; agentSessionId?: string; codexRolloutPath?: string; tools?: string[]; slashCommands?: string[]; homeDir: string; consortiumHomeDir: string; consortiumLibDir: string; consortiumToolsDir: string; startedFromDaemon?: boolean; hostPid?: number; startedBy?: 'daemon' | 'terminal'; lifecycleState?: 'running' | 'archiveRequested' | 'archived' | string; lifecycleStateSince?: number; archivedBy?: string; archiveReason?: string; flavor?: string; firstMessage?: string; /** Resolved model id (cli-set; Pi updates per message_start). */ model?: string; /** Resolved provider id (cli-set alongside `model`). */ provider?: string; }; type AgentState = { controlledByUser?: boolean | null | undefined; requests?: { [id: string]: { tool: string; arguments: any; createdAt: number; }; }; completedRequests?: { [id: string]: { tool: string; arguments: any; createdAt: number; completedAt: number; status: 'canceled' | 'denied' | 'approved'; reason?: string; mode?: PermissionMode; decision?: 'approved' | 'approved_for_session' | 'denied' | 'abort'; allowTools?: string[]; }; }; }; /** * Common RPC types and interfaces for both session and machine clients */ /** * Generic RPC handler function type * @template TRequest - The request data type * @template TResponse - The response data type */ type RpcHandler = (data: TRequest) => TResponse | Promise; /** * RPC request data from server */ interface RpcRequest { method: string; params: string; } /** * Configuration for RPC handler manager */ interface RpcHandlerConfig { scopePrefix: string; encryptionKey: Uint8Array; encryptionVariant: 'legacy' | 'dataKey'; logger?: (message: string, data?: any) => void; } /** * Generic RPC handler manager for session and machine clients * Manages RPC method registration, encryption/decryption, and handler execution */ declare class RpcHandlerManager { private handlers; private readonly scopePrefix; private readonly encryptionKey; private readonly encryptionVariant; private readonly logger; private socket; constructor(config: RpcHandlerConfig); /** * Register an RPC handler for a specific method * @param method - The method name (without prefix) * @param handler - The handler function */ registerHandler(method: string, handler: RpcHandler): void; /** * Handle an incoming RPC request * @param request - The RPC request data * @param callback - The response callback */ handleRequest(request: RpcRequest): Promise; onSocketConnect(socket: Socket): Promise; onSocketDisconnect(): void; /** * Get the number of registered handlers */ getHandlerCount(): number; /** * Check if a handler is registered * @param method - The method name (without prefix) */ hasHandler(method: string): boolean; /** * Invoke a registered handler in-process with already-decrypted params. * Used by the generic harness dispatcher to fall through to a legacy * per-harness RPC (e.g. `openclaw-agent-add`) when the harness provider * doesn't expose the dispatcher-facing method directly. */ callLocal(method: string, params: TRequest): Promise; /** * Clear all handlers */ clearHandlers(): void; /** * Get the prefixed method name * @param method - The method name */ private getPrefixedMethod; } /** * ACP (Agent Communication Protocol) message data types. * This is the unified format for all agent messages - CLI adapts each provider's format to ACP. */ type ACPMessageData = { type: 'message'; message: string; } | { type: 'reasoning'; message: string; } | { type: 'thinking'; text: string; } | { type: 'tool-call'; callId: string; name: string; input: unknown; id: string; } | { type: 'tool-result'; callId: string; output: unknown; id: string; isError?: boolean; } | { type: 'file-edit'; description: string; filePath: string; diff?: string; oldContent?: string; newContent?: string; id: string; } | { type: 'terminal-output'; data: string; callId: string; } | { type: 'task_started'; id: string; } | { type: 'task_complete'; id: string; } | { type: 'turn_aborted'; id: string; } | { type: 'permission-request'; permissionId: string; toolName: string; description: string; options?: unknown; } | { type: 'artifact'; artifactId: string; mime: string; name?: string; sizeBytes?: number; } | { type: 'token_count'; [key: string]: unknown; }; type ACPProvider = 'gemini' | 'grok' | 'pi' | 'codex' | 'claude' | 