npm - @chainlesschain/personal-data-hub - Versions diffs - 0.1.0 → 0.2.1 - Mend

@chainlesschain/personal-data-hub 0.1.0 → 0.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (154) hide show

package/__tests__/adapters/ai-chat-cookie-capture-spec.test.js +211 -0
package/__tests__/adapters/ai-chat-health-checker.test.js +262 -0
package/__tests__/adapters/ai-chat-history.test.js +396 -0
package/__tests__/adapters/ai-chat-http-client.test.js +242 -0
package/__tests__/adapters/ai-chat-vendors.test.js +874 -0
package/__tests__/adapters/alipay-bill-adapter.test.js +538 -0
package/__tests__/adapters/email-adapter.test.js +138 -1
package/__tests__/adapters/email-classifier.test.js +347 -0
package/__tests__/adapters/email-pdf-extractor.test.js +529 -0
package/__tests__/adapters/email-retry-progress.test.js +294 -0
package/__tests__/adapters/email-templates.test.js +699 -0
package/__tests__/adapters/social-toutiao-kuaishou-scaffold.test.js +269 -0
package/__tests__/adapters/system-data-adapter.test.js +440 -0
package/__tests__/adapters/system-data-android-ingest.test.js +144 -0
package/__tests__/adapters/system-data-android.test.js +387 -0
package/__tests__/adapters/system-data-disclosure.test.js +153 -0
package/__tests__/adapters/wechat-bootstrap.test.js +240 -0
package/__tests__/adapters/wechat-env-probe.test.js +162 -0
package/__tests__/adapters/wechat-frida-agent.test.js +191 -0
package/__tests__/adapters/wechat-frida-integration.test.js +149 -0
package/__tests__/adapters/wechat-frida-key-provider.test.js +188 -0
package/__tests__/adapters/wechat-md5-key-provider.test.js +101 -0
package/__tests__/analysis-skills.test.js +556 -0
package/__tests__/analysis.test.js +329 -1
package/__tests__/e2e/ai-chat-cross-source-journey.test.js +213 -0
package/__tests__/e2e/full-user-journey.test.js +188 -0
package/__tests__/entity-resolver-ingest-hook.test.js +177 -0
package/__tests__/entity-resolver-stages.test.js +411 -0
package/__tests__/entity-resolver-vault.test.js +246 -0
package/__tests__/entity-resolver.test.js +526 -0
package/__tests__/fixtures/entity-resolver-200-mock.json +96 -0
package/__tests__/integration/ai-chat-history-registry.test.js +228 -0
package/__tests__/integration/aichat-wizard-end-to-end.test.js +282 -0
package/__tests__/integration/cross-adapter-pipelines.test.js +396 -0
package/__tests__/integration/wechat-bootstrap-end-to-end.test.js +390 -0
package/__tests__/longtail-adapters.test.js +217 -0
package/__tests__/mobile-extractor.test.js +288 -0
package/__tests__/registry.test.js +4 -2
package/__tests__/shopping-adapters.test.js +296 -0
package/__tests__/sidecar-contacts-cross-validate.test.js +163 -0
package/__tests__/sidecar-supervisor.test.js +120 -0
package/__tests__/social-adapters.test.js +206 -0
package/__tests__/travel-adapters.test.js +325 -0
package/__tests__/vault.test.js +3 -3
package/__tests__/wechat-adapter.test.js +476 -0
package/__tests__/whatsapp-adapter.test.js +135 -0
package/lib/adapter-spec.js +12 -0
package/lib/adapters/_python-sidecar-base.js +207 -0
package/lib/adapters/ai-chat-history/ai-chat-adapter.js +374 -0
package/lib/adapters/ai-chat-history/cookie-auth.js +109 -0
package/lib/adapters/ai-chat-history/cookie-capture-spec.js +331 -0
package/lib/adapters/ai-chat-history/health-checker.js +210 -0
package/lib/adapters/ai-chat-history/http-client.js +211 -0
package/lib/adapters/ai-chat-history/index.js +28 -0
package/lib/adapters/ai-chat-history/schema-map.js +258 -0
package/lib/adapters/ai-chat-history/vendor-spec.js +86 -0
package/lib/adapters/ai-chat-history/vendors/coze.js +179 -0
package/lib/adapters/ai-chat-history/vendors/deepseek.js +199 -0
package/lib/adapters/ai-chat-history/vendors/doubao.js +255 -0
package/lib/adapters/ai-chat-history/vendors/dreamina.js +174 -0
package/lib/adapters/ai-chat-history/vendors/hunyuan.js +176 -0
package/lib/adapters/ai-chat-history/vendors/kimi.js +182 -0
package/lib/adapters/ai-chat-history/vendors/qianfan.js +160 -0
package/lib/adapters/ai-chat-history/vendors/tongyi.js +193 -0
package/lib/adapters/ai-chat-history/vendors/zhipu.js +202 -0
package/lib/adapters/ai-chat-history/wizard-controller.js +473 -0
package/lib/adapters/alipay-bill/alipay-bill-adapter.js +311 -0
package/lib/adapters/alipay-bill/counterparty.js +129 -0
package/lib/adapters/alipay-bill/csv-parser.js +217 -0
package/lib/adapters/alipay-bill/index.js +41 -0
