@context-engine-bridge/context-engine-mcp-bridge 0.0.77 → 0.0.79

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@context-engine-bridge/context-engine-mcp-bridge",
-  "version": "0.0.77",
+  "version": "0.0.79",
   "description": "Context Engine MCP bridge (http/stdio proxy combining indexer + memory servers)",
   "bin": {
     "ctxce": "bin/ctxce.js",

package/src/authCli.js

@@ -154,11 +154,19 @@ async function doLogin(args) {
   const sessionId = data.session_id || data.sessionId || null;
   const userId = data.user_id || data.userId || null;
   const expiresAt = data.expires_at || data.expiresAt || null;
+  const orgId = data.org_id || data.orgId || null;
+  const orgSlug = data.org_slug || data.orgSlug || null;
   if (!sessionId) {
     console.error("[ctxce] Auth login response missing session id.");
     process.exit(1);
   }
-  saveAuthEntry(url, { sessionId, userId, expiresAt });
+  saveAuthEntry(url, {
+    sessionId,
+    userId,
+    expiresAt,
+    org_id: orgId,
+    org_slug: orgSlug,
+  });
   console.error("[ctxce] Auth login successful for", url);
 }
 

package/src/authConfig.js

@@ -4,6 +4,7 @@ import path from "node:path";
 
 const CONFIG_DIR_NAME = ".ctxce";
 const CONFIG_BASENAME = "auth.json";
+const RESOLVED_COLLECTIONS_KEY = "resolved_collections_v1";
 
 function getConfigPath() {
   const home = os.homedir() || process.cwd();
@@ -36,6 +37,38 @@ function writeConfig(data) {
   }
 }
 
+function normalizeScopeValue(value) {
+  return typeof value === "string" ? value.trim() : "";
+}
+
+function buildResolvedCollectionScopeKey({ orgId, orgSlug, logicalRepoId } = {}) {
+  const repo = normalizeScopeValue(logicalRepoId);
+  if (!repo) {
+    return "";
+  }
+  const normalizedOrgId = normalizeScopeValue(orgId);
+  const normalizedOrgSlug = normalizeScopeValue(orgSlug);
+  const org = normalizedOrgId || (normalizedOrgSlug ? `slug:${normalizedOrgSlug}` : "org:none");
+  return `${org}::${repo}`;
+}
+
+function getResolvedCollections(entry) {
+  const map = entry && typeof entry === "object" ? entry[RESOLVED_COLLECTIONS_KEY] : null;
+  return map && typeof map === "object" ? map : {};
+}
+
+function preserveInternalEntryState(existingEntry, nextEntry) {
+  const preserved = {};
+  const existingCollections = getResolvedCollections(existingEntry);
+  if (Object.keys(existingCollections).length > 0) {
+    preserved[RESOLVED_COLLECTIONS_KEY] = existingCollections;
+  }
+  return {
+    ...preserved,
+    ...nextEntry,
+  };
+}
+
 export function loadAuthEntry(backendUrl) {
   if (!backendUrl) {
     return null;
@@ -55,7 +88,8 @@ export function saveAuthEntry(backendUrl, entry) {
   }
   const all = readConfig();
   const key = String(backendUrl);
-  all[key] = entry;
+  const existingEntry = all[key];
+  all[key] = preserveInternalEntryState(existingEntry, entry);
   writeConfig(all);
 }
 
@@ -82,3 +116,39 @@ export function loadAnyAuthEntry() {
   }
   return null;
 }
+
+export function loadResolvedCollection(backendUrl, scope) {
+  if (!backendUrl) {
+    return null;
+  }
+  const scopeKey = buildResolvedCollectionScopeKey(scope);
+  if (!scopeKey) {
+    return null;
+  }
+  const entry = loadAuthEntry(backendUrl);
+  const resolved = getResolvedCollections(entry)[scopeKey];
+  return typeof resolved === "string" && resolved.trim() ? resolved.trim() : null;
+}
+
+export function saveResolvedCollection(backendUrl, scope, collection) {
+  if (!backendUrl) {
+    return;
+  }
+  const scopeKey = buildResolvedCollectionScopeKey(scope);
+  const nextCollection = typeof collection === "string" ? collection.trim() : "";
+  if (!scopeKey || !nextCollection) {
+    return;
+  }
+  const all = readConfig();
+  const key = String(backendUrl);
+  const existingEntry = all[key] && typeof all[key] === "object" ? all[key] : {};
+  const resolvedCollections = {
+    ...getResolvedCollections(existingEntry),
+    [scopeKey]: nextCollection,
+  };
+  all[key] = {
+    ...existingEntry,
+    [RESOLVED_COLLECTIONS_KEY]: resolvedCollections,
+  };
+  writeConfig(all);
+}

package/src/connectCli.js

@@ -2,7 +2,8 @@ import process from "node:process";
 import path from "node:path";
 import fs from "node:fs";
 import { saveAuthEntry } from "./authConfig.js";
-import { indexWorkspace, loadGitignore, isCodeFile, collectGitState } from "./uploader.js";
+import { indexWorkspace } from "./uploader.js";
+import { startSyncDaemon } from "./syncDaemon.js";
 
 const SAAS_ENDPOINTS = {
   uploadEndpoint: "https://dev.context-engine.ai/upload",
@@ -12,7 +13,6 @@ const SAAS_ENDPOINTS = {
 };
 
 const DEFAULT_WATCH_INTERVAL_MS = 30000;
-const DEFAULT_DEBOUNCE_MS = 2000;
 
 function parseConnectArgs(args) {
   let apiKey = "";
@@ -164,181 +164,20 @@ function startWatcher(workspace, initialSessionId, authEntry, intervalMs) {
   console.error(`[ctxce] Starting file watcher (sync every ${intervalMs / 1000}s)...`);
   console.error("[ctxce] Press Ctrl+C to stop.");
 
