@3030-labs/wotw 0.8.4 → 0.9.0

package/dist/cli/index.js

@@ -751,6 +751,7 @@ async function loadConfig(searchFrom) {
   const withEnv = applyEnvOverrides(merged);
   const validated = validateConfig(withEnv);
   validateHostedConfig(validated);
+  validateHostedRedactionSink(validated);
   return { config: validated, path: path2 };
 }
 function applyEnvOverrides(config) {
@@ -832,6 +833,15 @@ function applyEnvOverrides(config) {
   }
   return out;
 }
+function validateHostedRedactionSink(config, env = process.env) {
+  if (!config.hosted.enabled) return;
+  const secret = env.WOTW_CLOUD_SINK_SECRET;
+  if (!secret || secret.length === 0) {
+    throw new Error(
+      "Config error: hosted.enabled is true but WOTW_CLOUD_SINK_SECRET is unset. The redaction-emit wire requires this secret to authenticate with /api/internal/redaction-log; running hosted-mode without it would silently drop every compliance redaction event."
+    );
+  }
+}
 function validateHostedConfig(config) {
   if (!config.hosted.enabled) return;
   if (!config.hosted.tenant_id || config.hosted.tenant_id.length === 0) {
@@ -952,6 +962,7 @@ var init_config = __esm({
     __name(loadConfig, "loadConfig");
     __name(applyEnvOverrides, "applyEnvOverrides");
     UUID_REGEX = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
+    __name(validateHostedRedactionSink, "validateHostedRedactionSink");
     __name(validateHostedConfig, "validateHostedConfig");
     __name(mergeConfig, "mergeConfig");
     positiveNumber = z.number().positive();
@@ -6736,12 +6747,27 @@ var init_dek_archive_scheduler = __esm({
 });
 
 // src/utils/sanitize.ts
-function sanitize(input, rules = DEFAULT_REDACTIONS) {
+function sanitizeWithEvents(input, rules = DEFAULT_REDACTIONS) {
+  const events = [];
   let out = input;
   for (const rule of rules) {
+    rule.pattern.lastIndex = 0;
+    let matchedBytes = 0;
+    for (const m of out.matchAll(rule.pattern)) {
+      matchedBytes += Buffer.byteLength(m[0], "utf8");
+    }
+    if (matchedBytes === 0) continue;
+    rule.pattern.lastIndex = 0;
     out = out.replace(rule.pattern, rule.replacement);
+    if (rule.cloud_rule_id) {
+      events.push({
+        rule_name: rule.name,
+        cloud_rule_id: rule.cloud_rule_id,
+        byte_count: matchedBytes
+      });
+    }
   }
-  return out;
+  return { output: out, events };
 }
 var DEFAULT_REDACTIONS;
 var init_sanitize = __esm({
@@ -6752,19 +6778,22 @@ var init_sanitize = __esm({
       {
         name: "aws-access-key",
         pattern: /\bAKIA[0-9A-Z]{16}\b/g,
-        replacement: "[REDACTED:AWS_ACCESS_KEY]"
+        replacement: "[REDACTED:AWS_ACCESS_KEY]",
+        cloud_rule_id: "credential_pattern_01"
       },
       {
         name: "aws-secret-key",
         pattern: /\b[A-Za-z0-9/+=]{40}\b(?=.*(?:secret|aws))/gi,
-        replacement: "[REDACTED:AWS_SECRET_KEY]"
+        replacement: "[REDACTED:AWS_SECRET_KEY]",
+        cloud_rule_id: "credential_pattern_02"
       },
       {
         name: "github-token",
         // Review item 2: also catch GitHub fine-grained personal access
         // tokens (`github_pat_*`, 82+ chars per docs).
         pattern: /\bgh[pousr]_[A-Za-z0-9]{36,255}\b|\bgithub_pat_[A-Za-z0-9_]{50,}\b/g,
-        replacement: "[REDACTED:GITHUB_TOKEN]"
+        replacement: "[REDACTED:GITHUB_TOKEN]",
+        cloud_rule_id: "credential_pattern_03"
       },
       {
         name: "anthropic-api-key",
@@ -6772,7 +6801,8 @@ var init_sanitize = __esm({
         // window stays generous enough to catch both legacy and current
         // formats including api03- prefix.
