plan HTTP H1+H2: LAN HTTP transport for Blox AI

App-side delta for Plan HTTP v2.1 (LAN HTTP as a fallback before BLE
for the Blox AI plugin). Sibling to the server-side PR plumbing
BLOX_AI_PORT + firewall in fula-ota.

What's added:

  apps/box/src/utils/httpAiClient.ts
    - SSE client for /troubleshoot using react-native-sse (codex Plan
      HTTP v2 catch: do NOT roll your own SSE on top of RN fetch).
    - Mirrors the BLE AI event vocabulary (bloxAiEvents.ts) so the
      caller sees the same typed BloxAiEvent union regardless of
      transport.
    - HTTP error discrimination: 429 -> http-busy (NOT transient; do
      NOT fall back to BLE on busy device — gemini catch). 4xx -> bad
      request (not transient). 5xx + network -> transient.
    - Session continuity via optional sessionId param so a BLE
      fallback can resume the same session in the container's 30-min
      TTL window (gemini catch).
    - health() result memoized for 10s; explicit
      invalidateHealthCache() for network-change events.

  apps/box/src/utils/aiTransport.ts
    - Selector that returns {lan-http | ble}. The libp2p AI slot is
      reserved for a future plan (no go-fula AI bridge exists today).
    - Gate order: mDNS authorized record + RFC1918/link-local IP +
      1s /health probe. All must pass for LAN HTTP.
    - ipIsPrivateLan: codex Plan HTTP v2 final-review catch — do NOT
      blanket-block 10.42/16; in this codebase it is the hotspot AP
      subnet, NOT WireGuard. Loopback (127/8) IS rejected.
    - Reads optional mDNS TXT `bloxAiPort` for per-device port
      overrides (currently 8083 default; broadcaster doesn't emit the
      field yet — documented as follow-up).
    - DOES NOT touch helper.ts:initFula (built-in advisor catch from
      v1 review — initFula is for general libp2p kubo/cluster client
      setup; AI transport is its own selector).

  apps/box/src/utils/mdnsCache.ts
    - Module-scope cache keyed by hardwareID. One-shot Zeroconf scan
      via refreshOnce() with shared in-flight promise (no double
      scans). Default freshness window 90s (codex catch: 30s was too
      tight; repo polls mDNS every 60s in the pairing flow).
    - Resilient on platforms without RNZeroconf linked (returns
      silently — CI / non-RN environments don't hang).

  apps/box/src/types/react-native-sse.d.ts
    - Narrow ambient declaration so type-check passes before
      `npm install` actually pulls the package. Bundled types take
      precedence post-install.

  apps/box/src/utils/__tests__/aiTransport.test.ts (28 tests)
  apps/box/src/utils/__tests__/mdnsCache.test.ts (10 tests)
  apps/box/src/utils/__tests__/httpAiClient.test.ts (27 tests)

  apps/box/package.json
    - Adds react-native-sse dep.

All 65 new tests pass locally via `npx jest --testPathPattern=
'(aiTransport|mdnsCache|httpAiClient)'`. Lab verification of SSE
foreground/background + iOS/Android happens in a follow-up before
canary (per Plan HTTP runbook Step 4).

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

Author: ehsan6sha

apps/box/package.json

@@ -1,6 +1,6 @@
 {
   "name": "box",
-  "version": "2.5.5",
+  "version": "2.5.6",
   "private": true,
   "dependencies": {
     "@babel/core": "*",
@@ -73,6 +73,7 @@
     "react-native-redash": "*",
     "react-native-safe-area-context": "*",
     "react-native-screens": "*",
+    "react-native-sse": "*",
     "react-native-svg": "*",
     "react-native-svg-transformer": "*",
     "react-native-syntax-highlighter": "*",
@@ -92,7 +93,8 @@
     "zustand": "*",
     "@web3modal/wagmi-react-native": "*",
     "react-native-randombytes": "*",
-    "react-native-background-fetch": "*"
+    "react-native-background-fetch": "*",
+    "react-native-tcp-socket": "*"
   },
   "devDependencies": {
     "@babel/core": "*",
@@ -110,4 +112,4 @@
     "metro-config": "*",
     "typescript": "*"
   }
-}
+}

apps/box/src/types/react-native-sse.d.ts

@@ -0,0 +1,35 @@
+/**
+ * Local ambient module declaration for `react-native-sse`.
+ *
+ * Why: until `npm install` pulls the package, TypeScript can't find
+ * its built-in types. This stub keeps the workspace type-checkable
+ * before `npm install` runs (which CI does anyway). After install,
+ * the package's bundled types will take precedence in the resolver,
+ * so this stub stays harmless.
+ *
+ * The shape mirrors react-native-sse v1.x. We deliberately keep it
+ * narrow to the surface httpAiClient.ts uses.
+ */
+declare module 'react-native-sse' {
+    export interface EventSourceListener {
+        (event: any): void;
+    }
+
+    export interface EventSourceOptions {
+        method?: 'GET' | 'POST' | 'PUT' | 'PATCH' | 'DELETE';
+        headers?: Record<string, string>;
+        body?: string;
+        timeout?: number;
+        timeoutBeforeConnection?: number;
+        pollingInterval?: number;
+        withCredentials?: boolean;
+        debug?: boolean;
+    }
+
+    export default class EventSource {
+        constructor(url: string, options?: EventSourceOptions);
+        addEventListener(event: string, listener: EventSourceListener): void;
+        removeAllEventListeners(event?: string): void;
+        close(): void;
+    }
+}