-  let isRunning = false;
-  let pendingSync = false;
-  let sessionId = initialSessionId;
-  let pendingHistoryOnly = false;
-  let lastKnownHead = "";
-
-  async function refreshSessionIfNeeded() {
-    // If the auth entry has an expiry and we're within 5 minutes of it,
-    // re-authenticate using the stored API key.
-    if (!authEntry || !authEntry.apiKey) return;
-    const expiresAt = authEntry.expiresAt;
-    if (typeof expiresAt !== "number" || !Number.isFinite(expiresAt) || expiresAt <= 0) return;
-    const nowSecs = Math.floor(Date.now() / 1000);
-    const remainingSecs = expiresAt - nowSecs;
-    if (remainingSecs > 300) return;  // still valid for > 5 min
-    console.error("[ctxce] Session approaching expiry, refreshing...");
-    try {
-      const refreshed = await authenticateWithApiKey(authEntry.apiKey);
-      if (refreshed && refreshed.sessionId) {
-        sessionId = refreshed.sessionId;
-        authEntry = refreshed;
-        console.error("[ctxce] Session refreshed successfully.");
-      }
-    } catch (err) {
-      console.error(`[ctxce] Session refresh failed: ${err}`);
-    }
-  }
-
-  const fileHashes = new Map();
-
-  function getFileHash(filePath) {
-    try {
-      const stat = fs.statSync(filePath);
-      return `${stat.mtime.getTime()}-${stat.size}`;
-    } catch {
-      return null;
-    }
-  }
-
-  // Use gitignore from uploader.js so the watcher ignores the same files as
-  // the bundle creator -- prevents redundant uploads for generated/ignored files.
-  const _ig = loadGitignore(workspace);
-
-  function scanDirectory(dir, files = []) {
-    try {
-      const entries = fs.readdirSync(dir, { withFileTypes: true });
-      for (const entry of entries) {
-        if (entry.isSymbolicLink()) continue;
-        const fullPath = path.join(dir, entry.name);
-        // Normalize to forward slashes for the `ignore` library (expects POSIX paths)
-        const relPath = path.relative(workspace, fullPath).split(path.sep).join('/');
-
-        // Use the same ignore rules as the bundle creator
-        // Directories need a trailing slash for gitignore pattern matching
-        if (entry.isDirectory()) {
-          if (_ig.ignores(relPath + '/')) continue;
-          scanDirectory(fullPath, files);
-        } else if (entry.isFile()) {
-          if (_ig.ignores(relPath)) continue;
-          if (isCodeFile(fullPath)) {
-            files.push(fullPath);
-          }
-        }
-      }
-    } catch {
-    }
-    return files;
-  }
-
-  function detectChanges() {
-    const currentFiles = scanDirectory(workspace);
-    let codeChanged = false;
-
-    const currentPaths = new Set(currentFiles);
-
-    for (const filePath of currentFiles) {
-      const newHash = getFileHash(filePath);
-      const oldHash = fileHashes.get(filePath);
-      
-      if (newHash !== oldHash) {
-        codeChanged = true;
-        fileHashes.set(filePath, newHash);
-      }
-    }
-
-    for (const oldPath of fileHashes.keys()) {
-      if (!currentPaths.has(oldPath)) {
-        codeChanged = true;
-        fileHashes.delete(oldPath);
-      }
-    }
+  const handle = startSyncDaemon({
+    workspace,
+    sessionId: initialSessionId,
+    authEntry,
+    uploadEndpoint: SAAS_ENDPOINTS.uploadEndpoint,
+    intervalMs,
+    log: console.error,
+  });
 