package/lib/adapters/alipay-bill/zip-decryptor.js +111 -0
package/lib/adapters/email-imap/classifier.js +495 -0
package/lib/adapters/email-imap/email-adapter.js +419 -8
package/lib/adapters/email-imap/index.js +42 -0
package/lib/adapters/email-imap/pdf-extractor.js +192 -0
package/lib/adapters/email-imap/templates/bill.js +232 -0
package/lib/adapters/email-imap/templates/government.js +120 -0
package/lib/adapters/email-imap/templates/index.js +78 -0
package/lib/adapters/email-imap/templates/order.js +186 -0
package/lib/adapters/email-imap/templates/other.js +114 -0
package/lib/adapters/email-imap/templates/register.js +113 -0
package/lib/adapters/email-imap/templates/travel.js +157 -0
package/lib/adapters/email-imap/templates/utils.js +275 -0
package/lib/adapters/email-imap/transactions.js +234 -0
package/lib/adapters/messaging-qq/index.js +158 -0
package/lib/adapters/messaging-telegram/index.js +142 -0
package/lib/adapters/messaging-whatsapp/index.js +189 -0
package/lib/adapters/shopping-base/index.js +208 -0
package/lib/adapters/shopping-jd/index.js +150 -0
package/lib/adapters/shopping-meituan/index.js +154 -0
package/lib/adapters/shopping-taobao/index.js +176 -0
package/lib/adapters/social-bilibili/index.js +171 -0
package/lib/adapters/social-douyin/index.js +116 -0
package/lib/adapters/social-kuaishou/index.js +237 -0
package/lib/adapters/social-toutiao/index.js +236 -0
package/lib/adapters/social-weibo/index.js +164 -0
package/lib/adapters/social-xiaohongshu/index.js +96 -0
package/lib/adapters/system-data/disclosure.js +166 -0
package/lib/adapters/system-data/index.js +34 -0
package/lib/adapters/system-data/system-data-adapter.js +344 -0
package/lib/adapters/system-data-android/adapter.js +348 -0
package/lib/adapters/system-data-android/index.js +76 -0
package/lib/adapters/travel-12306/index.js +151 -0
package/lib/adapters/travel-amap/index.js +164 -0
package/lib/adapters/travel-baidu-map/index.js +162 -0
package/lib/adapters/travel-base/index.js +240 -0
package/lib/adapters/travel-ctrip/index.js +151 -0
package/lib/adapters/wechat/bootstrap.js +146 -0
package/lib/adapters/wechat/content-parser.js +326 -0
package/lib/adapters/wechat/db-reader.js +209 -0
package/lib/adapters/wechat/env-probe.js +218 -0
package/lib/adapters/wechat/frida-agent/loader.js +67 -0
package/lib/adapters/wechat/frida-agent/wechat-key-hook.js +126 -0
package/lib/adapters/wechat/index.js +37 -0
package/lib/adapters/wechat/key-extractor.js +158 -0
package/lib/adapters/wechat/key-providers/frida-key-provider.js +244 -0
package/lib/adapters/wechat/key-providers/index.js +22 -0
package/lib/adapters/wechat/key-providers/key-provider-base.js +44 -0
package/lib/adapters/wechat/key-providers/md5-key-provider.js +81 -0
package/lib/adapters/wechat/normalize.js +220 -0
package/lib/adapters/wechat/wechat-adapter.js +205 -0
package/lib/analysis-skills/base.js +113 -0
package/lib/analysis-skills/footprint.js +167 -0
package/lib/analysis-skills/index.js +58 -0
package/lib/analysis-skills/interests.js +161 -0
package/lib/analysis-skills/relations.js +226 -0
package/lib/analysis-skills/spending.js +219 -0
package/lib/analysis-skills/timeline.js +167 -0
package/lib/analysis.js +191 -2
package/lib/entity-resolver/embedding-stage.js +198 -0
package/lib/entity-resolver/entity-resolver.js +384 -0
package/lib/entity-resolver/index.js +42 -0
package/lib/entity-resolver/llm-stage.js +191 -0
package/lib/entity-resolver/rule-stage.js +208 -0
package/lib/entity-resolver/worker.js +149 -0
package/lib/index.js +131 -0
package/lib/migrations.js +73 -0
package/lib/mobile-extractor/android.js +193 -0
package/lib/mobile-extractor/index.js +9 -0
package/lib/mobile-extractor/ios.js +223 -0
package/lib/prompt-builder.js +11 -1
package/lib/query-parser.js +7 -1
package/lib/registry.js +42 -0
package/lib/sidecar/index.js +15 -0
package/lib/sidecar/supervisor.js +359 -0
package/lib/vault.js +343 -0
package/package.json +36 -3
package/scripts/_make-fixture-all.js +126 -0
package/scripts/_make-fixture-contacts.js +84 -0
package/scripts/evaluate-entity-resolver.js +213 -0
package/scripts/smoke-phase-5-5.js +196 -0
package/scripts/smoke-phase-5-7.js +181 -0
package/scripts/smoke-system-data-contacts.js +309 -0
package/scripts/smoke-system-data.js +312 -0

package/lib/adapters/social-xiaohongshu/index.js ADDED Viewed

@@ -0,0 +1,96 @@
+/**
+ * Phase 13.4 — Xiaohongshu (小红书) adapter.
