npm - @3030-labs/wotw - Versions diffs - 0.8.4 → 0.9.0 - Mend

@3030-labs/wotw 0.8.4 → 0.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/dist/daemon/entry.js CHANGED Viewed

@@ -2331,14 +2331,14 @@ function cloudSinkFromEnv(env = process.env) {
     adminServiceKey
   });
 }
-var DEFAULT_API_BASE_URL, REQUEST_TIMEOUT_MS, CloudProvenanceSink;
+var DEFAULT_API_BASE_URL2, REQUEST_TIMEOUT_MS2, CloudProvenanceSink;
 var init_cloud_sink = __esm({
   "src/provenance/cloud-sink.ts"() {
     "use strict";
     init_esm_shims();
     init_logger();
-    DEFAULT_API_BASE_URL = "https://wotw.dev";
-    REQUEST_TIMEOUT_MS = 5e3;
+    DEFAULT_API_BASE_URL2 = "https://wotw.dev";
+    REQUEST_TIMEOUT_MS2 = 5e3;
     CloudProvenanceSink = class {
       static {
         __name(this, "CloudProvenanceSink");
@@ -2349,7 +2349,7 @@ var init_cloud_sink = __esm({
       fetchImpl;
       constructor(opts) {
         this.wikiId = opts.wikiId;
-        this.apiBaseUrl = opts.apiBaseUrl ?? DEFAULT_API_BASE_URL;
+        this.apiBaseUrl = opts.apiBaseUrl ?? DEFAULT_API_BASE_URL2;
         if (!this.apiBaseUrl.startsWith("https://")) {
           throw new Error(
             `cloud-sink: apiBaseUrl must be https:// (got "${this.apiBaseUrl}"); WOTW_API_BASE_URL is misconfigured. Refusing to send admin key over plaintext.`
@@ -2379,7 +2379,7 @@ var init_cloud_sink = __esm({
           record_json: record
         };
         const controller = new AbortController();
-        const timeout = setTimeout(() => controller.abort(), REQUEST_TIMEOUT_MS);
+        const timeout = setTimeout(() => controller.abort(), REQUEST_TIMEOUT_MS2);
         try {
           const res = await this.fetchImpl(url, {
             method: "POST",
@@ -2532,10 +2532,10 @@ var store_exports = {};
 __export(store_exports, {
   KeyStore: () => KeyStore
 });
-import Database from "better-sqlite3";
-import { randomUUID as randomUUID3 } from "crypto";
-import { dirname as dirname10 } from "path";
-var SCHEMA_VERSION, SCHEMA_SQL, KeyStore;
+import Database2 from "better-sqlite3";
+import { randomUUID as randomUUID4 } from "crypto";
+import { dirname as dirname11 } from "path";
+var SCHEMA_VERSION2, SCHEMA_SQL2, KeyStore;
 var init_store = __esm({
   "src/keys/store.ts"() {
     "use strict";
@@ -2544,8 +2544,8 @@ var init_store = __esm({
     init_fs();
     init_logger();
     init_envelope();
-    SCHEMA_VERSION = 1;
-    SCHEMA_SQL = `
+    SCHEMA_VERSION2 = 1;
+    SCHEMA_SQL2 = `
   CREATE TABLE IF NOT EXISTS workspace_keys (
     key_id TEXT PRIMARY KEY,
     workspace_id TEXT NOT NULL,
@@ -2584,10 +2584,10 @@ var init_store = __esm({
         this.kek = opts.kek;
         this.dekCache = /* @__PURE__ */ new Map();
         if (!opts.inMemory) {
-          ensureDirSync(dirname10(this.path));
+          ensureDirSync(dirname11(this.path));
         }
         try {
-          this.db = new Database(opts.inMemory ? ":memory:" : this.path);
+          this.db = new Database2(opts.inMemory ? ":memory:" : this.path);
         } catch (err) {
           if (looksLikeNativeBindingFailure(err)) {
             throw nativeBindingLoadError("better-sqlite3", err);
@@ -2601,15 +2601,15 @@ var init_store = __esm({
       migrate() {
         const log = getLogger("key-store");
         const currentVersion = this.db.pragma("user_version", { simple: true });
-        if (currentVersion === SCHEMA_VERSION) return;
-        if (currentVersion > SCHEMA_VERSION) {
+        if (currentVersion === SCHEMA_VERSION2) return;
+        if (currentVersion > SCHEMA_VERSION2) {
           throw new Error(
-            `keys.db at ${this.path} is at schema version ${currentVersion} (newer than this daemon's ${SCHEMA_VERSION}) \u2014 refusing to downgrade`
+            `keys.db at ${this.path} is at schema version ${currentVersion} (newer than this daemon's ${SCHEMA_VERSION2}) \u2014 refusing to downgrade`
           );
         }
-        log.info({ from: currentVersion, to: SCHEMA_VERSION }, "running keys.db migrations");
-        this.db.exec(SCHEMA_SQL);
-        this.db.pragma(`user_version = ${SCHEMA_VERSION}`);
+        log.info({ from: currentVersion, to: SCHEMA_VERSION2 }, "running keys.db migrations");
+        this.db.exec(SCHEMA_SQL2);
+        this.db.pragma(`user_version = ${SCHEMA_VERSION2}`);
       }
       /**
        * Provision a brand-new active DEK for the workspace. Fails if an
@@ -2626,7 +2626,7 @@ var init_store = __esm({
             `cannot provision: workspace ${workspaceId} already has an active key (${existing.key_id})`