-    let historyChanged = false;
+  const cleanup = () => {
     try {
-      const gitState = collectGitState(workspace);
-      const currentHead = gitState && gitState.head ? gitState.head : "";
-      if (currentHead && currentHead !== lastKnownHead) {
-        historyChanged = true;
-      }
+      handle.cleanup();
     } catch {
     }
-
-    return { codeChanged, historyChanged };
-  }
-
-  async function doSync(historyOnly = false) {
-    if (isRunning) {
-      pendingSync = true;
-      pendingHistoryOnly = pendingHistoryOnly || historyOnly;
-      return;
-    }
-
-    isRunning = true;
-    const now = new Date().toLocaleTimeString();
-    console.error(`[ctxce] [${now}] Syncing changes...`);
-
-    try {
-      // Refresh session before upload if approaching expiry
-      await refreshSessionIfNeeded();
-
-      const result = await indexWorkspace(
-        workspace,
-        SAAS_ENDPOINTS.uploadEndpoint,
-        sessionId,
-        {
-          log: console.error,
-          orgId: authEntry?.org_id,
-          orgSlug: authEntry?.org_slug,
-          historyOnly,
-        }
-      );
-      if (result.success) {
-        try {
-          const gitState = collectGitState(workspace);
-          lastKnownHead = gitState && gitState.head ? gitState.head : lastKnownHead;
-        } catch {
-        }
-        console.error(`[ctxce] [${now}] Sync complete.`);
-      } else {
-        console.error(`[ctxce] [${now}] Sync failed: ${result.error}`);
-      }
-    } catch (err) {
-      console.error(`[ctxce] [${now}] Sync error: ${err}`);
-    }
-
-    isRunning = false;
-
-    if (pendingSync) {
-      const nextHistoryOnly = pendingHistoryOnly;
-      pendingSync = false;
-      pendingHistoryOnly = false;
-      setTimeout(() => {
-        doSync(nextHistoryOnly);
-      }, DEFAULT_DEBOUNCE_MS);
-    }
-  }
-
-  scanDirectory(workspace).forEach(f => {
-    fileHashes.set(f, getFileHash(f));
-  });
-  try {
-    const gitState = collectGitState(workspace);
-    lastKnownHead = gitState && gitState.head ? gitState.head : "";
-  } catch {
-  }
-
-  const intervalId = setInterval(() => {
-    const changeState = detectChanges();
-    if (changeState.codeChanged || changeState.historyChanged) {
-      doSync(changeState.historyChanged && !changeState.codeChanged);
-    }
-  }, intervalMs);
-
-  const cleanup = () => {
-    clearInterval(intervalId);
     console.error("\n[ctxce] Watcher stopped.");
   };
 
@@ -352,7 +191,7 @@ function startWatcher(workspace, initialSessionId, authEntry, intervalMs) {
     process.exit(0);
   });
 
-  return { intervalId, cleanup };
+  return handle;
 }
 
 function printSuccess() {

package/src/mcpServer.js

@@ -11,8 +11,17 @@ import { StreamableHTTPServerTransport } from "@modelcontextprotocol/sdk/server/
 import { Client } from "@modelcontextprotocol/sdk/client/index.js";
 import { StreamableHTTPClientTransport } from "@modelcontextprotocol/sdk/client/streamableHttp.js";
 import { CallToolRequestSchema, ListToolsRequestSchema } from "@modelcontextprotocol/sdk/types.js";
-import { loadAnyAuthEntry, loadAuthEntry, readConfig, saveAuthEntry } from "./authConfig.js";
+import {
+  loadAnyAuthEntry,
+  loadAuthEntry,
+  loadResolvedCollection,
+  readConfig,
+  saveAuthEntry,
+  saveResolvedCollection,
+} from "./authConfig.js";
 import { maybeRemapToolArgs, maybeRemapToolResult } from "./resultPathMapping.js";
+import { startSyncDaemon } from "./syncDaemon.js";
+import { computeLogicalRepoIdentity } from "./uploader.js";
 import * as oauthHandler from "./oauthHandler.js";
 
 const LSP_CONN_CACHE_TTL = 5000;
@@ -592,6 +601,7 @@ async function fetchBridgeCollectionState({
   collection,
   sessionId,
   repoName,
+  logicalRepoId,
   bridgeStateToken,
   backendHint,
   uploadServiceUrl,
@@ -611,6 +621,9 @@ async function fetchBridgeCollectionState({
     if (repoName && repoName.trim()) {
       url.searchParams.set("repo_name", repoName.trim());
     }
+    if (logicalRepoId && logicalRepoId.trim()) {
+      url.searchParams.set("logical_repo_id", logicalRepoId.trim());
+    }
 
     const headers = {
       Accept: "application/json",
@@ -645,6 +658,131 @@ async function fetchBridgeCollectionState({
   }
 }
 
