npm - @codemem/server - Versions diffs - 0.0.0 → 0.20.0-alpha.3 - Mend

@codemem/server 0.0.0 → 0.20.0-alpha.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (27) hide show

package/LICENSE +21 -0
package/dist/helpers.d.ts +19 -0
package/dist/helpers.d.ts.map +1 -0
package/dist/index.d.ts +26 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +1383 -0
package/dist/index.js.map +1 -0
package/dist/middleware.d.ts +33 -0
package/dist/middleware.d.ts.map +1 -0
package/dist/routes/config.d.ts +13 -0
package/dist/routes/config.d.ts.map +1 -0
package/dist/routes/memory.d.ts +9 -0
package/dist/routes/memory.d.ts.map +1 -0
package/dist/routes/observer-status.d.ts +16 -0
package/dist/routes/observer-status.d.ts.map +1 -0
package/dist/routes/raw-events.d.ts +10 -0
package/dist/routes/raw-events.d.ts.map +1 -0
package/dist/routes/stats.d.ts +13 -0
package/dist/routes/stats.d.ts.map +1 -0
package/dist/routes/sync.d.ts +9 -0
package/dist/routes/sync.d.ts.map +1 -0
package/dist/viewer-html.d.ts +8 -0
package/dist/viewer-html.d.ts.map +1 -0
package/package.json +46 -1
package/static/app.js +3726 -0
package/static/favicon.svg +14 -0
package/static/index.html +1860 -0

package/dist/index.js ADDED Viewed

@@ -0,0 +1,1383 @@
+import { existsSync, readFileSync } from "node:fs";
+import { join } from "node:path";
+import { CODEMEM_CONFIG_ENV_OVERRIDES, MemoryStore, VERSION, buildRawEventEnvelopeFromHook, ensureDeviceIdentity, fromJson, getCodememConfigPath, getCodememEnvOverrides, parseStrictInteger, readCodememConfigFile, resolveDbPath, schema, stripJsonComments, stripPrivateObj, stripTrailingCommas, writeCodememConfigFile } from "@codemem/core";
+import { serveStatic } from "@hono/node-server/serve-static";
+import { Hono } from "hono";
+import { createMiddleware } from "hono/factory";
+import { homedir } from "node:os";
+import { count, desc, eq, inArray, isNotNull, max, ne } from "drizzle-orm";
+import { drizzle } from "drizzle-orm/better-sqlite3";
+import { createHash } from "node:crypto";
+//#region src/middleware.ts
+var LOOPBACK_HOSTS = new Set([
+	"127.0.0.1",
+	"localhost",
+	"::1"
+]);
+/**
+* Check whether an Origin header value is a valid loopback URL.
+* Mirrors Python's _is_allowed_loopback_origin_url().
+*/
+function isLoopbackOrigin(origin) {
+	let url;
+	try {
+		url = new URL(origin);
+	} catch {
+		return false;
+	}
+	if (url.protocol !== "http:" && url.protocol !== "https:") return false;
+	if (url.username || url.password) return false;
+	return LOOPBACK_HOSTS.has(url.hostname);
+}
+/** HTTP methods that mutate state and require origin validation. */
+var UNSAFE_METHODS = new Set([
+	"POST",
+	"DELETE",
+	"PATCH",
+	"PUT"
+]);
+/**
+* Check whether a missing-Origin request looks like a cross-site browser
+* request. Matches Python's `_is_unsafe_missing_origin()`:
+*
+*   - Sec-Fetch-Site present and NOT same-origin/same-site/none → unsafe
+*   - Referer present and NOT loopback → unsafe
+*   - Otherwise → safe (CLI / programmatic caller, no browser context)
+*/
+function isUnsafeMissingOrigin(c) {
+	const secFetchSite = (c.req.header("Sec-Fetch-Site") ?? "").trim().toLowerCase();
+	if (secFetchSite && ![
+		"same-origin",
+		"same-site",
+		"none"
+	].includes(secFetchSite)) return true;
+	const referer = c.req.header("Referer");
+	if (!referer) return false;
+	return !isLoopbackOrigin(referer);
+}
+/**
+* Cross-origin protection middleware.
+*
+* Ports Python's `reject_cross_origin(missing_origin_policy="reject_if_unsafe")`:
+*
+* - GET/HEAD/OPTIONS: allowed from any origin (viewer is local-only).
+* - POST/DELETE/PATCH/PUT:
+*   - Origin present + loopback → allowed (browser on localhost)
+*   - Origin present + non-loopback → rejected 403
+*   - No Origin + no suspicious browser signals → allowed (CLI callers)
+*   - No Origin + suspicious Sec-Fetch-Site/Referer → rejected 403
+*
+* For same-origin requests (no Origin header) on safe methods, no
+* Access-Control-Allow-Origin is set — the browser doesn't need it.
+* For valid loopback origins, ACAO is echoed back.
+*/
+function originGuard() {
+	return createMiddleware(async (c, next) => {
+		const origin = c.req.header("Origin");
+		const method = c.req.method;
+		if (UNSAFE_METHODS.has(method)) {
+			if (origin) {
+				if (!isLoopbackOrigin(origin)) return c.json({ error: "forbidden" }, 403);
+				c.header("Access-Control-Allow-Origin", origin);
+				c.header("Access-Control-Allow-Methods", "GET, POST, DELETE, OPTIONS");
+				c.header("Access-Control-Allow-Headers", "Content-Type");
+			} else if (isUnsafeMissingOrigin(c)) return c.json({ error: "forbidden" }, 403);
+		} else if (origin && isLoopbackOrigin(origin)) {
+			c.header("Access-Control-Allow-Origin", origin);
+			c.header("Access-Control-Allow-Methods", "GET, POST, DELETE, OPTIONS");
+			c.header("Access-Control-Allow-Headers", "Content-Type");
+		}
+		await next();
+	});
+}
+/**
+* Handle OPTIONS preflight requests.
+* Returns 204 with appropriate CORS headers for loopback origins.
+*/
+function preflightHandler() {
+	return createMiddleware(async (c, next) => {
+		if (c.req.method !== "OPTIONS") {
+			await next();
+			return;
+		}
+		const origin = c.req.header("Origin");
+		if (origin && isLoopbackOrigin(origin)) {
+			c.header("Access-Control-Allow-Origin", origin);
+			c.header("Access-Control-Allow-Methods", "GET, POST, DELETE, OPTIONS");
+			c.header("Access-Control-Allow-Headers", "Content-Type");
+			c.header("Access-Control-Max-Age", "86400");
+			return c.body(null, 204);
+		}
+		return c.body(null, 204);
+	});
+}
+//#endregion
+//#region src/routes/config.ts
+/**
+* Config routes — GET /api/config, POST /api/config.
+*
+* Ports the user-facing config read/write path from Python's
+* codemem/viewer_routes/config.py, scoped to the TS runtime's current needs.