           );
         }
-        const key_id = randomUUID3();
+        const key_id = randomUUID4();
         const dek = generateDek();
         const env = wrapDek(dek, this.kek);
         this.db.prepare(
@@ -2690,7 +2690,7 @@ var init_store = __esm({
               dek: this.unwrapWithCache(prevRow)
             };
           }
-          const key_id = randomUUID3();
+          const key_id = randomUUID4();
           const dek = generateDek();
           const env = wrapDek(dek, this.kek);
           this.db.prepare(
@@ -2892,16 +2892,16 @@ __export(store_exports2, {
   factHash: () => factHash,
   questionHash: () => questionHash
 });
-import Database2 from "better-sqlite3";
+import Database3 from "better-sqlite3";
 import { createHash as createHash3 } from "crypto";
-import { dirname as dirname11 } from "path";
+import { dirname as dirname12 } from "path";
 function factHash(entity, statement, wikiPageId, createdAt) {
   return createHash3("sha256").update(`${wikiPageId}\0${entity}\0${statement}\0${createdAt}`).digest("hex");
 }
 function questionHash(factId, question) {
   return createHash3("sha256").update(`${factId}\0${question}`).digest("hex");
 }
-var SCHEMA_VERSION2, SCHEMA_SQL2, FactStore;
+var SCHEMA_VERSION3, SCHEMA_SQL3, FactStore;
 var init_store2 = __esm({
   "src/facts/store.ts"() {
     "use strict";
@@ -2909,8 +2909,8 @@ var init_store2 = __esm({
     init_actionable_error();
     init_fs();
     init_logger();
-    SCHEMA_VERSION2 = 1;
-    SCHEMA_SQL2 = `
+    SCHEMA_VERSION3 = 1;
+    SCHEMA_SQL3 = `
   CREATE TABLE IF NOT EXISTS facts (
     id INTEGER PRIMARY KEY AUTOINCREMENT,
     wiki_page_id TEXT NOT NULL,
@@ -2941,10 +2941,10 @@ var init_store2 = __esm({
       constructor(opts) {
         this.path = opts.path;
         if (!opts.inMemory) {
-          ensureDirSync(dirname11(this.path));
+          ensureDirSync(dirname12(this.path));
         }
         try {
-          this.db = new Database2(opts.inMemory ? ":memory:" : this.path);
+          this.db = new Database3(opts.inMemory ? ":memory:" : this.path);
         } catch (err) {
           if (looksLikeNativeBindingFailure(err)) {
             throw nativeBindingLoadError("better-sqlite3", err);
@@ -2959,15 +2959,15 @@ var init_store2 = __esm({
       migrate() {
         const log = getLogger("fact-store");
         const currentVersion = this.db.pragma("user_version", { simple: true });
-        if (currentVersion === SCHEMA_VERSION2) return;
-        if (currentVersion > SCHEMA_VERSION2) {
+        if (currentVersion === SCHEMA_VERSION3) return;
+        if (currentVersion > SCHEMA_VERSION3) {
           throw new Error(
-            `facts.db at ${this.path} is at schema version ${currentVersion} (newer than this daemon's ${SCHEMA_VERSION2}) \u2014 refusing to downgrade`
+            `facts.db at ${this.path} is at schema version ${currentVersion} (newer than this daemon's ${SCHEMA_VERSION3}) \u2014 refusing to downgrade`
           );
         }
-        log.info({ from: currentVersion, to: SCHEMA_VERSION2 }, "running facts.db migrations");
-        this.db.exec(SCHEMA_SQL2);
-        this.db.pragma(`user_version = ${SCHEMA_VERSION2}`);
+        log.info({ from: currentVersion, to: SCHEMA_VERSION3 }, "running facts.db migrations");
+        this.db.exec(SCHEMA_SQL3);
+        this.db.pragma(`user_version = ${SCHEMA_VERSION3}`);
       }
       /**
        * Insert a fact + return its row id and assigned fact_hash. The hash
@@ -3438,6 +3438,7 @@ async function loadConfig(searchFrom) {
   const withEnv = applyEnvOverrides(merged);
   const validated = validateConfig(withEnv);
   validateHostedConfig(validated);
+  validateHostedRedactionSink(validated);
   return { config: validated, path: path2 };
 }
 __name(loadConfig, "loadConfig");
@@ -3522,6 +3523,16 @@ function applyEnvOverrides(config) {
 }
 __name(applyEnvOverrides, "applyEnvOverrides");
 var UUID_REGEX = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
+function validateHostedRedactionSink(config, env = process.env) {
+  if (!config.hosted.enabled) return;
+  const secret = env.WOTW_CLOUD_SINK_SECRET;
+  if (!secret || secret.length === 0) {
+    throw new Error(
+      "Config error: hosted.enabled is true but WOTW_CLOUD_SINK_SECRET is unset. The redaction-emit wire requires this secret to authenticate with /api/internal/redaction-log; running hosted-mode without it would silently drop every compliance redaction event."