+export async function buildDefaultsPayload({
+  workspace,
+  sessionId,
+  explicitCollection,
+  defaultCollection,
+  defaultMode,
+  defaultUnder,
+  config,
+  backendHint,
+  uploadServiceUrl,
+  bridgeStateToken = BRIDGE_STATE_TOKEN,
+  authEntry = undefined,
+  fetchState = fetchBridgeCollectionState,
+  getLogicalRepoIdentity = computeLogicalRepoIdentity,
+  loadResolvedCollectionHint = loadResolvedCollection,
+  saveResolvedCollectionHint = saveResolvedCollection,
+  log = debugLog,
+} = {}) {
+  const defaultsPayload = { session: sessionId };
+  const pinnedCollection =
+    typeof explicitCollection === "string" ? explicitCollection.trim() : "";
+  const configuredCollection =
+    !pinnedCollection && typeof defaultCollection === "string"
+      ? defaultCollection.trim()
+      : "";
+
+  if (pinnedCollection) {
+    defaultsPayload.collection = pinnedCollection;
+  } else if (configuredCollection) {
+    defaultsPayload.collection = configuredCollection;
+  }
+
+  const resolvedAuthEntry = authEntry === undefined
+    ? (backendHint ? loadAuthEntry(backendHint) : null)
+    : authEntry;
+
+  if (resolvedAuthEntry && (resolvedAuthEntry.org_id || resolvedAuthEntry.org_slug)) {
+    if (resolvedAuthEntry.org_id) {
+      defaultsPayload.org_id = resolvedAuthEntry.org_id;
+    }
+    if (resolvedAuthEntry.org_slug) {
+      defaultsPayload.org_slug = resolvedAuthEntry.org_slug;
+    }
+  }
+
+  const repoName = detectRepoName(workspace, config);
+  let logicalRepoId = "";
+  try {
+    logicalRepoId = getLogicalRepoIdentity(workspace)?.id || "";
+  } catch {
+    logicalRepoId = "";
+  }
+
+  const exactWorkspaceCollection = !pinnedCollection
+    ? _readExactWorkspaceCachedCollection(workspace)
+    : null;
+
+  if (!defaultsPayload.collection && exactWorkspaceCollection) {
+    defaultsPayload.collection = exactWorkspaceCollection;
+    log(`[ctxce] Using exact workspace cached collection: ${exactWorkspaceCollection}`);
+  }
+
+  if (!defaultsPayload.collection && backendHint && logicalRepoId) {
+    const cachedCollection = loadResolvedCollectionHint(backendHint, {
+      orgId: resolvedAuthEntry?.org_id,
+      orgSlug: resolvedAuthEntry?.org_slug,
+      logicalRepoId,
+    });
+    if (cachedCollection) {
+      defaultsPayload.collection = cachedCollection;
+      log(`[ctxce] Using cached resolved collection from auth store: ${cachedCollection}`);
+    }
+  }
+
+  if (!pinnedCollection) {
+    try {
+      const state = await fetchState({
+        workspace,
+        collection: configuredCollection,
+        sessionId,
+        repoName,
+        logicalRepoId,
+        bridgeStateToken,
+        backendHint,
+        uploadServiceUrl,
+      });
+      if (state) {
+        const servingCollection = typeof state.serving_collection === "string"
+          ? state.serving_collection.trim()
+          : "";
+        const activeCollection = typeof state.active_collection === "string"
+          ? state.active_collection.trim()
+          : "";
+        if (servingCollection) {
+          defaultsPayload.collection = servingCollection;
+          if (!configuredCollection || configuredCollection !== servingCollection) {
+            log(`[ctxce] Using serving collection from /bridge/state: ${servingCollection}`);
+          }
+          if (backendHint && logicalRepoId) {
+            saveResolvedCollectionHint(backendHint, {
+              orgId: resolvedAuthEntry?.org_id,
+              orgSlug: resolvedAuthEntry?.org_slug,
+              logicalRepoId,
+            }, servingCollection);
+          }
+        } else if (!defaultsPayload.collection && activeCollection) {
+          defaultsPayload.collection = activeCollection;
+          log(`[ctxce] Using active collection from /bridge/state fallback: ${activeCollection}`);
+        }
+      }
+    } catch (err) {
+      log("[ctxce] bridge/state lookup failed: " + String(err));
+    }
+  }
+
+  if (defaultMode) {
+    defaultsPayload.mode = defaultMode;
+  }
+  if (defaultUnder) {
+    defaultsPayload.under = defaultUnder;
+  }
+
+  return defaultsPayload;
+}
+
 function _validateWorkspacePath(raw) {
   if (typeof raw !== "string" || raw.length === 0) return null;
   const resolved = path.resolve(raw);
@@ -658,6 +796,42 @@ function _validateWorkspacePath(raw) {
   return resolved;
 }
 
+function _readExactWorkspaceCachedCollection(workspacePath) {
+  const resolvedWorkspace = _validateWorkspacePath(workspacePath);
+  if (!resolvedWorkspace) return null;
+
+  const wsDir = _computeWorkspaceDir(resolvedWorkspace);
+  const configPath = path.join(wsDir, "ctx_config.json");
+  const metaPath = path.join(wsDir, "meta.json");
+
+  if (!fs.existsSync(configPath)) {
+    return null;
+  }
+
+  if (fs.existsSync(metaPath)) {
+    try {
+      const meta = JSON.parse(fs.readFileSync(metaPath, "utf8"));
+      const metaWorkspace = _validateWorkspacePath(meta && meta.workspace_path);
+      if (!metaWorkspace || metaWorkspace !== resolvedWorkspace) {
+        return null;
+      }
+    } catch (_) {
+      return null;
+    }
+  }
+
+  try {
+    const parsed = JSON.parse(fs.readFileSync(configPath, "utf8"));
+    const collection =
+      parsed && typeof parsed.default_collection === "string"
+        ? parsed.default_collection.trim()
+        : "";
+    return collection || null;
+  } catch (_) {
+    return null;
+  }
+}
+
 const MAX_WS_SCAN = 50;
 
 function _resolveWorkspace(providedWorkspace) {
@@ -846,57 +1020,47 @@ async function createBridgeServer(options) {
     }
   }
 