+ *
+ * Per sjqz/parsers/lifestyle.py XiaohongshuParser. Tables:
+ *   - note / browse_history  viewed notes
+ *   - liked_note / favourite collected notes
+ *   - search_history         queries
+ */
+"use strict";
+const fs = require("node:fs");
+const { newId } = require("../../ids");
+const NAME = "social-xiaohongshu";
+const VERSION = "0.5.0";
+class XiaohongshuAdapter {
+  constructor(opts = {}) {
+    if (!opts.account || !opts.account.uid) {
+      throw new Error("XiaohongshuAdapter: opts.account.uid required");
+    }
+    this.account = opts.account;
+    this._dbPath = opts.dbPath || null;
+    this._dbDriverFactory = opts.dbDriverFactory || null;
+    this.name = NAME;
+    this.version = VERSION;
+    this.capabilities = ["sync:sqlite", "parse:xhs-history"];
+    this.extractMode = "device-pull";
+    this.rateLimits = {};
+    this.dataDisclosure = {
+      fields: ["xhs:viewed_notes / liked / favourites / search_history"],
+      sensitivity: "medium",
+      legalGate: false,
+    };
+  }
+  async authenticate() { return { ok: true, account: this.account.uid }; }
+  async healthCheck() { return { ok: true, lastChecked: Date.now() }; }
+  async *sync(opts = {}) {
+    const dbPath = opts.dbPath || this._dbPath;
+    if (!dbPath || !fs.existsSync(dbPath)) return;
+    const Driver = this._dbDriverFactory
+      ? this._dbDriverFactory()
+      : require("better-sqlite3-multiple-ciphers");
+    const db = new Driver(dbPath, { readonly: true });
+    try {
+      const histories = trySelect(db, "SELECT * FROM browse_history ORDER BY view_time DESC LIMIT 5000")
+        || trySelect(db, "SELECT * FROM note ORDER BY view_time DESC LIMIT 5000") || [];
+      for (const row of histories) {
+        yield { adapter: NAME, originalId: `history-${row.id || row.note_id}`, capturedAt: parseTime(row.view_time), payload: { row, kind: "history" } };
+      }
+      const likes = trySelect(db, "SELECT * FROM liked_note ORDER BY like_time DESC LIMIT 5000") || [];
+      for (const row of likes) {
+        yield { adapter: NAME, originalId: `like-${row.id || row.note_id}`, capturedAt: parseTime(row.like_time), payload: { row, kind: "like" } };
+      }
+      const favs = trySelect(db, "SELECT * FROM favourite ORDER BY save_time DESC LIMIT 5000") || [];
+      for (const row of favs) {
+        yield { adapter: NAME, originalId: `fav-${row.id || row.note_id}`, capturedAt: parseTime(row.save_time), payload: { row, kind: "favourite" } };
+      }
+    } finally {
+      try { db.close(); } catch (_e) {}
+    }
+  }
+  normalize(raw) {
+    const { kind, row } = raw.payload;
+    const now = Date.now();
+    const occurredAt = parseTime(row.view_time || row.like_time || row.save_time) || now;
+    const source = { adapter: NAME, adapterVersion: VERSION, originalId: raw.originalId, capturedAt: occurredAt, capturedBy: "sqlite" };
+    const subtypeMap = { history: "browse", like: "like", favourite: "like" };
+    return {
+      events: [{
+        id: newId(), type: "event",
+        subtype: subtypeMap[kind] || "browse",
+        occurredAt, actor: "person-self",
+        content: { title: row.title || row.note_title || "(no title)" },
+        ingestedAt: now, source,
+        extra: { noteId: row.note_id || null, author: row.author || row.nickname || null, kind },
+      }],
+      persons: [], places: [], items: [], topics: [],
+    };
+  }
+}
+function trySelect(db, sql) { try { return db.prepare(sql).all(); } catch (_e) { return null; } }
+function parseTime(v) {
+  if (Number.isFinite(v)) return v > 1e12 ? v : v * 1000;
+  if (typeof v === "string") {
+    if (/^\d+$/.test(v)) { const n = parseInt(v, 10); return n > 1e12 ? n : n * 1000; }
+    const t = Date.parse(v); return Number.isFinite(t) ? t : null;
+  }
+  return null;
+}
+module.exports = { XiaohongshuAdapter, NAME, VERSION };

package/lib/adapters/system-data/disclosure.js ADDED Viewed

@@ -0,0 +1,166 @@
+/**
+ * dataDisclosure metadata + helpers for SystemDataAdapter — Phase 4.5.6.