+    );
+  }
+}
+__name(validateHostedRedactionSink, "validateHostedRedactionSink");
 function validateHostedConfig(config) {
   if (!config.hosted.enabled) return;
   if (!config.hosted.tenant_id || config.hosted.tenant_id.length === 0) {
@@ -6346,19 +6357,22 @@ var DEFAULT_REDACTIONS = [
   {
     name: "aws-access-key",
     pattern: /\bAKIA[0-9A-Z]{16}\b/g,
-    replacement: "[REDACTED:AWS_ACCESS_KEY]"
+    replacement: "[REDACTED:AWS_ACCESS_KEY]",
+    cloud_rule_id: "credential_pattern_01"
   },
   {
     name: "aws-secret-key",
     pattern: /\b[A-Za-z0-9/+=]{40}\b(?=.*(?:secret|aws))/gi,
-    replacement: "[REDACTED:AWS_SECRET_KEY]"
+    replacement: "[REDACTED:AWS_SECRET_KEY]",
+    cloud_rule_id: "credential_pattern_02"
   },
   {
     name: "github-token",
     // Review item 2: also catch GitHub fine-grained personal access
     // tokens (`github_pat_*`, 82+ chars per docs).
     pattern: /\bgh[pousr]_[A-Za-z0-9]{36,255}\b|\bgithub_pat_[A-Za-z0-9_]{50,}\b/g,
-    replacement: "[REDACTED:GITHUB_TOKEN]"
+    replacement: "[REDACTED:GITHUB_TOKEN]",
+    cloud_rule_id: "credential_pattern_03"
   },
   {
     name: "anthropic-api-key",
@@ -6366,7 +6380,8 @@ var DEFAULT_REDACTIONS = [
     // window stays generous enough to catch both legacy and current
     // formats including api03- prefix.
     pattern: /\bsk-ant-[A-Za-z0-9-_]{80,120}\b/g,
-    replacement: "[REDACTED:ANTHROPIC_API_KEY]"
+    replacement: "[REDACTED:ANTHROPIC_API_KEY]",
+    cloud_rule_id: "credential_pattern_04"
   },
   {
     name: "openai-api-key",
@@ -6375,31 +6390,38 @@ var DEFAULT_REDACTIONS = [
     // `sk-svcacct-*`, `sk-admin-*` all use `-` separators after the
     // prefix and longer character set. Updated character class.
     pattern: /\bsk-(?:proj|svcacct|admin)-[A-Za-z0-9_-]{20,200}\b|\bsk-[A-Za-z0-9]{20,200}\b/g,
-    replacement: "[REDACTED:OPENAI_API_KEY]"
+    replacement: "[REDACTED:OPENAI_API_KEY]",
+    cloud_rule_id: "credential_pattern_05"
   },
   {
     name: "gemini-api-key",
-    // Review item 2: Google AI Studio API keys are `AIza` + 35 chars.
-    // No rule existed pre-fix.
-    pattern: /\bAIza[A-Za-z0-9_-]{35}\b/g,
-    replacement: "[REDACTED:GEMINI_API_KEY]"
+    // Google AI Studio API keys come in two formats:
+    //   - legacy: `AIza` + 35 chars
+    //   - current: `AQ.` + ~40-80 url-safe chars (rolled out 2024-2025; the
+    //     `AIza`-only rule silently missed these, leaking new-format keys)
+    pattern: /\bAIza[A-Za-z0-9_-]{35}\b|\bAQ\.[A-Za-z0-9_-]{40,80}\b/g,
+    replacement: "[REDACTED:GEMINI_API_KEY]",
+    cloud_rule_id: "credential_pattern_06"
   },
   {
     name: "wotw-daemon-token",
     // Review item 2: daemon tokens emitted by `wotw user add` are
     // `wotw_` + base64url chars. Pre-fix these went unredacted.
