@deeplake/hivemind 0.7.70 → 0.7.72

package/.claude-plugin/marketplace.json

@@ -6,18 +6,18 @@
   },
   "metadata": {
     "description": "Cloud-backed persistent shared memory for AI agents powered by Deeplake",
-    "version": "0.7.70"
+    "version": "0.7.72"
   },
   "plugins": [
     {
       "name": "hivemind",
       "description": "Persistent shared memory powered by Deeplake — captures all session activity and provides cross-session, cross-agent memory search",
-      "version": "0.7.70",
+      "version": "0.7.72",
       "source": {
         "source": "git-subdir",
         "url": "https://github.com/activeloopai/hivemind.git",
         "path": "claude-code",
-        "sha": "b90aadd1f9d2f959a2c9800a14a4b9131bdb75d8"
+        "sha": "103bb69c8ecb83325c0c3e39029d22691c4f2d4a"
       },
       "homepage": "https://github.com/activeloopai/hivemind"
     }

package/.claude-plugin/plugin.json

@@ -1,7 +1,7 @@
 {
   "name": "hivemind",
   "description": "Cloud-backed persistent memory powered by Deeplake — read, write, and share memory across Claude Code sessions and agents",
-  "version": "0.7.70",
+  "version": "0.7.72",
   "author": {
     "name": "Activeloop",
     "url": "https://deeplake.ai"