+ *
+ * The metadata itself lives on the adapter (so the AdapterRegistry sees it
+ * during `assertAdapter`). This module exposes additional helpers for the
+ * desktop UI / hub layer to read:
+ *
+ *   - SOURCE_DESCRIPTORS — per-source human-readable label + field list +
+ *     sensitivity tier; the UI maps each to a toggle in the disclosure
+ *     dialog (per Adapter_System_Data.md §5.1 mockup).
+ *   - sanitizeInclude({...}) — clamp arbitrary user input to the supported
+ *     boolean shape, so a stale Vue store can't smuggle non-boolean values
+ *     past adapter.sync().
+ *   - resolveRetentionMs({retentionDays}) — convert the user-set retention
+ *     policy to milliseconds; the hub job runner uses this to schedule
+ *     periodic deletes.
+ *
+ * Why a separate file rather than inline on the adapter? Three reasons:
+ *   1. The Vue layer can `require()` this without spinning up a SidecarSupervisor.
+ *   2. Tests can compare the descriptor list against the adapter's actual
+ *      `dataDisclosure.fields` array, catching drift.
+ *   3. Future sources (calendar, browser history) follow the same shape so
+ *      the disclosure UI is reusable.
+ */
+"use strict";
+const SOURCE_DESCRIPTORS = Object.freeze({
+  contacts: Object.freeze({
+    key: "contacts",
+    label: "通讯录",
+    fields: ["name", "phone", "email", "organization", "notes", "starred", "photoUri"],
+    sensitivity: "medium",
+    defaultEnabled: true,
+    estimate: "约 50-500 人",
+    rationale: "作为 EntityResolver 跨源 Person 主键的权威种子集",
+  }),
+  calllog: Object.freeze({
+    key: "calllog",
+    label: "通话记录",
+    fields: ["number", "duration", "timestamp", "type", "name"],
+    sensitivity: "high",
+    defaultEnabled: true,
+    estimate: "近 1 年约 1-10k 条",
+    rationale: "跨人互动时间线，独立于 app 内聊天",
+  }),
+  sms: Object.freeze({
+    key: "sms",
+    label: "短信和彩信",
+    fields: ["address", "body", "timestamp", "type", "threadId", "isRead"],
+    sensitivity: "high",
+    defaultEnabled: false, // opt-out (per OQ-SD1 + design doc §5.1)
+    estimate: "近 3 年约 5-20k 条",
+    rationale: "银行账单、验证码、物流通知的元数据源；含他人信息",
+    warning: "可能包含他人电话号码或对话内容",
+  }),
+  wifi: Object.freeze({
+    key: "wifi",
+    label: "WiFi 网络（不含密码）",
+    fields: ["ssid", "securityType", "hidden"],
+    excludedFields: ["password"],
+    sensitivity: "low",
+    defaultEnabled: true,
+    estimate: "约 5-50 个",
+    rationale: "常去地点种子（家/办公室/常去咖啡店）",
+  }),
+});
+const SOURCE_KEYS = Object.freeze(Object.keys(SOURCE_DESCRIPTORS));
+/**
+ * Clamp arbitrary user-provided `include` object to a strict boolean shape.
+ * Unknown keys are dropped; missing keys fall back to descriptor defaults.