     pattern: /\bwotw_[A-Za-z0-9_-]{30,200}\b/g,
-    replacement: "[REDACTED:WOTW_TOKEN]"
+    replacement: "[REDACTED:WOTW_TOKEN]",
+    cloud_rule_id: "credential_pattern_07"
   },
   {
     name: "private-key-block",
     pattern: /-----BEGIN [A-Z ]*PRIVATE KEY-----[\s\S]*?-----END [A-Z ]*PRIVATE KEY-----/g,
-    replacement: "[REDACTED:PRIVATE_KEY_BLOCK]"
+    replacement: "[REDACTED:PRIVATE_KEY_BLOCK]",
+    cloud_rule_id: "credential_pattern_08"
   },
   {
     name: "jwt",
     pattern: /\beyJ[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+\b/g,
-    replacement: "[REDACTED:JWT]"
+    replacement: "[REDACTED:JWT]",
+    cloud_rule_id: "credential_pattern_09"
   },
   {
     // L-SEC-3: This pattern is deliberately scoped to full `scheme://`
@@ -6410,27 +6432,48 @@ var DEFAULT_REDACTIONS = [
     // Verified by unit tests in test/unit/sanitize.test.ts.
     name: "password-in-url",
     pattern: /(\w+:\/\/[^:/\s]+:)[^@\s]+(@)/g,
-    replacement: "$1[REDACTED]$2"
+    replacement: "$1[REDACTED]$2",
+    cloud_rule_id: "credential_pattern_10"
   },
   {
+    // PII — stays daemon-local. cloud_rule_id intentionally omitted: the
+    // PASS-024 cloud whitelist accepts only credential_pattern_01..10 +
+    // truncation_32kb, treating PII metadata as data-that-shouldn't-leave-
+    // the-daemon. Redaction still fires on-disk; sink emission is skipped.
     name: "credit-card",
     pattern: /\b(?:\d[ -]*?){13,16}\b/g,
     replacement: "[REDACTED:PAN]"
   },
   {
+    // PII — see credit-card note above.
     name: "us-ssn",
     pattern: /\b\d{3}-\d{2}-\d{4}\b/g,
     replacement: "[REDACTED:SSN]"
   }
 ];
-function sanitize(input, rules = DEFAULT_REDACTIONS) {
+function sanitizeWithEvents(input, rules = DEFAULT_REDACTIONS) {
+  const events = [];
   let out = input;
   for (const rule of rules) {
+    rule.pattern.lastIndex = 0;
+    let matchedBytes = 0;
+    for (const m of out.matchAll(rule.pattern)) {
+      matchedBytes += Buffer.byteLength(m[0], "utf8");
+    }
+    if (matchedBytes === 0) continue;
+    rule.pattern.lastIndex = 0;
     out = out.replace(rule.pattern, rule.replacement);
+    if (rule.cloud_rule_id) {
+      events.push({
+        rule_name: rule.name,
+        cloud_rule_id: rule.cloud_rule_id,
+        byte_count: matchedBytes
+      });
+    }
   }
-  return out;
+  return { output: out, events };
 }
-__name(sanitize, "sanitize");
+__name(sanitizeWithEvents, "sanitizeWithEvents");
 // src/ingestion/prompt-builder.ts
 init_page();
@@ -6441,6 +6484,8 @@ var EXISTING_PAGES_FULL_LIST_LIMIT = 200;
 async function buildIngestionPrompt(opts) {
   const read = opts.readFile ?? ((p) => readFileSync6(p, "utf8"));
   const excerpts = [];
+  const emitStore = opts.redactionEmitStore && opts.workspaceId ? opts.redactionEmitStore : null;
+  const emitWorkspaceId = opts.workspaceId ?? "";
   for (const file of opts.files) {
     try {
       const raw = read(file);
@@ -6456,12 +6501,52 @@ async function buildIngestionPrompt(opts) {
           { path: file, rawBytes, capBytes: MAX_EXCERPT_BYTES },
           "source file truncated for prompt \u2014 model sees only the first MAX_EXCERPT_BYTES"
         );
+        if (emitStore) {
+          try {
+            emitStore.enqueue(emitWorkspaceId, {
+              redacted_at: (/* @__PURE__ */ new Date()).toISOString(),
+              rule_id: "truncation_32kb",
+              source_file_path: file,
+              redaction_byte_count: rawBytes - MAX_EXCERPT_BYTES
+            });
+          } catch (storeErr) {
+            getLogger("prompt-builder").warn(
+              {
+                path: file,
+                err: storeErr instanceof Error ? storeErr.message : String(storeErr)
+              },
+              "redaction-emit enqueue failed (truncation); prompt continues"
+            );
+          }
+        }
       } else {
         body = raw;
       }
+      const { output: sanitized, events } = sanitizeWithEvents(body);
+      if (emitStore && events.length > 0) {
+        for (const event of events) {
+          try {
+            emitStore.enqueue(emitWorkspaceId, {
+              redacted_at: (/* @__PURE__ */ new Date()).toISOString(),
+              rule_id: event.cloud_rule_id,
+              source_file_path: file,
+              redaction_byte_count: event.byte_count
+            });
+          } catch (storeErr) {
+            getLogger("prompt-builder").warn(
+              {
+                path: file,
+                rule: event.rule_name,