package/bundle/cli.js

@@ -4598,6 +4598,7 @@ var GOALS_COLUMNS = Object.freeze([
   { name: "content", sql: "TEXT NOT NULL DEFAULT ''" },
   { name: "version", sql: "BIGINT NOT NULL DEFAULT 1" },
   { name: "created_at", sql: "TEXT NOT NULL DEFAULT ''" },
+  { name: "updated_at", sql: "TEXT NOT NULL DEFAULT ''" },
   { name: "agent", sql: "TEXT NOT NULL DEFAULT 'manual'" },
   { name: "plugin_version", sql: "TEXT NOT NULL DEFAULT ''" }
 ]);
@@ -4608,6 +4609,7 @@ var KPIS_COLUMNS = Object.freeze([
   { name: "content", sql: "TEXT NOT NULL DEFAULT ''" },
   { name: "version", sql: "BIGINT NOT NULL DEFAULT 1" },
   { name: "created_at", sql: "TEXT NOT NULL DEFAULT ''" },
+  { name: "updated_at", sql: "TEXT NOT NULL DEFAULT ''" },
   { name: "agent", sql: "TEXT NOT NULL DEFAULT 'manual'" },
   { name: "plugin_version", sql: "TEXT NOT NULL DEFAULT ''" }
 ]);
@@ -11057,7 +11059,7 @@ async function goalAdd(text, agent = "manual") {
   const safe = sqlIdent(table);
   const goalId = randomUUID4();
   const ts = (/* @__PURE__ */ new Date()).toISOString();
-  await query(`INSERT INTO "${safe}" (id, goal_id, owner, status, content, version, created_at, agent, plugin_version) VALUES ('${randomUUID4()}', '${sqlStr(goalId)}', '${sqlStr(cfg.userName)}', 'opened', E'${sqlStr(text)}', 1, '${sqlStr(ts)}', '${sqlStr(agent)}', '')`);
+  await query(`INSERT INTO "${safe}" (id, goal_id, owner, status, content, version, created_at, updated_at, agent, plugin_version) VALUES ('${randomUUID4()}', '${sqlStr(goalId)}', '${sqlStr(cfg.userName)}', 'opened', E'${sqlStr(text)}', 1, '${sqlStr(ts)}', '${sqlStr(ts)}', '${sqlStr(agent)}', '')`);
   process.stdout.write(`${goalId}
 `);
 }
@@ -11130,10 +11132,11 @@ async function goalProgress(goalId, status) {
     process.stderr.write("not logged in\n");
     process.exit(1);
   }
-  const { query } = loadApiOrDie(cfg.goalsTableName);
+  const { api, query } = loadApiOrDie(cfg.goalsTableName);
+  await api.ensureGoalsTable(cfg.goalsTableName);
   const safe = sqlIdent(cfg.goalsTableName);
   const ts = (/* @__PURE__ */ new Date()).toISOString();
-  await query(`UPDATE "${safe}" SET status = '${sqlStr(status)}', created_at = '${sqlStr(ts)}' WHERE goal_id = '${sqlStr(goalId)}'`);
+  await query(`UPDATE "${safe}" SET status = '${sqlStr(status)}', updated_at = '${sqlStr(ts)}' WHERE goal_id = '${sqlStr(goalId)}'`);
   process.stdout.write(`${goalId} -> ${status}
 `);
 }
@@ -11164,7 +11167,7 @@ async function kpiAdd(args) {
 - current: 0
 - unit: ${unit}`;
   const ts = (/* @__PURE__ */ new Date()).toISOString();
-  await query(`INSERT INTO "${safe}" (id, goal_id, kpi_id, content, version, created_at, agent, plugin_version) VALUES ('${randomUUID4()}', '${sqlStr(goalId)}', '${sqlStr(kpiId)}', E'${sqlStr(content)}', 1, '${sqlStr(ts)}', 'manual', '')`);
+  await query(`INSERT INTO "${safe}" (id, goal_id, kpi_id, content, version, created_at, updated_at, agent, plugin_version) VALUES ('${randomUUID4()}', '${sqlStr(goalId)}', '${sqlStr(kpiId)}', E'${sqlStr(content)}', 1, '${sqlStr(ts)}', '${sqlStr(ts)}', 'manual', '')`);
   process.stdout.write(`${goalId}/${kpiId}
 `);
 }
@@ -11213,7 +11216,8 @@ async function kpiBump(goalId, kpiId, deltaStr) {
     process.stderr.write("not logged in\n");
     process.exit(1);
   }
-  const { query } = loadApiOrDie(cfg.kpisTableName);
+  const { api, query } = loadApiOrDie(cfg.kpisTableName);
+  await api.ensureKpisTable(cfg.kpisTableName);
