interface JsonRpcRequest { jsonrpc: '2.0'; id: string; method: string; params?: Record; } interface JsonRpcSuccessResponse { jsonrpc: '2.0'; id: string; result: unknown; } interface JsonRpcErrorResponse { jsonrpc: '2.0'; id: string; error: JsonRpcError; } interface JsonRpcError { code: number; message: string; data?: unknown; } type JsonRpcResponse = JsonRpcSuccessResponse | JsonRpcErrorResponse; interface JsonRpcNotification { jsonrpc: '2.0'; method: string; params?: Record; } type JsonRpcMessage = JsonRpcRequest | JsonRpcResponse | JsonRpcNotification; declare const TunnelErrorCode: { readonly PERMISSION_DENIED: -32000; readonly CAPABILITY_NOT_REGISTERED: -32001; readonly TIMEOUT: -32002; readonly LOCAL_ERROR: -32003; readonly NOT_CONNECTED: -32004; readonly EXPIRED: -32005; readonly RATE_LIMITED: -32006; readonly AUTH_FAILED: -32007; }; type TunnelErrorCodeValue = (typeof TunnelErrorCode)[keyof typeof TunnelErrorCode]; type TunnelCapability = 'filesystem' | 'shell' | 'network' | 'apps' | 'hardware' | 'desktop' | 'gpu'; declare const TunnelMethods: { readonly 'fs.read': "filesystem"; readonly 'fs.write': "filesystem"; readonly 'fs.list': "filesystem"; readonly 'fs.stat': "filesystem"; readonly 'fs.delete': "filesystem"; readonly 'shell.exec': "shell"; readonly 'desktop.screenshot': "desktop"; readonly 'desktop.mouse.click': "desktop"; readonly 'desktop.mouse.move': "desktop"; readonly 'desktop.mouse.drag': "desktop"; readonly 'desktop.mouse.scroll': "desktop"; readonly 'desktop.mouse.position': "desktop"; readonly 'desktop.keyboard.type': "desktop"; readonly 'desktop.keyboard.key': "desktop"; readonly 'desktop.window.list': "desktop"; readonly 'desktop.window.focus': "desktop"; readonly 'desktop.window.resize': "desktop"; readonly 'desktop.window.close': "desktop"; readonly 'desktop.window.minimize': "desktop"; readonly 'desktop.app.launch': "desktop"; readonly 'desktop.app.quit': "desktop"; readonly 'desktop.app.list': "desktop"; readonly 'desktop.clipboard.read': "desktop"; readonly 'desktop.clipboard.write': "desktop"; readonly 'desktop.screen.info': "desktop"; readonly 'desktop.cursor.image': "desktop"; readonly 'desktop.ax.tree': "desktop"; readonly 'desktop.ax.action': "desktop"; readonly 'desktop.ax.set_value': "desktop"; readonly 'desktop.ax.focus': "desktop"; readonly 'desktop.ax.search': "desktop"; readonly 'net.request': "network"; readonly 'net.port_forward.start': "network"; readonly 'net.port_forward.stop': "network"; readonly 'tunnel.ping': null; readonly 'tunnel.pong': null; readonly 'tunnel.permission.revoked': null; readonly 'tunnel.permissions.sync': null; readonly 'tunnel.token.rotated': null; }; type TunnelMethod = keyof typeof TunnelMethods; interface PendingRPC { resolve: (value: unknown) => void; reject: (error: Error) => void; timer: ReturnType; method: string; tunnelId: string; startedAt: number; } interface SignedJsonRpcRequest extends JsonRpcRequest { _sig: string; _nonce: number; } interface SignedJsonRpcNotification extends JsonRpcNotification { _sig: string; _nonce: number; } interface TunnelRpcParams { capability: TunnelCapability; operation: string; args: Record; permissionId?: string; } interface RelayRpcOptions { timeoutMs?: number; } /** Public agent info — does NOT expose signing key. */ interface AgentInfo { tunnelId: string; connectedAt: number; metadata?: Record; } interface TunnelRelayEvents { 'agent:connect': { tunnelId: string; metadata?: Record; }; 'agent:disconnect': { tunnelId: string; }; 'agent:timeout': { tunnelId: string; }; 'rpc:request': { tunnelId: string; method: string; requestId: string; }; 'rpc:response': { tunnelId: string; method: string; requestId: string; durationMs: number; }; 'rpc:error': { tunnelId: string; method: string; requestId: string; error: Error; }; 'connection:replaced': { tunnelId: string; }; 'message:pong': { tunnelId: string; params?: Record; }; 'message:raw': { tunnelId: string; message: unknown; }; } interface TunnelRelayConfig { rpcTimeoutMs?: number; maxWsMessageSize?: number; } interface HeartbeatConfig { intervalMs?: number; maxMissed?: number; } /** Auth handshake message sent by agent as first WS message. */ interface TunnelAuthMessage { type: 'auth'; token: string; } /** Result returned by onAuthenticate hook on success. */ interface AuthResult { signingKey: string; metadata?: Record; } interface TunnelServerConfig { port?: number; relay?: TunnelRelayConfig; heartbeat?: HeartbeatConfig; /** * Called when an agent sends its auth handshake. * Return { signingKey, metadata } to accept, or null to reject. * If not provided, all connections are rejected. */ onAuthenticate?: (tunnelId: string, token: string) => Promise; /** * Called before relaying an RPC to the agent. * Return false to deny. If not provided, all RPCs are allowed. */ onAuthorizeRPC?: (tunnelId: string, method: string, params: Record) => Promise; /** * Called before handling HTTP requests to relay routes (/connections, /rpc). * Return false to deny. If not provided, routes are open. */ onAuthorizeHTTP?: (req: Request) => Promise; } export { type AgentInfo as A, type HeartbeatConfig as H, type JsonRpcError as J, type PendingRPC as P, type RelayRpcOptions as R, type SignedJsonRpcNotification as S, type TunnelAuthMessage as T, type AuthResult as a, type JsonRpcErrorResponse as b, type JsonRpcMessage as c, type JsonRpcNotification as d, type JsonRpcRequest as e, type JsonRpcResponse as f, type JsonRpcSuccessResponse as g, type SignedJsonRpcRequest as h, type TunnelCapability as i, TunnelErrorCode as j, type TunnelErrorCodeValue as k, type TunnelMethod as l, TunnelMethods as m, type TunnelRelayConfig as n, type TunnelRelayEvents as o, type TunnelRpcParams as p, type TunnelServerConfig as q };