+*/
+var RUNTIMES = new Set(["api_http", "claude_sidecar"]);
+var AUTH_SOURCES = new Set([
+	"auto",
+	"env",
+	"file",
+	"command",
+	"none"
+]);
+var HOT_RELOAD_KEYS = new Set(["raw_events_sweeper_interval_s"]);
+var ALLOWED_KEYS = [
+	"claude_command",
+	"observer_base_url",
+	"observer_provider",
+	"observer_model",
+	"observer_runtime",
+	"observer_auth_source",
+	"observer_auth_file",
+	"observer_auth_command",
+	"observer_auth_timeout_ms",
+	"observer_auth_cache_ttl_s",
+	"observer_headers",
+	"observer_max_chars",
+	"pack_observation_limit",
+	"pack_session_limit",
+	"sync_enabled",
+	"sync_host",
+	"sync_port",
+	"sync_interval_s",
+	"sync_mdns",
+	"sync_coordinator_url",
+	"sync_coordinator_group",
+	"sync_coordinator_timeout_s",
+	"sync_coordinator_presence_ttl_s",
+	"raw_events_sweeper_interval_s"
+];
+var DEFAULTS = {
+	claude_command: ["claude"],
+	observer_runtime: "api_http",
+	observer_auth_source: "auto",
+	observer_auth_command: [],
+	observer_auth_timeout_ms: 1500,
+	observer_auth_cache_ttl_s: 300,
+	observer_headers: {},
+	observer_max_chars: 12e3,
+	pack_observation_limit: 50,
+	pack_session_limit: 10,
+	sync_enabled: false,
+	sync_host: "0.0.0.0",
+	sync_port: 7337,
+	sync_interval_s: 120,
+	sync_mdns: true,
+	sync_coordinator_timeout_s: 3,
+	sync_coordinator_presence_ttl_s: 180,
+	raw_events_sweeper_interval_s: 30
+};
+function loadProviderOptions() {
+	return [
+		"openai",
+		"anthropic",
+		"google",
+		"xai",
+		"groq",
+		"deepseek",
+		"mistral",
+		"together"
+	];
+}
+function getConfigPath() {
+	const envPath = process.env.CODEMEM_CONFIG;
+	if (envPath) return envPath.replace(/^~/, homedir());
+	const configDir = join(homedir(), ".config", "codemem");
+	return [join(configDir, "config.json"), join(configDir, "config.jsonc")].find((p) => existsSync(p)) ?? join(configDir, "config.json");
+}
+function readConfigFile(configPath) {
+	if (!existsSync(configPath)) return {};
+	try {
+		let text = readFileSync(configPath, "utf-8").trim();
+		if (!text) return {};
+		try {
+			return JSON.parse(text);
+		} catch {
+			text = stripTrailingCommas(stripJsonComments(text));
+			return JSON.parse(text);
+		}
+	} catch {
+		return {};
+	}
+}
+function getEffectiveConfig(configData) {
+	const effective = {
+		...DEFAULTS,
+		...configData
+	};
+	for (const [key, envVar] of Object.entries(CODEMEM_CONFIG_ENV_OVERRIDES)) {
+		const val = process.env[envVar];
+		if (val != null && val !== "") effective[key] = val;
+	}
+	return effective;
+}
+function parsePositiveInt(value, allowZero = false) {
+	if (typeof value === "boolean") return null;
+	const parsed = typeof value === "number" ? value : typeof value === "string" && /^-?\d+$/.test(value.trim()) ? Number(value.trim()) : NaN;
+	if (!Number.isFinite(parsed) || !Number.isInteger(parsed)) return null;
+	if (allowZero) return parsed >= 0 ? parsed : null;
+	return parsed > 0 ? parsed : null;
+}
+function asStringMap(value) {
+	if (value == null || typeof value !== "object" || Array.isArray(value)) return null;
+	const parsed = {};
+	for (const [key, item] of Object.entries(value)) {
+		if (typeof item !== "string") return null;
+		const stripped = key.trim();
+		if (!stripped) return null;
+		parsed[stripped] = item;
+	}
+	return parsed;
+}
+function asExecutableArgv(value) {
+	if (!Array.isArray(value)) return null;
+	const argv = [];
+	for (const item of value) {
+		if (typeof item !== "string") return null;
+		const token = item.trim();
+		if (!token) return null;
+		argv.push(token);
+	}
+	return argv;
+}
+function validateAndApplyUpdate(configData, key, value, providers) {
+	if (value == null || value === "") {
+		delete configData[key];
+		return null;
+	}
+	if (key === "observer_provider") {
+		if (typeof value !== "string") return "observer_provider must be string";
+		const provider = value.trim().toLowerCase();
+		const savedBaseUrl = configData.observer_base_url;
+		const hasSavedBaseUrl = typeof savedBaseUrl === "string" && savedBaseUrl.trim().length > 0;
+		if (!providers.has(provider) && !hasSavedBaseUrl) return "observer_provider must match a configured provider";
+		configData[key] = provider;
+		return null;
+	}
+	if (key === "observer_runtime") {
+		if (typeof value !== "string") return "observer_runtime must be string";
+		const runtime = value.trim().toLowerCase();
+		if (!RUNTIMES.has(runtime)) return "observer_runtime must be one of: api_http, claude_sidecar";
+		configData[key] = runtime;
+		return null;
+	}
+	if (key === "observer_auth_source") {
+		if (typeof value !== "string") return "observer_auth_source must be string";
+		const source = value.trim().toLowerCase();
+		if (!AUTH_SOURCES.has(source)) return "observer_auth_source must be one of: auto, env, file, command, none";
+		configData[key] = source;
+		return null;
+	}
+	if (key === "claude_command" || key === "observer_auth_command") {
+		const argv = asExecutableArgv(value);
+		if (argv == null) return `${key} must be string array`;
+		if (argv.length > 0) configData[key] = argv;
+		else delete configData[key];
+		return null;
+	}
+	if (key === "observer_headers") {
+		const headers = asStringMap(value);
+		if (headers == null) return "observer_headers must be object of string values";
+		if (Object.keys(headers).length > 0) configData[key] = headers;
+		else delete configData[key];
+		return null;
+	}
+	if (key === "sync_enabled" || key === "sync_mdns") {
+		if (typeof value !== "boolean") return `${key} must be boolean`;
+		configData[key] = value;
+		return null;
+	}
+	if (key === "observer_base_url" || key === "observer_model" || key === "observer_auth_file" || key === "sync_host" || key === "sync_coordinator_url" || key === "sync_coordinator_group") {
+		if (typeof value !== "string") return `${key} must be string`;
+		const trimmed = value.trim();
+		if (!trimmed) delete configData[key];
+		else configData[key] = trimmed;
+		return null;
+	}
+	const allowZero = key === "observer_auth_cache_ttl_s";
+	const parsed = parsePositiveInt(value, allowZero);
+	if (parsed == null) return `${key} must be ${allowZero ? "non-negative int" : "int"}`;