'consortium-code'; declare class ApiSessionClient extends EventEmitter { private readonly token; readonly sessionId: string; private metadata; private metadataVersion; private agentState; private agentStateVersion; private socket; private pendingMessages; private pendingMessageCallback; readonly rpcHandlerManager: RpcHandlerManager; private agentStateLock; private metadataLock; private encryptionKey; private encryptionVariant; private lastClaudeModel; private pendingEmits; private static readonly MAX_PENDING_EMITS; private reconnectTimer; private manualReconnectAttempts; private destroyed; private flushWatchdog; private static readonly FLUSH_WATCHDOG_MS; /** Get encryption details for passing to child processes. */ getEncryptionDetails(): { key: Uint8Array; variant: 'legacy' | 'dataKey'; }; /** * Upload an agent-produced media blob to the server as a SessionArtifact. * * Phase 1: bytes are POSTed as base64 *plaintext*. The S3 path is in a * `private/` prefix, served only via short-lived presigned URLs to * authenticated session owners — same security model as * SupportTicketAttachment. Phase 1.5 will layer client-side encryption * with libsodium secretbox under the session data key (the primitive is * already used by Drive content, so it's cross-platform on both sides). * * Returns the artifact id and metadata so the caller can immediately * reference it in an outgoing agent message * (`{ type: 'artifact', artifactId, mime }`). */ uploadArtifact(args: { bytes: Uint8Array; mime: string; }): Promise<{ id: string; mime: string; sizeBytes: number; }>; constructor(token: string, session: Session); onUserMessage(callback: (data: UserMessage) => void): void; /** * Emit a 'message' payload, buffering it if the socket is currently * disconnected. Drained on the next 'connect' event. */ private reliableEmitMessage; private flushPendingEmits; /** * Send message to session * @param body - Message body (can be MessageContent or raw content for agent messages) */ sendClaudeSessionMessage(body: RawJSONLines): void; sendCodexMessage(body: any): void; /** * Send a generic agent message to the session using ACP (Agent Communication Protocol) format. * Works for any agent type (Gemini, Codex, Claude, etc.) - CLI normalizes to unified ACP format. * * @param provider - The agent provider sending the message (e.g., 'gemini', 'codex', 'claude') * @param body - The message payload (type: 'message' | 'reasoning' | 'tool-call' | 'tool-result') */ /** * Send a user message to the session, rendered as a chat bubble on the web client. * Used to mirror terminal TUI input to the web session. */ sendUserChatMessage(text: string): void; sendAgentMessage(provider: ACPProvider, body: ACPMessageData): void; sendSessionEvent(event: { type: 'switch'; mode: 'local' | 'remote'; } | { type: 'message'; message: string; } | { type: 'permission-mode-changed'; mode: 'default' | 'acceptEdits' | 'bypassPermissions' | 'plan'; } | { type: 'ready'; }, id?: string): void; /** * Send a ping message to keep the connection alive */ keepAlive(thinking: boolean, mode: 'local' | 'remote'): void; /** * Send session death message */ sendSessionDeath(): void; /** * Infers the LLM provider ID from a model name string. */ private inferProvider; /** * Detects the usage mode based on environment variables. * If base URL points to the consortium proxy, it's managed mode. * Otherwise defaults to wrapped (backward-compatible). */ private detectUsageMode; /** * Send usage data to the server */ sendUsageData(usage: Usage, model?: string): void; /** * Update session metadata * @param handler - Handler function that returns the updated metadata */ updateMetadata(handler: (metadata: Metadata) => Metadata): void; /** * Update session agent state * @param handler - Handler function that returns the updated agent state */ updateAgentState(handler: (metadata: AgentState) => AgentState): void; /** * Wait for socket buffer to flush */ flush(): Promise; close(): Promise; /** * Schedule a manual reconnect after a connect_error. Mirrors * ApiMachineClient.scheduleManualReconnect; see comment there for the * Socket.IO middleware-rejection rationale. Session sockets don't * carry their own refresh path — the session token comes from the * parent process, so the only thing we can do here is retry