         pattern: /\bsk-ant-[A-Za-z0-9-_]{80,120}\b/g,
-        replacement: "[REDACTED:ANTHROPIC_API_KEY]"
+        replacement: "[REDACTED:ANTHROPIC_API_KEY]",
+        cloud_rule_id: "credential_pattern_04"
       },
       {
         name: "openai-api-key",
@@ -6781,31 +6811,38 @@ var init_sanitize = __esm({
         // `sk-svcacct-*`, `sk-admin-*` all use `-` separators after the
         // prefix and longer character set. Updated character class.
         pattern: /\bsk-(?:proj|svcacct|admin)-[A-Za-z0-9_-]{20,200}\b|\bsk-[A-Za-z0-9]{20,200}\b/g,
-        replacement: "[REDACTED:OPENAI_API_KEY]"
+        replacement: "[REDACTED:OPENAI_API_KEY]",
+        cloud_rule_id: "credential_pattern_05"
       },
       {
         name: "gemini-api-key",
-        // Review item 2: Google AI Studio API keys are `AIza` + 35 chars.
-        // No rule existed pre-fix.
-        pattern: /\bAIza[A-Za-z0-9_-]{35}\b/g,
-        replacement: "[REDACTED:GEMINI_API_KEY]"
+        // Google AI Studio API keys come in two formats:
+        //   - legacy: `AIza` + 35 chars
+        //   - current: `AQ.` + ~40-80 url-safe chars (rolled out 2024-2025; the
+        //     `AIza`-only rule silently missed these, leaking new-format keys)
+        pattern: /\bAIza[A-Za-z0-9_-]{35}\b|\bAQ\.[A-Za-z0-9_-]{40,80}\b/g,
+        replacement: "[REDACTED:GEMINI_API_KEY]",
+        cloud_rule_id: "credential_pattern_06"
       },
       {
         name: "wotw-daemon-token",
         // Review item 2: daemon tokens emitted by `wotw user add` are
         // `wotw_` + base64url chars. Pre-fix these went unredacted.
         pattern: /\bwotw_[A-Za-z0-9_-]{30,200}\b/g,
-        replacement: "[REDACTED:WOTW_TOKEN]"
+        replacement: "[REDACTED:WOTW_TOKEN]",
+        cloud_rule_id: "credential_pattern_07"
       },
       {
         name: "private-key-block",
         pattern: /-----BEGIN [A-Z ]*PRIVATE KEY-----[\s\S]*?-----END [A-Z ]*PRIVATE KEY-----/g,
-        replacement: "[REDACTED:PRIVATE_KEY_BLOCK]"
+        replacement: "[REDACTED:PRIVATE_KEY_BLOCK]",
+        cloud_rule_id: "credential_pattern_08"
       },
       {
         name: "jwt",
         pattern: /\beyJ[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+\b/g,
-        replacement: "[REDACTED:JWT]"
+        replacement: "[REDACTED:JWT]",
+        cloud_rule_id: "credential_pattern_09"
       },
       {
         // L-SEC-3: This pattern is deliberately scoped to full `scheme://`
@@ -6816,20 +6853,26 @@ var init_sanitize = __esm({
         // Verified by unit tests in test/unit/sanitize.test.ts.
         name: "password-in-url",
         pattern: /(\w+:\/\/[^:/\s]+:)[^@\s]+(@)/g,
-        replacement: "$1[REDACTED]$2"
+        replacement: "$1[REDACTED]$2",
+        cloud_rule_id: "credential_pattern_10"
       },
       {
+        // PII — stays daemon-local. cloud_rule_id intentionally omitted: the
+        // PASS-024 cloud whitelist accepts only credential_pattern_01..10 +
+        // truncation_32kb, treating PII metadata as data-that-shouldn't-leave-
+        // the-daemon. Redaction still fires on-disk; sink emission is skipped.
         name: "credit-card",
         pattern: /\b(?:\d[ -]*?){13,16}\b/g,
         replacement: "[REDACTED:PAN]"
       },
       {
+        // PII — see credit-card note above.