+	configData[key] = parsed;
+	return null;
+}
+function applyRuntimeEffects(changedKeys, opts) {
+	const applied = [];
+	if (changedKeys.includes("raw_events_sweeper_interval_s")) {
+		const configValue = readCodememConfigFile().raw_events_sweeper_interval_s;
+		const seconds = typeof configValue === "number" ? configValue : Number.parseInt(String(configValue ?? ""), 10);
+		if (Number.isFinite(seconds) && seconds > 0) process.env.CODEMEM_RAW_EVENTS_SWEEPER_INTERVAL_MS = String(seconds * 1e3);
+		else delete process.env.CODEMEM_RAW_EVENTS_SWEEPER_INTERVAL_MS;
+		opts.getSweeper?.()?.notifyConfigChanged();
+		applied.push("raw_events_sweeper_interval_s");
+	}
+	return applied;
+}
+function configRoutes(opts = {}) {
+	const app = new Hono();
+	app.get("/api/config", (c) => {
+		const configPath = getConfigPath();
+		const configData = readConfigFile(configPath);
+		return c.json({
+			path: configPath,
+			config: configData,
+			defaults: DEFAULTS,
+			effective: getEffectiveConfig(configData),
+			env_overrides: getCodememEnvOverrides(),
+			providers: loadProviderOptions()
+		});
+	});
+	app.post("/api/config", async (c) => {
+		let payload;
+		try {
+			payload = await c.req.json();
+		} catch {
+			return c.json({ error: "invalid json" }, 400);
+		}
+		if (payload == null || typeof payload !== "object" || Array.isArray(payload)) return c.json({ error: "payload must be an object" }, 400);
+		if ("config" in payload && payload.config != null && (typeof payload.config !== "object" || Array.isArray(payload.config))) return c.json({ error: "config must be an object" }, 400);
+		const updates = "config" in payload && payload.config != null && typeof payload.config === "object" && !Array.isArray(payload.config) ? payload.config : payload;
+		const configPath = getCodememConfigPath();
+		const beforeConfig = readCodememConfigFile();
+		const beforeEffective = getEffectiveConfig(beforeConfig);
+		const nextConfig = { ...beforeConfig };
+		const providers = new Set(loadProviderOptions());
+		const touchedKeys = ALLOWED_KEYS.filter((key) => key in updates);
+		for (const key of ALLOWED_KEYS) {
+			if (!(key in updates)) continue;
+			const error = validateAndApplyUpdate(nextConfig, key, updates[key], providers);
+			if (error) return c.json({ error }, 400);
+		}
+		let savedPath;
+		try {
+			savedPath = writeCodememConfigFile(nextConfig, configPath);
+		} catch {
+			return c.json({ error: "failed to write config" }, 500);
+		}
+		const afterEffective = getEffectiveConfig(nextConfig);
+		const savedChangedKeys = ALLOWED_KEYS.filter((key) => beforeConfig[key] !== nextConfig[key]);
+		const effectiveChangedKeys = ALLOWED_KEYS.filter((key) => beforeEffective[key] !== afterEffective[key]);
+		const envOverrides = getCodememEnvOverrides();
+		const ignoredByEnvKeys = savedChangedKeys.filter((key) => !effectiveChangedKeys.includes(key) && key in envOverrides);
+		const hotReloadedKeys = applyRuntimeEffects([...new Set([
+			...touchedKeys,
+			...savedChangedKeys,
+			...effectiveChangedKeys
+		])], opts);
+		const restartRequiredKeys = effectiveChangedKeys.filter((key) => !HOT_RELOAD_KEYS.has(key) && !(key in envOverrides));
+		return c.json({
+			path: savedPath,
+			config: nextConfig,
+			effective: afterEffective,
+			effects: {
+				saved_keys: savedChangedKeys,
+				effective_keys: effectiveChangedKeys,
+				hot_reloaded_keys: hotReloadedKeys,
+				restart_required_keys: restartRequiredKeys,
+				ignored_by_env_keys: ignoredByEnvKeys,
+				warnings: ignoredByEnvKeys.map((key) => `${key} is currently controlled by ${envOverrides[key]}; saved config will not take effect until that override is removed.`)
+			}
+		});
+	});
+	return app;
+}
+//#endregion
+//#region src/helpers.ts
+/**
+* Shared helpers for viewer-server routes.
+*/
+/**
+* Parse a JSON string that should be an array of strings.
+* Returns an empty array on null, invalid JSON, or non-array values.
+* Mirrors Python's store._safe_json_list().
+*/
+function safeJsonList(raw) {
+	if (raw == null) return [];
+	try {
+		const parsed = JSON.parse(raw);
+		if (!Array.isArray(parsed)) return [];
+		return parsed.filter((item) => typeof item === "string");
+	} catch {
+		return [];
+	}
+}
+/**
+* Parse a query parameter as an integer, returning the default on failure.
+*/
+function queryInt(value, defaultValue) {
+	if (value == null) return defaultValue;
+	const parsed = parseStrictInteger(value);
+	return parsed == null ? defaultValue : parsed;
+}
+/**
+* Parse a query parameter as a boolean flag.
+* Recognizes "1", "true", "yes" as truthy.
+*/
+function queryBool(value) {
+	if (value == null) return false;
+	return value === "1" || value === "true" || value === "yes";
+}
+//#endregion
+//#region src/routes/memory.ts
+/**
+* Attach session project/cwd fields to memory items.
+*/
+function attachSessionFields(store, items) {
+	const sessionIds = [];
+	const seen = /* @__PURE__ */ new Set();
+	for (const item of items) {
+		const value = item.session_id;
+		if (value == null) continue;
+		const sid = Number(value);
+		if (Number.isNaN(sid) || seen.has(sid)) continue;
+		seen.add(sid);
+		sessionIds.push(sid);
+	}
+	if (sessionIds.length === 0) return;
+	const rows = drizzle(store.db, { schema }).select({
+		id: schema.sessions.id,
+		project: schema.sessions.project,
+		cwd: schema.sessions.cwd
+	}).from(schema.sessions).where(inArray(schema.sessions.id, sessionIds)).all();
+	const bySession = /* @__PURE__ */ new Map();
+	for (const row of rows) {
+		const projectRaw = String(row.project ?? "").trim();
+		const project = projectRaw ? projectBasename(projectRaw) : "";
+		const cwd = String(row.cwd ?? "");
+		bySession.set(row.id, {
+			project,
+			cwd
+		});
+	}
+	for (const item of items) {
+		const sid = Number(item.session_id);
+		if (Number.isNaN(sid)) continue;
+		const fields = bySession.get(sid);
+		if (!fields) continue;
+		item.project ??= fields.project;
+		item.cwd ??= fields.cwd;
+	}
+}
+/**
+* Extract the basename of a project path.
+* Strips "fatal:" prefixed values.