+                err: storeErr instanceof Error ? storeErr.message : String(storeErr)
+              },
+              "redaction-emit enqueue failed (credential); prompt continues"
+            );
+          }
+        }
+      }
       excerpts.push({
         path: file,
-        excerpt: sanitize(body),
+        excerpt: sanitized,
         bytes: rawBytes,
         truncated
       });
@@ -7019,7 +7104,9 @@ var IngestionQueue = class {
     const prompt = await buildIngestionPrompt({
       config: this.opts.config,
       files: batch.paths,
-      existingPages
+      existingPages,
+      redactionEmitStore: this.opts.redactionEmitStore ?? null,
+      workspaceId: this.opts.redactionWorkspaceId
     });
     const sourceFiles = [...batch.paths];
     const sourceHashes = [];
@@ -10954,6 +11041,469 @@ async function readJsonBody(req) {
 }
 __name(readJsonBody, "readJsonBody");
+// src/provenance/redaction-emit-store.ts
+init_esm_shims();
+init_actionable_error();
+init_fs();
+init_logger();
+import Database from "better-sqlite3";
+import { randomUUID as randomUUID3 } from "crypto";
+import { dirname as dirname10 } from "path";
+var SCHEMA_VERSION = 1;
+var SCHEMA_SQL = `
+  CREATE TABLE IF NOT EXISTS pending_redaction_emits (
+    event_id TEXT PRIMARY KEY,
+    workspace_id TEXT NOT NULL,
+    payload_json TEXT NOT NULL,
+    created_at TEXT NOT NULL,
+    attempts INTEGER NOT NULL DEFAULT 0,
+    last_attempt_at TEXT,
+    last_error TEXT,
+    status TEXT NOT NULL DEFAULT 'pending'
+      CHECK (status IN ('pending','sent','archived'))
+  );
+  CREATE INDEX IF NOT EXISTS idx_pending_redaction_emits_drain
+    ON pending_redaction_emits(status, created_at);
+  CREATE INDEX IF NOT EXISTS idx_pending_redaction_emits_workspace
+    ON pending_redaction_emits(workspace_id, created_at);
+`;
+var RedactionEmitStore = class {
+  static {
+    __name(this, "RedactionEmitStore");
+  }
+  path;
+  db;
+  constructor(opts) {
+    this.path = opts.path;
+    if (!opts.inMemory) {
+      ensureDirSync(dirname10(this.path));
+    }
+    try {
+      this.db = new Database(opts.inMemory ? ":memory:" : this.path);
+    } catch (err) {
+      if (looksLikeNativeBindingFailure(err)) {
+        throw nativeBindingLoadError("better-sqlite3", err);
+      }
+      throw err;
+    }
+    this.db.pragma("journal_mode = WAL");
+    this.db.pragma("foreign_keys = ON");
+    this.migrate();
+  }
+  migrate() {
+    const log = getLogger("redaction-emit-store");
+    const currentVersion = this.db.pragma("user_version", { simple: true });
+    if (currentVersion === SCHEMA_VERSION) return;
+    if (currentVersion > SCHEMA_VERSION) {
+      throw new Error(
+        `redaction-emit.db at ${this.path} is at schema version ${currentVersion} (newer than this daemon's ${SCHEMA_VERSION}) \u2014 refusing to downgrade`
+      );
+    }
+    log.info({ from: currentVersion, to: SCHEMA_VERSION }, "running redaction-emit.db migrations");
+    this.db.exec(SCHEMA_SQL);
+    this.db.pragma(`user_version = ${SCHEMA_VERSION}`);
+  }
+  /**
+   * Write a new 'pending' row. Returns the generated event_id. Caller
+   * (prompt-builder) must call this BEFORE attempting cloud emission —
+   * the SQLite append is the durability anchor.
+   *
+   * `now` is injected for testability; defaults to ISO 8601 now.
+   */
+  enqueue(workspaceId, payload, now = (/* @__PURE__ */ new Date()).toISOString()) {
+    const event_id = randomUUID3();
+    this.db.prepare(
+      `INSERT INTO pending_redaction_emits
+           (event_id, workspace_id, payload_json, created_at, attempts, status)
+         VALUES (?, ?, ?, ?, 0, 'pending')`
+    ).run(event_id, workspaceId, JSON.stringify(payload), now);
+    return event_id;
+  }
+  /**
+   * List pending rows in creation order, capped at `limit`. The cloud
+   * endpoint caps batches at 1000 events; the worker passes 1000 here
+   * to fill each batch.
+   */
+  listPending(limit) {
+    const rows = this.db.prepare(
+      `SELECT event_id, workspace_id, payload_json, created_at, attempts,
+                last_attempt_at, last_error, status
+           FROM pending_redaction_emits
+          WHERE status = 'pending'
+          ORDER BY created_at ASC, event_id ASC
+          LIMIT ?`
+    ).all(limit);
+    return rows.map(this.toRow);
+  }
+  /**
+   * Mark a batch of pending rows as 'sent' after a successful cloud
+   * POST. Atomic transaction — partial failure rolls back. Returns the
+   * number of rows that actually transitioned (pending → sent).