with * the existing token until it works (or until close() is called). */ private scheduleManualReconnect; } /** * Shared types for the persistent terminal multiplexer subsystem. * * TerminalBackend is the common interface implemented by tmux, zellij, and * the fallback ephemeral (node-pty) backend. TerminalManager owns backend * instances and dispatches I/O through them. */ type TerminalMode = 'tmux' | 'zellij' | 'ephemeral'; type TerminalStatus = 'running' | 'exited'; interface TerminalDescriptor { id: string; mode: TerminalMode; status: TerminalStatus; /** Epoch ms; best-effort, may be 0 if unknown post-restart */ createdAt: number; } interface SpawnSessionOptions { machineId?: string; directory: string; sessionId?: string; approvedNewDirectoryCreation?: boolean; agent?: 'claude' | 'codex' | 'gemini' | 'grok' | 'pi' | 'consortium-code'; token?: string; /** Start as Project Manager agent with session orchestration tools */ pmMode?: boolean; /** When true, create a worktree before spawning the agent process */ worktreeMode?: boolean; /** Card ID for worktree branch naming */ cardId?: string; /** Card slug for worktree directory naming */ cardSlug?: string; /** Base branch for worktree (defaults to 'main') */ repoBaseBranch?: string; /** * Legacy: Claude session ID to resume (uses `claude --resume `). * Still honored for claude agents when `resume` is not set. Prefer `resume` * below for all new callers — it carries agent-specific resume data. */ resumeSessionId?: string; /** * Agent-specific resume hint. Only one of these is consulted, based on * `agent`: * - claude → uses `sessionId` as `--resume ` * - codex → uses `rolloutPath` via `experimental_resume` * config (daemon writes it to a --config arg) * and passes `sessionId` for logging. * - consortium-code → uses `--continue` (no id). `sessionId` carried * for logging only; actual resume is last-session. * - gemini → resume not supported; daemon rejects with a * user-visible error if this is set. */ resume?: { sessionId?: string; rolloutPath?: string; }; environmentVariables?: { ANTHROPIC_BASE_URL?: string; ANTHROPIC_AUTH_TOKEN?: string; ANTHROPIC_MODEL?: string; TMUX_SESSION_NAME?: string; TMUX_TMPDIR?: string; }; /** Per-provider key mode from profile: managed, byok, or none */ profileKeyMode?: Record; /** * How auth credentials should be sourced for this session. Mirrors * `AuthSource` in `src/auth/types.ts` — duplicated as a string-literal * union here to avoid a circular import between the common RPC layer * and the auth module. Defaults to `'auto'` server-side: prefer * machine creds if the probe finds them, else fall back to managed * proxy if the user has credits, else error. */ authSource?: 'machine' | 'managed' | 'byok' | 'auto'; /** * Optional expectation about the resolved identity. When supplied, * the daemon verifies the probe's identity matches before spawning; * a mismatch surfaces a clear error rather than silently using the * wrong account. */ authIdentity?: { agent: 'claude' | 'codex' | 'gemini' | 'consortium'; email?: string; }; /** * Provider id picked in the mobile Provider button (W3A). When set and * non-`consortium`, the daemon injects this provider's keyEnvVar from * the encrypted BYOK keystore so the agent CLI talks directly to the * native upstream instead of routing through the Consortium proxy. * Higher precedence than `profileKeyMode` for choosing the BYOK * provider id. */ providerId?: string; /** * Selected model id (W3A). Currently advisory — the agent CLI reads * the model from its own per-agent flags or environment. Carried so * future telemetry / provider-routing decisions can avoid re-parsing * provider:model strings. */ modelId?: string; /** * Explicit environment variable name to bind the BYOK key under when * the daemon can't infer it from its catalogs (custom providers). * Mobile supplies this for `customProviders` entries; the daemon uses * it verbatim instead of looking up via AGENT_PROVIDERS or * OPENCODE_PROVIDERS. Ignored when the daemon already knows the * provider. */ byokEnvVar?: string; /** * Optional OpenAI-compatible base URL for the custom provider. When * present the daemon exports `OPENCODE_CUSTOM_BASE_URL` so users can * reference it from their opencode.json provider config. */ byokBaseURL?: string; } type SpawnSessionResult = { type: 'success'; sessionId: string; } | { type: 'requestToApproveDirectoryCreation'; directory: string; } | { type: 'error'; errorMessage: string; } /** * Proxy-token mint failed for a required scope. Distinct from the * generic 'error' so the app can route to billing/upgrade UI instead * of a generic "Failed to spawn" alert. `errorCode` mirrors the * structured server response (`spending_cap_required`, * `subscription_canceled`, `daily_limit_hit`, `insufficient_credits`, * etc.). The CLI never silently downgrades to direct upstream — a * failed mint is a hard spawn refusal. */ | { type: 'mint_failed'; errorCode: string; message: string; scope: 'consortium' | 'anthropic' | 'openai' | 'google' | 'zai'; }; interface ServerToDaemonEvents { update: (data: Update) => void; 'rpc-request': (data: { method: string; params: string; }, callback: (response: string) => void) => void; 'rpc-registered': (data: { method: string; }) => void; 'rpc-unregistered': (data: { method: string; }) => void; 'rpc-error': (data: { type: string; error: string; }) => void; auth: (data: { success: boolean; user: string; }) => void; error: (data: { message: string; }) => void; 'pty:open': (data: { terminalId: string; cols: number; rows: number; persistentTerminalId?: string; }, callback: (response: { ok: boolean; error?: string; }) => void) => void; 'pty:data': (data: { terminalId: string; data: string; }) => void; 'pty:resize': (data: { terminalId: string; cols: number; rows: number; }) => void; 'pty:close': (data: { terminalId: string; }) => void; 'terminal:create': (data: { terminalId: string; persistenceMode?: string; cols?: number; rows?: number; cwd?: string; shell?: string; }, callback: (response: { ok: boolean; mode: string; error?: string; }) => void) => void; 'terminal:list': (data: unknown, callback: (response: { ok: boolean; terminals: TerminalDescriptor[]; }) => void) => void; 'terminal:destroy': (data: { terminalId: string; }, callback: (response: { ok: boolean; error?: string; }) => void) => void; 'server-shutting-down': (data: { reason: string; timestamp: number; }) => void; 'machine:fs-readdir': (data: { machineId: string; path: string; requestId: string; }) => void; 'machine:fs-stat': (data: { machineId: string; path: string; requestId: string; }) => void; } interface DaemonToServerEvents { 'machine-alive': (data: { machineId: string; time: number; }) => void; 'machine-update-metadata': (data: { machineId: string; metadata: string; expectedVersion: number; }, cb: (answer: { result: 'error'; } | { result: 'version-mismatch'; version: number; metadata: string; } | { result: 'success'; version: number; metadata: string; }) => void) => void; 'machine-update-state': (data: { machineId: string; daemonState: string; expectedVersion: number; }, cb: (answer: { result: 'error'; } | { result: 'version-mismatch'; version: number; daemonState: string; } | { result: 'success'; version: number; daemonState: string; }) => void) => void; 'openclaw:activity': (data: { machineId: string; eventType: string; agentId: string | null; encryptedPayload: string; timestamp: number; }) => void; 'openclaw:status': (data: { machineId: string; status: string; version: string | null; gatewayPort: number; channels: string[]; agentCount: number; timestamp: number; }) => void; 'rpc-register': (data: { method: string; }, callback: (response: { ok: boolean; method: string; }) => void) => void; 'rpc-unregister': (data: { method: string; }) => void; 'rpc-ready': () => void; 'rpc-call': (data: { method: string; params: any; }, callback: (response: { ok: boolean; result?: any; error?: string; }) => void) => void; 'pty:data': (data: { machineId: string; terminalId: string; data: string; }) => void; 'pty:exit': (data: { machineId: string; terminalId: string; }) => void; 'terminal:list': (data: { machineId: string; terminals: TerminalDescriptor[]; }) => void; 'machine:fs-readdir-result': (data: { requestId: string; entries: Array<{ name: string; type: string; size: number; modified: number; }>; error?: string; }) => void; 'machine:fs-stat-result': (data: { requestId: string; stat: { size: number; modified: number; isDirectory: boolean; isFile: boolean; permissions: string; } | null; error?: string; }) => void; } type MachineRpcHandlers = { spawnSession: (options: SpawnSessionOptions) => Promise; stopSession: (sessionId: string) => boolean; requestShutdown: () => void; }; interface ApiMachineConnectOptions { onReconnect?: () => Promise; organizationId?: string; onAuthFailure?: () => void; /** * Called when the websocket handshake is rejected (typically auth-related, * but can fire for any connect_error). Should return a fresh token if one * is available, or null if refresh failed/isn't possible. The new token, * if returned, is swapped into the socket auth before the next reconnect * attempt. See connect_error handler for the back-off schedule. * * Why this exists: Socket.IO v4 does not auto-retry middleware-level * handshake rejections (the path the server takes for "Invalid * authentication token"). Without explicit refresh + manual reconnect, * a single transient auth blip permanently disconnects the daemon. */ refreshToken?: () => Promise; } declare class ApiMachineClient { private token; private machine; private socket; /** * Escape hatch for subsystems (e.g. harness profile-sync) that need to * register custom events on the machine-scoped socket. Returns the live * Socket.IO client; may be undefined before connect() is called. */ getRawSocket(): Socket | undefined; /** Initialised async in connect(); guarded by the null check in handlers */ private terminalManager; private keepAliveInterval; private rpcHandlerManager; /** * Single shared device-code flow runner per daemon process. Wave 2 * of agent-auth-foundation. Handles `claude login` / `gcloud auth * login --no-browser` and any future RFC 8628 device-code flow. */ private deviceCodeFlow; private pasteFlow; private hasConnectedOnce; private consecutiveAuthErrors; private disconnectedAt; private reconnectTimer; private manualReconnectAttempts; private destroyed; constructor(token: string, machine: Machine); setRPCHandlers({ spawnSession, stopSession, requestShutdown }: MachineRpcHandlers): void; /** * Update machine metadata * Currently unused, changes from the mobile client are more likely * for example to set a custom name. */ updateMachineMetadata(handler: (metadata: MachineMetadata | null) => MachineMetadata): Promise; /** * Update daemon state (runtime info) - similar to session updateAgentState * Simplified without lock - relies on backoff for retry */ updateDaemonState(handler: (state: DaemonState | null) => DaemonState): Promise; connect(options?: ApiMachineConnectOptions): void; /** * Schedule a manual reconnect with exponential backoff + jitter. Called * from the connect_error handler because Socket.IO v4 does not retry * middleware-rejected handshakes on its own (see comment in the handler). * * If a refreshToken callback is provided and the rejection looked like * an auth error, the new token is swapped into socket.auth before the * next attempt. Backoff: 1s, 2s, 4s, 8s, 16s, 30s (cap), with up to * 1s of random jitter on top. Reset to 0 on successful connect. */ private scheduleManualReconnect; private startKeepAlive; private stopKeepAlive; /** * Emit an encrypted OpenClaw activity event to be relayed to the mobile app. * The encryptedPayload should already be base64(encrypted(event data)). */ emitOpenClawActivity(eventType: string, agentId: string | null, encryptedPayload: string): void; /** * Emit an OpenClaw status update (unencrypted, for quick display). */ emitOpenClawStatus(status: string, version: string | null, gatewayPort: number, channels: string[], agentCount: number): void; /** * Emit a deployment health status event to the server for mobile app display. * * Accepts the full set of deployment lifecycle statuses (health, container, * deploy/stop/remove) plus optional metadata fields used by the deployment * RPC handlers in daemon/run.ts. */ emitDeploymentStatus(data: { deploymentId: string; status: 'healthy' | 'unhealthy' | 'running' | 'stopped' | 'pulling' | 'failed' | 'removing' | string; healthStatus?: 'healthy' | 'unhealthy' | 'unknown'; statusMessage?: string; containerName?: string; url?: string; timestamp?: number; [extra: string]: unknown; }): void; /** Exposes the RPC handler manager for registering additional handlers (e.g. OpenClaw) */ get rpcHandlers(): RpcHandlerManager; /** Exposes the machine's encryption key for the bridge to encrypt