-  // Best-effort: inform the indexer of default collection and session.
-  // If this fails we still proceed, falling back to per-call injection.
-  const defaultsPayload = { session: sessionId };
-  if (defaultCollection) {
-    defaultsPayload.collection = defaultCollection;
-  }
-
-  // Include org context from auth entry if available (for org-scoped collection isolation)
+  const syncDaemonEnabled = process.env.CTXCE_SYNC_DAEMON !== "0";
+  const syncUploadEndpoint = uploadServiceUrl
+    ? `${String(uploadServiceUrl).replace(/\/+$/, "")}/upload`
+    : "";
+  let syncAuthEntry = null;
   try {
-    const authEntry = backendHint ? loadAuthEntry(backendHint) : null;
-    if (authEntry && authEntry.org_id) {
-      defaultsPayload.org_id = authEntry.org_id;
-      defaultsPayload.org_slug = authEntry.org_slug;
-    }
+    syncAuthEntry = backendHint ? loadAuthEntry(backendHint) : null;
   } catch {
-    // ignore auth entry lookup failures
-  }
-
-  const repoName = detectRepoName(workspace, config);
-
-  try {
-    const state = await fetchBridgeCollectionState({
-      workspace,
-      collection: defaultCollection,
-      sessionId,
-      repoName,
-      bridgeStateToken: BRIDGE_STATE_TOKEN,
-      backendHint,
-      uploadServiceUrl,
-    });
-    if (state) {
-      const serving = state.serving_collection || state.active_collection;
-      if (serving) {
-        defaultsPayload.collection = serving;
-        if (!defaultCollection || defaultCollection !== serving) {
-          debugLog(
-            `[ctxce] Using serving collection from /bridge/state: ${serving}`,
-          );
-        }
-      }
+    syncAuthEntry = null;
+  }
+  if (
+    syncDaemonEnabled &&
+    syncUploadEndpoint &&
+    sessionId &&
+    !sessionId.startsWith("ctxce-")
+  ) {
+    try {
+      startSyncDaemon({
+        workspace,
+        sessionId,
+        authEntry: syncAuthEntry || { sessionId },
+        uploadEndpoint: syncUploadEndpoint,
+      });
+    } catch (err) {
+      debugLog("[ctxce] Failed to start sync daemon: " + String(err));
     }
-  } catch (err) {
-    debugLog("[ctxce] bridge/state lookup failed: " + String(err));
   }
 
-  if (defaultMode) {
-    defaultsPayload.mode = defaultMode;
-  }
-  if (defaultUnder) {
-    defaultsPayload.under = defaultUnder;
-  }
+  // Best-effort: inform the indexer of default collection and session.
+  // If this fails we still proceed, falling back to per-call injection.
+  const defaultsPayload = await buildDefaultsPayload({
+    workspace,
+    sessionId,
+    explicitCollection,
+    defaultCollection,
+    defaultMode,
+    defaultUnder,
+    config,
+    backendHint,
+    uploadServiceUrl,
+  });
 
   async function initializeRemoteClients(forceRecreate = false) {
     if (!forceRecreate && indexerClient) {
@@ -2136,4 +2300,3 @@ function detectRepoName(workspace, config) {
   const leaf = workspace ? path.basename(workspace) : "";
   return leaf && SLUGGED_REPO_RE.test(leaf) ? leaf : null;
 }
-

package/src/oauthHandler.js

@@ -247,6 +247,8 @@ export function getLoginPage(redirectUri, clientId, state, codeChallenge, codeCh
 
       const data = await resp.json();
       const sessionId = data.session_id || data.sessionId;
+      const orgId = data.org_id || data.orgId || null;
+      const orgSlug = data.org_slug || data.orgSlug || null;
       if (!sessionId) {
         throw new Error('No session in response');
       }
@@ -258,6 +260,8 @@ export function getLoginPage(redirectUri, clientId, state, codeChallenge, codeCh
         body: JSON.stringify({
           session_id: sessionId,
           backend_url: backendUrl,
+          org_id: orgId,
+          org_slug: orgSlug,
           redirect_uri: params.redirect_uri,
           state: params.state,
           code_challenge: params.code_challenge,
@@ -443,7 +447,17 @@ export function handleOAuthStoreSession(req, res) {
     res.setHeader("Content-Type", "application/json");
     try {
       const data = JSON.parse(body);
-      const { session_id, backend_url, redirect_uri, state, code_challenge, code_challenge_method, client_id } = data;
+      const {
+        session_id,
+        backend_url,
+        org_id,
+        org_slug,
+        redirect_uri,
+        state,
+        code_challenge,
+        code_challenge_method,
+        client_id,
+      } = data;
 
       if (!session_id || !backend_url) {
         res.statusCode = 400;
@@ -503,6 +517,8 @@ export function handleOAuthStoreSession(req, res) {
         sessionId: session_id,
         userId: "oauth-user",
         expiresAt: null,
+        org_id: org_id || null,
+        org_slug: org_slug || null,
       });
 
       // Generate auth code

package/src/syncDaemon.js

@@ -0,0 +1,463 @@
+/**
+ * syncDaemon.js -- process-level singleton file-watcher / upload sync daemon.
+ *
+ * Can be started from any entry point (connect CLI, mcp-serve stdio, mcp-http-serve).
+ * Only one watcher per resolved workspace path is allowed per process.
+ *
+ * Exports:
+ *   startSyncDaemon(options)  -> { intervalId, cleanup }
+ *   stopSyncDaemon(workspace) -> void
+ */
+
+import path from "node:path";
+import fs from "node:fs";
+import { saveAuthEntry } from "./authConfig.js";
+import { indexWorkspace, loadGitignore, isCodeFile, collectGitState } from "./uploader.js";
+
+// ---------------------------------------------------------------------------
+// Constants
+// ---------------------------------------------------------------------------
+
+const DEFAULT_WATCH_INTERVAL_MS = 30000;
+const DEFAULT_DEBOUNCE_MS = 2000;
+
+// No-op logger used as the default in MCP mode so the daemon is silent.
+const noop = () => {};
+
+// ---------------------------------------------------------------------------
+// Process-level singleton registry
+// keyed by path.resolve(workspace) -> { intervalId, cleanup, updateRuntimeState }
+// ---------------------------------------------------------------------------
+
+const _activeDaemons = new Map();
+
+// ---------------------------------------------------------------------------
+// Session refresh helper (self-contained, no side-effects on the caller's env)
+// ---------------------------------------------------------------------------
+
+/**
+ * Derive the auth backend URL from the upload endpoint.
+ * Convention: the upload endpoint is `<authBackendUrl>/upload`.
+ * Strip the trailing `/upload` path segment if present, otherwise use as-is.
+ *
+ * @param {string} uploadEndpoint
+ * @returns {string}
+ */
+function deriveAuthBackendUrl(uploadEndpoint) {
+  try {
+    const u = new URL(uploadEndpoint);
+    // Remove the last path segment only if it is "upload"
+    if (u.pathname.endsWith("/upload")) {
+      u.pathname = u.pathname.slice(0, -"/upload".length) || "/";
+    }
+    // Normalise trailing slash away
+    u.pathname = u.pathname.replace(/\/$/, "") || "/";
+    return u.origin + (u.pathname === "/" ? "" : u.pathname);
+  } catch {
+    // Fallback: simple string surgery
+    return uploadEndpoint.replace(/\/upload\/?$/, "");
+  }
+}
+
+/**
+ * Attempt to obtain a fresh session by posting to `<authBackendUrl>/auth/login`.
+ * Returns the new auth entry on success, or null on failure.
+ *
+ * @param {string} apiKey
+ * @param {string} authBackendUrl
+ * @param {string} workspace
+ * @param {function} log
+ * @returns {Promise<object|null>}
+ */
+async function _refreshSession(apiKey, authBackendUrl, workspace, log) {
+  const authUrl = `${authBackendUrl}/auth/login`;
+  const body = {
+    client: "ctxce-cli",
+    token: apiKey,
+    workspace,
+  };
+
+  let resp;
+  try {
+    resp = await fetch(authUrl, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify(body),
+    });
+  } catch (err) {
+    log(`[syncDaemon] Session refresh request failed: ${err}`);
+    return null;
+  }
+
+  if (!resp || !resp.ok) {
+    const status = resp ? resp.status : "<no-response>";
+    log(`[syncDaemon] Session refresh HTTP error: ${status}`);
+    return null;
+  }
+
+  let data;
+  try {
+    data = await resp.json();
+  } catch {
+    data = {};
+  }
+
+  const sessionId = data.session_id || data.sessionId || null;
+  const userId = data.user_id || data.userId || null;
+  const expiresAt = data.expires_at || data.expiresAt || null;
+  const orgId = data.org_id || data.orgId || null;
+  const orgSlug = data.org_slug || data.orgSlug || null;
+
+  if (!sessionId) {
+    log("[syncDaemon] Session refresh response missing session ID.");
+    return null;
+  }
+
+  const entry = {
+    sessionId,
+    userId,
+    expiresAt,
+    org_id: orgId,
+    org_slug: orgSlug,
+    apiKey,
+  };
+
+  // Persist the refreshed entry so other callers can pick it up.
+  saveAuthEntry(authBackendUrl, entry);
+
+  return entry;
+}
+
+// ---------------------------------------------------------------------------
+// Core daemon factory
+// ---------------------------------------------------------------------------
+
+/**
+ * Start the sync daemon for the given workspace.
+ *
+ * If a daemon is already running for this workspace (same process), this
+ * function returns the existing handle WITHOUT starting a second one.
+ *
+ * @param {object} options
+ * @param {string}   options.workspace        Absolute or relative path to the workspace root.
+ * @param {string}   options.sessionId        Initial session ID for uploads.
+ * @param {object}   options.authEntry        Auth entry object (may contain apiKey, expiresAt, org_id, org_slug).
+ * @param {string}   options.uploadEndpoint   Full upload endpoint URL (e.g. "https://dev.context-engine.ai/upload").
+ * @param {number}   [options.intervalMs]     Poll interval in milliseconds (default: 30000).
+ * @param {function} [options.log]            Logger function. Defaults to a no-op (silent in MCP mode).
+ *                                            Pass `console.error` for interactive CLI output.
+ * @returns {{ intervalId: NodeJS.Timeout, cleanup: function }}