+*/
+function projectBasename(raw) {
+	if (raw.toLowerCase().startsWith("fatal:")) return "";
+	const parts = raw.replace(/\\/g, "/").split("/");
+	return parts[parts.length - 1] ?? raw;
+}
+function memoryRoutes(getStore) {
+	const app = new Hono();
+	app.get("/api/sessions", (c) => {
+		const store = getStore();
+		{
+			const limit = queryInt(c.req.query("limit"), 20);
+			const items = drizzle(store.db, { schema }).select().from(schema.sessions).orderBy(desc(schema.sessions.started_at)).limit(limit).all().map((row) => ({
+				...row,
+				metadata_json: fromJson(row.metadata_json)
+			}));
+			return c.json({ items });
+		}
+	});
+	app.get("/api/projects", (c) => {
+		const store = getStore();
+		{
+			const rows = drizzle(store.db, { schema }).selectDistinct({ project: schema.sessions.project }).from(schema.sessions).where(isNotNull(schema.sessions.project)).all();
+			const projects = [...new Set(rows.map((r) => String(r.project ?? "").trim()).filter((p) => p && !p.toLowerCase().startsWith("fatal:")).map((p) => projectBasename(p)).filter(Boolean))].sort();
+			return c.json({ projects });
+		}
+	});
+	app.get("/api/memories", (c) => c.redirect("/api/observations", 301));
+	app.get("/api/observations", (c) => {
+		const store = getStore();
+		{
+			const limit = Math.max(1, queryInt(c.req.query("limit"), 20));
+			const offset = Math.max(0, queryInt(c.req.query("offset"), 0));
+			const project = c.req.query("project") || void 0;
+			const kinds = [
+				"bugfix",
+				"change",
+				"decision",
+				"discovery",
+				"exploration",
+				"feature",
+				"refactor"
+			];
+			const filters = {};
+			if (project) filters.project = project;
+			const items = store.recentByKinds(kinds, limit + 1, filters, offset);
+			const hasMore = items.length > limit;
+			const result = hasMore ? items.slice(0, limit) : items;
+			const asRecords = result;
+			attachSessionFields(store, asRecords);
+			return c.json({
+				items: asRecords,
+				pagination: {
+					limit,
+					offset,
+					next_offset: hasMore ? offset + result.length : null,
+					has_more: hasMore
+				}
+			});
+		}
+	});
+	app.get("/api/summaries", (c) => {
+		const store = getStore();
+		{
+			const limit = Math.max(1, queryInt(c.req.query("limit"), 50));
+			const offset = Math.max(0, queryInt(c.req.query("offset"), 0));
+			const project = c.req.query("project") || void 0;
+			const filters = { kind: "session_summary" };
+			if (project) filters.project = project;
+			const items = store.recent(limit + 1, filters, offset);
+			const hasMore = items.length > limit;
+			const result = hasMore ? items.slice(0, limit) : items;
+			const asRecords = result;
+			attachSessionFields(store, asRecords);
+			return c.json({
+				items: asRecords,
+				pagination: {
+					limit,
+					offset,
+					next_offset: hasMore ? offset + result.length : null,
+					has_more: hasMore
+				}
+			});
+		}
+	});
+	app.get("/api/session", (c) => {
+		const store = getStore();
+		{
+			const project = c.req.query("project") || null;
+			const count = (sql, ...params) => {
+				const row = store.db.prepare(sql).get(...params);
+				return Number(row?.total ?? 0);
+			};
+			let prompts;
+			let artifacts;
+			let memories;
+			let observations;
+			if (project) {
+				prompts = count("SELECT COUNT(*) AS total FROM user_prompts WHERE project = ?", project);
+				artifacts = count(`SELECT COUNT(*) AS total FROM artifacts
+					 JOIN sessions ON sessions.id = artifacts.session_id
+					 WHERE sessions.project = ?`, project);
+				memories = count(`SELECT COUNT(*) AS total FROM memory_items
+					 JOIN sessions ON sessions.id = memory_items.session_id
+					 WHERE sessions.project = ?`, project);
+				observations = count(`SELECT COUNT(*) AS total FROM memory_items
+					 JOIN sessions ON sessions.id = memory_items.session_id
+					 WHERE kind != 'session_summary' AND sessions.project = ?`, project);
+			} else {
+				prompts = count("SELECT COUNT(*) AS total FROM user_prompts");
+				artifacts = count("SELECT COUNT(*) AS total FROM artifacts");
+				memories = count("SELECT COUNT(*) AS total FROM memory_items");
+				observations = count("SELECT COUNT(*) AS total FROM memory_items WHERE kind != 'session_summary'");
+			}
+			const total = prompts + artifacts + memories;
+			return c.json({
+				total,
+				memories,
+				artifacts,
+				prompts,
+				observations
+			});
+		}
+	});
+	app.get("/api/pack", (c) => {
+		const store = getStore();
+		{
+			const context = c.req.query("context") || "";
+			if (!context) return c.json({ error: "context required" }, 400);
+			const limit = queryInt(c.req.query("limit"), 10);
+			const tokenBudgetStr = c.req.query("token_budget");
+			let tokenBudget;
+			if (tokenBudgetStr) {
+				tokenBudget = parseStrictInteger(tokenBudgetStr) ?? void 0;
+				if (tokenBudget === void 0) return c.json({ error: "token_budget must be int" }, 400);
+			}
+			const project = c.req.query("project") || void 0;
+			const filters = {};
+			if (project) filters.project = project;
+			const pack = store.buildMemoryPack(context, limit, tokenBudget ?? null, filters);
+			return c.json(pack);
+		}
+	});
+	app.get("/api/memory", (c) => {
+		const store = getStore();
+		{
+			const limit = queryInt(c.req.query("limit"), 20);
+			const kind = c.req.query("kind") || void 0;
+			const project = c.req.query("project") || void 0;
+			const filters = {};
+			if (kind) filters.kind = kind;
+			if (project) filters.project = project;
+			const asRecords = store.recent(limit, filters);
+			attachSessionFields(store, asRecords);
+			return c.json({ items: asRecords });
+		}
+	});
+	app.get("/api/artifacts", (c) => {
+		const store = getStore();
+		{
+			const sessionIdStr = c.req.query("session_id");
+			if (!sessionIdStr) return c.json({ error: "session_id required" }, 400);
+			const sessionId = parseStrictInteger(sessionIdStr);
+			if (sessionId == null) return c.json({ error: "session_id must be int" }, 400);
+			const rows = drizzle(store.db, { schema }).select().from(schema.artifacts).where(eq(schema.artifacts.session_id, sessionId)).all();
+			return c.json({ items: rows });
+		}
+	});
+	app.post("/api/memories/visibility", async (c) => {
+		const store = getStore();
+		const body = await c.req.json();
+		const memoryId = parseStrictInteger(typeof body.memory_id === "string" ? body.memory_id : String(body.memory_id ?? ""));
+		if (memoryId == null || memoryId <= 0) return c.json({ error: "memory_id must be int" }, 400);
+		const visibility = String(body.visibility ?? "").trim();
+		if (visibility !== "private" && visibility !== "shared") return c.json({ error: "visibility must be private or shared" }, 400);
+		try {
+			const item = store.updateMemoryVisibility(memoryId, visibility);
+			return c.json({ item });
+		} catch (err) {
+			const msg = err instanceof Error ? err.message : String(err);
+			if (msg.includes("not found")) return c.json({ error: msg }, 404);
+			if (msg.includes("not owned")) return c.json({ error: msg }, 403);
+			return c.json({ error: msg }, 400);
+		}
+	});
+	return app;
+}
+//#endregion
+//#region src/routes/observer-status.ts
+function buildFailureImpact(latestFailure, queueTotals, authBackoff) {
+	if (!latestFailure) return null;
+	if (authBackoff.active) return `Queue retries paused for ~${authBackoff.remainingS}s after an observer auth failure.`;
+	if (queueTotals.pending > 0) return `${queueTotals.pending} queued raw events across ${queueTotals.sessions} session(s) are waiting on a successful flush.`;
+	return "Failed flush batches are pending retry.";
+}
+function observerStatusRoutes(deps) {
+	const app = new Hono();
+	app.get("/api/observer-status", (c) => {
+		const store = deps?.getStore();
+		const sweeper = deps?.getSweeper();
+		if (!store || typeof store.rawEventBacklogTotals !== "function") return c.json({
+			active: null,
+			available_credentials: {},
+			latest_failure: null,
+			queue: {
+				pending: 0,
+				sessions: 0,
+				auth_backoff_active: false,
+				auth_backoff_remaining_s: 0
+			}
+		});
+		const queueTotals = store.rawEventBacklogTotals();
+		const authBackoff = sweeper?.authBackoffStatus() ?? {
+			active: false,
+			remainingS: 0
+		};
+		const latestFailure = store.latestRawEventFlushFailure();
+		const failureWithImpact = latestFailure ? {
+			...latestFailure,
+			impact: buildFailureImpact(latestFailure, queueTotals, authBackoff)
+		} : null;
+		return c.json({
+			active: null,
+			available_credentials: {},
+			latest_failure: failureWithImpact,
+			queue: {
+				...queueTotals,
+				auth_backoff_active: authBackoff.active,
+				auth_backoff_remaining_s: authBackoff.remainingS
+			}
+		});
+	});
+	return app;
+}
+//#endregion
+//#region src/routes/raw-events.ts
+/**
+* Raw events routes — GET & POST /api/raw-events, GET /api/raw-events/status,
+* POST /api/claude-hooks.
