@alexandrgreen/anchorclaw 0.0.3

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Alexander Green
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/NOTICE

@@ -0,0 +1,9 @@
+# Notice
+
+AnchorClaw was originally created by Alexander Green.
+
+The canonical AnchorClaw repository is:
+https://github.com/Alexander-Green/anchorClaw
+
+The AnchorClaw name and logo identify the original project maintained by
+Alexander Green.

package/README.md

@@ -0,0 +1,252 @@
+<p align="center">
+  <img src="./assets/logo.png" alt="AnchorClaw logo" width="800" height="600" style="display:block;margin:0 auto" />
+</p>
+
+# AnchorClaw — Postgres Memory Plugin (OpenClaw)
+
+> Alpha preview. API may change before stable release.
+
+**AnchorClaw** is created and maintained by Alexander Green.
+The canonical repository is https://github.com/Alexander-Green/anchorClaw.
+
+**AnchorClaw** is an OpenClaw memory plugin that replaces file-based durable memory (`MEMORY.md`) with a Postgres-backed, SQL-first durable store while keeping OpenClaw’s memory tooling and CLI/doctor/status flows compatible.
+
+## Why We Built This
+
+OpenClaw’s default memory model is excellent for transparency (plain files) but it becomes harder to:
+
+- do deterministic retrieval and updates (avoid duplicates, enforce stable ordering)
+- support multi-user/workspace isolation cleanly
+- evolve toward advanced features (semantic recall, personas, episodes, knowledge graphs) without turning memory into an opaque blob
+
+AnchorClaw makes **Postgres the source of truth** for durable memory while preserving OpenClaw’s UX expectations (tools, corpuses, `MEMORY.md` compatibility).
+
+## What Works Today (MVP)
+
+- **Durable memory in Postgres** (`memory_items`):
+  - `memory_store` (canonical upsert via `canonicalKey`)
+  - `memory_search` (`corpus="memory"`) via Postgres FTS (deterministic ordering)
+  - `memory_get` reads synthetic paths (`db-memory/items/<uuid>.md`) with bounded excerpts
+  - `memory_forget` soft-deletes items (+ audit trail in DB)
+  - `memory_recall` shortcut (query → search; empty query → top items)
+- **OpenClaw compatibility**
+  - `registerMemoryCapability` + a `MemorySearchManager` adapter so `status/doctor/CLI` can work
+  - `memory_get` accepts both parameter styles:
+    - AnchorClaw-native: `{ lookup, fromLine, lineCount }`
+    - OpenClaw aliases: `{ path, from, lines }`
+  - Reading `MEMORY.md` via `memory_get`/runtime returns a **virtual snapshot generated from Postgres** (keeps legacy flows compatible while DB stays source-of-truth)
+- **Sessions corpus (Phase 1 + Phase 2 live-pass complete)**
+  - `memory_search(corpus="sessions")` uses Postgres-backed sessions index (`session_index_files` + `session_index_chunks`) with FTS ranking
+  - `memory_get(path="sessions/<agentId>/<file>")` is DB-first; file fallback is used only on `index_miss`
+  - `sessions.visibility` modes: `off | current | visible` (default: `current`)
+  - `sessions.sync.deltaBytes` / `sessions.sync.deltaMessages` control delta reindex thresholds (defaults: `100000` / `50`)
+  - state/session path resolution follows OpenClaw-compatible order: `OPENCLAW_STATE_DIR` -> `OPENCLAW_HOME/.openclaw` (or `HOME/.openclaw`) -> legacy `HOME/.clawdbot`