apps/box/src/utils/__tests__/aiTransport.test.ts

@@ -0,0 +1,227 @@
+/**
+ * Plan HTTP v2.1 — H2 selector tests.
+ *
+ * Two focuses:
+ *   1. ipIsPrivateLan — pure function with edge cases including the
+ *      codex catch about 10.42.x.x being the hotspot AP subnet (NOT
+ *      WireGuard) and therefore NOT blanket-rejected.
+ *   2. selectAiTransport — picks LAN HTTP vs BLE based on mDNS,
+ *      IP validity, and /health probe. We mock mdnsCache + HttpAiClient.health.
+ */
+
+jest.mock('../mdnsCache', () => ({
+    findAuthorizedBlox: jest.fn(),
+    refreshOnce: jest.fn().mockResolvedValue(undefined),
+    noteRecord: jest.fn(),
+    clear: jest.fn(),
+}));
+
+jest.mock('../httpAiClient', () => {
+    // Keep the real DEFAULT_BLOX_AI_PORT but stub the class.
+    const actual = jest.requireActual('../httpAiClient');
+    return {
+        ...actual,
+        HttpAiClient: jest.fn(),
+    };
+});
+
+import { ipIsPrivateLan, selectAiTransport } from '../aiTransport';
+import * as mdnsCache from '../mdnsCache';
+import { HttpAiClient } from '../httpAiClient';
+
+const findAuthorizedBlox = mdnsCache.findAuthorizedBlox as unknown as jest.Mock;
+const refreshOnce = mdnsCache.refreshOnce as unknown as jest.Mock;
+const HttpAiClientMock = HttpAiClient as unknown as jest.Mock;
+
+beforeEach(() => {
+    findAuthorizedBlox.mockReset();
+    refreshOnce.mockReset().mockResolvedValue(undefined);
+    HttpAiClientMock.mockReset();
+});
+
+describe('ipIsPrivateLan — RFC1918 + link-local accept; loopback reject', () => {
+    test.each([
+        ['10.0.0.1',           true,  'RFC1918 10/8'],
+        ['10.42.0.5',          true,  'codex catch: 10.42 is HOTSPOT AP subnet, NOT WireGuard — must accept'],
+        ['192.168.1.50',       true,  'RFC1918 192.168/16'],
+        ['172.16.0.10',        true,  'RFC1918 172.16/12 low edge'],
+        ['172.31.255.255',     true,  'RFC1918 172.16/12 high edge'],
+        ['169.254.1.1',        true,  'link-local 169.254/16'],
+        ['127.0.0.1',          false, 'loopback rejected'],
+        ['127.255.255.255',    false, 'loopback /8 rejected'],
+        ['172.15.0.1',         false, '172.15 is OUTSIDE 172.16/12'],
+        ['172.32.0.1',         false, '172.32 is OUTSIDE 172.16/12'],
+        ['169.255.0.1',        false, '169.255 is not link-local'],
+        ['8.8.8.8',            false, 'public IP rejected'],
+        ['1.1.1.1',            false, 'public IP rejected'],
+        ['',                   false, 'empty string'],
+        ['not-an-ip',          false, 'malformed'],
+        ['192.168.1',          false, 'truncated'],
+        ['192.168.1.1.5',      false, 'too many octets'],
+        ['256.0.0.1',          false, 'octet > 255'],
+        ['fe80::1',            false, 'IPv6 not handled'],
+    ])('%s -> %s (%s)', (ip, expected) => {
+        expect(ipIsPrivateLan(ip)).toBe(expected);
+    });
+});
+
+describe('selectAiTransport — happy path', () => {
+    test('mDNS authorized + RFC1918 IP + healthy probe → LAN HTTP', async () => {
+        findAuthorizedBlox.mockReturnValue({
+            service: {
+                txt: {
+                    bloxPeerIdString: 'BLOX1',
+                    authorizer: 'APP1',
+                    hardwareID: 'HW1',
+                    ipAddress: '192.168.1.50',
+                },
+                host: '192.168.1.50',
+                addresses: ['192.168.1.50'],
+                name: 'fulatower',
+                fullName: 'fulatower._fulatower._tcp',
+                port: 8080,
+            },
+            observedAt: Date.now(),
+        });
+        HttpAiClientMock.mockImplementation((ip: string, port: number) => ({
+            ip,
+            port,
+            baseUrl: `http://${ip}:${port}`,
+            health: jest.fn().mockResolvedValue({ ok: true, latencyMs: 15 }),
+        }));
+
+        const choice = await selectAiTransport('BLOX1', 'APP1', { scanIfEmpty: false });
+
+        expect(choice.kind).toBe('lan-http');
+        expect(HttpAiClientMock).toHaveBeenCalledWith('192.168.1.50', 8083);
+        expect(refreshOnce).not.toHaveBeenCalled();
+    });
+});
+
+describe('selectAiTransport — fall back to BLE', () => {
+    test('no mDNS hit → BLE; scanIfEmpty triggers refreshOnce', async () => {
+        findAuthorizedBlox.mockReturnValue(null);
+