         name: "us-ssn",
         pattern: /\b\d{3}-\d{2}-\d{4}\b/g,
         replacement: "[REDACTED:SSN]"
       }
     ];
-    __name(sanitize, "sanitize");
+    __name(sanitizeWithEvents, "sanitizeWithEvents");
   }
 });
 
@@ -6839,6 +6882,8 @@ import { join as join19 } from "path";
 async function buildIngestionPrompt(opts) {
   const read = opts.readFile ?? ((p2) => readFileSync13(p2, "utf8"));
   const excerpts = [];
+  const emitStore = opts.redactionEmitStore && opts.workspaceId ? opts.redactionEmitStore : null;
+  const emitWorkspaceId = opts.workspaceId ?? "";
   for (const file of opts.files) {
     try {
       const raw = read(file);
@@ -6854,12 +6899,52 @@ async function buildIngestionPrompt(opts) {
           { path: file, rawBytes, capBytes: MAX_EXCERPT_BYTES },
           "source file truncated for prompt \u2014 model sees only the first MAX_EXCERPT_BYTES"
         );
+        if (emitStore) {
+          try {
+            emitStore.enqueue(emitWorkspaceId, {
+              redacted_at: (/* @__PURE__ */ new Date()).toISOString(),
+              rule_id: "truncation_32kb",
+              source_file_path: file,
+              redaction_byte_count: rawBytes - MAX_EXCERPT_BYTES
+            });
+          } catch (storeErr) {
+            getLogger("prompt-builder").warn(
+              {
+                path: file,
+                err: storeErr instanceof Error ? storeErr.message : String(storeErr)
+              },
+              "redaction-emit enqueue failed (truncation); prompt continues"
+            );
+          }
+        }
       } else {
         body = raw;
       }
+      const { output: sanitized, events } = sanitizeWithEvents(body);
+      if (emitStore && events.length > 0) {
+        for (const event of events) {
+          try {
+            emitStore.enqueue(emitWorkspaceId, {
+              redacted_at: (/* @__PURE__ */ new Date()).toISOString(),
+              rule_id: event.cloud_rule_id,
+              source_file_path: file,
+              redaction_byte_count: event.byte_count
+            });
+          } catch (storeErr) {
+            getLogger("prompt-builder").warn(
+              {
+                path: file,
+                rule: event.rule_name,
+                err: storeErr instanceof Error ? storeErr.message : String(storeErr)
+              },
+              "redaction-emit enqueue failed (credential); prompt continues"
+            );
+          }
+        }
+      }
       excerpts.push({
         path: file,
-        excerpt: sanitize(body),
+        excerpt: sanitized,
         bytes: rawBytes,
         truncated
       });
@@ -7456,7 +7541,9 @@ var init_queue = __esm({
         const prompt = await buildIngestionPrompt({
           config: this.opts.config,
           files: batch.paths,
-          existingPages
+          existingPages,
+          redactionEmitStore: this.opts.redactionEmitStore ?? null,
+          workspaceId: this.opts.redactionWorkspaceId
         });
         const sourceFiles = [...batch.paths];
         const sourceHashes = [];
@@ -11373,6 +11460,486 @@ var init_server = __esm({
   }
 });
 
+// src/provenance/redaction-emit-store.ts
+import Database3 from "better-sqlite3";
+import { randomUUID as randomUUID4 } from "crypto";
+import { dirname as dirname14 } from "path";
+var SCHEMA_VERSION3, SCHEMA_SQL3, RedactionEmitStore;
+var init_redaction_emit_store = __esm({
+  "src/provenance/redaction-emit-store.ts"() {
+    "use strict";
+    init_esm_shims();
+    init_actionable_error();
+    init_fs();
+    init_logger();
+    SCHEMA_VERSION3 = 1;
+    SCHEMA_SQL3 = `
+  CREATE TABLE IF NOT EXISTS pending_redaction_emits (
+    event_id TEXT PRIMARY KEY,
+    workspace_id TEXT NOT NULL,
+    payload_json TEXT NOT NULL,
+    created_at TEXT NOT NULL,
+    attempts INTEGER NOT NULL DEFAULT 0,
+    last_attempt_at TEXT,
+    last_error TEXT,
+    status TEXT NOT NULL DEFAULT 'pending'
+      CHECK (status IN ('pending','sent','archived'))
+  );
+  CREATE INDEX IF NOT EXISTS idx_pending_redaction_emits_drain
+    ON pending_redaction_emits(status, created_at);
+  CREATE INDEX IF NOT EXISTS idx_pending_redaction_emits_workspace