+   *
+   * Rows already in 'sent' state are no-ops; this is the idempotency
+   * guarantee on the daemon side (re-drain after a crash where SQLite
+   * commit hadn't flushed). Rows in 'archived' state are NOT touched —
+   * those are forensic-final.
+   */
+  markSent(eventIds, now = (/* @__PURE__ */ new Date()).toISOString()) {
+    if (eventIds.length === 0) return 0;
+    const update = this.db.prepare(
+      `UPDATE pending_redaction_emits
+          SET status = 'sent', last_attempt_at = ?
+        WHERE event_id = ? AND status = 'pending'`
+    );
+    return this.db.transaction((ids) => {
+      let changes = 0;
+      for (const id of ids) {
+        const result = update.run(now, id);
+        changes += Number(result.changes);
+      }
+      return changes;
+    })(eventIds);
+  }
+  /**
+   * Increment attempts counter + record last_error for a batch that
+   * failed to POST. Rows stay 'pending' so the next drain tick retries
+   * them. Does NOT touch rows already in 'sent' or 'archived' state.
+   */
+  markFailed(eventIds, error, now = (/* @__PURE__ */ new Date()).toISOString()) {
+    if (eventIds.length === 0) return 0;
+    const update = this.db.prepare(
+      `UPDATE pending_redaction_emits
+          SET attempts = attempts + 1,
+              last_attempt_at = ?,
+              last_error = ?
+        WHERE event_id = ? AND status = 'pending'`
+    );
+    return this.db.transaction((ids) => {
+      let changes = 0;
+      for (const id of ids) {
+        const result = update.run(now, error.slice(0, 500), id);
+        changes += Number(result.changes);
+      }
+      return changes;
+    })(eventIds);
+  }
+  /**
+   * Move terminally-failed rows (attempts >= maxAttempts) to 'archived'.
+   * Archived rows remain in the table for forensic inspection — never
+   * deleted. Returns the list of event_ids that transitioned.
+   *
+   * Called by the worker after each failed batch to evict rows that
+   * are stuck retrying forever. The cap matches the worker's
+   * MAX_ATTEMPTS constant.
+   */
+  archiveExhausted(maxAttempts) {
+    return this.db.transaction(() => {
+      const rows = this.db.prepare(
+        `SELECT event_id FROM pending_redaction_emits
+             WHERE status = 'pending' AND attempts >= ?`
+      ).all(maxAttempts);
+      if (rows.length === 0) return [];
+      const ids = rows.map((r) => r.event_id);
+      const placeholders = ids.map(() => "?").join(",");
+      this.db.prepare(
+        `UPDATE pending_redaction_emits SET status = 'archived'
+             WHERE event_id IN (${placeholders}) AND status = 'pending'`
+      ).run(...ids);
+      return ids;
+    })();
+  }
+  /** Count rows by status. Useful for diagnostics + tests. */
+  countByStatus() {
+    const rows = this.db.prepare(`SELECT status, COUNT(*) as n FROM pending_redaction_emits GROUP BY status`).all();
+    const out = {
+      pending: 0,
+      sent: 0,
+      archived: 0
+    };
+    for (const r of rows) out[r.status] = r.n;
+    return out;
+  }
+  /** Schema version (diagnostics + tests). */
+  schemaVersion() {
+    return this.db.pragma("user_version", { simple: true });
+  }
+  /** Close the underlying handle. Idempotent. */
+  close() {
+    if (this.db.open) this.db.close();
+  }
+  toRow(raw) {
+    return {
+      event_id: raw.event_id,
+      workspace_id: raw.workspace_id,
+      payload: JSON.parse(raw.payload_json),
+      created_at: raw.created_at,
+      attempts: raw.attempts,
+      last_attempt_at: raw.last_attempt_at,
+      last_error: raw.last_error,
+      status: raw.status
+    };
+  }
+};
+// src/provenance/redaction-emit-worker.ts
+init_esm_shims();
+init_logger();
+// src/provenance/redaction-sink.ts
+init_esm_shims();
+init_logger();
+var DEFAULT_API_BASE_URL = "https://wotw.dev";
+var REQUEST_TIMEOUT_MS = 1e4;
+var CLOUD_REDACTION_BATCH_CAP = 1e3;
+var RedactionSink = class {
+  static {
+    __name(this, "RedactionSink");
+  }
+  workspaceId;
+  apiBaseUrl;
+  sinkSecret;
+  fetchImpl;
+  constructor(opts) {
+    this.workspaceId = opts.workspaceId;
+    this.apiBaseUrl = opts.apiBaseUrl ?? DEFAULT_API_BASE_URL;
+    if (!this.apiBaseUrl.startsWith("https://")) {
+      throw new Error(
+        `redaction-sink: apiBaseUrl must be https:// (got "${this.apiBaseUrl}"); WOTW_API_BASE_URL is misconfigured. Refusing to send sink key over plaintext.`
+      );
+    }
+    this.sinkSecret = opts.sinkSecret;
+    this.fetchImpl = opts.fetchImpl ?? fetch;
+  }
+  /**
+   * POST a single batch of redaction events to the cloud. Never throws;
+   * caller decides whether to retry based on the returned `ok` field.