+  - Phase 2 live/delta indexing is enabled (`onSessionTranscriptUpdate` + debounce + targeted sync)
+  - visibility behavior is runtime-verified:
+    - `current`: cross-agent delta updates are ignored
+    - `visible`: cross-agent delta updates are accepted and indexed
+    - `off`: sessions delta listener is disabled
+- **Migration support**
+  - One-time idempotent import of legacy `MEMORY.md` into Postgres (by file hash)
+  - Optional (default on) cleanup of `MEMORY.md` after import to avoid duplicate prompt injection
+
+---
+
+## 🛠 Prerequisites
+
+- OpenClaw host that supports memory plugin slots (see `package.json` → `openclaw.install.minHostVersion`)
+- Node.js (plugin runtime)
+- PostgreSQL (no embeddings required for MVP)
+
+---
+
+## 🚀 Quick Start
+
+### 1) Install
+
+```bash
+openclaw plugins install @anchorclaw/anchorclaw
+```
+
+### 2) Configure
+
+Select the memory slot and configure Postgres:
+
+```json
+{
+  "plugins": {
+    "slots": { "memory": "anchorclaw" },
+    "entries": {
+      "anchorclaw": {
+        "enabled": true,
+        "config": {
+          "sessions": {
+            "visibility": "current",
+            "sync": {
+              "deltaBytes": 100000,
+              "deltaMessages": 50
+            }
+          },
+          "identity": {
+            "externalId": "family-main-01"
+          },
+          "postgres": {
+            "host": "localhost",
+            "database": "anchorclaw",
+            "user": "postgres",
+            "password": "${ANCHORCLAW_DB_PASSWORD}"
+          }
+        }
+      }
+    }
+  }
+}
+```
+
+### 3) Restart
+
+```bash
+openclaw gateway restart
+```
+
+---
+
+## Memory Tooling (MVP)
+
+AnchorClaw exposes both “native” and compatibility surfaces via OpenClaw tool contracts:
+
+- `memory_store({ content, canonicalKey?, type? })` where `type` is `fact|note` (MVP)
+- `memory_search({ query, corpus?, maxResults?, minScore? })`
+  - `corpus="memory"` (default): Postgres durable memory
+  - `corpus="sessions"`: Postgres sessions index (DB-first)
+  - `corpus="all"`: deterministic merge of `memory + sessions`
+  - `corpus="wiki"`: stub for now (use `wiki_search/wiki_get` from `memory-wiki`)
+- `memory_get({ lookup|path, fromLine|from?, lineCount|lines? })`
+  - `MEMORY.md` is a virtual DB snapshot (source-of-truth is Postgres)
+- `memory_forget({ lookup|path? , id? })`
+- `memory_recall({ query? })`
+- `memory_status({ check? })`
+  - default (`check` omitted / `false`): cached runtime degraded-state report
+  - active mode (`check: true`): lightweight healthcheck for DB connectivity/schema + sessions dir accessibility (`exists` + explicit `readable` check)
+
+---
+
+## Importing `MEMORY.md` and Avoiding Duplicate Prompt Memory
+
+OpenClaw core injects `MEMORY.md` as a bootstrap file. AnchorClaw also injects Postgres-backed durable memory via its memory capability.
+
+To avoid duplicated prompt memory, AnchorClaw **cleans up `MEMORY.md` after a successful import by default**:
+
+- backup: `.openclaw-repair/anchorclaw/MEMORY.md.anchorclaw-backup.<timestamp>.md`
+- replacement: `MEMORY.md` becomes an HTML-comment-only stub
+
+To disable cleanup:
+
+```json
+{ "import": { "cleanupMemoryMdAfterImport": false } }
+```
+
+---
+
+## Defaults
+
+- `postgres.port`: `5432`
+- `postgres.pool.max`: `10`