+    ON pending_redaction_emits(workspace_id, created_at);
+`;
+    RedactionEmitStore = class {
+      static {
+        __name(this, "RedactionEmitStore");
+      }
+      path;
+      db;
+      constructor(opts) {
+        this.path = opts.path;
+        if (!opts.inMemory) {
+          ensureDirSync(dirname14(this.path));
+        }
+        try {
+          this.db = new Database3(opts.inMemory ? ":memory:" : this.path);
+        } catch (err) {
+          if (looksLikeNativeBindingFailure(err)) {
+            throw nativeBindingLoadError("better-sqlite3", err);
+          }
+          throw err;
+        }
+        this.db.pragma("journal_mode = WAL");
+        this.db.pragma("foreign_keys = ON");
+        this.migrate();
+      }
+      migrate() {
+        const log = getLogger("redaction-emit-store");
+        const currentVersion = this.db.pragma("user_version", { simple: true });
+        if (currentVersion === SCHEMA_VERSION3) return;
+        if (currentVersion > SCHEMA_VERSION3) {
+          throw new Error(
+            `redaction-emit.db at ${this.path} is at schema version ${currentVersion} (newer than this daemon's ${SCHEMA_VERSION3}) \u2014 refusing to downgrade`
+          );
+        }
+        log.info({ from: currentVersion, to: SCHEMA_VERSION3 }, "running redaction-emit.db migrations");
+        this.db.exec(SCHEMA_SQL3);
+        this.db.pragma(`user_version = ${SCHEMA_VERSION3}`);
+      }
+      /**
+       * Write a new 'pending' row. Returns the generated event_id. Caller
+       * (prompt-builder) must call this BEFORE attempting cloud emission —
+       * the SQLite append is the durability anchor.
+       *
+       * `now` is injected for testability; defaults to ISO 8601 now.
+       */
+      enqueue(workspaceId, payload, now = (/* @__PURE__ */ new Date()).toISOString()) {
+        const event_id = randomUUID4();
+        this.db.prepare(
+          `INSERT INTO pending_redaction_emits
+           (event_id, workspace_id, payload_json, created_at, attempts, status)
+         VALUES (?, ?, ?, ?, 0, 'pending')`
+        ).run(event_id, workspaceId, JSON.stringify(payload), now);
+        return event_id;
+      }
+      /**
+       * List pending rows in creation order, capped at `limit`. The cloud
+       * endpoint caps batches at 1000 events; the worker passes 1000 here
+       * to fill each batch.
+       */
+      listPending(limit) {
+        const rows = this.db.prepare(
+          `SELECT event_id, workspace_id, payload_json, created_at, attempts,
+                last_attempt_at, last_error, status
+           FROM pending_redaction_emits
+          WHERE status = 'pending'
+          ORDER BY created_at ASC, event_id ASC
+          LIMIT ?`
+        ).all(limit);
+        return rows.map(this.toRow);
+      }
+      /**
+       * Mark a batch of pending rows as 'sent' after a successful cloud
+       * POST. Atomic transaction — partial failure rolls back. Returns the
+       * number of rows that actually transitioned (pending → sent).
+       *
+       * Rows already in 'sent' state are no-ops; this is the idempotency
+       * guarantee on the daemon side (re-drain after a crash where SQLite
+       * commit hadn't flushed). Rows in 'archived' state are NOT touched —
+       * those are forensic-final.
+       */
+      markSent(eventIds, now = (/* @__PURE__ */ new Date()).toISOString()) {
+        if (eventIds.length === 0) return 0;
+        const update = this.db.prepare(
+          `UPDATE pending_redaction_emits
+          SET status = 'sent', last_attempt_at = ?
+        WHERE event_id = ? AND status = 'pending'`
+        );
+        return this.db.transaction((ids) => {
+          let changes = 0;
+          for (const id of ids) {
+            const result = update.run(now, id);
+            changes += Number(result.changes);
+          }
+          return changes;
+        })(eventIds);
+      }
+      /**
+       * Increment attempts counter + record last_error for a batch that
+       * failed to POST. Rows stay 'pending' so the next drain tick retries
+       * them. Does NOT touch rows already in 'sent' or 'archived' state.