+   *
+   * The batch MUST contain at least one event and at most
+   * CLOUD_REDACTION_BATCH_CAP events — the caller (worker) trims to fit.
+   */
+  async post(events) {
+    const log = getLogger("provenance.redaction-sink");
+    if (events.length === 0) {
+      return { ok: true, inserted: 0 };
+    }
+    if (events.length > CLOUD_REDACTION_BATCH_CAP) {
+      return {
+        ok: false,
+        status: null,
+        errorBody: `client-side batch cap exceeded (got ${events.length}, max ${CLOUD_REDACTION_BATCH_CAP})`
+      };
+    }
+    const url = `${this.apiBaseUrl}/api/internal/redaction-log`;
+    const body = {
+      workspace_id: this.workspaceId,
+      events: events.map((e) => ({
+        event_id: e.event_id,
+        redacted_at: e.redacted_at,
+        rule_id: e.rule_id,
+        source_file_path: e.source_file_path,
+        redaction_byte_count: e.redaction_byte_count
+      }))
+    };
+    const controller = new AbortController();
+    const timeout = setTimeout(() => controller.abort(), REQUEST_TIMEOUT_MS);
+    try {
+      const res = await this.fetchImpl(url, {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json",
+          "x-sink-key": this.sinkSecret
+        },
+        body: JSON.stringify(body),
+        signal: controller.signal
+      });
+      if (res.ok) {
+        let inserted = events.length;
+        try {
+          const data = await res.json();
+          if (typeof data.inserted === "number") inserted = data.inserted;
+        } catch {
+        }
+        log.debug(
+          {
+            workspaceId: this.workspaceId,
+            batchSize: events.length,
+            inserted
+          },
+          "redaction batch accepted by cloud"
+        );
+        return { ok: true, inserted };
+      }
+      const text = await res.text().catch(() => "");
+      log.warn(
+        {
+          workspaceId: this.workspaceId,
+          batchSize: events.length,
+          status: res.status,
+          body: text.slice(0, 500)
+        },
+        "redaction batch rejected by cloud"
+      );
+      return { ok: false, status: res.status, errorBody: text.slice(0, 500) };
+    } catch (err) {
+      const msg = err instanceof Error ? err.message : String(err);
+      log.warn(
+        {
+          workspaceId: this.workspaceId,
+          batchSize: events.length,
+          err: msg
+        },
+        "redaction batch request failed"
+      );
+      return { ok: false, status: null, errorBody: msg };
+    } finally {
+      clearTimeout(timeout);
+    }
+  }
+};
+function redactionSinkFromEnv(env = process.env) {
+  const wikiId = env.WOTW_WIKI_ID;
+  const sinkSecret = env.WOTW_CLOUD_SINK_SECRET;
+  if (!wikiId || !sinkSecret) return null;
+  return new RedactionSink({
+    workspaceId: wikiId,
+    apiBaseUrl: env.WOTW_API_BASE_URL || void 0,
+    sinkSecret
+  });
+}
+__name(redactionSinkFromEnv, "redactionSinkFromEnv");
+// src/provenance/redaction-emit-worker.ts
+var DEFAULT_BASE_INTERVAL_MS = 3e4;
+var DEFAULT_MAX_INTERVAL_MS = 5 * 6e4;
+var DEFAULT_MAX_ATTEMPTS = 100;
+var RedactionEmitWorker = class {
+  static {
+    __name(this, "RedactionEmitWorker");
+  }
+  name = "redaction-emit-worker";
+  store;
+  sink;
+  baseIntervalMs;
+  maxIntervalMs;
+  maxAttempts;
+  batchSize;
+  timer = null;
+  inflight = null;
+  /** Current backoff interval. Reset to base on success, grows on failure. */
+  currentIntervalMs;
+  stopped = false;
+  constructor(opts) {
+    this.store = opts.store;
+    this.sink = opts.sink;
+    this.baseIntervalMs = opts.baseIntervalMs ?? DEFAULT_BASE_INTERVAL_MS;
+    this.maxIntervalMs = opts.maxIntervalMs ?? DEFAULT_MAX_INTERVAL_MS;
+    this.maxAttempts = opts.maxAttempts ?? DEFAULT_MAX_ATTEMPTS;
+    this.batchSize = Math.min(
+      opts.batchSize ?? CLOUD_REDACTION_BATCH_CAP,
+      CLOUD_REDACTION_BATCH_CAP
+    );
+    this.currentIntervalMs = this.baseIntervalMs;
+  }
+  async start() {
+    const log = getLogger(this.name);
+    if (!this.sink) {
+      log.info(
+        "redaction emit worker disabled (no sink configured \u2014 local/offline mode); SQLite queue continues to capture rows for forensic inspection"
+      );
+      return;
+    }
+    log.info(
+      {
+        baseIntervalMs: this.baseIntervalMs,
+        maxIntervalMs: this.maxIntervalMs,
+        maxAttempts: this.maxAttempts,
+        batchSize: this.batchSize,
+        apiBaseUrl: this.sink.apiBaseUrl
+      },
+      "redaction emit worker starting"
+    );
+    this.inflight = this.tick();
+    await this.inflight;
+  }
+  async stop() {
+    this.stopped = true;
+    if (this.timer) {
+      clearTimeout(this.timer);
+      this.timer = null;
+    }
+    if (this.inflight) {
+      try {
+        await this.inflight;
+      } catch {
+      }
+    }
+  }
+  /**
+   * One drain pass. Pulls a batch, attempts POST, transitions rows,
+   * adjusts backoff, schedules the next tick (when not stopped).