+- `postgres.pool.connectionTimeoutMs`: `5000`
+- `postgres.pool.idleTimeoutMs`: `30000`
+- `sessions.sync.deltaBytes`: `100000` (OpenClaw-compatible default)
+- `sessions.sync.deltaMessages`: `50` (OpenClaw-compatible default)
+- Import cleanup: `import.cleanupMemoryMdAfterImport = true`
+
+---
+
+## Identity & Workspace Scoping (MVP)
+
+AnchorClaw scopes all reads/writes by `(user_id, workspace_id)` derived from the current runtime identity.
+
+- Preferred identity (Docker/production): set `identity.externalId` (max 20 chars). This becomes the stable `user_identities` key (`channel=anchorclaw-config`).
+- Fallback identity (dev convenience): if `identity.externalId` is not set, identity is derived from OS username (`external_id = sha256(normalized username)`, `channel=openclaw-cli`).
+  - If multiple people share the same OS user account, they will share the same AnchorClaw `user_id`.
+  - AnchorClaw logs a startup warning on every start when fallback mode is active.
+- Workspace identity: workspaces are isolated per user and per workspace directory (`workspace name = dir:<sha256(resolved workspaceDir)>`).
+
+Recommended for Docker/production:
+
+```json
+{
+  "plugins": {
+    "entries": {
+      "anchorclaw": {
+        "config": {
+          "identity": { "externalId": "family-main-01" }
+        }
+      }
+    }
+  }
+}
+```
+
+---
+
+## Postgres SSL
+
+AnchorClaw supports two mutually exclusive SSL configuration styles:
+
+- Simple flag: `postgres.ssl: true|false`
+- Explicit mode: `postgres.sslMode: "disable"|"require"|"verify-full"` (+ optional `postgres.sslCa`)
+
+If you need strict certificate verification (recommended for production), use:
+
+```json
+{
+  "postgres": {
+    "host": "db.example.com",
+    "port": "${PGPORT}",
+    "database": "anchorclaw",
+    "user": "anchorclaw",
+    "password": "${ANCHORCLAW_DB_PASSWORD}",
+    "sslMode": "verify-full",
+    "sslCa": "${ANCHORCLAW_DB_SSL_CA_PEM}"
+  }
+}
+```
+
+`postgres.ssl` and `postgres.sslMode` cannot be set at the same time.
+
+---
+
+## Postgres Pool
+
+Optional pool tuning:
+
+```json
+{
+  "postgres": {
+    "host": "localhost",
+    "database": "anchorclaw",
+    "user": "postgres",
+    "pool": {
+      "max": 10,
+      "connectionTimeoutMs": 5000,
+      "idleTimeoutMs": 30000
+    }
+  }
+}
+```
+
+---
+
+## Roadmap (Planned)
+
+AnchorClaw intentionally starts with deterministic SQL-first durability. Next layers are planned to reach PostClaw parity and beyond:
+
+- **Semantic layer**: embeddings + semantic search (hybrid retrieval: lexical + vector; optional and non-breaking)
+- **Persona context in DB**: dynamic persona/profile retrieval and injection into the system prompt (separate budgets/policy)
+- **Knowledge graph**: `entity_edges`-style relationships and multi-hop retrieval to pull secondary context automatically
+- **Wiki integration / AnchorClaw-native wiki**: either integrate OpenClaw supplements (`memory-wiki`) or build a DB-native wiki layer
+
+## Current Status
+
+- Durable memory MVP: implemented and green in repo tests.
+- Sessions Phase 1 and Phase 2: implemented, reviewed, and runtime-verified on VPS `server-166`.
+- Session delta indexing parity path is active in runtime (listener + debounce + targeted sync + lifecycle cleanup compatibility fallback).

