@codemem/server 0.20.0-alpha.5 → 0.20.0-alpha.7

package/dist/index.js

@@ -1,6 +1,6 @@
 import { existsSync, readFileSync } from "node:fs";
-import { join } from "node:path";
-import { CODEMEM_CONFIG_ENV_OVERRIDES, MemoryStore, VERSION, buildRawEventEnvelopeFromHook, ensureDeviceIdentity, fromJson, getCodememConfigPath, getCodememEnvOverrides, parseStrictInteger, readCodememConfigFile, resolveDbPath, schema, stripJsonComments, stripPrivateObj, stripTrailingCommas, writeCodememConfigFile } from "@codemem/core";
+import { dirname, join } from "node:path";
+import { CODEMEM_CONFIG_ENV_OVERRIDES, DEFAULT_TIME_WINDOW_S, MemoryStore, VERSION, applyReplicationOps, buildFilterClausesWithContext, buildRawEventEnvelopeFromHook, cleanupNonces, coordinatorCreateInviteAction, coordinatorImportInviteAction, coordinatorReviewJoinRequestAction, coordinatorStatusSnapshot, ensureDeviceIdentity, extractReplicationOps, fingerprintPublicKey, fromJson, getCodememConfigPath, getCodememEnvOverrides, listCoordinatorJoinRequests, listObserverProviderOptions, loadReplicationOpsSince, parseStrictInteger, probeAvailableCredentials, readCodememConfigFile, readCoordinatorSyncConfig, recordNonce, resolveDbPath, schema, stripJsonComments, stripPrivateObj, stripTrailingCommas, verifySignature, writeCodememConfigFile } from "@codemem/core";
 import { serveStatic } from "@hono/node-server/serve-static";
 import { Hono } from "hono";
 import { createMiddleware } from "hono/factory";
@@ -8,6 +8,7 @@ import { homedir } from "node:os";
 import { count, desc, eq, inArray, isNotNull, max, ne } from "drizzle-orm";
 import { drizzle } from "drizzle-orm/better-sqlite3";
 import { createHash } from "node:crypto";
+import net from "node:net";
 //#region src/middleware.ts
 var LOOPBACK_HOSTS = new Set([
 	"127.0.0.1",
@@ -175,16 +176,7 @@ var DEFAULTS = {
 	raw_events_sweeper_interval_s: 30
 };
 function loadProviderOptions() {
-	return [
-		"openai",
-		"anthropic",
-		"google",
-		"xai",
-		"groq",
-		"deepseek",
-		"mistral",
-		"together"
-	];
+	return listObserverProviderOptions();
 }
 function getConfigPath() {
 	const envPath = process.env.CODEMEM_CONFIG;
@@ -448,7 +440,7 @@ function attachSessionFields(store, items) {
 	const bySession = /* @__PURE__ */ new Map();
 	for (const row of rows) {
 		const projectRaw = String(row.project ?? "").trim();
-		const project = projectRaw ? projectBasename(projectRaw) : "";
+		const project = projectRaw ? projectBasename$1(projectRaw) : "";
 		const cwd = String(row.cwd ?? "");
 		bySession.set(row.id, {
 			project,
@@ -468,11 +460,57 @@ function attachSessionFields(store, items) {
 * Extract the basename of a project path.
 * Strips "fatal:" prefixed values.
 */
-function projectBasename(raw) {
+function projectBasename$1(raw) {
 	if (raw.toLowerCase().startsWith("fatal:")) return "";
 	const parts = raw.replace(/\\/g, "/").split("/");
 	return parts[parts.length - 1] ?? raw;
 }
+function normalizeScope(raw) {
+	const value = String(raw ?? "").trim().toLowerCase();
+	if (value === "mine" || value === "theirs") return value;
+}
+function queryMemoryPage(store, options) {
+	const filters = {};
+	if (options.project) filters.project = options.project;
+	if (options.scope) filters.ownership_scope = options.scope;
+	const filterResult = buildFilterClausesWithContext(filters, {
+		actorId: store.actorId,
+		deviceId: store.deviceId
+	});
+	const where = ["memory_items.active = 1", ...filterResult.clauses].join(" AND ");
+	const from = filterResult.joinSessions ? "memory_items JOIN sessions ON sessions.id = memory_items.session_id" : "memory_items";
+	return store.db.prepare(`SELECT memory_items.* FROM ${from}
+			 WHERE ${where}
+			 ORDER BY memory_items.created_at DESC
+			 LIMIT ? OFFSET ?`).all(...filterResult.params, options.limit + 1, options.offset).map((row) => ({
+		...row,
+		metadata_json: fromJson(row.metadata_json ?? null)
+	}));
+}
+function isSummaryLikeMemory(item) {
+	if (String(item.kind ?? "").toLowerCase() === "session_summary") return true;
+	const metadata = item.metadata_json ?? {};
+	if (metadata.is_summary === true) return true;
+	return String(metadata.source ?? "").trim().toLowerCase() === "observer_summary";
+}
+function selectMemoryPage(store, options) {
+	const pageSize = Math.max(options.limit + options.offset + 10, 50);
+	let rawOffset = 0;
+	const matched = [];
+	while (matched.length < options.offset + options.limit + 1) {
+		const page = queryMemoryPage(store, {
+			limit: pageSize,
+			offset: rawOffset,
+			project: options.project,
+			scope: options.scope
+		});
+		if (page.length === 0) break;
+		matched.push(...page.filter(options.matcher));
+		if (page.length < pageSize) break;
+		rawOffset += page.length;
+	}
+	return matched.slice(options.offset, options.offset + options.limit + 1);
+}
 function memoryRoutes(getStore) {
 	const app = new Hono();
 	app.get("/api/sessions", (c) => {
@@ -490,29 +528,26 @@ function memoryRoutes(getStore) {
 		const store = getStore();
 		{
 			const rows = drizzle(store.db, { schema }).selectDistinct({ project: schema.sessions.project }).from(schema.sessions).where(isNotNull(schema.sessions.project)).all();
-			const projects = [...new Set(rows.map((r) => String(r.project ?? "").trim()).filter((p) => p && !p.toLowerCase().startsWith("fatal:")).map((p) => projectBasename(p)).filter(Boolean))].sort();
+			const projects = [...new Set(rows.map((r) => String(r.project ?? "").trim()).filter((p) => p && !p.toLowerCase().startsWith("fatal:")).map((p) => projectBasename$1(p)).filter(Boolean))].sort();
 			return c.json({ projects });
 		}
 	});
-	app.get("/api/memories", (c) => c.redirect("/api/observations", 301));
+	app.get("/api/memories", (c) => {
+		const search = new URL(c.req.url).search;
+		return c.redirect(`/api/observations${search}`, 301);
+	});
 	app.get("/api/observations", (c) => {
 		const store = getStore();
 		{
 			const limit = Math.max(1, queryInt(c.req.query("limit"), 20));
 			const offset = Math.max(0, queryInt(c.req.query("offset"), 0));
-			const project = c.req.query("project") || void 0;
-			const kinds = [
-				"bugfix",
-				"change",
-				"decision",
-				"discovery",
-				"exploration",
-				"feature",
-				"refactor"
-			];
-			const filters = {};
-			if (project) filters.project = project;
-			const items = store.recentByKinds(kinds, limit + 1, filters, offset);
+			const items = selectMemoryPage(store, {
+				limit,
+				offset,
+				project: c.req.query("project") || void 0,
+				scope: normalizeScope(c.req.query("scope")),
+				matcher: (item) => !isSummaryLikeMemory(item)
+			});
 			const hasMore = items.length > limit;
 			const result = hasMore ? items.slice(0, limit) : items;
 			const asRecords = result;
@@ -533,10 +568,13 @@ function memoryRoutes(getStore) {
 		{
 			const limit = Math.max(1, queryInt(c.req.query("limit"), 50));
 			const offset = Math.max(0, queryInt(c.req.query("offset"), 0));
-			const project = c.req.query("project") || void 0;
-			const filters = { kind: "session_summary" };
-			if (project) filters.project = project;
-			const items = store.recent(limit + 1, filters, offset);
+			const items = selectMemoryPage(store, {
+				limit,
+				offset,
+				project: c.req.query("project") || void 0,
+				scope: normalizeScope(c.req.query("scope")),
+				matcher: (item) => isSummaryLikeMemory(item)
+			});
 			const hasMore = items.length > limit;
 			const result = hasMore ? items.slice(0, limit) : items;
 			const asRecords = result;
@@ -564,6 +602,22 @@ function memoryRoutes(getStore) {
 			let artifacts;
 			let memories;
 			let observations;
+			const countObservations = (scopeProject) => {
+				let offset = 0;
+				let total = 0;
+				while (true) {
+					const page = queryMemoryPage(store, {
+						limit: 200,
+						offset,
+						project: scopeProject
+					});
+					if (page.length === 0) break;
+					total += page.filter((item) => !isSummaryLikeMemory(item)).length;
+					if (page.length < 200) break;
+					offset += page.length;
+				}
+				return total;
+			};
 			if (project) {
 				prompts = count("SELECT COUNT(*) AS total FROM user_prompts WHERE project = ?", project);
 				artifacts = count(`SELECT COUNT(*) AS total FROM artifacts
@@ -572,14 +626,12 @@ function memoryRoutes(getStore) {
 				memories = count(`SELECT COUNT(*) AS total FROM memory_items
 					 JOIN sessions ON sessions.id = memory_items.session_id
 					 WHERE sessions.project = ?`, project);
-				observations = count(`SELECT COUNT(*) AS total FROM memory_items
-					 JOIN sessions ON sessions.id = memory_items.session_id
-					 WHERE kind != 'session_summary' AND sessions.project = ?`, project);
+				observations = countObservations(project);
 			} else {
 				prompts = count("SELECT COUNT(*) AS total FROM user_prompts");
 				artifacts = count("SELECT COUNT(*) AS total FROM artifacts");
 				memories = count("SELECT COUNT(*) AS total FROM memory_items");
-				observations = count("SELECT COUNT(*) AS total FROM memory_items WHERE kind != 'session_summary'");
+				observations = countObservations();
 			}
 			const total = prompts + artifacts + memories;
 			return c.json({
@@ -591,7 +643,7 @@ function memoryRoutes(getStore) {
 			});
 		}
 	});
-	app.get("/api/pack", (c) => {
+	app.get("/api/pack", async (c) => {
 		const store = getStore();
 		{
 			const context = c.req.query("context") || "";
@@ -606,7 +658,7 @@ function memoryRoutes(getStore) {
 			const project = c.req.query("project") || void 0;
 			const filters = {};
 			if (project) filters.project = project;
-			const pack = store.buildMemoryPack(context, limit, tokenBudget ?? null, filters);
+			const pack = await store.buildMemoryPackAsync(context, limit, tokenBudget ?? null, filters);
 			return c.json(pack);
 		}
 	});
@@ -637,7 +689,12 @@ function memoryRoutes(getStore) {
 	});
 	app.post("/api/memories/visibility", async (c) => {
 		const store = getStore();
-		const body = await c.req.json();
+		let body;
+		try {
+			body = await c.req.json();
+		} catch {
+			return c.json({ error: "invalid JSON" }, 400);
+		}
 		const memoryId = parseStrictInteger(typeof body.memory_id === "string" ? body.memory_id : String(body.memory_id ?? ""));
 		if (memoryId == null || memoryId <= 0) return c.json({ error: "memory_id must be int" }, 400);
 		const visibility = String(body.visibility ?? "").trim();
@@ -656,6 +713,17 @@ function memoryRoutes(getStore) {
 }
 //#endregion
 //#region src/routes/observer-status.ts
+function normalizeActiveObserver(active) {
+	if (!active) return null;
+	return {
+		...active,
+		auth: {
+			...active.auth,
+			method: active.auth.type,
+			token_present: active.auth.hasToken
+		}
+	};
+}
 function buildFailureImpact(latestFailure, queueTotals, authBackoff) {
 	if (!latestFailure) return null;
 	if (authBackoff.active) return `Queue retries paused for ~${authBackoff.remainingS}s after an observer auth failure.`;
@@ -667,6 +735,7 @@ function observerStatusRoutes(deps) {
 	app.get("/api/observer-status", (c) => {
 		const store = deps?.getStore();
 		const sweeper = deps?.getSweeper();
+		const observer = deps?.getObserver?.() ?? null;
 		if (!store || typeof store.rawEventBacklogTotals !== "function") return c.json({
 			active: null,
 			available_credentials: {},
@@ -684,13 +753,15 @@ function observerStatusRoutes(deps) {
 			remainingS: 0
 		};
 		const latestFailure = store.latestRawEventFlushFailure();
-		const failureWithImpact = latestFailure ? {
+		const active = normalizeActiveObserver(observer?.getStatus() ?? null);
+		const availableCredentials = probeAvailableCredentials();
+		const failureWithImpact = latestFailure != null && (authBackoff.active || queueTotals.pending > 0) && latestFailure ? {
 			...latestFailure,
 			impact: buildFailureImpact(latestFailure, queueTotals, authBackoff)
 		} : null;
 		return c.json({
-			active: null,
-			available_credentials: {},
+			active,
+			available_credentials: availableCredentials,
 			latest_failure: failureWithImpact,
 			queue: {
 				...queueTotals,
@@ -767,9 +838,9 @@ async function parseJsonObjectBody(c, maxBytes) {
 	return parsed;
 }
 /** Nudge the sweeper safely — never crashes the caller. */
-function nudgeSweeper(sweeper) {
+function nudgeSweeper(sweeper, sessionIds, source = "opencode") {
 	try {
-		sweeper?.nudge();
+		for (const sessionId of sessionIds) sweeper?.nudge(sessionId, source);
 	} catch {}
 }
 function rawEventsRoutes(getStore, sweeper) {
@@ -946,7 +1017,7 @@ function rawEventsRoutes(getStore, sweeper) {
 					lastSeenTsWallMs: lastSeenBySession.get(metaSessionId) ?? null
 				});
 			}
-			nudgeSweeper(sweeper);
+			nudgeSweeper(sweeper, sessionIds);
 			return c.json({
 				inserted,
 				received: items.length
@@ -986,7 +1057,7 @@ function rawEventsRoutes(getStore, sweeper) {
 				startedAt: envelope.started_at,
 				lastSeenTsWallMs: envelope.ts_wall_ms
 			});
-			nudgeSweeper(sweeper);
+			nudgeSweeper(sweeper, [opencodeSessionId], source);
 			return c.json({
 				inserted: inserted ? 1 : 0,
 				skipped: 0
@@ -1062,8 +1133,193 @@ function statsRoutes(getStore) {
 }
 //#endregion
 //#region src/routes/sync.ts
+/**
+* Sync routes — status, peers, actors, attempts, pairing, mutations.
+*/
 var SYNC_STALE_AFTER_SECONDS = 600;
-var PAIRING_FILTER_HINT = "Run this on another device with codemem sync pair --accept '<payload>'. On that accepting device, --include/--exclude only control what it sends to peers. This device does not yet enforce incoming project filters.";
+var SYNC_PROTOCOL_VERSION = "1";
+function intEnvOr(name, fallback) {
+	const value = Number.parseInt(process.env[name] ?? "", 10);
+	return Number.isFinite(value) ? value : fallback;
+}
+var MAX_SYNC_BODY_BYTES = intEnvOr("CODEMEM_SYNC_MAX_BODY_BYTES", 1048576);
+var MAX_SYNC_OPS = intEnvOr("CODEMEM_SYNC_MAX_OPS", 2e3);
+var PAIRING_FILTER_HINT = "Run this on another device with codemem sync pair --accept '<payload>'. On the accepting device, --include/--exclude control both what it sends and what it accepts from that peer.";
+function pathWithQuery(url) {
+	const parsed = new URL(url);
+	return parsed.search ? `${parsed.pathname}${parsed.search}` : parsed.pathname;
+}
+function unauthorizedPayload(reason) {
+	if (process.env.CODEMEM_SYNC_AUTH_DIAGNOSTICS === "1") return {
+		error: "unauthorized",
+		reason
+	};
+	return { error: "unauthorized" };
+}
+function authorizeSyncRequest(store, request, body) {
+	const deviceId = (request.header("X-Opencode-Device") ?? "").trim();
+	const signature = request.header("X-Opencode-Signature") ?? "";
+	const timestamp = request.header("X-Opencode-Timestamp") ?? "";
+	const nonce = request.header("X-Opencode-Nonce") ?? "";
+	if (!deviceId || !signature || !timestamp || !nonce) return {
+		ok: false,
+		reason: "missing_headers",
+		deviceId
+	};
+	const peerRow = store.db.prepare("SELECT pinned_fingerprint, public_key FROM sync_peers WHERE peer_device_id = ? LIMIT 1").get(deviceId);
+	if (!peerRow) return {
+		ok: false,
+		reason: "unknown_peer",
+		deviceId
+	};
+	const pinnedFingerprint = String(peerRow.pinned_fingerprint ?? "").trim();
+	const publicKey = String(peerRow.public_key ?? "").trim();
+	if (!pinnedFingerprint || !publicKey) return {
+		ok: false,
+		reason: "peer_record_incomplete",
+		deviceId
+	};
+	if (fingerprintPublicKey(publicKey) !== pinnedFingerprint) return {
+		ok: false,
+		reason: "fingerprint_mismatch",
+		deviceId
+	};
+	let valid = false;
+	try {
+		valid = verifySignature({
+			method: request.method,
+			pathWithQuery: pathWithQuery(request.url),
+			bodyBytes: body,
+			timestamp,
+			nonce,
+			signature,
+			publicKey,
+			deviceId
+		});
+	} catch {
+		return {
+			ok: false,
+			reason: "signature_verification_error",
+			deviceId
+		};
+	}
+	if (!valid) return {
+		ok: false,
+		reason: "invalid_signature",
+		deviceId
+	};
+	const createdAt = (/* @__PURE__ */ new Date()).toISOString();
+	if (!recordNonce(store.db, deviceId, nonce, createdAt)) return {
+		ok: false,
+		reason: "nonce_replay",
+		deviceId
+	};
+	const cutoff = (/* @__PURE__ */ new Date(Date.now() - DEFAULT_TIME_WINDOW_S * 2 * 1e3)).toISOString();
+	cleanupNonces(store.db, cutoff);
+	return {
+		ok: true,
+		reason: "ok",
+		deviceId
+	};
+}
+function projectBasename(value) {
+	const project = String(value ?? "").trim().replaceAll("\\", "/");
+	if (!project) return "";
+	const parts = project.split("/").filter(Boolean);
+	return parts.length > 0 ? parts[parts.length - 1] ?? "" : "";
+}
+function parseJsonList(value) {
+	if (value == null) return [];
+	if (typeof value === "string") try {
+		const parsed = JSON.parse(value);
+		if (!Array.isArray(parsed)) return [];
+		return parsed.map((entry) => String(entry ?? "").trim()).filter(Boolean);
+	} catch {
+		return [];
+	}
+	if (!Array.isArray(value)) return [];
+	return value.map((entry) => String(entry ?? "").trim()).filter(Boolean);
+}
+function readPeerProjectFilters(store, peerDeviceId) {
+	const globalConfig = readCoordinatorSyncConfig();
+	const row = store.db.prepare("SELECT projects_include_json, projects_exclude_json FROM sync_peers WHERE peer_device_id = ? LIMIT 1").get(peerDeviceId);
+	if (!row) return {
+		include: globalConfig.syncProjectsInclude,
+		exclude: globalConfig.syncProjectsExclude
+	};
+	if (!(row.projects_include_json != null || row.projects_exclude_json != null)) return {
+		include: globalConfig.syncProjectsInclude,
+		exclude: globalConfig.syncProjectsExclude
+	};
+	return {
+		include: parseJsonList(row.projects_include_json),
+		exclude: parseJsonList(row.projects_exclude_json)
+	};
+}
+function peerClaimedLocalActor(store, peerDeviceId) {
+	const row = store.db.prepare("SELECT claimed_local_actor FROM sync_peers WHERE peer_device_id = ? LIMIT 1").get(peerDeviceId);
+	return Boolean(row?.claimed_local_actor);
+}
+function parseOpPayload(op) {
+	if (!op.payload_json || !String(op.payload_json).trim()) return null;
+	try {
+		const parsed = JSON.parse(op.payload_json);
+		if (!parsed || typeof parsed !== "object" || Array.isArray(parsed)) return null;
+		return parsed;
+	} catch {
+		return null;
+	}
+}
+function isSharedVisibility(payload) {
+	if (!payload) return false;
+	let visibility = String(payload.visibility ?? "").trim().toLowerCase();
+	const metadata = payload.metadata_json && typeof payload.metadata_json === "object" && !Array.isArray(payload.metadata_json) ? payload.metadata_json : {};
+	const metadataVisibility = String(metadata.visibility ?? "").trim().toLowerCase();
+	if (!visibility && metadataVisibility) visibility = metadataVisibility;
+	if (!visibility) {
+		let workspaceKind = String(payload.workspace_kind ?? "").trim().toLowerCase();
+		let workspaceId = String(payload.workspace_id ?? "").trim().toLowerCase();
+		if (!workspaceKind) workspaceKind = String(metadata.workspace_kind ?? "").trim().toLowerCase();
+		if (!workspaceId) workspaceId = String(metadata.workspace_id ?? "").trim().toLowerCase();
+		if (workspaceKind === "shared" || workspaceId.startsWith("shared:")) visibility = "shared";
+		else return true;
+	}
+	return visibility === "shared";
+}
+function projectAllowed(projectValue, filters) {
+	const value = String(projectValue ?? "").trim();
+	const valueBase = projectBasename(value);
+	for (const blocked of filters.exclude) if (blocked === value || blocked === valueBase) return false;
+	if (filters.include.length === 0) return true;
+	for (const allowed of filters.include) if (allowed === value || allowed === valueBase) return true;
+	return false;
+}
+function filterOpsForPeer(store, peerDeviceId, ops) {
+	const filters = readPeerProjectFilters(store, peerDeviceId);
+	const allowPrivate = peerClaimedLocalActor(store, peerDeviceId);
+	const allowed = [];
+	let skipped = 0;
+	for (const op of ops) {
+		if (op.entity_type !== "memory_item") {
+			allowed.push(op);
+			continue;
+		}
+		const payload = parseOpPayload(op);
+		if (!allowPrivate && !isSharedVisibility(payload)) {
+			skipped++;
+			continue;
+		}
+		if (!projectAllowed(payload && typeof payload.project === "string" ? payload.project : null, filters)) {
+			skipped++;
+			continue;
+		}
+		allowed.push(op);
+	}
+	return {
+		allowed,
+		skipped
+	};
+}
 /**
 * Map a raw sync_peers DB row to the API response shape.
 * When showDiag is false, sensitive fields (fingerprint, last_error, addresses)
@@ -1128,6 +1384,34 @@ function attemptStatus(attempt) {
 	if (attempt.error) return "error";
 	return "unknown";
 }
+function readViewerBinding(dbPath) {
+	try {
+		const raw = readFileSync(join(dirname(dbPath), "viewer.pid"), "utf8");
+		const parsed = JSON.parse(raw);
+		if (typeof parsed.host === "string" && typeof parsed.port === "number") return {
+			host: parsed.host,
+			port: parsed.port
+		};
+	} catch {}
+	return null;
+}
+async function portOpen(host, port) {
+	return new Promise((resolve) => {
+		const socket = net.createConnection({
+			host,
+			port
+		});
+		const done = (ok) => {
+			socket.removeAllListeners();
+			socket.destroy();
+			resolve(ok);
+		};
+		socket.setTimeout(300);
+		socket.once("connect", () => done(true));
+		socket.once("timeout", () => done(false));
+		socket.once("error", () => done(false));
+	});
+}
 var PEERS_QUERY = `
 	SELECT p.peer_device_id, p.name, p.pinned_fingerprint, p.addresses_json,
 	       p.last_seen_at, p.last_sync_at, p.last_error,
@@ -1139,11 +1423,95 @@ var PEERS_QUERY = `
 `;
 function syncRoutes(getStore) {
 	const app = new Hono();
-	app.get("/api/sync/status", (c) => {
+	app.get("/v1/status", (c) => {
+		const store = getStore();
+		const auth = authorizeSyncRequest(store, c.req, Buffer.alloc(0));
+		if (!auth.ok) return c.json(unauthorizedPayload(auth.reason), 401);
+		try {
+			let device = store.db.prepare("SELECT device_id, fingerprint FROM sync_device LIMIT 1").get();
+			if (!device) {
+				const [deviceId, fingerprint] = ensureDeviceIdentity(store.db);
+				device = {
+					device_id: deviceId,
+					fingerprint
+				};
+			}
+			return c.json({
+				device_id: device.device_id,
+				protocol_version: SYNC_PROTOCOL_VERSION,
+				fingerprint: device.fingerprint
+			});
+		} catch {
+			return c.json({ error: "internal_error" }, 500);
+		}
+	});
+	app.get("/v1/ops", (c) => {
+		const store = getStore();
+		const auth = authorizeSyncRequest(store, c.req, Buffer.alloc(0));
+		if (!auth.ok) return c.json(unauthorizedPayload(auth.reason), 401);
+		const peerDeviceId = auth.deviceId;
+		try {
+			const since = c.req.query("since") ?? null;
+			const rawLimit = Number.parseInt(c.req.query("limit") ?? "200", 10);
+			const limit = Number.isFinite(rawLimit) ? Math.max(1, Math.min(rawLimit, 1e3)) : 200;
+			let localDeviceId = store.db.prepare("SELECT device_id FROM sync_device LIMIT 1").get();
+			if (!localDeviceId) {
+				const [deviceId] = ensureDeviceIdentity(store.db);
+				localDeviceId = { device_id: deviceId };
+			}
+			const [ops, nextCursor] = loadReplicationOpsSince(store.db, since, limit, localDeviceId.device_id);
+			const filtered = filterOpsForPeer(store, peerDeviceId, ops);
+			return c.json({
+				ops: filtered.allowed,
+				next_cursor: nextCursor,
+				skipped: filtered.skipped
+			});
+		} catch {
+			return c.json({ error: "internal_error" }, 500);
+		}
+	});
+	app.post("/v1/ops", async (c) => {
+		const store = getStore();
+		const raw = Buffer.from(await c.req.arrayBuffer());
+		if (raw.length > MAX_SYNC_BODY_BYTES) return c.json({ error: "payload_too_large" }, 413);
+		const auth = authorizeSyncRequest(store, c.req, raw);
+		if (!auth.ok) return c.json(unauthorizedPayload(auth.reason), 401);
+		const peerDeviceId = auth.deviceId;
+		let body;
+		try {
+			const parsed = JSON.parse(raw.toString("utf-8"));
+			if (!parsed || typeof parsed !== "object" || Array.isArray(parsed)) return c.json({ error: "invalid_json" }, 400);
+			body = parsed;
+		} catch {
+			return c.json({ error: "invalid_json" }, 400);
+		}
+		if (!Array.isArray(body.ops)) return c.json({ error: "invalid_ops" }, 400);
+		if (body.ops.length > MAX_SYNC_OPS) return c.json({ error: "too_many_ops" }, 413);
+		const normalizedOps = extractReplicationOps(body);
+		for (const op of normalizedOps) if (op.device_id !== peerDeviceId || op.clock_device_id !== peerDeviceId) return c.json({
+			error: "invalid_op_device",
+			reason: "device_id_mismatch",
+			op_id: op.op_id
+		}, 400);
+		let localDeviceId = store.db.prepare("SELECT device_id FROM sync_device LIMIT 1").get();
+		if (!localDeviceId) {
+			const [deviceId] = ensureDeviceIdentity(store.db);
+			localDeviceId = { device_id: deviceId };
+		}
+		const filteredInbound = filterOpsForPeer(store, peerDeviceId, normalizedOps);
+		const result = applyReplicationOps(store.db, filteredInbound.allowed, localDeviceId.device_id);
+		return c.json({
+			...result,
+			skipped: result.skipped + filteredInbound.skipped
+		});
+	});
+	app.get("/api/sync/status", async (c) => {
 		const store = getStore();
 		{
 			const showDiag = queryBool(c.req.query("includeDiagnostics"));
-			c.req.query("project");
+			const includeJoinRequests = queryBool(c.req.query("includeJoinRequests"));
+			const project = c.req.query("project") || null;
+			const config = readCoordinatorSyncConfig();
 			const d = drizzle(store.db, { schema });
 			const deviceRow = d.select({
 				device_id: schema.syncDevice.device_id,
@@ -1155,27 +1523,32 @@ function syncRoutes(getStore) {
 			const lastError = daemonState?.last_error;
 			const lastErrorAt = daemonState?.last_error_at;
 			const lastOkAt = daemonState?.last_ok_at;
+			const viewerBinding = readViewerBinding(store.dbPath);
+			const daemonRunning = viewerBinding ? await portOpen(viewerBinding.host, viewerBinding.port) : false;
+			const daemonDetail = viewerBinding ? daemonRunning ? `viewer pidfile at ${viewerBinding.host}:${viewerBinding.port}` : `pidfile present but ${viewerBinding.host}:${viewerBinding.port} is unreachable` : null;
 			let daemonStateValue = "ok";
-			if (lastError && (!lastOkAt || String(lastOkAt) < String(lastErrorAt ?? ""))) daemonStateValue = "error";
+			if (!config.syncEnabled) daemonStateValue = "disabled";
+			else if (lastError && (!lastOkAt || String(lastOkAt) < String(lastErrorAt ?? ""))) daemonStateValue = "error";
+			else if (!daemonRunning) daemonStateValue = "stopped";
 			const statusPayload = {
-				enabled: true,
-				interval_s: 60,
+				enabled: config.syncEnabled,
+				interval_s: config.syncIntervalS,
 				peer_count: Number(peerCountRow?.total ?? 0),
 				last_sync_at: lastSyncRow?.last_sync_at ?? null,
 				daemon_state: daemonStateValue,
-				daemon_running: false,
-				daemon_detail: null,
-				project_filter_active: false,
+				daemon_running: daemonRunning,
+				daemon_detail: daemonDetail,
+				project_filter_active: config.syncProjectsInclude.length > 0 || config.syncProjectsExclude.length > 0,
 				project_filter: {
-					include: [],
-					exclude: []
+					include: config.syncProjectsInclude,
+					exclude: config.syncProjectsExclude
 				},
 				redacted: !showDiag
 			};
 			if (showDiag) {
 				statusPayload.device_id = deviceRow?.device_id ?? null;
 				statusPayload.fingerprint = deviceRow?.fingerprint ?? null;
-				statusPayload.bind = null;
+				statusPayload.bind = `${config.syncHost}:${config.syncPort}`;
 				statusPayload.daemon_last_error = lastError;
 				statusPayload.daemon_last_error_at = lastErrorAt;
 				statusPayload.daemon_last_ok_at = lastOkAt;
@@ -1207,19 +1580,40 @@ function syncRoutes(getStore) {
 				sync: {},
 				ping: {}
 			};
-			return c.json({
+			const legacyDevices = store.claimableLegacyDeviceIds();
+			const sharingReview = store.sharingReviewSummary(project);
+			const coordinator = await coordinatorStatusSnapshot(store, config);
+			let joinRequests = [];
+			if (includeJoinRequests && config.syncCoordinatorAdminSecret) try {
+				joinRequests = await listCoordinatorJoinRequests(config);
+			} catch {
+				joinRequests = [];
+			}
+			if (daemonStateValue === "ok") {
+				const peerStates = new Set(peersItems.map((peer) => String(peer.status?.peer_state ?? "")));
+				const latestFailedRecently = Boolean(attemptsItems[0] && attemptsItems[0].status === "error" && isRecentIso(attemptsItems[0].finished_at));
+				const allOffline = peersItems.length > 0 && peersItems.every((peer) => String(peer.status?.peer_state ?? "") === "offline");
+				if (latestFailedRecently) {
+					if (peerStates.has("online") || peerStates.has("degraded")) daemonStateValue = "degraded";
+					else if (allOffline) daemonStateValue = "offline-peers";
+					else if (peersItems.length > 0) daemonStateValue = "stale";
+				} else if (peerStates.has("degraded")) daemonStateValue = "degraded";
+				else if (allOffline) daemonStateValue = "offline-peers";
+				else if (peersItems.length > 0 && !peerStates.has("online")) daemonStateValue = "stale";
+				statusPayload.daemon_state = daemonStateValue;
+				statusBlock.daemon_state = daemonStateValue;
+			}
+			const responsePayload = {
 				...statusPayload,
 				status: statusBlock,
 				peers: peersItems,
 				attempts: attemptsItems.slice(0, 5),
-				legacy_devices: [],
-				sharing_review: { unreviewed: 0 },
-				coordinator: {
-					enabled: false,
-					configured: false
-				},
-				join_requests: []
-			});
+				legacy_devices: legacyDevices,
+				sharing_review: sharingReview,
+				coordinator
+			};
+			if (includeJoinRequests) responsePayload.join_requests = joinRequests;
+			return c.json(responsePayload);
 		}
 	});
 	app.get("/api/sync/peers", (c) => {
@@ -1314,6 +1708,87 @@ function syncRoutes(getStore) {
 			return c.json({ ok: true });
 		}
 	});
+	app.post("/api/sync/invites/create", async (c) => {
+		let body;
+		try {
+			body = await c.req.json();
+		} catch {
+			return c.json({ error: "invalid json" }, 400);
+		}
+		const groupId = String(body.group_id ?? "").trim();
+		const coordinatorUrl = body.coordinator_url == null ? null : String(body.coordinator_url ?? "");
+		const policy = String(body.policy ?? "auto_admit").trim();
+		const ttlHours = Number.parseInt(String(body.ttl_hours ?? 24), 10);
+		if (!groupId) return c.json({ error: "group_id required" }, 400);
+		if (body.coordinator_url != null && typeof body.coordinator_url !== "string") return c.json({ error: "coordinator_url must be string" }, 400);
+		if (!["auto_admit", "approval_required"].includes(policy)) return c.json({ error: "policy must be auto_admit or approval_required" }, 400);
+		if (!Number.isFinite(ttlHours)) return c.json({ error: "ttl_hours must be int" }, 400);
+		try {
+			const config = readCoordinatorSyncConfig();
+			const result = await coordinatorCreateInviteAction({
+				groupId,
+				coordinatorUrl,
+				policy,
+				ttlHours,
+				createdBy: null,
+				remoteUrl: config.syncCoordinatorUrl || null,
+				adminSecret: config.syncCoordinatorAdminSecret || null
+			});
+			return c.json(result);
+		} catch (error) {
+			return c.json({ error: error instanceof Error ? error.message : String(error) }, 400);
+		}
+	});
+	app.post("/api/sync/invites/import", async (c) => {
+		const store = getStore();
+		let body;
+		try {
+			body = await c.req.json();
+		} catch {
+			return c.json({ error: "invalid json" }, 400);
+		}
+		const inviteValue = String(body.invite ?? "").trim();
+		if (!inviteValue) return c.json({ error: "invite required" }, 400);
+		try {
+			const result = await coordinatorImportInviteAction({
+				inviteValue,
+				dbPath: store.dbPath
+			});
+			return c.json(result);
+		} catch (error) {
+			return c.json({ error: error instanceof Error ? error.message : String(error) }, 400);
+		}
+	});
+	app.post("/api/sync/join-requests/review", async (c) => {
+		let body;
+		try {
+			body = await c.req.json();
+		} catch {
+			return c.json({ error: "invalid json" }, 400);
+		}
+		const requestId = String(body.request_id ?? "").trim();
+		const action = String(body.action ?? "").trim();
+		if (!requestId) return c.json({ error: "request_id required" }, 400);
+		if (!["approve", "deny"].includes(action)) return c.json({ error: "action must be approve or deny" }, 400);
+		try {
+			const config = readCoordinatorSyncConfig();
+			const result = await coordinatorReviewJoinRequestAction({
+				requestId,
+				approve: action === "approve",
+				reviewedBy: null,
+				remoteUrl: config.syncCoordinatorUrl || null,
+				adminSecret: config.syncCoordinatorAdminSecret || null
+			});
+			if (!result) return c.json({ error: "join request not found" }, 404);
+			return c.json({
+				ok: true,
+				request: result
+			});
+		} catch (error) {
+			const message = error instanceof Error ? error.message : String(error);
+			return c.json({ error: message }, message.includes("request_not_found") || message.includes("not found") ? 404 : 400);
+		}
+	});
 	app.delete("/api/sync/peers/:peer_device_id", (c) => {
 		const store = getStore();
 		{
@@ -1353,6 +1828,7 @@ function closeStore() {
 function createApp(opts) {
 	const storeFactory = opts?.storeFactory ?? getStore;
 	const sweeper = opts?.sweeper ?? null;
+	const observer = opts?.observer ?? null;
 	const app = new Hono();
 	app.use("*", preflightHandler());
 	app.use("*", originGuard());
@@ -1360,7 +1836,8 @@ function createApp(opts) {
 	app.route("/", memoryRoutes(storeFactory));
 	app.route("/", observerStatusRoutes({
 		getStore: storeFactory,
-		getSweeper: () => sweeper
+		getSweeper: () => sweeper,
+		getObserver: () => observer
 	}));
 	app.route("/", configRoutes({ getSweeper: () => sweeper }));
 	app.route("/", rawEventsRoutes(storeFactory, sweeper));