+ *
+ * @param {object} raw  user-controllable input from UI / IPC layer
+ * @returns {{contacts: boolean, calllog: boolean, sms: boolean, wifi: boolean}}
+ */
+function sanitizeInclude(raw) {
+  const out = {};
+  for (const key of SOURCE_KEYS) {
+    if (raw && Object.prototype.hasOwnProperty.call(raw, key)) {
+      out[key] = Boolean(raw[key]);
+    } else {
+      out[key] = SOURCE_DESCRIPTORS[key].defaultEnabled;
+    }
+  }
+  return out;
+}
+/**
+ * Resolve a user-configured retention policy to a wall-clock millisecond
+ * threshold (rows with `ingestedAt < now - returnedMs` are eligible for
+ * background purge).
+ *
+ * @param {{retentionDays?: number}} policy
+ * @returns {number|null}  null means "no retention cap" (default)
+ */
+function resolveRetentionMs(policy) {
+  if (!policy || policy.retentionDays == null) return null;
+  const days = Number(policy.retentionDays);
+  if (!Number.isFinite(days) || days <= 0) return null;
+  return Math.floor(days * 24 * 60 * 60 * 1000);
+}
+/**
+ * Cross-check that the disclosure-fields strings on the adapter actually
+ * cover every source's declared fields. Used in tests to catch the
+ * "adapter shipped a field the UI never warned about" drift bug.
+ *
+ * Returns { ok: boolean, missing: string[] } — `missing` lists
+ * "source:field" pairs that the adapter doesn't declare.
+ */
+function checkDisclosureCoverage(adapterFields) {
+  const declared = new Set(adapterFields || []);
+  const missing = [];
+  for (const desc of Object.values(SOURCE_DESCRIPTORS)) {
+    const expected = `${desc.key}:${desc.fields.join(",")}`;
+    const sourceHit = Array.from(declared).find((s) => s.startsWith(`${desc.key}:`));
+    if (!sourceHit) {
+      missing.push(expected);
+      continue;
+    }
+    // Verify every expected field appears in the declared string.
+    const declaredFields = new Set(
+      sourceHit.split(":", 2)[1].split(",").map((s) => s.trim()),
+    );
+    for (const f of desc.fields) {
+      if (!declaredFields.has(f)) missing.push(`${desc.key}:${f}`);
+    }
+  }
+  return { ok: missing.length === 0, missing };
+}
+/**
+ * Localized disclosure dialog payload — what the UI binds to.
+ * Returns a stable structure independent of the adapter instance, so the
+ * Vue store can be tested without the adapter wired in.
+ */
+function buildDisclosurePayload() {
+  return {
+    adapter: "system-data",
+    sensitivity: "high",
+    legalGate: true,
+    notice:
+      "短信和通话记录可能包含他人电话号码或对话内容；所有数据在本机加密存储，不向任何服务器上传（含 AI 分析）。",
+    sources: SOURCE_KEYS.map((key) => SOURCE_DESCRIPTORS[key]),
+    legalDeclaration:
+      [
+        "您声明：",
+        "1. 您是这部手机的合法使用者，对其上数据拥有访问权",
+        "2. 您理解短信内容可能涉及他人隐私，承诺仅在本机使用，不向任何第三方分发",
+        "3. 本工具不会将系统数据上传至云端（含 LLM 分析全部本地完成）",
+        "",
+        "不符合上述条件，请勿启用本 adapter。",
+      ].join("\n"),
+  };
+}
+module.exports = {
+  SOURCE_DESCRIPTORS,
+  SOURCE_KEYS,
+  sanitizeInclude,
+  resolveRetentionMs,
+  checkDisclosureCoverage,
+  buildDisclosurePayload,
+};

package/lib/adapters/system-data/index.js ADDED Viewed

@@ -0,0 +1,34 @@
+"use strict";
+const {
+  SystemDataAdapter,
+  SYSTEM_DATA_ADAPTER_NAME,
+  SYSTEM_DATA_ADAPTER_VERSION,
+  DEFAULT_INCLUDE,
+  DEFAULT_REMOTE_PATHS,
+  SDCARD_WORKAROUND_PATHS,
+} = require("./system-data-adapter");
+const {
+  SOURCE_DESCRIPTORS,
+  SOURCE_KEYS,
+  sanitizeInclude,
+  resolveRetentionMs,
+  checkDisclosureCoverage,
+  buildDisclosurePayload,
+} = require("./disclosure");
+module.exports = {
+  SystemDataAdapter,
+  SYSTEM_DATA_ADAPTER_NAME,
+  SYSTEM_DATA_ADAPTER_VERSION,
+  DEFAULT_INCLUDE,
+  DEFAULT_REMOTE_PATHS,
+  SDCARD_WORKAROUND_PATHS,
+  // Disclosure helpers (Phase 4.5.6)
+  SOURCE_DESCRIPTORS,
+  SOURCE_KEYS,
+  sanitizeInclude,
+  resolveRetentionMs,
+  checkDisclosureCoverage,
+  buildDisclosurePayload,
+};

package/lib/adapters/system-data/system-data-adapter.js ADDED Viewed

@@ -0,0 +1,344 @@
+/**
+ * SystemDataAdapter — Android system data (contacts / call log / SMS / WiFi).