activity payloads */ get encryptionKey(): Uint8Array; /** Exposes the encryption variant */ get encryptionVariant(): 'legacy' | 'dataKey'; shutdown(): void; } interface PushToken { id: string; token: string; createdAt: number; updatedAt: number; } declare class PushNotificationClient { private readonly token; private readonly baseUrl; private readonly expo; constructor(token: string, baseUrl?: string); /** * Fetch all push tokens for the authenticated user */ fetchPushTokens(): Promise; /** * Send push notification via Expo Push API with retry * @param messages - Array of push messages to send */ sendPushNotifications(messages: ExpoPushMessage[]): Promise; /** * Send a push notification to all registered devices for the user * @param title - Notification title * @param body - Notification body * @param data - Additional data to send with the notification */ sendToAllDevices(title: string, body: string, data?: Record): void; } /** * Minimal persistence functions for consortium CLI * * Handles settings and private key storage in ~/.consortium/ or local .consortium/ */ type Credentials = { token: string; encryption: { type: 'legacy'; secret: Uint8Array; } | { type: 'dataKey'; publicKey: Uint8Array; machineKey: Uint8Array; } | null; }; declare class ApiClient { static create(credential: Credentials): Promise; private readonly credential; private readonly pushClient; private constructor(); /** * Create a new session or load existing one with the given tag */ getOrCreateSession(opts: { tag: string; metadata: Metadata; state: AgentState | null; organizationId?: string; }): Promise; /** * Register or update machine with the server * Returns the current machine state from the server with decrypted metadata and daemonState */ getOrCreateMachine(opts: { machineId: string; metadata: MachineMetadata; daemonState?: DaemonState; vpsInstanceId?: string; organizationId?: string; }): Promise; sessionSyncClient(session: Session): ApiSessionClient; machineSyncClient(machine: Machine): ApiMachineClient; push(): PushNotificationClient; /** * Register a vendor API token with the server * The token is sent as a JSON string - server handles encryption */ registerVendorToken(vendor: 'openai' | 'anthropic' | 'gemini' | 'xai', apiKey: any): Promise; /** * Get vendor API token from the server * Returns the token if it exists, null otherwise */ getVendorToken(vendor: 'openai' | 'anthropic' | 'gemini' | 'xai'): Promise; /** * Fetches the list of organizations the user belongs to. * Used for the interactive org picker on CLI startup. */ fetchOrgs(): Promise>; } /** * Design decisions: * - Logging should be done only through file for debugging, otherwise we might disturb the claude session when in interactive mode * - Use info for logs that are useful to the user - this is our UI * - File output location: ~/.consortium/logs/.log */ declare class Logger { readonly logFilePath: string; private dangerouslyUnencryptedServerLoggingUrl; constructor(logFilePath?: string); localTimezoneTimestamp(): string; debug(message: string, ...args: unknown[]): void; debugLargeJson(message: string, object: unknown, maxStringLength?: number, maxArrayLength?: number): void; info(message: string, ...args: unknown[]): void; infoDeveloper(message: string, ...args: unknown[]): void; warn(message: string, ...args: unknown[]): void; getLogPath(): string; private logToConsole; private sendToRemoteServer; private logToFile; } declare let logger: Logger; /** * Global configuration for consortium CLI * * Centralizes all configuration including environment variables and paths * Environment files should be loaded using Node's --env-file flag */ declare class Configuration { readonly serverUrl: string; readonly webappUrl: string; readonly isDaemonProcess: boolean; readonly consortiumHomeDir: string; readonly logsDir: string; readonly settingsFile: string; readonly privateKeyFile: string; readonly daemonStateFile: string; readonly daemonLockFile: string; readonly currentCliVersion: string; readonly isExperimentalEnabled: boolean; readonly disableCaffeinate: boolean; readonly authToken: string | undefined; constructor(); } declare const configuration: Configuration; export { ApiClient, ApiSessionClient, RawJSONLinesSchema, configuration, logger }; export type { RawJSONLines };