+*/
+var MAX_RAW_EVENTS_BODY_BYTES = Number.parseInt(process.env.CODEMEM_RAW_EVENTS_MAX_BODY_BYTES ?? "", 10) || 1048576;
+/** Keys to check (in priority order) when resolving a session stream id. */
+var SESSION_ID_KEYS = [
+	"session_stream_id",
+	"session_id",
+	"stream_id",
+	"opencode_session_id"
+];
+/**
+* Resolve a session stream id from a payload object.
+* Checks multiple field aliases. Throws on conflicting values.
+*/
+function resolveSessionStreamId(payload) {
+	const values = /* @__PURE__ */ new Map();
+	for (const key of SESSION_ID_KEYS) {
+		const value = payload[key];
+		if (value == null) continue;
+		if (typeof value !== "string") throw new Error(`${key} must be string`);
+		const text = value.trim();
+		if (text) values.set(key, text);
+	}
+	if (values.size === 0) return null;
+	if (new Set(values.values()).size > 1) throw new Error("conflicting session id fields");
+	for (const key of SESSION_ID_KEYS) {
+		const v = values.get(key);
+		if (v) return v;
+	}
+	return null;
+}
+/**
+* Parse and validate a JSON object body, enforcing size limits.
+* Returns the parsed payload or a Hono Response on error.
+*/
+async function parseJsonObjectBody(c, maxBytes) {
+	const contentLength = Number.parseInt(c.req.header("content-length") ?? "0", 10);
+	if (Number.isNaN(contentLength) || contentLength < 0) return c.json({ error: "invalid content-length" }, 400);
+	if (contentLength > maxBytes) return c.json({
+		error: "payload too large",
+		max_bytes: maxBytes
+	}, 413);
+	let raw;
+	try {
+		raw = await c.req.text();
+	} catch {
+		return c.json({ error: "invalid json" }, 400);
+	}
+	if (Buffer.byteLength(raw, "utf-8") > maxBytes) return c.json({
+		error: "payload too large",
+		max_bytes: maxBytes
+	}, 413);
+	let parsed;
+	try {
+		parsed = raw ? JSON.parse(raw) : {};
+	} catch {
+		return c.json({ error: "invalid json" }, 400);
+	}
+	if (parsed == null || typeof parsed !== "object" || Array.isArray(parsed)) return c.json({ error: "payload must be an object" }, 400);
+	return parsed;
+}
+/** Nudge the sweeper safely — never crashes the caller. */
+function nudgeSweeper(sweeper) {
+	try {
+		sweeper?.nudge();
+	} catch {}
+}
+function rawEventsRoutes(getStore, sweeper) {
+	const app = new Hono();
+	app.get("/api/raw-events", (c) => {
+		const totals = getStore().rawEventBacklogTotals();
+		return c.json(totals);
+	});
+	app.get("/api/raw-events/status", (c) => {
+		const store = getStore();
+		const limit = queryInt(c.req.query("limit"), 25);
+		const items = drizzle(store.db, { schema }).select({
+			source: schema.rawEventSessions.source,
+			stream_id: schema.rawEventSessions.stream_id,
+			opencode_session_id: schema.rawEventSessions.opencode_session_id,
+			cwd: schema.rawEventSessions.cwd,
+			project: schema.rawEventSessions.project,
+			started_at: schema.rawEventSessions.started_at,
+			last_seen_ts_wall_ms: schema.rawEventSessions.last_seen_ts_wall_ms,
+			last_received_event_seq: schema.rawEventSessions.last_received_event_seq,
+			last_flushed_event_seq: schema.rawEventSessions.last_flushed_event_seq,
+			updated_at: schema.rawEventSessions.updated_at
+		}).from(schema.rawEventSessions).orderBy(desc(schema.rawEventSessions.updated_at)).limit(limit).all().map((row) => {
+			const streamId = String(row.stream_id ?? row.opencode_session_id ?? "");
+			return {
+				...row,
+				session_stream_id: streamId,
+				session_id: streamId
+			};
+		});
+		const totals = store.rawEventBacklogTotals();
+		return c.json({
+			items,
+			totals,
+			ingest: {
+				available: true,
+				mode: "stream_queue",
+				max_body_bytes: MAX_RAW_EVENTS_BODY_BYTES
+			}
+		});
+	});
+	app.post("/api/raw-events", async (c) => {
+		const result = await parseJsonObjectBody(c, MAX_RAW_EVENTS_BODY_BYTES);
+		if (result instanceof Response) return result;
+		const payload = result;
+		const store = getStore();
+		try {
+			const cwd = payload.cwd;
+			if (cwd != null && typeof cwd !== "string") return c.json({ error: "cwd must be string" }, 400);
+			const project = payload.project;
+			if (project != null && typeof project !== "string") return c.json({ error: "project must be string" }, 400);
+			const startedAt = payload.started_at;
+			if (startedAt != null && typeof startedAt !== "string") return c.json({ error: "started_at must be string" }, 400);
+			let items = payload.events;
+			if (items == null) items = [payload];
+			if (!Array.isArray(items)) return c.json({ error: "events must be a list" }, 400);
+			let defaultSessionId;
+			try {
+				defaultSessionId = resolveSessionStreamId(payload) ?? "";
+			} catch (err) {
+				return c.json({ error: err.message }, 400);
+			}
+			if (defaultSessionId.startsWith("msg_")) return c.json({ error: "invalid session id" }, 400);
+			let inserted = 0;
+			const lastSeenBySession = /* @__PURE__ */ new Map();
+			const metaBySession = /* @__PURE__ */ new Map();
+			const sessionIds = /* @__PURE__ */ new Set();
+			const batchBySession = /* @__PURE__ */ new Map();
+			for (const item of items) {
+				if (item == null || typeof item !== "object" || Array.isArray(item)) return c.json({ error: "event must be an object" }, 400);
+				const itemObj = item;
+				let itemSessionId;
+				try {
+					itemSessionId = resolveSessionStreamId(itemObj);
+				} catch (err) {
+					return c.json({ error: err.message }, 400);
+				}
+				const opencodeSessionId = String(itemSessionId ?? defaultSessionId ?? "");
+				if (!opencodeSessionId) return c.json({ error: "session id required" }, 400);
+				if (opencodeSessionId.startsWith("msg_")) return c.json({ error: "invalid session id" }, 400);
+				let eventId = String(itemObj.event_id ?? "");
+				const eventType = String(itemObj.event_type ?? "");
+				if (!eventType) return c.json({ error: "event_type required" }, 400);
+				const eventSeqValue = itemObj.event_seq;
+				if (eventSeqValue != null) {
+					const parsed = Number(eventSeqValue);
+					if (!Number.isFinite(parsed) || parsed !== Math.floor(parsed)) return c.json({ error: "event_seq must be int" }, 400);
+				}
+				let tsWallMs = itemObj.ts_wall_ms;
+				if (tsWallMs != null) {
+					const parsed = Number(tsWallMs);
+					if (!Number.isFinite(parsed)) return c.json({ error: "ts_wall_ms must be int" }, 400);
+					tsWallMs = Math.floor(parsed);
+					const prev = lastSeenBySession.get(opencodeSessionId) ?? tsWallMs;
+					lastSeenBySession.set(opencodeSessionId, Math.max(prev, tsWallMs));
+				}
+				let tsMonoMs = itemObj.ts_mono_ms;
+				if (tsMonoMs != null) {
+					const parsed = Number(tsMonoMs);