package/dist/api.d.ts

@@ -0,0 +1,3 @@
+export { definePluginEntry, type OpenClawPluginApi } from "openclaw/plugin-sdk/plugin-entry";
+export { registerMemoryCapability } from "openclaw/plugin-sdk/memory-core-host-runtime-core";
+//# sourceMappingURL=api.d.ts.map

package/dist/api.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"api.d.ts","sourceRoot":"","sources":["../src/api.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,KAAK,iBAAiB,EAAE,MAAM,kCAAkC,CAAC;AAC7F,OAAO,EAAE,wBAAwB,EAAE,MAAM,mDAAmD,CAAC"}

package/dist/api.js

@@ -0,0 +1,3 @@
+export { definePluginEntry } from "openclaw/plugin-sdk/plugin-entry";
+export { registerMemoryCapability } from "openclaw/plugin-sdk/memory-core-host-runtime-core";
+//# sourceMappingURL=api.js.map

package/dist/api.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"api.js","sourceRoot":"","sources":["../src/api.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAA0B,MAAM,kCAAkC,CAAC;AAC7F,OAAO,EAAE,wBAAwB,EAAE,MAAM,mDAAmD,CAAC"}

package/dist/config.d.ts

@@ -0,0 +1,46 @@
+export type AnchorClawConfig = {
+    sessions?: {
+        visibility?: "current" | "off" | "visible";
+        sync?: {
+            deltaBytes?: number;
+            deltaMessages?: number;
+        };
+    };
+    identity?: {
+        externalId?: string;
+    };
+    postgres: {
+        host: string;
+        port?: number;
+        database: string;
+        schema?: string;
+        user: string;
+        password?: string;
+        ssl?: boolean;
+        sslMode?: "disable" | "require" | "verify-full";
+        sslCa?: string;
+        pool?: {
+            max?: number;
+            connectionTimeoutMs?: number;
+            idleTimeoutMs?: number;
+        };
+    };
+    import?: {
+        /**
+         * After successfully importing `MEMORY.md` into Postgres, overwrite `MEMORY.md` with an empty stub
+         * (to prevent duplicate prompt injection from OpenClaw bootstrap + AnchorClaw DB injection).
+         */
+        cleanupMemoryMdAfterImport?: boolean;
+    };
+    limits?: {
+        maxResults?: number;
+        getMaxChars?: number;
+        getDefaultLines?: number;
+    };
+};
+export declare const DEFAULT_SESSION_DELTA_BYTES = 100000;
+export declare const DEFAULT_SESSION_DELTA_MESSAGES = 50;
+export declare const anchorClawConfigSchema: {
+    parse(value: unknown): AnchorClawConfig;
+};
+//# sourceMappingURL=config.d.ts.map

package/dist/config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,gBAAgB,GAAG;IAC7B,QAAQ,CAAC,EAAE;QACT,UAAU,CAAC,EAAE,SAAS,GAAG,KAAK,GAAG,SAAS,CAAC;QAC3C,IAAI,CAAC,EAAE;YACL,UAAU,CAAC,EAAE,MAAM,CAAC;YACpB,aAAa,CAAC,EAAE,MAAM,CAAC;SACxB,CAAC;KACH,CAAC;IACF,QAAQ,CAAC,EAAE;QACT,UAAU,CAAC,EAAE,MAAM,CAAC;KACrB,CAAC;IACF,QAAQ,EAAE;QACR,IAAI,EAAE,MAAM,CAAC;QACb,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,QAAQ,EAAE,MAAM,CAAC;QACjB,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,IAAI,EAAE,MAAM,CAAC;QACb,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,GAAG,CAAC,EAAE,OAAO,CAAC;QACd,OAAO,CAAC,EAAE,SAAS,GAAG,SAAS,GAAG,aAAa,CAAC;QAChD,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,IAAI,CAAC,EAAE;YACL,GAAG,CAAC,EAAE,MAAM,CAAC;YACb,mBAAmB,CAAC,EAAE,MAAM,CAAC;YAC7B,aAAa,CAAC,EAAE,MAAM,CAAC;SACxB,CAAC;KACH,CAAC;IACF,MAAM,CAAC,EAAE;QACP;;;WAGG;QACH,0BAA0B,CAAC,EAAE,OAAO,CAAC;KACtC,CAAC;IACF,MAAM,CAAC,EAAE;QACP,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,eAAe,CAAC,EAAE,MAAM,CAAC;KAC1B,CAAC;CACH,CAAC;AAEF,eAAO,MAAM,2BAA2B,SAAU,CAAC;AACnD,eAAO,MAAM,8BAA8B,KAAK,CAAC;AAuHjD,eAAO,MAAM,sBAAsB;iBACpB,OAAO,GAAG,gBAAgB;CA0NxC,CAAC"}