+       */
+      markFailed(eventIds, error, now = (/* @__PURE__ */ new Date()).toISOString()) {
+        if (eventIds.length === 0) return 0;
+        const update = this.db.prepare(
+          `UPDATE pending_redaction_emits
+          SET attempts = attempts + 1,
+              last_attempt_at = ?,
+              last_error = ?
+        WHERE event_id = ? AND status = 'pending'`
+        );
+        return this.db.transaction((ids) => {
+          let changes = 0;
+          for (const id of ids) {
+            const result = update.run(now, error.slice(0, 500), id);
+            changes += Number(result.changes);
+          }
+          return changes;
+        })(eventIds);
+      }
+      /**
+       * Move terminally-failed rows (attempts >= maxAttempts) to 'archived'.
+       * Archived rows remain in the table for forensic inspection — never
+       * deleted. Returns the list of event_ids that transitioned.
+       *
+       * Called by the worker after each failed batch to evict rows that
+       * are stuck retrying forever. The cap matches the worker's
+       * MAX_ATTEMPTS constant.
+       */
+      archiveExhausted(maxAttempts) {
+        return this.db.transaction(() => {
+          const rows = this.db.prepare(
+            `SELECT event_id FROM pending_redaction_emits
+             WHERE status = 'pending' AND attempts >= ?`
+          ).all(maxAttempts);
+          if (rows.length === 0) return [];
+          const ids = rows.map((r) => r.event_id);
+          const placeholders = ids.map(() => "?").join(",");
+          this.db.prepare(
+            `UPDATE pending_redaction_emits SET status = 'archived'
+             WHERE event_id IN (${placeholders}) AND status = 'pending'`
+          ).run(...ids);
+          return ids;
+        })();
+      }
+      /** Count rows by status. Useful for diagnostics + tests. */
+      countByStatus() {
+        const rows = this.db.prepare(`SELECT status, COUNT(*) as n FROM pending_redaction_emits GROUP BY status`).all();
+        const out = {
+          pending: 0,
+          sent: 0,
+          archived: 0
+        };
+        for (const r of rows) out[r.status] = r.n;
+        return out;
+      }
+      /** Schema version (diagnostics + tests). */
+      schemaVersion() {
+        return this.db.pragma("user_version", { simple: true });
+      }
+      /** Close the underlying handle. Idempotent. */
+      close() {
+        if (this.db.open) this.db.close();
+      }
+      toRow(raw) {
+        return {
+          event_id: raw.event_id,
+          workspace_id: raw.workspace_id,
+          payload: JSON.parse(raw.payload_json),
+          created_at: raw.created_at,
+          attempts: raw.attempts,
+          last_attempt_at: raw.last_attempt_at,
+          last_error: raw.last_error,
+          status: raw.status
+        };
+      }
+    };
+  }
+});
+
+// src/provenance/redaction-sink.ts
+function redactionSinkFromEnv(env = process.env) {
+  const wikiId = env.WOTW_WIKI_ID;
+  const sinkSecret = env.WOTW_CLOUD_SINK_SECRET;
+  if (!wikiId || !sinkSecret) return null;
+  return new RedactionSink({
+    workspaceId: wikiId,
+    apiBaseUrl: env.WOTW_API_BASE_URL || void 0,
+    sinkSecret
+  });
+}
+var DEFAULT_API_BASE_URL, REQUEST_TIMEOUT_MS, CLOUD_REDACTION_BATCH_CAP, RedactionSink;
+var init_redaction_sink = __esm({
+  "src/provenance/redaction-sink.ts"() {
+    "use strict";
+    init_esm_shims();
+    init_logger();
+    DEFAULT_API_BASE_URL = "https://wotw.dev";
+    REQUEST_TIMEOUT_MS = 1e4;
+    CLOUD_REDACTION_BATCH_CAP = 1e3;
+    RedactionSink = class {
+      static {
+        __name(this, "RedactionSink");
+      }
+      workspaceId;
+      apiBaseUrl;
+      sinkSecret;
+      fetchImpl;
+      constructor(opts) {
+        this.workspaceId = opts.workspaceId;
+        this.apiBaseUrl = opts.apiBaseUrl ?? DEFAULT_API_BASE_URL;
+        if (!this.apiBaseUrl.startsWith("https://")) {
+          throw new Error(
+            `redaction-sink: apiBaseUrl must be https:// (got "${this.apiBaseUrl}"); WOTW_API_BASE_URL is misconfigured. Refusing to send sink key over plaintext.`
+          );
+        }
+        this.sinkSecret = opts.sinkSecret;
+        this.fetchImpl = opts.fetchImpl ?? fetch;
+      }
+      /**
+       * POST a single batch of redaction events to the cloud. Never throws;
+       * caller decides whether to retry based on the returned `ok` field.