+					if (!Number.isFinite(parsed)) return c.json({ error: "ts_mono_ms must be number" }, 400);
+					tsMonoMs = parsed;
+				}
+				let eventPayload = itemObj.payload;
+				if (eventPayload == null) eventPayload = {};
+				if (typeof eventPayload !== "object" || Array.isArray(eventPayload)) return c.json({ error: "payload must be an object" }, 400);
+				const itemCwd = itemObj.cwd;
+				if (itemCwd != null && typeof itemCwd !== "string") return c.json({ error: "cwd must be string" }, 400);
+				const itemProject = itemObj.project;
+				if (itemProject != null && typeof itemProject !== "string") return c.json({ error: "project must be string" }, 400);
+				const itemStartedAt = itemObj.started_at;
+				if (itemStartedAt != null && typeof itemStartedAt !== "string") return c.json({ error: "started_at must be string" }, 400);
+				eventPayload = stripPrivateObj(eventPayload);
+				if (!eventId) {
+					const sortedStringify = (obj) => JSON.stringify(obj, (_key, value) => {
+						if (value != null && typeof value === "object" && !Array.isArray(value)) {
+							const sorted = {};
+							for (const k of Object.keys(value).sort()) sorted[k] = value[k];
+							return sorted;
+						}
+						return value;
+					});
+					if (eventSeqValue != null) {
+						const rawId = sortedStringify({
+							s: eventSeqValue,
+							t: eventType,
+							p: eventPayload
+						});
+						eventId = `legacy-seq-${eventSeqValue}-${createHash("sha256").update(rawId, "utf-8").digest("hex").slice(0, 16)}`;
+					} else {
+						const rawId = sortedStringify({
+							m: tsMonoMs ?? null,
+							p: eventPayload,
+							t: eventType,
+							w: tsWallMs ?? null
+						});
+						eventId = `legacy-${createHash("sha256").update(rawId, "utf-8").digest("hex").slice(0, 16)}`;
+					}
+				}
+				const eventEntry = {
+					event_id: eventId,
+					event_type: eventType,
+					payload: eventPayload,
+					ts_wall_ms: tsWallMs ?? null,
+					ts_mono_ms: tsMonoMs ?? null
+				};
+				sessionIds.add(opencodeSessionId);
+				const list = batchBySession.get(opencodeSessionId) ?? [];
+				list.push({ ...eventEntry });
+				batchBySession.set(opencodeSessionId, list);
+				if (itemCwd || itemProject || itemStartedAt) {
+					const perSession = metaBySession.get(opencodeSessionId) ?? {};
+					if (itemCwd) perSession.cwd = itemCwd;
+					if (itemProject) perSession.project = itemProject;
+					if (itemStartedAt) perSession.started_at = itemStartedAt;
+					metaBySession.set(opencodeSessionId, perSession);
+				}
+			}
+			if (sessionIds.size === 1) {
+				const singleSessionId = sessionIds.values().next().value;
+				const batch = batchBySession.get(singleSessionId) ?? [];
+				inserted = store.recordRawEventsBatch(singleSessionId, batch).inserted;
+			} else for (const [sid, sidEvents] of batchBySession) {
+				const result = store.recordRawEventsBatch(sid, sidEvents);
+				inserted += result.inserted;
+			}
+			for (const metaSessionId of sessionIds) {
+				const sessionMeta = metaBySession.get(metaSessionId) ?? {};
+				const applyRequestMeta = sessionIds.size === 1 || metaSessionId === defaultSessionId;
+				store.updateRawEventSessionMeta({
+					opencodeSessionId: metaSessionId,
+					cwd: sessionMeta.cwd ?? (applyRequestMeta ? cwd : void 0) ?? null,
+					project: sessionMeta.project ?? (applyRequestMeta ? project : void 0) ?? null,
+					startedAt: sessionMeta.started_at ?? (applyRequestMeta ? startedAt : void 0) ?? null,
+					lastSeenTsWallMs: lastSeenBySession.get(metaSessionId) ?? null
+				});
+			}
+			nudgeSweeper(sweeper);
+			return c.json({
+				inserted,
+				received: items.length
+			});
+		} catch (err) {
+			const response = { error: "internal server error" };
+			if (process.env.CODEMEM_VIEWER_DEBUG === "1") response.detail = err.message;
+			return c.json(response, 500);
+		}
+	});
+	app.post("/api/claude-hooks", async (c) => {
+		const result = await parseJsonObjectBody(c, MAX_RAW_EVENTS_BODY_BYTES);
+		if (result instanceof Response) return result;
+		const envelope = buildRawEventEnvelopeFromHook(result);
+		if (envelope === null) return c.json({
+			inserted: 0,
+			skipped: 1
+		});
+		const store = getStore();
+		try {
+			const opencodeSessionId = envelope.opencode_session_id;
+			const source = envelope.source;
+			const strippedPayload = stripPrivateObj(envelope.payload);
+			const inserted = store.recordRawEvent({
+				opencodeSessionId,
+				source,
+				eventId: envelope.event_id,
+				eventType: "claude.hook",
+				payload: strippedPayload,
+				tsWallMs: envelope.ts_wall_ms
+			});
+			store.updateRawEventSessionMeta({
+				opencodeSessionId,
+				source,
+				cwd: envelope.cwd,
+				project: envelope.project,
+				startedAt: envelope.started_at,
+				lastSeenTsWallMs: envelope.ts_wall_ms
+			});
+			nudgeSweeper(sweeper);
+			return c.json({
+				inserted: inserted ? 1 : 0,
+				skipped: 0
+			});
+		} catch (err) {
+			const response = { error: "internal server error" };
+			if (process.env.CODEMEM_VIEWER_DEBUG === "1") response.detail = err.message;
+			return c.json(response, 500);
+		}
+	});
+	return app;
+}
+//#endregion
+//#region src/routes/stats.ts
+/**
+* Create stats routes. The store factory is called per-request to get a
+* fresh connection (matching the Python viewer pattern).
+*/
+function statsRoutes(getStore) {
+	const app = new Hono();
+	app.get("/api/stats", (c) => {
+		const store = getStore();
+		return c.json(store.stats());
+	});
+	app.get("/api/usage", (c) => {
+		const store = getStore();
+		{
+			const projectFilter = c.req.query("project") || null;
+			const eventsGlobal = store.db.prepare(`SELECT event,
+						SUM(tokens_read) AS total_tokens_read,
+						SUM(tokens_written) AS total_tokens_written,
+						SUM(tokens_saved) AS total_tokens_saved,
+						COUNT(*) AS count
+					 FROM usage_events GROUP BY event ORDER BY event`).all();
+			const totalsGlobal = store.db.prepare(`SELECT COALESCE(SUM(tokens_read),0) AS tokens_read,
+						COALESCE(SUM(tokens_written),0) AS tokens_written,
+						COALESCE(SUM(tokens_saved),0) AS tokens_saved,
+						COUNT(*) AS count
+					 FROM usage_events`).get();
+			let eventsFiltered = null;
+			let totalsFiltered = null;
+			if (projectFilter) {
+				eventsFiltered = store.db.prepare(`SELECT event,
+							SUM(tokens_read) AS total_tokens_read,
+							SUM(tokens_written) AS total_tokens_written,
+							SUM(tokens_saved) AS total_tokens_saved,
+							COUNT(*) AS count
+						 FROM usage_events
+						 JOIN sessions ON sessions.id = usage_events.session_id
+						 WHERE sessions.project = ?