+ *
+ * Phase 4.5.5. Sits on top of the forensics-bridge sidecar.
+ *
+ * Per-source pipeline (each one independent — disabling SMS doesn't break the
+ * others):
+ *
+ *   contacts:  android.pull_file → system.parse_contacts → Person stream
+ *   calllog:   android.pull_file → system.parse_calllog → Event(call) + Person stream
+ *   sms:       android.pull_file → system.parse_sms     → Event(message) + Person stream
+ *   wifi:      android.pull_file → system.parse_wifi    → Place stream
+ *
+ * Or, when `opts.dataPaths` is provided (e.g. user already adb-pulled files
+ * manually, or testing with a local fixture), skip the pull step.
+ *
+ * Privacy gating: `opts.include` decides which sub-sources run. Default per
+ * Adapter_System_Data.md §5.1 + OQ-SD1: contacts ON / calllog ON / sms OFF /
+ * wifi ON. The UI dialog re-confirms this on each sync.
+ */
+"use strict";
+const path = require("node:path");
+const os = require("node:os");
+const fs = require("node:fs");
+const { PythonSidecarAdapter } = require("../_python-sidecar-base");
+const NAME = "system-data";
+const VERSION = "0.1.0";
+const DEFAULT_INCLUDE = Object.freeze({
+  contacts: true,
+  calllog: true,
+  sms: false, // opt-out by default — see Adapter_System_Data.md §5.1
+  wifi: true,
+});
+/**
+ * Default Android system provider paths. Override via opts.remotePaths when
+ * a device uses a non-stock layout.
+ */
+const DEFAULT_REMOTE_PATHS = Object.freeze({
+  contacts:
+    "/data/data/com.android.providers.contacts/databases/contacts2.db",
+  calllog: "/data/data/com.android.providers.contacts/databases/calllog.db",
+  sms: "/data/data/com.android.providers.telephony/databases/mmssms.db",
+  wifi: "/data/misc/wifi/", // directory — pull_file works for one file, so wifi mode-A is dataPaths
+});
+/**
+ * Per-source workaround paths under /sdcard/Download/ for stock Android
+ * (no `adb root`) — user copies files via Termux + tsu or MT Manager.
+ */
+const SDCARD_WORKAROUND_PATHS = Object.freeze({
+  contacts: "/sdcard/Download/contacts2.db",
+  calllog: "/sdcard/Download/calllog.db",
+  sms: "/sdcard/Download/mmssms.db",
+  wifi_xml: "/sdcard/Download/WifiConfigStore.xml",
+  wifi_conf: "/sdcard/Download/wpa_supplicant.conf",
+});
+class SystemDataAdapter extends PythonSidecarAdapter {
+  constructor(opts) {
+    super(opts);
+    this.name = NAME;
+    this.version = VERSION;
+    this.capabilities = [
+      "sync:android-adb",
+      "sync:android-sdcard-workaround",
+      "sync:host-dataPaths",
+    ];
+    this.rateLimits = { perDay: 12 }; // system data day-to-day churn is small
+    this.dataDisclosure = {
+      fields: [
+        "contacts:name,phone,email,organization,notes,starred,photoUri",
+        "calllog:number,duration,timestamp,type,name",
+        "sms:address,body,timestamp,type,threadId,isRead",
+        "wifi:ssid,securityType,hidden",
+        // Explicitly NOT collected:
+        //   - wifi:password (never written to vault, even when present in source)
+      ],
+      sensitivity: "high", // SMS may include third-party content
+      legalGate: true, // requires explicit user agreement on third-party content
+      retentionDays: undefined, // user-controlled (no default cap)
+      notice:
+        "短信和通话记录可能包含他人电话号码或对话内容；所有数据在本机加密存储，不向任何服务器上传（含 AI 分析）。",
+      defaultInclude: { ...DEFAULT_INCLUDE },
+    };
+  }
+  // -----------------------------------------------------------------------
+  // PersonalDataAdapter — authenticate / healthCheck override
+  // -----------------------------------------------------------------------
+  /**
+   * Verify the sidecar is reachable AND there is at least one usable ADB
+   * device (unless caller signals offline-import mode by passing dataPaths).
+   *
+   * @param {object} ctx
+   * @param {object} [ctx.dataPaths] If set, ADB presence is not required.
+   * @param {string} [ctx.serial]    Optional serial; auth checks just that device.