   const safe = sqlIdent(cfg.kpisTableName);
   const rows = await query(`SELECT content FROM "${safe}" WHERE goal_id = '${sqlStr(goalId)}' AND kpi_id = '${sqlStr(kpiId)}' LIMIT 1`);
   if (rows.length === 0) {
@@ -11229,7 +11233,7 @@ async function kpiBump(goalId, kpiId, deltaStr) {
     process.exit(1);
   }
   const ts = (/* @__PURE__ */ new Date()).toISOString();
-  await query(`UPDATE "${safe}" SET content = E'${sqlStr(newContent)}', created_at = '${sqlStr(ts)}' WHERE goal_id = '${sqlStr(goalId)}' AND kpi_id = '${sqlStr(kpiId)}'`);
+  await query(`UPDATE "${safe}" SET content = E'${sqlStr(newContent)}', updated_at = '${sqlStr(ts)}' WHERE goal_id = '${sqlStr(goalId)}' AND kpi_id = '${sqlStr(kpiId)}'`);
   process.stdout.write(`${goalId}/${kpiId} +${delta}
 `);
 }
@@ -11643,7 +11647,7 @@ async function runUpdate(opts = {}) {
   switch (detected.kind) {
     case "npm-global": {
       if (opts.dryRun) {
-        log(`(dry-run) Would run: npm install -g ${PKG_NAME}@latest`);
+        log(`(dry-run) Would run: npm install -g ${PKG_NAME}@${latest}`);
         log(`(dry-run) Would re-run: hivemind install --skip-auth`);
         return 0;
       }
@@ -11654,10 +11658,10 @@ async function runUpdate(opts = {}) {
       try {
         log(`Upgrading via npm\u2026`);
         try {
-          spawn5("npm", ["install", "-g", `${PKG_NAME}@latest`]);
+          spawn5("npm", ["install", "-g", `${PKG_NAME}@${latest}`]);
         } catch (e) {
           warn(`npm install failed: ${e.message}`);
-          warn(`Try running it manually: npm install -g ${PKG_NAME}@latest`);
+          warn(`Try running it manually: npm install -g ${PKG_NAME}@${latest}`);
           return 1;
         }
         log(``);
@@ -11688,7 +11692,7 @@ async function runUpdate(opts = {}) {
       log(``);
       log(`Or install globally so future updates are one command:`);
       log(``);
-      log(`  npm install -g ${PKG_NAME}@latest`);
+      log(`  npm install -g ${PKG_NAME}@${latest}`);
       return 0;
     }
     case "local-dev": {
@@ -11708,7 +11712,7 @@ async function runUpdate(opts = {}) {
         return 0;
       }
       warn(`Could not determine how hivemind was installed (path: ${detected.installDir}).`);
-      warn(`Update manually: npm install -g ${PKG_NAME}@latest`);
+      warn(`Update manually: npm install -g ${PKG_NAME}@${latest}`);
       return 1;
     }
   }

package/codex/bundle/capture.js

@@ -232,6 +232,7 @@ var GOALS_COLUMNS = Object.freeze([
   { name: "content", sql: "TEXT NOT NULL DEFAULT ''" },
   { name: "version", sql: "BIGINT NOT NULL DEFAULT 1" },
   { name: "created_at", sql: "TEXT NOT NULL DEFAULT ''" },
+  { name: "updated_at", sql: "TEXT NOT NULL DEFAULT ''" },
   { name: "agent", sql: "TEXT NOT NULL DEFAULT 'manual'" },
   { name: "plugin_version", sql: "TEXT NOT NULL DEFAULT ''" }
 ]);
@@ -242,6 +243,7 @@ var KPIS_COLUMNS = Object.freeze([
   { name: "content", sql: "TEXT NOT NULL DEFAULT ''" },
   { name: "version", sql: "BIGINT NOT NULL DEFAULT 1" },
   { name: "created_at", sql: "TEXT NOT NULL DEFAULT ''" },
+  { name: "updated_at", sql: "TEXT NOT NULL DEFAULT ''" },
   { name: "agent", sql: "TEXT NOT NULL DEFAULT 'manual'" },
   { name: "plugin_version", sql: "TEXT NOT NULL DEFAULT ''" }
 ]);
@@ -1573,7 +1575,7 @@ import { fileURLToPath as fileURLToPath2 } from "node:url";
 import { dirname as dirname5, join as join14 } from "node:path";
 