package/dist/config.js

@@ -0,0 +1,309 @@
+export const DEFAULT_SESSION_DELTA_BYTES = 100_000;
+export const DEFAULT_SESSION_DELTA_MESSAGES = 50;
+function asRecord(value) {
+    return value && typeof value === "object" && !Array.isArray(value)
+        ? value
+        : undefined;
+}
+function assertAllowedKeys(value, allowed, label) {
+    const unknown = Object.keys(value).filter((key) => !allowed.includes(key));
+    if (unknown.length === 0) {
+        return;
+    }
+    throw new Error(`${label} has unknown keys: ${unknown.join(", ")}`);
+}
+function resolveEnvVars(value) {
+    return value.replace(/\$\{([^}]+)\}/g, (_, envVar) => {
+        const envValue = process.env[envVar];
+        if (!envValue) {
+            throw new Error(`Environment variable ${envVar} is not set`);
+        }
+        return envValue;
+    });
+}
+function readOptionalString(value, label) {
+    if (value === undefined || value === null) {
+        return undefined;
+    }
+    if (typeof value !== "string") {
+        throw new Error(`${label} must be a string`);
+    }
+    const trimmed = value.trim();
+    if (!trimmed) {
+        return undefined;
+    }
+    return resolveEnvVars(trimmed);
+}
+function readOptionalNonEmptyString(value, label) {
+    if (value === undefined || value === null) {
+        return undefined;
+    }
+    if (typeof value !== "string") {
+        throw new Error(`${label} must be a string`);
+    }
+    const trimmed = value.trim();
+    if (!trimmed) {
+        throw new Error(`${label} must be non-empty`);
+    }
+    return resolveEnvVars(trimmed);
+}
+function readRequiredString(value, label) {
+    if (typeof value !== "string" || !value.trim()) {
+        throw new Error(`${label} required`);
+    }
+    return resolveEnvVars(value.trim());
+}
+function readOptionalPort(value, label) {
+    if (value === undefined || value === null) {
+        return undefined;
+    }
+    const resolved = typeof value === "string" ? resolveEnvVars(value.trim()) : value;
+    if (typeof resolved === "string") {
+        if (!resolved) {
+            return undefined;
+        }
+        const parsed = Number(resolved);
+        if (!Number.isInteger(parsed)) {
+            throw new Error(`${label} must be an integer`);
+        }
+        value = parsed;
+    }
+    else {
+        value = resolved;
+    }
+    if (typeof value !== "number" || !Number.isInteger(value)) {
+        throw new Error(`${label} must be an integer`);
+    }
+    if (value < 1 || value > 65535) {
+        throw new Error(`${label} must be between 1 and 65535`);
+    }
+    return value;
+}
+function readOptionalBoolean(value, label) {
+    if (value === undefined || value === null) {
+        return undefined;
+    }
+    if (typeof value !== "boolean") {
+        throw new Error(`${label} must be a boolean`);
+    }
+    return value;
+}
+function readOptionalIntegerInRange(params) {
+    if (params.value === undefined || params.value === null) {
+        return undefined;
+    }
+    if (typeof params.value !== "number" || !Number.isInteger(params.value)) {
+        throw new Error(`${params.label} must be an integer`);
+    }
+    if (params.value < params.min || params.value > params.max) {
+        throw new Error(`${params.label} must be between ${params.min} and ${params.max}`);
+    }
+    return params.value;
+}
+export const anchorClawConfigSchema = {
+    parse(value) {
+        const obj = asRecord(value);
+        if (!obj) {
+            throw new Error("anchorclaw config required");
+        }
+        assertAllowedKeys(obj, ["sessions", "identity", "postgres", "import", "limits"], "anchorclaw config");
+        const sessionsObj = asRecord(obj.sessions);
+        if (obj.sessions !== undefined && !sessionsObj) {
+            throw new Error("sessions must be an object");
+        }
+        if (sessionsObj) {
+            assertAllowedKeys(sessionsObj, ["visibility", "sync"], "sessions");
+        }
+        const visibilityRaw = sessionsObj
+            ? readOptionalString(sessionsObj.visibility, "sessions.visibility")
+            : undefined;
+        const sessionsVisibility = visibilityRaw
+            ? visibilityRaw === "current" || visibilityRaw === "off" || visibilityRaw === "visible"