+   */
+  async authenticate(ctx = {}) {
+    const pong = await this.supervisor.invoke("sidecar.ping", {}, { timeoutMs: 3000 });
+    if (ctx.dataPaths && Object.keys(ctx.dataPaths).length > 0) {
+      return { ok: true, mode: "offline", sidecarVersion: pong.version };
+    }
+    let devices;
+    try {
+      const out = await this.supervisor.invoke("android.list_devices", {}, { timeoutMs: 5000 });
+      devices = out.devices || [];
+    } catch (err) {
+      return {
+        ok: false,
+        reason: `android.list_devices failed: ${err.code || err.message}`,
+      };
+    }
+    const wanted = ctx.serial
+      ? devices.filter((d) => d.serial === ctx.serial)
+      : devices.filter((d) => d.state === "device");
+    if (wanted.length === 0) {
+      return {
+        ok: false,
+        reason: ctx.serial
+          ? `device "${ctx.serial}" not found or not authorized`
+          : "no authorized ADB devices attached",
+      };
+    }
+    return { ok: true, mode: "device", devices: wanted };
+  }
+  // -----------------------------------------------------------------------
+  // Orchestration (subclass hook)
+  // -----------------------------------------------------------------------
+  /**
+   * Orchestrate the 4 sub-sources sequentially.
+   *
+   * @param {object} opts
+   * @param {object} [opts.include]      Per-source enable flags (defaults: DEFAULT_INCLUDE).
+   * @param {string} [opts.serial]       Required when pulling from a live device.
+   * @param {object} [opts.dataPaths]    Pre-extracted host paths, keys:
+   *                                       {contacts, calllog, sms, wifi}.
+   * @param {object} [opts.remotePaths]  Override default device paths.
+   * @param {"normal"|"sdcard"} [opts.extractMode]
+   *                                     "normal" = pull from /data/data (root only),
+   *                                     "sdcard" = pull from /sdcard/Download (workaround).
+   * @param {string} [opts.scratchDir]   Directory for pulled DBs. Default: hub tmp.
+   * @param {(msg: object) => void} [opts.onProgress]  Forwarded as adapter-progress.
+   */
+  async _runSidecar(opts, emit) {
+    const include = { ...DEFAULT_INCLUDE, ...(opts.include || {}) };
+    const dataPaths = opts.dataPaths || {};
+    const extractMode = opts.extractMode || "normal";
+    const remotePaths =
+      extractMode === "sdcard"
+        ? {
+            contacts: SDCARD_WORKAROUND_PATHS.contacts,
+            calllog: SDCARD_WORKAROUND_PATHS.calllog,
+            sms: SDCARD_WORKAROUND_PATHS.sms,
+            wifi: SDCARD_WORKAROUND_PATHS.wifi_xml,
+          }
+        : { ...DEFAULT_REMOTE_PATHS, ...(opts.remotePaths || {}) };
+    const scratchDir =
+      opts.scratchDir ||
+      fs.mkdtempSync(path.join(os.tmpdir(), "system-data-sync-"));
+    fs.mkdirSync(scratchDir, { recursive: true });
+    const onProgress = typeof opts.onProgress === "function" ? opts.onProgress : null;
+    const tellProgress = (source, phase, extra = {}) => {
+      if (onProgress) onProgress({ source, phase, ...extra });
+    };
+    const sourcesRun = [];
+    // ─── Contacts ────────────────────────────────────────────────────────
+    let contactsLocal = dataPaths.contacts || null;
+    if (include.contacts) {
+      if (!contactsLocal) {
+        if (!opts.serial) {
+          throw new Error(
+            "system-data: contacts enabled but no serial/dataPaths.contacts provided",
+          );
+        }
+        tellProgress("contacts", "pulling");
+        const pulled = await this.supervisor.invoke(
+          "android.pull_file",
+          {
+            serial: opts.serial,
+            remote_path: remotePaths.contacts,
+            local_dir: scratchDir,
+          },
+          { timeoutMs: 60_000 },
+        );
+        contactsLocal = pulled.local;
+      }
+      tellProgress("contacts", "parsing", { dbPath: contactsLocal });
+      const r = await this.supervisor.invoke(
+        "system.parse_contacts",
+        { data_path: contactsLocal, device_serial: opts.serial || null },
+        {
+          timeoutMs: 120_000,
+          onChunk: (batch) => this._emitChunkAsRaws(batch, emit),
+          onProgress: (p) => tellProgress("contacts", "progress", p),
+        },
+      );
+      sourcesRun.push({ source: "contacts", ...r });
+    }
+    // ─── Call log ────────────────────────────────────────────────────────
+    if (include.calllog) {
+      let calllogLocal = dataPaths.calllog || null;
+      if (!calllogLocal) {
+        if (!opts.serial) {
+          throw new Error("system-data: calllog enabled but no serial/dataPaths.calllog");
+        }
+        tellProgress("calllog", "pulling");
+        try {
+          const pulled = await this.supervisor.invoke(
+            "android.pull_file",
+            {
+              serial: opts.serial,
+              remote_path: remotePaths.calllog,
+              local_dir: scratchDir,
+            },
+            { timeoutMs: 60_000 },
+          );
+          calllogLocal = pulled.local;
+        } catch (err) {
+          // Calls table may live in contacts2.db on pre-Android-11 builds.