 // dist/src/hooks/summary-state.js
-import { readFileSync as readFileSync7, writeFileSync as writeFileSync5, writeSync as writeSync2, mkdirSync as mkdirSync6, renameSync as renameSync4, existsSync as existsSync6, unlinkSync as unlinkSync4, openSync as openSync3, closeSync as closeSync3 } from "node:fs";
+import { readFileSync as readFileSync7, writeFileSync as writeFileSync5, writeSync as writeSync2, mkdirSync as mkdirSync6, renameSync as renameSync4, existsSync as existsSync6, unlinkSync as unlinkSync4, openSync as openSync3, closeSync as closeSync3, statSync as statSync3 } from "node:fs";
 import { homedir as homedir9 } from "node:os";
 import { join as join10 } from "node:path";
 var dlog = (msg) => log("summary-state", msg);
@@ -1844,7 +1846,7 @@ Format: **entity** (type) \u2014 what was done with it, its current state>
 <Anything unresolved, blocked, or explicitly deferred>
 
 ## Next Steps
-<The single concrete next action to resume with, as one imperative line (e.g. "Wire the resume-brief Next Steps fallback and run the tests"). If the session reached a clean stopping point with nothing pending, write exactly: none>
+<Default to writing exactly: none. Most sessions are DONE when they end \u2014 do not invent a next step just to fill this section. Only name one when the session left GENUINELY SUBSTANTIVE, non-obvious work that a knowledgeable engineer returning later would actually need flagged. Make a real judgment: is there unfinished work truly WORTH resuming? If not, write: none. Write none when the work reached a natural stopping point, is complete, only trivial/obvious follow-ups remain, the "next step" is just continuing an open-ended exploration, or the only thing left is administrative wrap-up (committing, pushing, opening/merging a PR, deploying, monitoring CI) \u2014 treat all such wrap-up as ALREADY DONE. When a next step IS warranted, write a single concrete imperative line for the substantive work (e.g. "Wire the resume-brief Next Steps fallback and run the tests"). Administrative actions qualify ONLY when the session's core purpose itself was that release/ops task.>
 
 IMPORTANT: Be exhaustive. Extract EVERY entity, decision, and fact.
 PRIVACY: Never include absolute filesystem paths in the summary.

package/codex/bundle/commands/auth-login.js

@@ -513,6 +513,7 @@ var GOALS_COLUMNS = Object.freeze([
   { name: "content", sql: "TEXT NOT NULL DEFAULT ''" },
   { name: "version", sql: "BIGINT NOT NULL DEFAULT 1" },
   { name: "created_at", sql: "TEXT NOT NULL DEFAULT ''" },
+  { name: "updated_at", sql: "TEXT NOT NULL DEFAULT ''" },
   { name: "agent", sql: "TEXT NOT NULL DEFAULT 'manual'" },
   { name: "plugin_version", sql: "TEXT NOT NULL DEFAULT ''" }
 ]);
@@ -523,6 +524,7 @@ var KPIS_COLUMNS = Object.freeze([
   { name: "content", sql: "TEXT NOT NULL DEFAULT ''" },
   { name: "version", sql: "BIGINT NOT NULL DEFAULT 1" },
   { name: "created_at", sql: "TEXT NOT NULL DEFAULT ''" },
+  { name: "updated_at", sql: "TEXT NOT NULL DEFAULT ''" },
   { name: "agent", sql: "TEXT NOT NULL DEFAULT 'manual'" },
   { name: "plugin_version", sql: "TEXT NOT NULL DEFAULT ''" }
 ]);

package/codex/bundle/graph-pull-worker.js

@@ -222,6 +222,7 @@ var GOALS_COLUMNS = Object.freeze([
   { name: "content", sql: "TEXT NOT NULL DEFAULT ''" },
   { name: "version", sql: "BIGINT NOT NULL DEFAULT 1" },
   { name: "created_at", sql: "TEXT NOT NULL DEFAULT ''" },
+  { name: "updated_at", sql: "TEXT NOT NULL DEFAULT ''" },
   { name: "agent", sql: "TEXT NOT NULL DEFAULT 'manual'" },
   { name: "plugin_version", sql: "TEXT NOT NULL DEFAULT ''" }
 ]);
@@ -232,6 +233,7 @@ var KPIS_COLUMNS = Object.freeze([
   { name: "content", sql: "TEXT NOT NULL DEFAULT ''" },
   { name: "version", sql: "BIGINT NOT NULL DEFAULT 1" },
   { name: "created_at", sql: "TEXT NOT NULL DEFAULT ''" },
+  { name: "updated_at", sql: "TEXT NOT NULL DEFAULT ''" },
   { name: "agent", sql: "TEXT NOT NULL DEFAULT 'manual'" },
   { name: "plugin_version", sql: "TEXT NOT NULL DEFAULT ''" }
 ]);

package/codex/bundle/pre-tool-use.js

@@ -52,12 +52,6 @@ var init_index_marker_store = __esm({
   }
 });
 