+   *
+   * Exposed for tests so they can step the worker without sleeping.
+   */
+  async tick() {
+    if (!this.sink) return;
+    const log = getLogger(this.name);
+    let succeeded = false;
+    try {
+      const pending = this.store.listPending(this.batchSize);
+      if (pending.length === 0) {
+        succeeded = true;
+        return;
+      }
+      const eventIds = pending.map((r) => r.event_id);
+      const events = pending.map((r) => ({ event_id: r.event_id, ...r.payload }));
+      const result = await this.sink.post(events);
+      if (result.ok) {
+        const transitioned = this.store.markSent(eventIds);
+        log.info(
+          {
+            batchSize: pending.length,
+            transitioned,
+            inserted: result.inserted
+          },
+          "redaction batch drained"
+        );
+        succeeded = true;
+      } else {
+        const errSummary = `status=${result.status ?? "network"} body=${result.errorBody.slice(0, 200)}`;
+        this.store.markFailed(eventIds, errSummary);
+        const archived = this.store.archiveExhausted(this.maxAttempts);
+        if (archived.length > 0) {
+          log.error(
+            {
+              archivedCount: archived.length,
+              maxAttempts: this.maxAttempts,
+              sampleIds: archived.slice(0, 3)
+            },
+            "redaction events archived after exhausting retries \u2014 review needed"
+          );
+        }
+      }
+    } catch (err) {
+      log.error(
+        { err: err instanceof Error ? err.message : String(err) },
+        "redaction worker tick failed unexpectedly"
+      );
+    } finally {
+      if (succeeded) {
+        this.currentIntervalMs = this.baseIntervalMs;
+      } else {
+        this.currentIntervalMs = Math.min(this.currentIntervalMs * 2, this.maxIntervalMs);
+      }
+      this.scheduleNext();
+    }
+  }
+  scheduleNext() {
+    if (this.stopped) return;
+    if (this.timer) clearTimeout(this.timer);
+    this.timer = setTimeout(() => {
+      this.inflight = this.tick();
+    }, this.currentIntervalMs);
+    if (typeof this.timer.unref === "function") this.timer.unref();
+  }
+};
 // src/compounding/engine.ts
 init_esm_shims();
 init_errors();
@@ -11429,6 +11979,24 @@ async function main() {
         );
       }
     }
+    const redactionEmitStore = new RedactionEmitStore({
+      path: `${config.wiki_root}/.wotw/redaction-emit.db`
+    });
+    const redactionWorkspaceId = process.env.WOTW_WIKI_ID;
+    const redactionSink = redactionSinkFromEnv();
+    const redactionEmitWorker = new RedactionEmitWorker({
+      store: redactionEmitStore,
+      sink: redactionSink
+    });
+    log.info(
+      {
+        path: redactionEmitStore.path,
+        sinkActive: !!redactionSink,
+        workspaceId: redactionWorkspaceId ?? null,
+        counts: redactionEmitStore.countByStatus()
+      },
+      "redaction-emit store ready"
+    );
     const costTracker = new CostTracker({
       trackFile: config.cost.track_file,
       maxDailyUsd: config.cost.max_daily_usd,
@@ -11476,7 +12044,9 @@ async function main() {
       runtimeMode,
       deadLetter,
       factStore,
-      factIndex
+      factIndex,
+      redactionEmitStore,
+      redactionWorkspaceId
     });
     const compounding = new CompoundingEngine({
       config,
@@ -11520,6 +12090,7 @@ async function main() {
     daemon.attachSubsystem(mcp);
     daemon.attachSubsystem(lintScheduler);
     if (dekArchiveScheduler) daemon.attachSubsystem(dekArchiveScheduler);
+    daemon.attachSubsystem(redactionEmitWorker);
     watcher.startReconciliation(5 * 60 * 1e3);
     const mcpUrl = `http://${config.server.host}:${config.server.port}/mcp`;
     log.info(