+						 GROUP BY event ORDER BY event`).all(projectFilter);
+				totalsFiltered = store.db.prepare(`SELECT COALESCE(SUM(tokens_read),0) AS tokens_read,
+							COALESCE(SUM(tokens_written),0) AS tokens_written,
+							COALESCE(SUM(tokens_saved),0) AS tokens_saved,
+							COUNT(*) AS count
+						 FROM usage_events
+						 JOIN sessions ON sessions.id = usage_events.session_id
+						 WHERE sessions.project = ?`).get(projectFilter);
+			}
+			return c.json({
+				project: projectFilter,
+				events: projectFilter ? eventsFiltered : eventsGlobal,
+				totals: projectFilter ? totalsFiltered : totalsGlobal,
+				events_global: eventsGlobal,
+				totals_global: totalsGlobal,
+				events_filtered: eventsFiltered,
+				totals_filtered: totalsFiltered,
+				recent_packs: []
+			});
+		}
+	});
+	return app;
+}
+//#endregion
+//#region src/routes/sync.ts
+var SYNC_STALE_AFTER_SECONDS = 600;
+var PAIRING_FILTER_HINT = "Run this on another device with codemem sync pair --accept '<payload>'. On that accepting device, --include/--exclude only control what it sends to peers. This device does not yet enforce incoming project filters.";
+/**
+* Map a raw sync_peers DB row to the API response shape.
+* When showDiag is false, sensitive fields (fingerprint, last_error, addresses)
+* are redacted.
+*/
+function mapPeerRow(row, showDiag) {
+	return {
+		peer_device_id: row.peer_device_id,
+		name: row.name,
+		fingerprint: showDiag ? row.pinned_fingerprint : null,
+		pinned: Boolean(row.pinned_fingerprint),
+		addresses: showDiag ? safeJsonList(row.addresses_json) : [],
+		last_seen_at: row.last_seen_at,
+		last_sync_at: row.last_sync_at,
+		last_error: showDiag ? row.last_error : null,
+		has_error: Boolean(row.last_error),
+		claimed_local_actor: Boolean(row.claimed_local_actor),
+		actor_id: row.actor_id ?? null,
+		actor_display_name: row.actor_display_name ?? null,
+		project_scope: {
+			include: safeJsonList(row.projects_include_json),
+			exclude: safeJsonList(row.projects_exclude_json),
+			effective_include: safeJsonList(row.projects_include_json),
+			effective_exclude: safeJsonList(row.projects_exclude_json),
+			inherits_global: row.projects_include_json == null && row.projects_exclude_json == null
+		}
+	};
+}
+function isRecentIso(value, windowS = SYNC_STALE_AFTER_SECONDS) {
+	const raw = String(value ?? "").trim();
+	if (!raw) return false;
+	const normalized = raw.replace("Z", "+00:00");
+	const hasOffset = /(?:Z|[+-]\d{2}:?\d{2})$/i.test(raw);
+	const ts = new Date(hasOffset ? normalized : `${normalized}+00:00`);
+	if (Number.isNaN(ts.getTime())) return false;
+	const ageS = (Date.now() - ts.getTime()) / 1e3;
+	return ageS >= 0 && ageS <= windowS;
+}
+function peerStatus(peer) {
+	const lastSyncAt = peer.last_sync_at;
+	const lastPingAt = peer.last_seen_at;
+	const hasError = Boolean(peer.has_error);
+	const syncFresh = isRecentIso(lastSyncAt);
+	const pingFresh = isRecentIso(lastPingAt);
+	let peerState;
+	if (hasError && !(syncFresh || pingFresh)) peerState = "offline";
+	else if (hasError) peerState = "degraded";
+	else if (syncFresh || pingFresh) peerState = "online";
+	else if (lastSyncAt || lastPingAt) peerState = "stale";
+	else peerState = "unknown";
+	return {
+		sync_status: hasError ? "error" : syncFresh ? "ok" : lastSyncAt ? "stale" : "unknown",
+		ping_status: pingFresh ? "ok" : lastPingAt ? "stale" : "unknown",
+		peer_state: peerState,
+		fresh: syncFresh || pingFresh,
+		last_sync_at: lastSyncAt,
+		last_ping_at: lastPingAt
+	};
+}
+function attemptStatus(attempt) {
+	if (attempt.ok) return "ok";
+	if (attempt.error) return "error";
+	return "unknown";
+}
+var PEERS_QUERY = `
+	SELECT p.peer_device_id, p.name, p.pinned_fingerprint, p.addresses_json,
+	       p.last_seen_at, p.last_sync_at, p.last_error,
+	       p.projects_include_json, p.projects_exclude_json, p.claimed_local_actor,
+	       p.actor_id, a.display_name AS actor_display_name
+	FROM sync_peers AS p
+	LEFT JOIN actors AS a ON a.actor_id = p.actor_id
+	ORDER BY name, peer_device_id
+`;
+function syncRoutes(getStore) {
+	const app = new Hono();
+	app.get("/api/sync/status", (c) => {
+		const store = getStore();
+		{
+			const showDiag = queryBool(c.req.query("includeDiagnostics"));
+			c.req.query("project");
+			const d = drizzle(store.db, { schema });
+			const deviceRow = d.select({
+				device_id: schema.syncDevice.device_id,
+				fingerprint: schema.syncDevice.fingerprint
+			}).from(schema.syncDevice).limit(1).get();
+			const daemonState = d.select().from(schema.syncDaemonState).where(eq(schema.syncDaemonState.id, 1)).get();
+			const peerCountRow = d.select({ total: count() }).from(schema.syncPeers).get();
+			const lastSyncRow = d.select({ last_sync_at: max(schema.syncPeers.last_sync_at) }).from(schema.syncPeers).get();
+			const lastError = daemonState?.last_error;
+			const lastErrorAt = daemonState?.last_error_at;
+			const lastOkAt = daemonState?.last_ok_at;
+			let daemonStateValue = "ok";
+			if (lastError && (!lastOkAt || String(lastOkAt) < String(lastErrorAt ?? ""))) daemonStateValue = "error";
+			const statusPayload = {
+				enabled: true,
+				interval_s: 60,
+				peer_count: Number(peerCountRow?.total ?? 0),
+				last_sync_at: lastSyncRow?.last_sync_at ?? null,
+				daemon_state: daemonStateValue,
+				daemon_running: false,
+				daemon_detail: null,
+				project_filter_active: false,
+				project_filter: {
+					include: [],
+					exclude: []
+				},
+				redacted: !showDiag
+			};
+			if (showDiag) {
+				statusPayload.device_id = deviceRow?.device_id ?? null;
+				statusPayload.fingerprint = deviceRow?.fingerprint ?? null;
+				statusPayload.bind = null;
+				statusPayload.daemon_last_error = lastError;
+				statusPayload.daemon_last_error_at = lastErrorAt;
+				statusPayload.daemon_last_ok_at = lastOkAt;
+			}
+			const peersItems = store.db.prepare(PEERS_QUERY).all().map((row) => {
+				const peer = mapPeerRow(row, showDiag);
+				peer.status = peerStatus(peer);
+				return peer;
+			});
+			const peersMap = {};
+			for (const peer of peersItems) peersMap[String(peer.peer_device_id)] = peer.status;
+			const attemptsItems = d.select({
+				peer_device_id: schema.syncAttempts.peer_device_id,
+				ok: schema.syncAttempts.ok,
+				error: schema.syncAttempts.error,
+				started_at: schema.syncAttempts.started_at,
+				finished_at: schema.syncAttempts.finished_at,
+				ops_in: schema.syncAttempts.ops_in,
+				ops_out: schema.syncAttempts.ops_out
+			}).from(schema.syncAttempts).orderBy(desc(schema.syncAttempts.finished_at)).limit(25).all().map((row) => ({
+				...row,
+				status: attemptStatus(row),
+				address: null
+			}));
+			const statusBlock = {
+				...statusPayload,
+				peers: peersMap,
+				pending: 0,
+				sync: {},
+				ping: {}
+			};
+			return c.json({
+				...statusPayload,
+				status: statusBlock,
+				peers: peersItems,
+				attempts: attemptsItems.slice(0, 5),
+				legacy_devices: [],
+				sharing_review: { unreviewed: 0 },
+				coordinator: {
+					enabled: false,
+					configured: false
+				},
+				join_requests: []
+			});
+		}
+	});
+	app.get("/api/sync/peers", (c) => {
+		const store = getStore();
+		{
+			const showDiag = queryBool(c.req.query("includeDiagnostics"));
+			const peers = store.db.prepare(PEERS_QUERY).all().map((row) => mapPeerRow(row, showDiag));
+			return c.json({
+				items: peers,
+				redacted: !showDiag
+			});
+		}
+	});
+	app.get("/api/sync/actors", (c) => {
+		const store = getStore();
+		{
+			const d = drizzle(store.db, { schema });
+			const includeMerged = queryBool(c.req.query("includeMerged"));
+			const query = d.select().from(schema.actors);
+			const rows = includeMerged ? query.orderBy(schema.actors.display_name).all() : query.where(ne(schema.actors.status, "merged")).orderBy(schema.actors.display_name).all();
+			return c.json({ items: rows });
+		}
+	});
+	app.get("/api/sync/attempts", (c) => {
+		const store = getStore();
+		{
+			const d = drizzle(store.db, { schema });
+			let limit = queryInt(c.req.query("limit"), 25);
+			if (limit <= 0) return c.json({ error: "invalid_limit" }, 400);
+			limit = Math.min(limit, 500);
+			const rows = d.select({
+				peer_device_id: schema.syncAttempts.peer_device_id,
+				ok: schema.syncAttempts.ok,
+				error: schema.syncAttempts.error,
+				started_at: schema.syncAttempts.started_at,
+				finished_at: schema.syncAttempts.finished_at,
+				ops_in: schema.syncAttempts.ops_in,
+				ops_out: schema.syncAttempts.ops_out
+			}).from(schema.syncAttempts).orderBy(desc(schema.syncAttempts.finished_at)).limit(limit).all();
+			return c.json({ items: rows });
+		}
+	});
+	app.get("/api/sync/pairing", (c) => {
+		const store = getStore();
+		{
+			if (!queryBool(c.req.query("includeDiagnostics"))) return c.json({
+				redacted: true,
+				pairing_filter_hint: PAIRING_FILTER_HINT
+			});
+			const d = drizzle(store.db, { schema });
+			const deviceRow = d.select({
+				device_id: schema.syncDevice.device_id,
+				public_key: schema.syncDevice.public_key,
+				fingerprint: schema.syncDevice.fingerprint
+			}).from(schema.syncDevice).limit(1).get();
+			let deviceId;
+			let publicKey;
+			let fingerprint;
+			if (deviceRow) {
+				deviceId = String(deviceRow.device_id);
+				publicKey = String(deviceRow.public_key);
+				fingerprint = String(deviceRow.fingerprint);
+			} else try {
+				const [id, fp] = ensureDeviceIdentity(store.db);
+				deviceId = id;
+				fingerprint = fp;
+				publicKey = d.select({ public_key: schema.syncDevice.public_key }).from(schema.syncDevice).where(eq(schema.syncDevice.device_id, id)).get()?.public_key ?? "";
+			} catch {
+				return c.json({ error: "device identity unavailable" }, 500);
+			}
+			if (!deviceId || !fingerprint) return c.json({ error: "public key missing" }, 500);
+			return c.json({
+				device_id: deviceId,
+				fingerprint,
+				public_key: publicKey ?? null,
+				pairing_filter_hint: PAIRING_FILTER_HINT,
+				addresses: []
+			});
+		}
+	});
+	app.post("/api/sync/peers/rename", async (c) => {
+		const store = getStore();
+		{
+			const d = drizzle(store.db, { schema });
+			const body = await c.req.json();
+			const peerDeviceId = String(body.peer_device_id ?? "").trim();
+			const name = String(body.name ?? "").trim();
+			if (!peerDeviceId) return c.json({ error: "peer_device_id required" }, 400);
+			if (!name) return c.json({ error: "name required" }, 400);
+			if (!d.select({ peer_device_id: schema.syncPeers.peer_device_id }).from(schema.syncPeers).where(eq(schema.syncPeers.peer_device_id, peerDeviceId)).get()) return c.json({ error: "peer not found" }, 404);
+			d.update(schema.syncPeers).set({ name }).where(eq(schema.syncPeers.peer_device_id, peerDeviceId)).run();
+			return c.json({ ok: true });
+		}
+	});
+	app.delete("/api/sync/peers/:peer_device_id", (c) => {
+		const store = getStore();
+		{
+			const d = drizzle(store.db, { schema });
+			const peerDeviceId = c.req.param("peer_device_id")?.trim();
+			if (!peerDeviceId) return c.json({ error: "peer_device_id required" }, 400);
+			if (!d.select({ peer_device_id: schema.syncPeers.peer_device_id }).from(schema.syncPeers).where(eq(schema.syncPeers.peer_device_id, peerDeviceId)).get()) return c.json({ error: "peer not found" }, 404);
+			d.delete(schema.syncPeers).where(eq(schema.syncPeers.peer_device_id, peerDeviceId)).run();
+			return c.json({ ok: true });
+		}
+	});
+	return app;
+}
+//#endregion
+//#region src/index.ts
+/**
+* @codemem/server — HTTP server (viewer, sync, API).
+*
+* Single HTTP server handling viewer routes and sync daemon.
+* Shares one better-sqlite3 connection between viewer and sync.
+* Embedding inference runs in a worker_thread (lazy-started).
+*
+* Entry: `codemem serve`
+*/
+/** Shared store instance — SQLite WAL mode handles concurrent reads safely. */
+var sharedStore = null;
+/** Get (or create) the shared store instance. Exported so the sweeper can share it. */
+function getStore() {
+	if (!sharedStore) sharedStore = new MemoryStore(resolveDbPath());
+	return sharedStore;
+}
+/** Close the shared store (called on shutdown). */
+function closeStore() {
+	sharedStore?.close();
+	sharedStore = null;
+}
+function createApp(opts) {
+	const storeFactory = opts?.storeFactory ?? getStore;
+	const sweeper = opts?.sweeper ?? null;
+	const app = new Hono();
+	app.use("*", preflightHandler());
+	app.use("*", originGuard());
+	app.route("/", statsRoutes(storeFactory));
+	app.route("/", memoryRoutes(storeFactory));
+	app.route("/", observerStatusRoutes({
+		getStore: storeFactory,
+		getSweeper: () => sweeper
+	}));
+	app.route("/", configRoutes({ getSweeper: () => sweeper }));
+	app.route("/", rawEventsRoutes(storeFactory, sweeper));
+	app.route("/", syncRoutes(storeFactory));
+	const staticRoot = process.env.CODEMEM_VIEWER_STATIC_DIR ?? join(import.meta.dirname ?? ".", "../static");
+	app.use("/assets/*", serveStatic({
+		root: staticRoot,
+		rewriteRequestPath: (path) => path.replace(/^\/assets/, "")
+	}));
+	const indexHtml = readFileSync(join(staticRoot, "index.html"), "utf-8");
+	app.get("*", (c) => {
+		if (c.req.path.startsWith("/api/")) return c.json({ error: "not found" }, 404);
+		return c.html(indexHtml);
+	});
+	return app;
+}
+//#endregion
+export { VERSION, closeStore, createApp, getStore };
+//# sourceMappingURL=index.js.map