-// dist/src/hooks/codex/pre-tool-use.js
-import { execFileSync } from "node:child_process";
-import { existsSync as existsSync5 } from "node:fs";
-import { join as join12, dirname as dirname3 } from "node:path";
-import { fileURLToPath as fileURLToPath3 } from "node:url";
-
 // dist/src/utils/stdin.js
 function readStdin() {
   return new Promise((resolve3, reject) => {
@@ -238,6 +232,7 @@ var GOALS_COLUMNS = Object.freeze([
   { name: "content", sql: "TEXT NOT NULL DEFAULT ''" },
   { name: "version", sql: "BIGINT NOT NULL DEFAULT 1" },
   { name: "created_at", sql: "TEXT NOT NULL DEFAULT ''" },
+  { name: "updated_at", sql: "TEXT NOT NULL DEFAULT ''" },
   { name: "agent", sql: "TEXT NOT NULL DEFAULT 'manual'" },
   { name: "plugin_version", sql: "TEXT NOT NULL DEFAULT ''" }
 ]);
@@ -248,6 +243,7 @@ var KPIS_COLUMNS = Object.freeze([
   { name: "content", sql: "TEXT NOT NULL DEFAULT ''" },
   { name: "version", sql: "BIGINT NOT NULL DEFAULT 1" },
   { name: "created_at", sql: "TEXT NOT NULL DEFAULT ''" },
+  { name: "updated_at", sql: "TEXT NOT NULL DEFAULT ''" },
   { name: "agent", sql: "TEXT NOT NULL DEFAULT 'manual'" },
   { name: "plugin_version", sql: "TEXT NOT NULL DEFAULT ''" }
 ]);
@@ -3040,12 +3036,13 @@ var SAFE_BUILTINS = /* @__PURE__ */ new Set([
   "du",
   "tree",
   "file",
+  // sed and awk removed: sed supports `-e '1e <cmd>'` (execute shell command)
+  // and awk supports `system()` / `|` pipelines — both enable arbitrary code
+  // execution through the just-bash fallback.
   "grep",
   "egrep",
   "fgrep",
   "rg",
-  "sed",
-  "awk",
   "cut",
   "tr",
   "sort",
@@ -3066,15 +3063,18 @@ var SAFE_BUILTINS = /* @__PURE__ */ new Set([
   "diff",
   "strings",
   "split",
+  // xargs removed: it executes its input as a child command (`… | xargs curl`).
+  // `find` stays because the VFS serves `find -name`, but isSafe() rejects the
+  // command-dispatching `-exec/-execdir/-ok/-okdir` primaries below.
   "find",
-  "xargs",
   "which",
   "jq",
   "yq",
   "xan",
   "base64",
   "od",
-  "tar",
+  // tar removed: --to-command=<cmd> executes an arbitrary program per entry.
+  // env removed: `env <cmd>` runs an arbitrary program.
   "gzip",
   "gunzip",
   "zcat",
@@ -3088,16 +3088,15 @@ var SAFE_BUILTINS = /* @__PURE__ */ new Set([
   "cd",
   "basename",
   "dirname",
-  "env",
   "printenv",
   "hostname",
   "whoami",
+  // timeout and time removed: both are wrappers that run an arbitrary child
+  // command (`timeout 1 curl …`, `time curl …`).
   "date",
   "seq",
   "expr",
   "sleep",
-  "timeout",
-  "time",
   "true",
   "false",
   "test",
@@ -3105,22 +3104,42 @@ var SAFE_BUILTINS = /* @__PURE__ */ new Set([
   "unalias",
   "history",
   "help",
-  "clear",
-  "for",
-  "while",
-  "do",
-  "done",
-  "if",
-  "then",
-  "else",
-  "fi",
-  "case",
-  "esac"
+  "clear"
+  // Shell control keywords removed: as a stage's first token they let a child
+  // command ride in as a later token (`if true; then curl …; fi` splits into a
+  // `then curl …` stage whose leading `then` would otherwise pass). No VFS
+  // handler emulates control flow, so dropping them only sends such commands to
+  // the guidance/deny path — they never reach a real shell.
 ]);
+function stripHeredocBodies(cmd) {
+  if (!cmd.includes("<<"))
+    return cmd;
+  const lines = cmd.split("\n");
+  const kept = [];
+  for (let i = 0; i < lines.length; i++) {
+    const line = lines[i];
+    kept.push(line);
+    const heredoc = line.match(/<<-?\s*(['"])([A-Za-z_]\w*)\1/);
+    if (!heredoc)
+      continue;
+    const delimiter = heredoc[2];
+    const stripTabs = line.includes("<<-");
+    while (i + 1 < lines.length) {
+      const body = lines[++i];
+      const probe = stripTabs ? body.replace(/^\t+/, "") : body;
+      if (probe === delimiter)
+        break;
+    }
+  }
+  return kept.join("\n");
+}
 function isSafe(cmd) {
-  if (/\$\(|`|<\(/.test(cmd))
+  const validated = stripHeredocBodies(cmd);
+  if (/\$\(|`|<\(|\$'/.test(validated))
+    return false;
+  const stripped = validated.replace(/'[^']*'/g, "''").replace(/"[^"]*"/g, '""');
+  if (/(?:^|\s)-(?:exec|execdir|ok|okdir)\b/.test(stripped))
     return false;
-  const stripped = cmd.replace(/'[^']*'/g, "''").replace(/"[^"]*"/g, '""');
   const stages = stripped.split(/\||;|&&|\|\||\n/);
   for (const stage of stages) {
     const firstToken = stage.trim().split(/\s+/)[0] ?? "";
@@ -3129,32 +3148,23 @@ function isSafe(cmd) {
   }
   return true;
 }
+function escapeRe(s) {
+  return s.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+}
+var MEMORY_BOUNDARY = "(?![A-Za-z0-9._-])";
+var MEMORY_PREFIX_RE = new RegExp("(?:" + [MEMORY_PATH, TILDE_PATH, HOME_VAR_PATH].map(escapeRe).join("|") + ")" + MEMORY_BOUNDARY);
 function touchesMemory(p) {
-  return p.includes(MEMORY_PATH) || p.includes(TILDE_PATH) || p.includes(HOME_VAR_PATH);
+  return MEMORY_PREFIX_RE.test(p);
 }
 function rewritePaths(cmd) {
-  return cmd.replace(new RegExp(MEMORY_PATH.replace(/[.*+?^${}()|[\]\\]/g, "\\$&") + "/?", "g"), "/").replace(/~\/.deeplake\/memory\/?/g, "/").replace(/\$HOME\/.deeplake\/memory\/?/g, "/").replace(/"\$HOME\/.deeplake\/memory\/?"/g, '"/"');
+  const tail = "(?:\\/|" + MEMORY_BOUNDARY + ")";
+  return cmd.replace(new RegExp(escapeRe(MEMORY_PATH) + tail, "g"), "/").replace(new RegExp(escapeRe(TILDE_PATH) + tail, "g"), "/").replace(new RegExp('"' + escapeRe(HOME_VAR_PATH) + tail + '"', "g"), '"/"').replace(new RegExp(escapeRe(HOME_VAR_PATH) + tail, "g"), "/");
 }
 