+                ? visibilityRaw
+                : (() => {
+                    throw new Error("sessions.visibility must be one of: current, off, visible");
+                })()
+            : "current";
+        const sessionsSyncObj = sessionsObj ? asRecord(sessionsObj.sync) : undefined;
+        if (sessionsObj?.sync !== undefined && !sessionsSyncObj) {
+            throw new Error("sessions.sync must be an object");
+        }
+        if (sessionsSyncObj) {
+            assertAllowedKeys(sessionsSyncObj, ["deltaBytes", "deltaMessages"], "sessions.sync");
+        }
+        const sessionsDeltaBytes = sessionsSyncObj
+            ? readOptionalIntegerInRange({
+                value: sessionsSyncObj.deltaBytes,
+                label: "sessions.sync.deltaBytes",
+                min: 0,
+                max: Number.MAX_SAFE_INTEGER,
+            })
+            : undefined;
+        const sessionsDeltaMessages = sessionsSyncObj
+            ? readOptionalIntegerInRange({
+                value: sessionsSyncObj.deltaMessages,
+                label: "sessions.sync.deltaMessages",
+                min: 0,
+                max: Number.MAX_SAFE_INTEGER,
+            })
+            : undefined;
+        const identityObj = asRecord(obj.identity);
+        if (obj.identity !== undefined && !identityObj) {
+            throw new Error("identity must be an object");
+        }
+        if (identityObj) {
+            assertAllowedKeys(identityObj, ["externalId"], "identity");
+        }
+        const identityExternalId = identityObj
+            ? readOptionalNonEmptyString(identityObj.externalId, "identity.externalId")
+            : undefined;
+        if (identityExternalId && identityExternalId.length > 20) {
+            throw new Error("identity.externalId must be at most 20 characters");
+        }
+        const postgresObj = asRecord(obj.postgres);
+        if (!postgresObj) {
+            throw new Error("postgres config required");
+        }
+        assertAllowedKeys(postgresObj, ["host", "port", "database", "schema", "user", "password", "ssl", "sslMode", "sslCa", "pool"], "postgres config");
+        const host = readRequiredString(postgresObj.host, "postgres.host");
+        const database = readRequiredString(postgresObj.database, "postgres.database");
+        const schema = readOptionalString(postgresObj.schema, "postgres.schema");
+        const user = readRequiredString(postgresObj.user, "postgres.user");
+        const password = readOptionalString(postgresObj.password, "postgres.password");
+        const port = readOptionalPort(postgresObj.port, "postgres.port");
+        const ssl = readOptionalBoolean(postgresObj.ssl, "postgres.ssl");
+        const sslModeRaw = readOptionalString(postgresObj.sslMode, "postgres.sslMode");
+        const sslCa = readOptionalString(postgresObj.sslCa, "postgres.sslCa");
+        const poolObj = asRecord(postgresObj.pool);
+        if (postgresObj.pool !== undefined && !poolObj) {
+            throw new Error("postgres.pool must be an object");
+        }
+        if (poolObj) {
+            assertAllowedKeys(poolObj, ["max", "connectionTimeoutMs", "idleTimeoutMs"], "postgres.pool");
+        }
+        const sslMode = sslModeRaw
+            ? sslModeRaw === "disable" || sslModeRaw === "require" || sslModeRaw === "verify-full"
+                ? sslModeRaw
+                : (() => {
+                    throw new Error("postgres.sslMode must be one of: disable, require, verify-full");
+                })()
+            : undefined;
+        if (typeof ssl === "boolean" && sslMode) {
+            throw new Error("postgres.ssl and postgres.sslMode are mutually exclusive; use only sslMode");
+        }
+        if (sslCa && !sslMode) {
+            throw new Error("postgres.sslCa requires postgres.sslMode=verify-full");
+        }
+        if (sslMode && sslMode !== "verify-full" && sslCa) {
+            throw new Error("postgres.sslCa is only valid with postgres.sslMode=verify-full");
+        }
+        const poolMax = poolObj
+            ? readOptionalIntegerInRange({
+                value: poolObj.max,
+                label: "postgres.pool.max",
+                min: 1,
+                max: 100,
+            })
+            : undefined;