+       *
+       * The batch MUST contain at least one event and at most
+       * CLOUD_REDACTION_BATCH_CAP events — the caller (worker) trims to fit.
+       */
+      async post(events) {
+        const log = getLogger("provenance.redaction-sink");
+        if (events.length === 0) {
+          return { ok: true, inserted: 0 };
+        }
+        if (events.length > CLOUD_REDACTION_BATCH_CAP) {
+          return {
+            ok: false,
+            status: null,
+            errorBody: `client-side batch cap exceeded (got ${events.length}, max ${CLOUD_REDACTION_BATCH_CAP})`
+          };
+        }
+        const url = `${this.apiBaseUrl}/api/internal/redaction-log`;
+        const body = {
+          workspace_id: this.workspaceId,
+          events: events.map((e) => ({
+            event_id: e.event_id,
+            redacted_at: e.redacted_at,
+            rule_id: e.rule_id,
+            source_file_path: e.source_file_path,
+            redaction_byte_count: e.redaction_byte_count
+          }))
+        };
+        const controller = new AbortController();
+        const timeout = setTimeout(() => controller.abort(), REQUEST_TIMEOUT_MS);
+        try {
+          const res = await this.fetchImpl(url, {
+            method: "POST",
+            headers: {
+              "Content-Type": "application/json",
+              "x-sink-key": this.sinkSecret
+            },
+            body: JSON.stringify(body),
+            signal: controller.signal
+          });
+          if (res.ok) {
+            let inserted = events.length;
+            try {
+              const data = await res.json();
+              if (typeof data.inserted === "number") inserted = data.inserted;
+            } catch {
+            }
+            log.debug(
+              {
+                workspaceId: this.workspaceId,
+                batchSize: events.length,
+                inserted
+              },
+              "redaction batch accepted by cloud"
+            );
+            return { ok: true, inserted };
+          }
+          const text2 = await res.text().catch(() => "");
+          log.warn(
+            {
+              workspaceId: this.workspaceId,
+              batchSize: events.length,
+              status: res.status,
+              body: text2.slice(0, 500)
+            },
+            "redaction batch rejected by cloud"
+          );
+          return { ok: false, status: res.status, errorBody: text2.slice(0, 500) };
+        } catch (err) {
+          const msg = err instanceof Error ? err.message : String(err);
+          log.warn(
+            {
+              workspaceId: this.workspaceId,
+              batchSize: events.length,
+              err: msg
+            },
+            "redaction batch request failed"
+          );
+          return { ok: false, status: null, errorBody: msg };
+        } finally {
+          clearTimeout(timeout);
+        }
+      }
+    };
+    __name(redactionSinkFromEnv, "redactionSinkFromEnv");
+  }
+});
+
+// src/provenance/redaction-emit-worker.ts
+var DEFAULT_BASE_INTERVAL_MS, DEFAULT_MAX_INTERVAL_MS, DEFAULT_MAX_ATTEMPTS, RedactionEmitWorker;
+var init_redaction_emit_worker = __esm({
+  "src/provenance/redaction-emit-worker.ts"() {
+    "use strict";
+    init_esm_shims();
+    init_logger();
+    init_redaction_sink();
+    DEFAULT_BASE_INTERVAL_MS = 3e4;
+    DEFAULT_MAX_INTERVAL_MS = 5 * 6e4;
+    DEFAULT_MAX_ATTEMPTS = 100;
+    RedactionEmitWorker = class {
+      static {
+        __name(this, "RedactionEmitWorker");
+      }
+      name = "redaction-emit-worker";
+      store;
+      sink;
+      baseIntervalMs;
+      maxIntervalMs;
+      maxAttempts;
+      batchSize;
+      timer = null;
+      inflight = null;
+      /** Current backoff interval. Reset to base on success, grows on failure. */
