fix(embedded): restore PilotEmbeddedStart now that web4 #155 merged

PR #155 (satisfy daemonapi.Daemon via adapter) landed on web4 main as
6c45b716, making d.DaemonAPI() available. This commit removes the stub
error and wires the real boot path: daemon.New → DaemonAPI() → runtime.New
→ register trustedagents/handshake/policy plugins → StartPlugins → Start.

go.mod promotes handshake, policy, trustedagents to direct dependencies
and picks up minor upstream bumps (common v0.5.5, coder/websocket v1.8.15,
golang.org/x/sys v0.46.0) from go mod tidy.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Author: teovl

embedded.go

@@ -33,9 +33,12 @@ import (
 	"sync"
 	"time"
 
+	"github.com/pilot-protocol/common/crypto"
+	"github.com/pilot-protocol/handshake"
 	"github.com/pilot-protocol/pilotprotocol/pkg/daemon"
-
+	"github.com/pilot-protocol/policy"
 	"github.com/pilot-protocol/runtime"
+	"github.com/pilot-protocol/trustedagents"
 )
 
 type embeddedNode struct {
@@ -105,14 +108,63 @@ func PilotEmbeddedStart(configJSON *C.char) *C.char {
 
 	identityPath := filepath.Join(cfg.DataDir, "identity.json")
 
-	// TODO(libpilot): the embedded daemon boot path depends on
-	// d.DaemonAPI() (TeoSlayer/pilotprotocol#155 — "satisfy daemonapi.Daemon
-	// via adapter") which has not landed on web4 main. Once #155 merges,
-	// restore the daemon.New + runtime.New + plugin registration block
-	// removed in this stub. Until then PilotEmbeddedStart returns a clear
-	// runtime error so the C ABI surface keeps compiling.
-	_ = identityPath
-	return errJSON(fmt.Errorf("embedded daemon not implemented yet — blocked on web4 #155 (daemon.DaemonAPI adapter)"))
+	d := daemon.New(daemon.Config{
+		RegistryAddr:     cfg.RegistryAddr,
+		BeaconAddr:       cfg.BeaconAddr,
+		SocketPath:       cfg.SocketPath,
+		IdentityPath:     identityPath,
+		TrustAutoApprove: cfg.TrustAutoApprove,
+		KeepaliveInterval: time.Duration(cfg.KeepaliveSec) * time.Second,
+		Version:          cfg.Version,
+		Encrypt:          true,
+	})
+
+	dapi := d.DaemonAPI()
+	rt := runtime.New(dapi)
+
+	// Register trust + handshake plugin (mirrors cmd/daemon composition root).
+	ta := trustedagents.NewService()
+	if err := rt.Register(ta); err != nil {
+		return errJSON(fmt.Errorf("register trustedagents: %w", err))
+	}
+	d.RegisterTrustChecker(ta)
+
+	hsSvc := handshake.NewService(runtime.NewHandshakeRuntime(dapi))
+	if err := rt.Register(hsSvc); err != nil {
+		return errJSON(fmt.Errorf("register handshake: %w", err))
+	}
+	d.RegisterHandshakeService(runtime.NewHandshakeServiceAdapter(hsSvc))
+
+	policySvc := policy.NewService(runtime.NewPolicyRuntime(dapi))
+	if err := rt.Register(policySvc); err != nil {
+		return errJSON(fmt.Errorf("register policy: %w", err))
+	}
+	d.RegisterPolicyManager(runtime.AsDaemonPolicyManager(policySvc.Manager()))
+
+	startCtx := context.Background()
+	if err := rt.StartPlugins(startCtx); err != nil {
+		return errJSON(fmt.Errorf("plugin startup: %w", err))
+	}
+
+	if err := d.Start(); err != nil {
+		_ = rt.StopPlugins(startCtx)
+		return errJSON(fmt.Errorf("daemon start: %w", err))
+	}
+
+	// Build the success payload. Public key may be empty for ephemeral
+	// (no-identity) mode — callers should handle that.
+	pubKey := ""
+	if id := d.Identity(); id != nil {
+		pubKey = crypto.EncodePublicKey(id.PublicKey)
+	}
+
+	embedded.node = &embeddedNode{d: d, rt: rt}
+	return okJSON(map[string]interface{}{
+		"address":    fmt.Sprintf("%d", d.NodeID()),
+		"node_id":    d.NodeID(),
+		"public_key": pubKey,
+		"socket":     cfg.SocketPath,
+	})
 }
 
 // Tear down the embedded daemon and all plugins. Safe to call when

go.mod

@@ -3,18 +3,18 @@ module github.com/pilot-protocol/libpilot
 go 1.25.10
 
 require (
+	github.com/pilot-protocol/common v0.5.5
+	github.com/pilot-protocol/handshake v0.2.1
 	github.com/pilot-protocol/pilotprotocol v1.10.5
-	github.com/pilot-protocol/common v0.4.8
+	github.com/pilot-protocol/policy v0.2.2
 	github.com/pilot-protocol/runtime v0.3.1
+	github.com/pilot-protocol/trustedagents v0.2.3
 )
 
 require (
-	github.com/coder/websocket v1.8.14 // indirect
+	github.com/coder/websocket v1.8.15 // indirect
 	github.com/expr-lang/expr v1.17.8 // indirect
-	github.com/pilot-protocol/handshake v0.2.1 // indirect
-	github.com/pilot-protocol/policy v0.2.2 // indirect
-	github.com/pilot-protocol/trustedagents v0.2.3 // indirect
-	golang.org/x/sys v0.45.0 // indirect
+	golang.org/x/sys v0.46.0 // indirect
 )
 
 replace github.com/pilot-protocol/pilotprotocol => ../web4

go.sum

@@ -1,6 +1,6 @@
-github.com/coder/websocket v1.8.14 h1:9L0p0iKiNOibykf283eHkKUHHrpG7f65OE3BhhO7v9g=
-github.com/coder/websocket v1.8.14/go.mod h1:NX3SzP+inril6yawo5CQXx8+fk145lPDC6pumgx0mVg=
+github.com/coder/websocket v1.8.15 h1:6B2JPeOGlpff2Uz6vOEH1Vzpi0iUz20A+lPVhPHtNUA=
+github.com/coder/websocket v1.8.15/go.mod h1:NX3SzP+inril6yawo5CQXx8+fk145lPDC6pumgx0mVg=
 github.com/expr-lang/expr v1.17.8 h1:W1loDTT+0PQf5YteHSTpju2qfUfNoBt4yw9+wOEU9VM=
 github.com/expr-lang/expr v1.17.8/go.mod h1:8/vRC7+7HBzESEqt5kKpYXxrxkr31SaO8r40VO/1IT4=
-golang.org/x/sys v0.45.0 h1:dO4czNzziLiiXplLQgBCEpCvXQ3dnkn0SdaZSYdQ+FY=
-golang.org/x/sys v0.45.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw=
+golang.org/x/sys v0.46.0 h1:noSf2Fq6F8DBgS+LysIkx7rIExoNHJsxOAtPp4rthXw=
+golang.org/x/sys v0.46.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw=