feat: 支持 acp-link 包进行 acp 通用的 remote-control (#292)

* fix: 修复超时问题

* feat: 添加 acp-link 代码

* refactor: 样式重构完成

* feat: RCS 添加 ACP 后端支持

- 新增 ACP WebSocket handler (agent 注册、EventBus 订阅)
- 新增 relay handler (前端 WS → acp-link 透传 + EventBus inbound 转发)
- 新增 SSE event stream 供外部消费者订阅 channel group 事件
- ACP REST 接口无鉴权 (agents、channel-groups)
- WebSocket 端点保留 token 鉴权
- SPA 路由 /acp/ 指向 acp.html

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: 添加 ACP 专属前端界面

- 新增 /acp/ SPA 页面 (agent 列表 + 实时交互)
- Agent 列表按 channel group 分组，显示在线状态
- 通过 RCS WebSocket relay 与 agent 通信
- Vite multi-page 构建 (index.html + acp.html)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: acp-link 支持 RCS relay 双向通信

- rcs-upstream 新增 messageHandler 转发非控制消息
- server.ts 新增虚拟 WS + relay client state 处理 relay ACP 消息
- newSession/loadSession 补充 mcpServers 参数
- 连接成功后显示 ACP Dashboard URL

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: 移除 FileExplorer 及文件操作相关代码

- 删除 FileExplorer 组件
- ACPMain 移除 Files tab，仅保留 Chat 和 History
- client.ts 移除 listDir/readFile/onFileChanges 等方法
- types.ts 移除 FileItem/FileContent/FileChange 等类型

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: 修复类型问题

* feat: RCS 后端统一 ACP/Bridge 注册逻辑

- store: EnvironmentRecord 增加 capabilities 字段、storeFindEnvironmentByMachineName 复用逻辑
- store: 新增 storeGetSessionOwners，支持未绑定 session 自动 claim
- environment: registerEnvironment 支持 ACP 复用已有记录，返回 session_id
- session: resolveOwnedWebSessionId 支持无 owner session 自动绑定
- acp-ws-handler: 新增 handleIdentify 支持 REST+WS 两步注册
- acp routes: /acp/relay 和 /acp/agents 支持 UUID 认证
- event-bus: 增加 error 类型 payload 日志

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: acp-link 改 REST 注册 + WS identify 两步流程

- rcs-upstream: 新增 registerViaRest() 通过 POST /v1/environments/bridge 注册
- rcs-upstream: WS 连接后发送 identify 替代 register，携带 agentId
- rcs-upstream: 入口链接改为 /code/?sid=${sessionId} 实现用户绑定
- server: 修复心跳跳过 relay 虚拟连接的 bug
- server: maxSessions 配置传入 RCS upstream

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: 前端统一 Chat 组件 + ACP 聊天界面重构

- 新增 chat/ 组件: ChatView, ChatInput, MessageBubble, ToolCallGroup, PermissionPanel, SessionSidebar, CommandMenu
- ACPMain: 重构支持完整 ACP 协议交互（session/prompt/permission）
- rcs-chat-adapter: 统一 bridge session SSE 适配器
- ACPClient: 增强 session 管理、permission 流程、streaming 支持
- index.css: 新增 chat 相关样式、动画、布局
- useCommands: 新增快捷命令 hook

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: 删除 /acp/ 独立页面，ACP 聊天统一到 /code/:sessionId

- 删除 acp.html、acp-main.tsx 入口文件和 pages/acp/ 目录
- SessionDetail: ACP session 在同一页面渲染 ACPSessionDetail 组件
- App.tsx: ?sid= 参数自动调用 apiBind 绑定用户 UUID
- Dashboard: 统一 session 列表导航，ACP 显示紫色标签
- relay-client: 改用 UUID 认证替代 API token
- EnvironmentList: 显示 workerType 标签（ACP Agent / Claude Code）
- index.ts: 移除 /acp/ SPA 路由，vite.config 移除 acp 入口