+      currentIntervalMs;
+      stopped = false;
+      constructor(opts) {
+        this.store = opts.store;
+        this.sink = opts.sink;
+        this.baseIntervalMs = opts.baseIntervalMs ?? DEFAULT_BASE_INTERVAL_MS;
+        this.maxIntervalMs = opts.maxIntervalMs ?? DEFAULT_MAX_INTERVAL_MS;
+        this.maxAttempts = opts.maxAttempts ?? DEFAULT_MAX_ATTEMPTS;
+        this.batchSize = Math.min(
+          opts.batchSize ?? CLOUD_REDACTION_BATCH_CAP,
+          CLOUD_REDACTION_BATCH_CAP
+        );
+        this.currentIntervalMs = this.baseIntervalMs;
+      }
+      async start() {
+        const log = getLogger(this.name);
+        if (!this.sink) {
+          log.info(
+            "redaction emit worker disabled (no sink configured \u2014 local/offline mode); SQLite queue continues to capture rows for forensic inspection"
+          );
+          return;
+        }
+        log.info(
+          {
+            baseIntervalMs: this.baseIntervalMs,
+            maxIntervalMs: this.maxIntervalMs,
+            maxAttempts: this.maxAttempts,
+            batchSize: this.batchSize,
+            apiBaseUrl: this.sink.apiBaseUrl
+          },
+          "redaction emit worker starting"
+        );
+        this.inflight = this.tick();
+        await this.inflight;
+      }
+      async stop() {
+        this.stopped = true;
+        if (this.timer) {
+          clearTimeout(this.timer);
+          this.timer = null;
+        }
+        if (this.inflight) {
+          try {
+            await this.inflight;
+          } catch {
+          }
+        }
+      }
+      /**
+       * One drain pass. Pulls a batch, attempts POST, transitions rows,
+       * adjusts backoff, schedules the next tick (when not stopped).
+       *
+       * Exposed for tests so they can step the worker without sleeping.
+       */
+      async tick() {
+        if (!this.sink) return;
+        const log = getLogger(this.name);
+        let succeeded = false;
+        try {
+          const pending = this.store.listPending(this.batchSize);
+          if (pending.length === 0) {
+            succeeded = true;
+            return;
+          }
+          const eventIds = pending.map((r) => r.event_id);
+          const events = pending.map((r) => ({ event_id: r.event_id, ...r.payload }));
+          const result = await this.sink.post(events);
+          if (result.ok) {
+            const transitioned = this.store.markSent(eventIds);
+            log.info(
+              {
+                batchSize: pending.length,
+                transitioned,
+                inserted: result.inserted
+              },
+              "redaction batch drained"
+            );
+            succeeded = true;
+          } else {
+            const errSummary = `status=${result.status ?? "network"} body=${result.errorBody.slice(0, 200)}`;
+            this.store.markFailed(eventIds, errSummary);
+            const archived = this.store.archiveExhausted(this.maxAttempts);
+            if (archived.length > 0) {
+              log.error(
+                {
+                  archivedCount: archived.length,
+                  maxAttempts: this.maxAttempts,
+                  sampleIds: archived.slice(0, 3)
+                },
+                "redaction events archived after exhausting retries \u2014 review needed"
+              );
+            }
+          }
+        } catch (err) {
+          log.error(
+            { err: err instanceof Error ? err.message : String(err) },
+            "redaction worker tick failed unexpectedly"
+          );
+        } finally {
+          if (succeeded) {
+            this.currentIntervalMs = this.baseIntervalMs;
+          } else {
+            this.currentIntervalMs = Math.min(this.currentIntervalMs * 2, this.maxIntervalMs);
+          }
+          this.scheduleNext();
+        }
+      }
+      scheduleNext() {
+        if (this.stopped) return;
+        if (this.timer) clearTimeout(this.timer);
+        this.timer = setTimeout(() => {
+          this.inflight = this.tick();
+        }, this.currentIntervalMs);
+        if (typeof this.timer.unref === "function") this.timer.unref();
+      }
+    };
+  }
+});
+
 // src/compounding/engine.ts
 import { join as join23, relative as relative11 } from "path";
 function stripFrontmatterIfPresent(text2) {
@@ -11765,14 +12332,14 @@ function cloudSinkFromEnv(env = process.env) {
     adminServiceKey
   });
 }
-var DEFAULT_API_BASE_URL, REQUEST_TIMEOUT_MS, CloudProvenanceSink;
+var DEFAULT_API_BASE_URL2, REQUEST_TIMEOUT_MS2, CloudProvenanceSink;
 var init_cloud_sink = __esm({
   "src/provenance/cloud-sink.ts"() {
     "use strict";
     init_esm_shims();
     init_logger();
-    DEFAULT_API_BASE_URL = "https://wotw.dev";
-    REQUEST_TIMEOUT_MS = 5e3;
+    DEFAULT_API_BASE_URL2 = "https://wotw.dev";
+    REQUEST_TIMEOUT_MS2 = 5e3;
     CloudProvenanceSink = class {
       static {
         __name(this, "CloudProvenanceSink");
@@ -11783,7 +12350,7 @@ var init_cloud_sink = __esm({
       fetchImpl;
       constructor(opts) {
         this.wikiId = opts.wikiId;
-        this.apiBaseUrl = opts.apiBaseUrl ?? DEFAULT_API_BASE_URL;
+        this.apiBaseUrl = opts.apiBaseUrl ?? DEFAULT_API_BASE_URL2;
         if (!this.apiBaseUrl.startsWith("https://")) {
           throw new Error(
             `cloud-sink: apiBaseUrl must be https:// (got "${this.apiBaseUrl}"); WOTW_API_BASE_URL is misconfigured. Refusing to send admin key over plaintext.`
@@ -11813,7 +12380,7 @@ var init_cloud_sink = __esm({
           record_json: record
         };
         const controller = new AbortController();
-        const timeout = setTimeout(() => controller.abort(), REQUEST_TIMEOUT_MS);
+        const timeout = setTimeout(() => controller.abort(), REQUEST_TIMEOUT_MS2);
         try {
           const res = await this.fetchImpl(url, {
             method: "POST",
@@ -11976,6 +12543,24 @@ async function main() {
         );
       }
     }
+    const redactionEmitStore = new RedactionEmitStore({
+      path: `${config.wiki_root}/.wotw/redaction-emit.db`
+    });
+    const redactionWorkspaceId = process.env.WOTW_WIKI_ID;
+    const redactionSink = redactionSinkFromEnv();
+    const redactionEmitWorker = new RedactionEmitWorker({
+      store: redactionEmitStore,
+      sink: redactionSink
+    });
+    log.info(
+      {
+        path: redactionEmitStore.path,
+        sinkActive: !!redactionSink,
+        workspaceId: redactionWorkspaceId ?? null,
+        counts: redactionEmitStore.countByStatus()
+      },
+      "redaction-emit store ready"
+    );
     const costTracker = new CostTracker({
       trackFile: config.cost.track_file,
       maxDailyUsd: config.cost.max_daily_usd,
@@ -12023,7 +12608,9 @@ async function main() {
       runtimeMode,
       deadLetter,
       factStore,
-      factIndex
+      factIndex,
+      redactionEmitStore,
+      redactionWorkspaceId
     });
     const compounding = new CompoundingEngine({
       config,
@@ -12067,6 +12654,7 @@ async function main() {
     daemon.attachSubsystem(mcp);
     daemon.attachSubsystem(lintScheduler);
     if (dekArchiveScheduler) daemon.attachSubsystem(dekArchiveScheduler);
+    daemon.attachSubsystem(redactionEmitWorker);
     watcher.startReconciliation(5 * 60 * 1e3);
     const mcpUrl = `http://${config.server.host}:${config.server.port}/mcp`;
     log.info(
@@ -12104,6 +12692,9 @@ var init_entry = __esm({
     init_watcher();
     init_server();
     init_chain();
+    init_redaction_emit_store();
+    init_redaction_emit_worker();
+    init_redaction_sink();
     init_engine();
     __name(main, "main");
     void main();