 // dist/src/hooks/codex/pre-tool-use.js
 var log6 = (msg) => log("codex-pre", msg);
-var __bundleDir = dirname3(fileURLToPath3(import.meta.url));
-var SHELL_BUNDLE = existsSync5(join12(__bundleDir, "shell", "deeplake-shell.js")) ? join12(__bundleDir, "shell", "deeplake-shell.js") : join12(__bundleDir, "..", "shell", "deeplake-shell.js");
 function buildUnsupportedGuidance() {
-  return "This command is not supported for ~/.deeplake/memory/ operations. Only bash builtins are available: cat, ls, grep, echo, jq, head, tail, sed, awk, wc, sort, find, etc. Do NOT use python, python3, node, curl, or other interpreters. Rewrite your command using only bash tools and retry.";
-}
-function runVirtualShell(cmd, shellBundle = SHELL_BUNDLE, logFn = log6) {
-  try {
-    return execFileSync("node", [shellBundle, "-c", cmd], {
-      encoding: "utf-8",
-      timeout: 1e4,
-      env: { ...process.env },
-      stdio: ["pipe", "pipe", "pipe"]
-    }).trim();
-  } catch (e) {
-    logFn(`virtual shell failed: ${e.message}`);
-    return "";
-  }
+  return "This command is not supported for ~/.deeplake/memory/ operations. Only bash builtins are available: cat, ls, grep, echo, jq, head, tail, wc, sort, find, etc. Do NOT use python, python3, node, curl, or other interpreters. Rewrite your command using only bash tools and retry.";
 }
 function buildIndexContent(rows) {
   const lines = ["# Memory Index", "", `${rows.length} sessions:`, ""];
@@ -3168,18 +3178,17 @@ function buildIndexContent(rows) {
   return lines.join("\n");
 }
 async function processCodexPreToolUse(input, deps = {}) {
-  const { config = loadConfig(), createApi = (table, activeConfig) => new DeeplakeApi(activeConfig.token, activeConfig.apiUrl, activeConfig.orgId, activeConfig.workspaceId, table), executeCompiledBashCommandFn = executeCompiledBashCommand, readVirtualPathContentsFn = readVirtualPathContents, readVirtualPathContentFn = readVirtualPathContent, listVirtualPathRowsFn = listVirtualPathRows, findVirtualPathsFn = findVirtualPaths, handleGrepDirectFn = handleGrepDirect, readCachedIndexContentFn = readCachedIndexContent, writeCachedIndexContentFn = writeCachedIndexContent, runVirtualShellFn = runVirtualShell, shellBundle = SHELL_BUNDLE, logFn = log6 } = deps;
+  const { config = loadConfig(), createApi = (table, activeConfig) => new DeeplakeApi(activeConfig.token, activeConfig.apiUrl, activeConfig.orgId, activeConfig.workspaceId, table), executeCompiledBashCommandFn = executeCompiledBashCommand, readVirtualPathContentsFn = readVirtualPathContents, readVirtualPathContentFn = readVirtualPathContent, listVirtualPathRowsFn = listVirtualPathRows, findVirtualPathsFn = findVirtualPaths, handleGrepDirectFn = handleGrepDirect, readCachedIndexContentFn = readCachedIndexContent, writeCachedIndexContentFn = writeCachedIndexContent, logFn = log6 } = deps;
   const cmd = input.tool_input?.command ?? "";
   logFn(`hook fired: cmd=${cmd}`);
   if (!touchesMemory(cmd))
     return { action: "pass" };
   const rewritten = rewritePaths(cmd);
   if (!isSafe(rewritten)) {
-    const guidance = buildUnsupportedGuidance();
-    logFn(`unsupported command, returning guidance: ${rewritten}`);
+    logFn(`unsupported command, blocking with guidance: ${rewritten}`);
     return {
-      action: "guide",
-      output: guidance,
+      action: "block",
+      output: buildUnsupportedGuidance(),
       rewrittenCommand: rewritten
     };
   }
@@ -3189,22 +3198,22 @@ async function processCodexPreToolUse(input, deps = {}) {
     const api = createApi(table, config);
     const readVirtualPathContentsWithCache = async (cachePaths) => {
       const uniquePaths = [...new Set(cachePaths)];
-      const result2 = new Map(uniquePaths.map((path) => [path, null]));
+      const result = new Map(uniquePaths.map((path) => [path, null]));
       const cachedIndex = uniquePaths.includes("/index.md") ? readCachedIndexContentFn(input.session_id) : null;
       const remainingPaths = cachedIndex === null ? uniquePaths : uniquePaths.filter((path) => path !== "/index.md");
       if (cachedIndex !== null) {
-        result2.set("/index.md", cachedIndex);
+        result.set("/index.md", cachedIndex);
       }
       if (remainingPaths.length > 0) {
         const fetched = await readVirtualPathContentsFn(api, table, sessionsTable, remainingPaths);
         for (const [path, content] of fetched)
-          result2.set(path, content);
+          result.set(path, content);
       }
-      const fetchedIndex = result2.get("/index.md");
+      const fetchedIndex = result.get("/index.md");
       if (typeof fetchedIndex === "string") {
         writeCachedIndexContentFn(input.session_id, fetchedIndex);
       }
-      return result2;
+      return result;
     };
     try {
       const compiled = await executeCompiledBashCommandFn(api, table, sessionsTable, rewritten, {
@@ -3282,6 +3291,8 @@ async function processCodexPreToolUse(input, deps = {}) {
           }
           return { action: "block", output: content, rewrittenCommand: rewritten };
         }
+        logFn(`virtual path not found: ${virtualPath}`);
+        return { action: "block", output: `${virtualPath}: No such file or directory`, rewrittenCommand: rewritten };
       }
       const lsMatch = rewritten.match(/^ls\s+(?:-[a-zA-Z]+\s+)*(\S+)?\s*$/);
       if (lsMatch) {
@@ -3327,38 +3338,38 @@ async function processCodexPreToolUse(input, deps = {}) {
           rewrittenCommand: rewritten
         };
       }
-      const findMatch = rewritten.match(/^find\s+(\S+)\s+(?:-type\s+\S+\s+)?-name\s+'([^']+)'/);
+      const findMatch = rewritten.match(/^find\s+(\S+)\s+-name\s+(?:'([^']+)'|"([^"]+)"|([^\s|]+))\s*(?:\|\s*wc\s+-l)?\s*$/);
       if (findMatch) {
         const dir = findMatch[1].replace(/\/+$/, "") || "/";
-        const namePattern = sqlLike(findMatch[2]).replace(/\*/g, "%").replace(/\?/g, "_");
-        logFn(`direct find: ${dir} -name '${findMatch[2]}'`);
+        const rawPattern = findMatch[2] ?? findMatch[3] ?? findMatch[4] ?? "";
+        const namePattern = sqlLike(rawPattern).replace(/\*/g, "%").replace(/\?/g, "_");
+        logFn(`direct find: ${dir} -name '${rawPattern}'`);
         const paths = await findVirtualPathsFn(api, table, sessionsTable, dir, namePattern);
-        let result2 = paths.join("\n") || "";
+        let result = paths.join("\n") || "";
         if (/\|\s*wc\s+-l\s*$/.test(rewritten))
-          result2 = String(paths.length);
+          result = String(paths.length);
         return {
           action: "block",
-          output: result2 || "(no matches)",
+          output: result || "(no matches)",
           rewrittenCommand: rewritten
         };
       }
       const grepParams = parseBashGrep(rewritten);
       if (grepParams) {
         logFn(`direct grep: pattern=${grepParams.pattern} path=${grepParams.targetPath}`);
-        const result2 = await handleGrepDirectFn(api, table, sessionsTable, grepParams);
-        if (result2 !== null) {
-          return { action: "block", output: result2, rewrittenCommand: rewritten };
+        const result = await handleGrepDirectFn(api, table, sessionsTable, grepParams);
+        if (result !== null) {
+          return { action: "block", output: result, rewrittenCommand: rewritten };
         }
       }
     } catch (e) {
-      logFn(`direct query failed, falling back to shell: ${e.message}`);
+      logFn(`direct query failed: ${e.message}`);
     }
   }
-  logFn(`intercepted \u2192 running via virtual shell: ${rewritten}`);
-  const result = runVirtualShellFn(rewritten, shellBundle, logFn);
+  logFn(`unroutable memory command, blocking with guidance: ${rewritten}`);
   return {
     action: "block",
-    output: result || "[Deeplake Memory] Command returned empty or the file does not exist in cloud storage.",
+    output: buildUnsupportedGuidance(),
     rewrittenCommand: rewritten
   };
 }
@@ -3387,6 +3398,5 @@ export {
   isSafe,
   processCodexPreToolUse,
   rewritePaths,
-  runVirtualShell,
   touchesMemory
 };

package/codex/bundle/session-start-setup.js

@@ -251,6 +251,7 @@ var GOALS_COLUMNS = Object.freeze([
   { name: "content", sql: "TEXT NOT NULL DEFAULT ''" },
   { name: "version", sql: "BIGINT NOT NULL DEFAULT 1" },
   { name: "created_at", sql: "TEXT NOT NULL DEFAULT ''" },
+  { name: "updated_at", sql: "TEXT NOT NULL DEFAULT ''" },
   { name: "agent", sql: "TEXT NOT NULL DEFAULT 'manual'" },
   { name: "plugin_version", sql: "TEXT NOT NULL DEFAULT ''" }
 ]);
@@ -261,6 +262,7 @@ var KPIS_COLUMNS = Object.freeze([
   { name: "content", sql: "TEXT NOT NULL DEFAULT ''" },
   { name: "version", sql: "BIGINT NOT NULL DEFAULT 1" },
   { name: "created_at", sql: "TEXT NOT NULL DEFAULT ''" },
+  { name: "updated_at", sql: "TEXT NOT NULL DEFAULT ''" },
   { name: "agent", sql: "TEXT NOT NULL DEFAULT 'manual'" },
   { name: "plugin_version", sql: "TEXT NOT NULL DEFAULT ''" }
 ]);

package/codex/bundle/session-start.js

@@ -490,6 +490,7 @@ var GOALS_COLUMNS = Object.freeze([
   { name: "content", sql: "TEXT NOT NULL DEFAULT ''" },
   { name: "version", sql: "BIGINT NOT NULL DEFAULT 1" },
   { name: "created_at", sql: "TEXT NOT NULL DEFAULT ''" },
+  { name: "updated_at", sql: "TEXT NOT NULL DEFAULT ''" },
   { name: "agent", sql: "TEXT NOT NULL DEFAULT 'manual'" },
   { name: "plugin_version", sql: "TEXT NOT NULL DEFAULT ''" }
 ]);
@@ -500,6 +501,7 @@ var KPIS_COLUMNS = Object.freeze([
   { name: "content", sql: "TEXT NOT NULL DEFAULT ''" },
   { name: "version", sql: "BIGINT NOT NULL DEFAULT 1" },
   { name: "created_at", sql: "TEXT NOT NULL DEFAULT ''" },
+  { name: "updated_at", sql: "TEXT NOT NULL DEFAULT ''" },
   { name: "agent", sql: "TEXT NOT NULL DEFAULT 'manual'" },
   { name: "plugin_version", sql: "TEXT NOT NULL DEFAULT ''" }
 ]);

package/codex/bundle/shell/deeplake-shell.js

@@ -66926,6 +66926,7 @@ var GOALS_COLUMNS = Object.freeze([
   { name: "content", sql: "TEXT NOT NULL DEFAULT ''" },
   { name: "version", sql: "BIGINT NOT NULL DEFAULT 1" },
   { name: "created_at", sql: "TEXT NOT NULL DEFAULT ''" },
+  { name: "updated_at", sql: "TEXT NOT NULL DEFAULT ''" },
   { name: "agent", sql: "TEXT NOT NULL DEFAULT 'manual'" },
   { name: "plugin_version", sql: "TEXT NOT NULL DEFAULT ''" }
 ]);
@@ -66936,6 +66937,7 @@ var KPIS_COLUMNS = Object.freeze([
   { name: "content", sql: "TEXT NOT NULL DEFAULT ''" },
   { name: "version", sql: "BIGINT NOT NULL DEFAULT 1" },
   { name: "created_at", sql: "TEXT NOT NULL DEFAULT ''" },
+  { name: "updated_at", sql: "TEXT NOT NULL DEFAULT ''" },
   { name: "agent", sql: "TEXT NOT NULL DEFAULT 'manual'" },
   { name: "plugin_version", sql: "TEXT NOT NULL DEFAULT ''" }
 ]);
@@ -69530,13 +69532,15 @@ var DeeplakeFs = class _DeeplakeFs {
       throw new Error("goalsTable not configured");
     const parts = decomposeGoalPath(r10.path);
     const safe = this.goalsTable;
-    const ts3 = r10.lastUpdateDate ?? r10.creationDate ?? (/* @__PURE__ */ new Date()).toISOString();
+    const now = (/* @__PURE__ */ new Date()).toISOString();
+    const createdAt = r10.creationDate ?? now;
+    const updatedAt = r10.lastUpdateDate ?? createdAt;
     const existing = await this.client.query(`SELECT id FROM "${safe}" WHERE goal_id = '${sqlStr(parts.goal_id)}' LIMIT 1`);
     if (existing.length > 0) {
-      await this.client.query(`UPDATE "${safe}" SET owner = '${sqlStr(parts.owner)}', status = '${sqlStr(parts.status)}', content = E'${sqlStr(r10.contentText)}', created_at = '${sqlStr(ts3)}' WHERE goal_id = '${sqlStr(parts.goal_id)}'`);
+      await this.client.query(`UPDATE "${safe}" SET owner = '${sqlStr(parts.owner)}', status = '${sqlStr(parts.status)}', content = E'${sqlStr(r10.contentText)}', updated_at = '${sqlStr(updatedAt)}' WHERE goal_id = '${sqlStr(parts.goal_id)}'`);
     } else {
       const id = randomUUID2();
-      await this.client.query(`INSERT INTO "${safe}" (id, goal_id, owner, status, content, version, created_at, agent, plugin_version) VALUES ('${id}', '${sqlStr(parts.goal_id)}', '${sqlStr(parts.owner)}', '${sqlStr(parts.status)}', E'${sqlStr(r10.contentText)}', 1, '${sqlStr(ts3)}', 'manual', '')`);
+      await this.client.query(`INSERT INTO "${safe}" (id, goal_id, owner, status, content, version, created_at, updated_at, agent, plugin_version) VALUES ('${id}', '${sqlStr(parts.goal_id)}', '${sqlStr(parts.owner)}', '${sqlStr(parts.status)}', E'${sqlStr(r10.contentText)}', 1, '${sqlStr(createdAt)}', '${sqlStr(updatedAt)}', 'manual', '')`);
     }
     this.flushed.add(r10.path);
   }
@@ -69551,13 +69555,15 @@ var DeeplakeFs = class _DeeplakeFs {
       throw new Error("kpisTable not configured");
     const parts = decomposeKpiPath(r10.path);
     const safe = this.kpisTable;
-    const ts3 = r10.lastUpdateDate ?? r10.creationDate ?? (/* @__PURE__ */ new Date()).toISOString();
+    const now = (/* @__PURE__ */ new Date()).toISOString();
+    const createdAt = r10.creationDate ?? now;
+    const updatedAt = r10.lastUpdateDate ?? createdAt;
     const existing = await this.client.query(`SELECT id FROM "${safe}" WHERE goal_id = '${sqlStr(parts.goal_id)}' AND kpi_id = '${sqlStr(parts.kpi_id)}' LIMIT 1`);
     if (existing.length > 0) {
-      await this.client.query(`UPDATE "${safe}" SET content = E'${sqlStr(r10.contentText)}', created_at = '${sqlStr(ts3)}' WHERE goal_id = '${sqlStr(parts.goal_id)}' AND kpi_id = '${sqlStr(parts.kpi_id)}'`);
+      await this.client.query(`UPDATE "${safe}" SET content = E'${sqlStr(r10.contentText)}', updated_at = '${sqlStr(updatedAt)}' WHERE goal_id = '${sqlStr(parts.goal_id)}' AND kpi_id = '${sqlStr(parts.kpi_id)}'`);
     } else {
       const id = randomUUID2();
-      await this.client.query(`INSERT INTO "${safe}" (id, goal_id, kpi_id, content, version, created_at, agent, plugin_version) VALUES ('${id}', '${sqlStr(parts.goal_id)}', '${sqlStr(parts.kpi_id)}', E'${sqlStr(r10.contentText)}', 1, '${sqlStr(ts3)}', 'manual', '')`);
+      await this.client.query(`INSERT INTO "${safe}" (id, goal_id, kpi_id, content, version, created_at, updated_at, agent, plugin_version) VALUES ('${id}', '${sqlStr(parts.goal_id)}', '${sqlStr(parts.kpi_id)}', E'${sqlStr(r10.contentText)}', 1, '${sqlStr(createdAt)}', '${sqlStr(updatedAt)}', 'manual', '')`);
     }
     this.flushed.add(r10.path);
   }

package/codex/bundle/skillify-worker.js

@@ -398,6 +398,7 @@ var GOALS_COLUMNS = Object.freeze([
   { name: "content", sql: "TEXT NOT NULL DEFAULT ''" },
   { name: "version", sql: "BIGINT NOT NULL DEFAULT 1" },
   { name: "created_at", sql: "TEXT NOT NULL DEFAULT ''" },
+  { name: "updated_at", sql: "TEXT NOT NULL DEFAULT ''" },
   { name: "agent", sql: "TEXT NOT NULL DEFAULT 'manual'" },
   { name: "plugin_version", sql: "TEXT NOT NULL DEFAULT ''" }
 ]);
@@ -408,6 +409,7 @@ var KPIS_COLUMNS = Object.freeze([
   { name: "content", sql: "TEXT NOT NULL DEFAULT ''" },
   { name: "version", sql: "BIGINT NOT NULL DEFAULT 1" },
   { name: "created_at", sql: "TEXT NOT NULL DEFAULT ''" },
+  { name: "updated_at", sql: "TEXT NOT NULL DEFAULT ''" },
   { name: "agent", sql: "TEXT NOT NULL DEFAULT 'manual'" },
   { name: "plugin_version", sql: "TEXT NOT NULL DEFAULT ''" }
 ]);