+          if (err.code === "EXTRACT_PERMISSION_DENIED" && contactsLocal) {
+            calllogLocal = contactsLocal;
+          } else {
+            throw err;
+          }
+        }
+      }
+      tellProgress("calllog", "parsing", { dbPath: calllogLocal });
+      const r = await this.supervisor.invoke(
+        "system.parse_calllog",
+        {
+          data_path: calllogLocal,
+          contacts_db_path: contactsLocal,
+          device_serial: opts.serial || null,
+        },
+        {
+          timeoutMs: 180_000,
+          onChunk: (batch) => this._emitChunkAsRaws(batch, emit),
+          onProgress: (p) => tellProgress("calllog", "progress", p),
+        },
+      );
+      sourcesRun.push({ source: "calllog", ...r });
+    }
+    // ─── SMS ────────────────────────────────────────────────────────────
+    if (include.sms) {
+      let smsLocal = dataPaths.sms || null;
+      if (!smsLocal) {
+        if (!opts.serial) {
+          throw new Error("system-data: sms enabled but no serial/dataPaths.sms");
+        }
+        tellProgress("sms", "pulling");
+        const pulled = await this.supervisor.invoke(
+          "android.pull_file",
+          {
+            serial: opts.serial,
+            remote_path: remotePaths.sms,
+            local_dir: scratchDir,
+          },
+          { timeoutMs: 60_000 },
+        );
+        smsLocal = pulled.local;
+      }
+      tellProgress("sms", "parsing", { dbPath: smsLocal });
+      const r = await this.supervisor.invoke(
+        "system.parse_sms",
+        {
+          data_path: smsLocal,
+          contacts_db_path: contactsLocal,
+          device_serial: opts.serial || null,
+        },
+        {
+          timeoutMs: 300_000, // SMS can be 10K+ rows on long-term devices
+          onChunk: (batch) => this._emitChunkAsRaws(batch, emit),
+          onProgress: (p) => tellProgress("sms", "progress", p),
+        },
+      );
+      sourcesRun.push({ source: "sms", ...r });
+    }
+    // ─── WiFi ───────────────────────────────────────────────────────────
+    if (include.wifi) {
+      let wifiLocal = dataPaths.wifi || null;
+      if (!wifiLocal) {
+        // WiFi config is a single file, but two possible names. Prefer XML.
+        if (!opts.serial) {
+          throw new Error("system-data: wifi enabled but no serial/dataPaths.wifi");
+        }
+        tellProgress("wifi", "pulling");
+        try {
+          const pulled = await this.supervisor.invoke(
+            "android.pull_file",
+            {
+              serial: opts.serial,
+              remote_path: remotePaths.wifi,
+              local_dir: scratchDir,
+            },
+            { timeoutMs: 30_000 },
+          );
+          wifiLocal = path.dirname(pulled.local);
+        } catch (err) {
+          // Non-fatal — wifi often inaccessible without root. Skip this source.
+          tellProgress("wifi", "skipped", { reason: err.code || err.message });
+          return { sources: sourcesRun, scratchDir };
+        }
+      }
+      tellProgress("wifi", "parsing", { dbPath: wifiLocal });
+      const r = await this.supervisor.invoke(
+        "system.parse_wifi",
+        { data_path: wifiLocal, device_serial: opts.serial || null },
+        {
+          timeoutMs: 30_000,
+          onChunk: (batch) => this._emitChunkAsRaws(batch, emit),
+          onProgress: (p) => tellProgress("wifi", "progress", p),
+        },
+      );
+      sourcesRun.push({ source: "wifi", ...r });
+    }
+    return { sources: sourcesRun, scratchDir };
+  }
+}
+module.exports = {
+  SystemDataAdapter,
+  SYSTEM_DATA_ADAPTER_NAME: NAME,
+  SYSTEM_DATA_ADAPTER_VERSION: VERSION,
+  DEFAULT_INCLUDE,
+  DEFAULT_REMOTE_PATHS,
+  SDCARD_WORKAROUND_PATHS,
+};