+        const choice = await selectAiTransport('BLOX1', 'APP1');
+
+        expect(choice.kind).toBe('ble');
+        expect(refreshOnce).toHaveBeenCalledTimes(1);
+        expect(choice.reason).toMatch(/no fresh mDNS record/);
+    });
+
+    test('mDNS hit but IP not RFC1918 → BLE', async () => {
+        findAuthorizedBlox.mockReturnValue({
+            service: {
+                txt: {
+                    bloxPeerIdString: 'BLOX1',
+                    authorizer: 'APP1',
+                    hardwareID: 'HW1',
+                    ipAddress: '8.8.8.8',           // public IP — must reject
+                },
+                host: '8.8.8.8',
+                addresses: [],
+                name: '',
+                fullName: '',
+                port: 8080,
+            },
+            observedAt: Date.now(),
+        });
+
+        const choice = await selectAiTransport('BLOX1', 'APP1', { scanIfEmpty: false });
+
+        expect(choice.kind).toBe('ble');
+        expect(choice.reason).toMatch(/not RFC1918/);
+        expect(HttpAiClientMock).not.toHaveBeenCalled();
+    });
+
+    test('mDNS authorized + RFC1918 IP but /health fails → BLE', async () => {
+        findAuthorizedBlox.mockReturnValue({
+            service: {
+                txt: {
+                    bloxPeerIdString: 'BLOX1',
+                    authorizer: 'APP1',
+                    hardwareID: 'HW1',
+                    ipAddress: '192.168.1.50',
+                },
+                host: '192.168.1.50',
+                addresses: ['192.168.1.50'],
+                name: 'fulatower',
+                fullName: '',
+                port: 8080,
+            },
+            observedAt: Date.now(),
+        });
+        HttpAiClientMock.mockImplementation(() => ({
+            health: jest.fn().mockResolvedValue({ ok: false, latencyMs: 1200 }),
+        }));
+
+        const choice = await selectAiTransport('BLOX1', 'APP1', { scanIfEmpty: false });
+
+        expect(choice.kind).toBe('ble');
+        expect(choice.reason).toMatch(/probe failed/);
+    });
+
+    test('missing peer IDs → BLE without scan', async () => {
+        const a = await selectAiTransport('', 'APP1');
+        const b = await selectAiTransport('BLOX1', '');
+        expect(a.kind).toBe('ble');
+        expect(b.kind).toBe('ble');
+        expect(refreshOnce).not.toHaveBeenCalled();
+    });
+});
+
+describe('selectAiTransport — port discovery', () => {
+    test('mDNS TXT bloxAiPort override → HttpAiClient uses it', async () => {
+        findAuthorizedBlox.mockReturnValue({
+            service: {
+                txt: {
+                    bloxPeerIdString: 'BLOX1',
+                    authorizer: 'APP1',
+                    hardwareID: 'HW1',
+                    ipAddress: '10.0.0.5',
+                    bloxAiPort: '8084',
+                },
+                host: '10.0.0.5',
+                addresses: ['10.0.0.5'],
+                name: '',
+                fullName: '',
+                port: 8080,
+            },
+            observedAt: Date.now(),
+        });
+        HttpAiClientMock.mockImplementation(() => ({
+            health: jest.fn().mockResolvedValue({ ok: true, latencyMs: 10 }),
+        }));
+
+        await selectAiTransport('BLOX1', 'APP1', { scanIfEmpty: false });
+
+        expect(HttpAiClientMock).toHaveBeenCalledWith('10.0.0.5', 8084);
+    });
+
+    test('malformed bloxAiPort → default 8083', async () => {
+        findAuthorizedBlox.mockReturnValue({
+            service: {
+                txt: {
+                    bloxPeerIdString: 'BLOX1',
+                    authorizer: 'APP1',
+                    hardwareID: 'HW1',
+                    ipAddress: '10.0.0.5',
+                    bloxAiPort: 'not-a-port',
+                },
+                host: '10.0.0.5',
+                addresses: ['10.0.0.5'],
+                name: '',
+                fullName: '',
+                port: 8080,
+            },
+            observedAt: Date.now(),
+        });
+        HttpAiClientMock.mockImplementation(() => ({
+            health: jest.fn().mockResolvedValue({ ok: true, latencyMs: 10 }),
+        }));
+
+        await selectAiTransport('BLOX1', 'APP1', { scanIfEmpty: false });
+
+        expect(HttpAiClientMock).toHaveBeenCalledWith('10.0.0.5', 8083);
+    });
+});