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* build: 更新构建及测试修复

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

packages/remote-control-server/src/routes/acp/index.ts

@@ -0,0 +1,214 @@
+import { Hono } from "hono";
+import { upgradeWebSocket } from "../../transport/ws-shared";
+import { apiKeyAuth } from "../../auth/middleware";
+import { validateApiKey } from "../../auth/api-key";
+import {
+  handleAcpWsOpen,
+  handleAcpWsMessage,
+  handleAcpWsClose,
+} from "../../transport/acp-ws-handler";
+import {
+  handleRelayOpen,
+  handleRelayMessage,
+  handleRelayClose,
+} from "../../transport/acp-relay-handler";
+import {
+  storeListAcpAgents,
+  storeListAcpAgentsByChannelGroup,
+  storeGetEnvironment,
+} from "../../store";
+import { createAcpSSEStream } from "../../transport/acp-sse-writer";
+import { log, error as logError } from "../../logger";
+
+const app = new Hono();
+
+/** Maximum WebSocket message size: 10 MB */
+const MAX_WS_MESSAGE_SIZE = 10 * 1024 * 1024;
+
+/** Response shape for an ACP agent */
+function toAcpAgentResponse(env: ReturnType<typeof storeGetEnvironment> & {}) {
+  if (!env) return null;
+  return {
+    id: env.id,
+    agent_name: env.machineName,
+    channel_group_id: env.bridgeId,
+    status: env.status === "active" ? "online" : "offline",
+    max_sessions: env.maxSessions,
+    last_seen_at: env.lastPollAt ? env.lastPollAt.getTime() / 1000 : null,
+    created_at: env.createdAt.getTime() / 1000,
+  };
+}
+
+/** GET /acp/agents — List all registered ACP agents (UUID or API key auth) */
+app.get("/agents", async (c) => {
+  // Require at least UUID auth
+  const uuid = c.req.query("uuid");
+  const authHeader = c.req.header("Authorization");
+  const queryToken = c.req.query("token");
+  const token = authHeader?.replace("Bearer ", "") || queryToken;
+  if (!uuid && !(token && validateApiKey(token))) {
+    return c.json({ error: { type: "unauthorized", message: "Missing auth" } }, 401);
+  }
+  const agents = storeListAcpAgents();
+  return c.json(agents.map((a) => toAcpAgentResponse(a)).filter(Boolean));
+});
+
+/** GET /acp/channel-groups — List all channel groups with member agents (UUID or API key auth) */
+app.get("/channel-groups", async (c) => {
+  const uuid = c.req.query("uuid");
+  const authHeader = c.req.header("Authorization");
+  const queryToken = c.req.query("token");
+  const token = authHeader?.replace("Bearer ", "") || queryToken;
+  if (!uuid && !(token && validateApiKey(token))) {
+    return c.json({ error: { type: "unauthorized", message: "Missing auth" } }, 401);
+  }
+  const agents = storeListAcpAgents();
+  const groupMap = new Map<string, typeof agents>();
+  for (const agent of agents) {
+    const groupId = agent.bridgeId || "default";
+    if (!groupMap.has(groupId)) {
+      groupMap.set(groupId, []);
+    }
+    groupMap.get(groupId)!.push(agent);
+  }
+  const groups = [...groupMap.entries()].map(([id, members]) => ({
+    channel_group_id: id,
+    member_count: members.length,
+    members: members.map((m) => toAcpAgentResponse(m)).filter(Boolean),
+  }));
+  return c.json(groups);
+});
+
+/** GET /acp/channel-groups/:id — Specific channel group detail (no auth for web UI) */
+app.get("/channel-groups/:id", async (c) => {
+  const groupId = c.req.param("id")!;
+  const members = storeListAcpAgentsByChannelGroup(groupId);
+  if (members.length === 0) {
+    return c.json({ error: { type: "not_found", message: "Channel group not found" } }, 404);
+  }
+  return c.json({
+    channel_group_id: groupId,
+    member_count: members.length,
+    members: members.map((m) => toAcpAgentResponse(m)).filter(Boolean),
+  });
+});
+
+/** SSE /acp/channel-groups/:id/events — Event stream for external consumers (no auth for web UI) */
+app.get("/channel-groups/:id/events", async (c) => {
+  const groupId = c.req.param("id")!;
+
+  // Support Last-Event-ID / from_sequence_num for reconnection
+  const lastEventId = c.req.header("Last-Event-ID");
+  const fromSeq = c.req.query("from_sequence_num");
+  const fromSeqNum = fromSeq ? parseInt(fromSeq) : lastEventId ? parseInt(lastEventId) : 0;
+
+  return createAcpSSEStream(c, groupId, fromSeqNum);
+});
+
+/** WS /acp/ws — WebSocket endpoint for acp-link connections */
+app.get(
+  "/ws",
+  upgradeWebSocket(async (c) => {