+        const poolConnectionTimeoutMs = poolObj
+            ? readOptionalIntegerInRange({
+                value: poolObj.connectionTimeoutMs,
+                label: "postgres.pool.connectionTimeoutMs",
+                min: 100,
+                max: 600_000,
+            })
+            : undefined;
+        const poolIdleTimeoutMs = poolObj
+            ? readOptionalIntegerInRange({
+                value: poolObj.idleTimeoutMs,
+                label: "postgres.pool.idleTimeoutMs",
+                min: 100,
+                max: 3_600_000,
+            })
+            : undefined;
+        const importObj = asRecord(obj.import);
+        if (obj.import !== undefined && !importObj) {
+            throw new Error("import must be an object");
+        }
+        if (importObj) {
+            assertAllowedKeys(importObj, ["cleanupMemoryMdAfterImport"], "import");
+        }
+        const cleanupMemoryMdAfterImport = importObj
+            ? readOptionalBoolean(importObj.cleanupMemoryMdAfterImport, "import.cleanupMemoryMdAfterImport")
+            : undefined;
+        const limitsObj = asRecord(obj.limits);
+        if (obj.limits !== undefined && !limitsObj) {
+            throw new Error("limits must be an object");
+        }
+        if (limitsObj) {
+            assertAllowedKeys(limitsObj, ["maxResults", "getMaxChars", "getDefaultLines"], "limits");
+        }
+        const limitMaxResults = limitsObj
+            ? readOptionalIntegerInRange({
+                value: limitsObj.maxResults,
+                label: "limits.maxResults",
+                min: 1,
+                max: 10,
+            })
+            : undefined;
+        const limitGetMaxChars = limitsObj
+            ? readOptionalIntegerInRange({
+                value: limitsObj.getMaxChars,
+                label: "limits.getMaxChars",
+                min: 1000,
+                max: 12_000,
+            })
+            : undefined;
+        const limitGetDefaultLines = limitsObj
+            ? readOptionalIntegerInRange({
+                value: limitsObj.getDefaultLines,
+                label: "limits.getDefaultLines",
+                min: 10,
+                max: 120,
+            })
+            : undefined;
+        return {
+            sessions: {
+                visibility: sessionsVisibility,
+                sync: {
+                    deltaBytes: sessionsDeltaBytes ?? DEFAULT_SESSION_DELTA_BYTES,
+                    deltaMessages: sessionsDeltaMessages ?? DEFAULT_SESSION_DELTA_MESSAGES,
+                },
+            },
+            ...(identityExternalId ? { identity: { externalId: identityExternalId } } : {}),
+            postgres: {
+                host,
+                ...(typeof port === "number" ? { port } : {}),
+                database,
+                ...(schema ? { schema } : {}),
+                user,
+                ...(password ? { password } : {}),
+                ...(typeof ssl === "boolean" ? { ssl } : {}),
+                ...(sslMode ? { sslMode } : {}),
+                ...(sslCa ? { sslCa } : {}),
+                ...(poolMax || poolConnectionTimeoutMs || poolIdleTimeoutMs
+                    ? {
+                        pool: {
+                            ...(poolMax ? { max: poolMax } : {}),
+                            ...(poolConnectionTimeoutMs
+                                ? { connectionTimeoutMs: poolConnectionTimeoutMs }
+                                : {}),
+                            ...(poolIdleTimeoutMs ? { idleTimeoutMs: poolIdleTimeoutMs } : {}),
+                        },
+                    }
+                    : {}),
+            },
+            import: { cleanupMemoryMdAfterImport: cleanupMemoryMdAfterImport ?? true },
+            ...(limitMaxResults || limitGetMaxChars || limitGetDefaultLines
+                ? {
+                    limits: {
+                        ...(limitMaxResults ? { maxResults: limitMaxResults } : {}),
+                        ...(limitGetMaxChars ? { getMaxChars: limitGetMaxChars } : {}),
+                        ...(limitGetDefaultLines ? { getDefaultLines: limitGetDefaultLines } : {}),
+                    },
+                }
+                : {}),
+        };
+    },
+};
+//# sourceMappingURL=config.js.map