+ */
+export function startSyncDaemon(options) {
+  const {
+    workspace,
+    sessionId: initialSessionId,
+    authEntry: initialAuthEntry,
+    uploadEndpoint: initialUploadEndpoint,
+    intervalMs = DEFAULT_WATCH_INTERVAL_MS,
+    log = noop,
+  } = options;
+
+  const resolvedWorkspace = path.resolve(workspace);
+
+  // Singleton guard: return existing daemon if already running, but refresh
+  // any mutable runtime state supplied by the new caller.
+  if (_activeDaemons.has(resolvedWorkspace)) {
+    const existingHandle = _activeDaemons.get(resolvedWorkspace);
+    existingHandle?.updateRuntimeState?.({
+      sessionId: initialSessionId,
+      authEntry: initialAuthEntry,
+      uploadEndpoint: initialUploadEndpoint,
+    });
+    log(`[syncDaemon] Daemon already running for ${resolvedWorkspace}, reusing.`);
+    return existingHandle;
+  }
+
+  log(`[syncDaemon] Starting file watcher for ${resolvedWorkspace} (interval: ${intervalMs / 1000}s)`);
+
+  // Mutable state captured by the daemon closures.
+  let isRunning = false;
+  let pendingSync = false;
+  let pendingHistoryOnly = true;
+  let sessionId = initialSessionId;
+  let authEntry = initialAuthEntry;
+  let uploadEndpoint = initialUploadEndpoint;
+  let lastKnownHead = "";
+
+  let authBackendUrl = deriveAuthBackendUrl(uploadEndpoint);
+
+  function updateRuntimeState(nextState = {}) {
+    if (typeof nextState.sessionId === "string" && nextState.sessionId) {
+      sessionId = nextState.sessionId;
+    }
+
+    if (nextState.authEntry && typeof nextState.authEntry === "object") {
+      authEntry = nextState.authEntry;
+      if (typeof nextState.authEntry.sessionId === "string" && nextState.authEntry.sessionId) {
+        sessionId = nextState.authEntry.sessionId;
+      }
+    }
+
+    if (typeof nextState.uploadEndpoint === "string" && nextState.uploadEndpoint) {
+      uploadEndpoint = nextState.uploadEndpoint;
+      authBackendUrl = deriveAuthBackendUrl(uploadEndpoint);
+    }
+  }
+
+  // -------------------------------------------------------------------------
+  // Session refresh
+  // -------------------------------------------------------------------------
+
+  async function refreshSessionIfNeeded() {
+    if (!authEntry || !authEntry.apiKey) return;
+    const expiresAt = authEntry.expiresAt;
+    if (typeof expiresAt !== "number" || !Number.isFinite(expiresAt) || expiresAt <= 0) return;
+    const nowSecs = Math.floor(Date.now() / 1000);
+    const remainingSecs = expiresAt - nowSecs;
+    if (remainingSecs > 300) return; // still valid for > 5 minutes
+
+    log("[syncDaemon] Session approaching expiry, refreshing...");
+    try {
+      const refreshed = await _refreshSession(
+        authEntry.apiKey,
+        authBackendUrl,
+        resolvedWorkspace,
+        log
+      );
+      if (refreshed && refreshed.sessionId) {
+        sessionId = refreshed.sessionId;
+        authEntry = refreshed;
+        log("[syncDaemon] Session refreshed successfully.");
+      }
+    } catch (err) {
+      log(`[syncDaemon] Session refresh failed: ${err}`);
+    }
+  }
+
+  // -------------------------------------------------------------------------
+  // File-system scanning
+  // -------------------------------------------------------------------------
+
+  const fileHashes = new Map();
+  const _ig = loadGitignore(resolvedWorkspace);
+
+  function getFileHash(filePath) {
+    try {
+      const stat = fs.statSync(filePath);
+      return `${stat.mtime.getTime()}-${stat.size}`;
+    } catch {
+      return null;
+    }
+  }
+
+  function scanDirectory(dir, files = []) {
+    try {
+      const entries = fs.readdirSync(dir, { withFileTypes: true });
+      for (const entry of entries) {
+        if (entry.isSymbolicLink()) continue;
+        const fullPath = path.join(dir, entry.name);
+        // Normalise to forward slashes for the `ignore` library (expects POSIX paths).
+        const relPath = path.relative(resolvedWorkspace, fullPath).split(path.sep).join("/");
+
+        if (entry.isDirectory()) {
+          if (_ig.ignores(relPath + "/")) continue;
+          scanDirectory(fullPath, files);
+        } else if (entry.isFile()) {
+          if (_ig.ignores(relPath)) continue;
+          if (isCodeFile(fullPath)) {
+            files.push(fullPath);
+          }
+        }
+      }
+    } catch {
+      // Ignore unreadable directories.
+    }
+    return files;
+  }
+
+  function snapshotFileHashes() {
+    const nextHashes = new Map();
+    scanDirectory(resolvedWorkspace).forEach((filePath) => {
+      nextHashes.set(filePath, getFileHash(filePath));
+    });
+    return nextHashes;
+  }
+
+  // -------------------------------------------------------------------------
+  // Change detection
+  // -------------------------------------------------------------------------
+
+  function detectChanges() {
+    const currentHashes = snapshotFileHashes();
+    let codeChanged = false;
+
+    for (const [filePath, newHash] of currentHashes.entries()) {
+      const oldHash = fileHashes.get(filePath);
+      if (newHash !== oldHash) {
+        codeChanged = true;
+      }
+    }
+
+    for (const oldPath of fileHashes.keys()) {
+      if (!currentHashes.has(oldPath)) {
+        codeChanged = true;