+    // Authenticate via API key in query param or header
+    const authHeader = c.req.header("Authorization");
+    const queryToken = c.req.query("token");
+    const token = authHeader?.replace("Bearer ", "") || queryToken;
+
+    if (!token || !validateApiKey(token)) {
+      log("[ACP-WS] Upgrade rejected: unauthorized");
+      return {
+        onOpen(_evt: any, ws: any) {
+          ws.close(4003, "unauthorized");
+        },
+      };
+    }
+
+    // Generate unique wsId for this connection
+    const { v4: uuid } = await import("uuid");
+    const wsId = `acp_ws_${uuid().replace(/-/g, "")}`;
+
+    log(`[ACP-WS] Upgrade accepted: wsId=${wsId}`);
+    return {
+      onOpen(_evt: any, ws: any) {
+        handleAcpWsOpen(ws, wsId);
+      },
+      onMessage(evt: any, ws: any) {
+        const data =
+          typeof evt.data === "string"
+            ? evt.data
+            : new TextDecoder().decode(evt.data as ArrayBuffer);
+        if (data.length > MAX_WS_MESSAGE_SIZE) {
+          logError(`[ACP-WS] Message too large on wsId=${wsId}: ${data.length} bytes`);
+          ws.close(1009, "message too large");
+          return;
+        }
+        handleAcpWsMessage(ws, wsId, data);
+      },
+      onClose(evt: any, ws: any) {
+        const closeEvt = evt as unknown as CloseEvent;
+        handleAcpWsClose(ws, wsId, closeEvt?.code, closeEvt?.reason);
+      },
+      onError(evt: any, ws: any) {
+        logError(`[ACP-WS] Error on wsId=${wsId}:`, evt);
+        handleAcpWsClose(ws, wsId, 1006, "websocket error");
+      },
+    };
+  }),
+);
+
+/** WS /acp/relay/:agentId — WebSocket relay for frontend to interact with an agent */
+app.get(
+  "/relay/:agentId",
+  upgradeWebSocket(async (c) => {
+    // Authenticate via UUID (web frontend) or API key (legacy)
+    const clientUuid = c.req.query("uuid");
+    const authHeader = c.req.header("Authorization");
+    const queryToken = c.req.query("token");
+    const token = authHeader?.replace("Bearer ", "") || queryToken;
+
+    const hasUuid = !!clientUuid;
+    const hasApiKey = !!token && validateApiKey(token);
+
+    if (!hasUuid && !hasApiKey) {
+      log("[ACP-Relay] Upgrade rejected: unauthorized");
+      return {
+        onOpen(_evt: any, ws: any) {
+          ws.close(4003, "unauthorized");
+        },
+      };
+    }
+
+    const agentId = c.req.param("agentId")!;
+    const { v4: uuid } = await import("uuid");
+    const relayWsId = `relay_${uuid().replace(/-/g, "")}`;
+
+    log(`[ACP-Relay] Upgrade accepted: relayWsId=${relayWsId} agentId=${agentId}`);
+    return {
+      onOpen(_evt: any, ws: any) {
+        handleRelayOpen(ws, relayWsId, agentId);
+      },
+      onMessage(evt: any, ws: any) {
+        const data =
+          typeof evt.data === "string"
+            ? evt.data
+            : new TextDecoder().decode(evt.data as ArrayBuffer);
+        if (data.length > MAX_WS_MESSAGE_SIZE) {
+          logError(`[ACP-Relay] Message too large on relayWsId=${relayWsId}: ${data.length} bytes`);
+          ws.close(1009, "message too large");
+          return;
+        }
+        handleRelayMessage(ws, relayWsId, data);
+      },
+      onClose(evt: any, ws: any) {
+        const closeEvt = evt as unknown as CloseEvent;
+        handleRelayClose(ws, relayWsId, closeEvt?.code, closeEvt?.reason);
+      },
+      onError(evt: any, ws: any) {
+        logError(`[ACP-Relay] Error on relayWsId=${relayWsId}:`, evt);
+        handleRelayClose(ws, relayWsId, 1006, "websocket error");
+      },
+    };
+  }),
+);
+
+export default app;

packages/remote-control-server/src/routes/v1/session-ingress.ts

@@ -1,6 +1,6 @@
 import { log, error as logError } from "../../logger";
 import { Hono } from "hono";
-import { createBunWebSocket } from "hono/bun";
+import { upgradeWebSocket, websocket } from "../../transport/ws-shared";
 import { validateApiKey } from "../../auth/api-key";
 import { verifyWorkerJwt } from "../../auth/jwt";
 import {
@@ -11,8 +11,6 @@ import {
 } from "../../transport/ws-handler";
 import { getSession, resolveExistingSessionId } from "../../services/session";
 
-const { upgradeWebSocket, websocket } = createBunWebSocket();
-
 const app = new Hono();
 
 /** Authenticate via API key or worker JWT in Authorization header or ?token= query param */