+      }
+    }
+
+    let historyChanged = false;
+    try {
+      const gitState = collectGitState(resolvedWorkspace);
+      const currentHead = gitState && gitState.head ? gitState.head : "";
+      if (currentHead && currentHead !== lastKnownHead) {
+        historyChanged = true;
+        // NOTE: lastKnownHead is updated only on a successful sync so that a
+        // failed upload doesn't suppress the next attempt.
+      }
+    } catch {
+      // Git not available or not a git repo -- ignore.
+    }
+
+    return { codeChanged, historyChanged };
+  }
+
+  // -------------------------------------------------------------------------
+  // Sync execution
+  // -------------------------------------------------------------------------
+
+  async function doSync(historyOnly = false) {
+    if (isRunning) {
+      // Another sync is in flight; queue one more run after it completes.
+      pendingSync = true;
+      // If the pending request is a full sync, don't downgrade it to history-only.
+      pendingHistoryOnly = pendingHistoryOnly && historyOnly;
+      return;
+    }
+
+    isRunning = true;
+    const now = new Date().toLocaleTimeString();
+    log(`[syncDaemon] [${now}] Syncing changes (historyOnly=${historyOnly})...`);
+
+    try {
+      await refreshSessionIfNeeded();
+
+      const result = await indexWorkspace(
+        resolvedWorkspace,
+        uploadEndpoint,
+        sessionId,
+        {
+          log,
+          orgId: authEntry?.org_id,
+          orgSlug: authEntry?.org_slug,
+          historyOnly,
+        }
+      );
+
+      if (result.success) {
+        const latestHashes = snapshotFileHashes();
+        fileHashes.clear();
+        for (const [filePath, hash] of latestHashes.entries()) {
+          fileHashes.set(filePath, hash);
+        }
+
+        // Update lastKnownHead only after a successful upload so a transient
+        // network failure doesn't prevent retrying the history sync.
+        try {
+          const gitState = collectGitState(resolvedWorkspace);
+          lastKnownHead = gitState && gitState.head ? gitState.head : lastKnownHead;
+        } catch {
+          // Ignore.
+        }
+        log(`[syncDaemon] [${now}] Sync complete.`);
+      } else {
+        log(`[syncDaemon] [${now}] Sync failed: ${result.error}`);
+      }
+    } catch (err) {
+      log(`[syncDaemon] [${now}] Sync error: ${err}`);
+    }
+
+    isRunning = false;
+
+    if (pendingSync) {
+      const nextHistoryOnly = pendingHistoryOnly;
+      pendingSync = false;
+      pendingHistoryOnly = true;
+      setTimeout(() => {
+        doSync(nextHistoryOnly);
+      }, DEFAULT_DEBOUNCE_MS);
+    }
+  }
+
+  // -------------------------------------------------------------------------
+  // Initialisation: snapshot current file state and git HEAD
+  // -------------------------------------------------------------------------
+
+  for (const [filePath, hash] of snapshotFileHashes().entries()) {
+    fileHashes.set(filePath, hash);
+  }
+
+  try {
+    const gitState = collectGitState(resolvedWorkspace);
+    lastKnownHead = gitState && gitState.head ? gitState.head : "";
+  } catch {
+    // Not a git repo or git unavailable.
+  }
+
+  // Perform an initial history-only sync so that commit history is up-to-date
+  // without triggering a potentially expensive full code reindex on every
+  // startup (important for MCP mode where the daemon may restart frequently).
+  if (lastKnownHead) {
+    log("[syncDaemon] Performing initial git history sync...");
+    doSync(true /* historyOnly */);
+  }
+
+  // -------------------------------------------------------------------------
+  // Polling interval
+  // -------------------------------------------------------------------------
+
+  const intervalId = setInterval(() => {
+    const changeState = detectChanges();
+    if (changeState.codeChanged || changeState.historyChanged) {
+      // historyOnly = true only when git HEAD changed but NO code files changed.
+      doSync(changeState.historyChanged && !changeState.codeChanged);
+    }
+  }, intervalMs);
+
+  // -------------------------------------------------------------------------
+  // Cleanup
+  // -------------------------------------------------------------------------
+
+  const cleanup = () => {
+    clearInterval(intervalId);
+    _activeDaemons.delete(resolvedWorkspace);
+    log(`[syncDaemon] Watcher stopped for ${resolvedWorkspace}.`);
+  };
+
+  // Register in singleton map BEFORE returning so concurrent callers see it.
+  const handle = { intervalId, cleanup, updateRuntimeState };
+  _activeDaemons.set(resolvedWorkspace, handle);
+
+  return handle;
+}
+
+/**
+ * Stop the sync daemon for the given workspace (if one is running).
+ *
+ * @param {string} workspace  Workspace path (resolved internally).
+ */
+export function stopSyncDaemon(workspace) {
+  const resolvedWorkspace = path.resolve(workspace);
+  const handle = _activeDaemons.get(resolvedWorkspace);
+  if (handle) {
+    handle.cleanup();
+  }
+}
+
+/**
+ * Return true if a daemon is currently active for the given workspace.
+ *
+ * @param {string} workspace
+ * @returns {boolean}
+ */
+export function isSyncDaemonRunning(workspace) {
+  return _activeDaemons.has(path.resolve(workspace));
+}