@fenglimg/fabric-server 1.6.0 → 1.8.0-rc.1

package/dist/{http-DJCTLGF4.js → http-MEFXOG3L.js}

@@ -1,27 +1,25 @@
 import {
   AGENTS_MD_RESOURCE_URI,
-  AgentsMetaFileMissingError,
-  AgentsMetaInvalidError,
+  EVENT_LEDGER_PATH,
   LEDGER_PATH,
   LEGACY_LEDGER_PATH,
-  appendLedgerEntry,
-  approveHumanLock,
+  appendEventLedgerEvent,
   contextCache,
-  ensureParentDirectory,
+  getEventLedgerPath,
   getLedgerPath,
   getLegacyLedgerPath,
   getRules,
+  invalidateRuleSyncCooldown,
+  isNodeError,
   readAgentsMeta,
-  readHumanLock,
-  readHumanLockEntry,
-  readLedger,
-  resolveLedgerPaths,
-  runDoctorReport
-} from "./chunk-TZCE2K4D.js";
+  readEventLedger,
+  runDoctorReport,
+  sha256
+} from "./chunk-E3BHIUIW.js";
 
 // src/http.ts
-import { randomUUID } from "crypto";
-import { appendFile, readFile as readFile2 } from "fs/promises";
+import { randomUUID as randomUUID2 } from "crypto";
+import { readFile as readFile3 } from "fs/promises";
 import { createMcpExpressApp } from "@modelcontextprotocol/sdk/server/express.js";
 import {
   StreamableHTTPServerTransport
@@ -29,6 +27,7 @@ import {
 import chokidar2 from "chokidar";
 
 // src/api/_error.ts
+import { FabricError } from "@fenglimg/fabric-shared/errors";
 function sendError(res, status, code, message, details) {
   const payload = {
     error: {
@@ -49,49 +48,15 @@ function sendUnknownError(res, error) {
   sendError(res, normalized.status, normalized.code, normalized.message, normalized.details);
 }
 function normalizeApiError(error) {
-  if (error instanceof Error && "status" in error && "code" in error && typeof error.status === "number" && typeof error.code === "string") {
+  if (error instanceof FabricError) {
     return {
-      status: error.status,
+      status: error.httpStatus,
       code: error.code,
-      message: error.message
-    };
-  }
-  if (error instanceof AgentsMetaFileMissingError) {
-    return {
-      status: 404,
-      code: error.code,
-      message: error.message
-    };
-  }
-  if (error instanceof AgentsMetaInvalidError) {
-    return {
-      status: 500,
-      code: error.code,
-      message: error.message
+      message: error.message,
+      details: error.details
     };
   }
   if (error instanceof Error) {
-    if (error.message.startsWith("Path escapes project root:")) {
-      return {
-        status: 403,
-        code: "PATH_OUTSIDE_PROJECT_ROOT",
-        message: error.message
-      };
-    }
-    if (error.message.startsWith("Cannot find human lock entry:")) {
-      return {
-        status: 404,
-        code: "HUMAN_LOCK_ENTRY_NOT_FOUND",
-        message: error.message
-      };
-    }
-    if (error.message.startsWith("Cannot find ledger entry:")) {
-      return {
-        status: 404,
-        code: "LEDGER_ENTRY_NOT_FOUND",
-        message: error.message
-      };
-    }
     return {
       status: 500,
       code: "INTERNAL_ERROR",
@@ -117,21 +82,186 @@ function registerDoctorApi(app, projectRoot) {
 }
 
 // src/api/events.ts
-import { createHash } from "crypto";
-import { open, readFile, stat } from "fs/promises";
+import { open, readFile as readFile2, stat } from "fs/promises";
 import { join } from "path";
 import {
   agentsMetaSchema,
   fabricEventSchema,
   forensicReportSchema,
-  humanLockFileSchema,
-  ledgerEntrySchema
+  ledgerEntrySchema as ledgerEntrySchema2
 } from "@fenglimg/fabric-shared";
+import { eventLedgerEventSchema } from "@fenglimg/fabric-shared";
 import chokidar from "chokidar";
+
+// src/services/read-ledger.ts
+import { randomUUID } from "crypto";
+import { access, copyFile, readFile, rm } from "fs/promises";
+import { ledgerEntrySchema } from "@fenglimg/fabric-shared";
+async function resolveLedgerPaths(projectRoot) {
+  const primaryPath = getLedgerPath(projectRoot);
+  const legacyPath = getLegacyLedgerPath(projectRoot);
+  const [primaryExists, legacyExists] = await Promise.all([
+    pathExists(primaryPath),
+    pathExists(legacyPath)
+  ]);
+  return {
+    primaryPath,
+    legacyPath,
+    readPath: primaryExists ? primaryPath : legacyPath,
+    usingLegacy: !primaryExists && legacyExists
+  };
+}
+async function readLedger(projectRoot, options = {}) {
+  const [legacyEntries, eventEntries] = await Promise.all([
+    readLegacyLedger(projectRoot),
+    readLedgerFromEventLedger(projectRoot)
+  ]);
+  const entries = mergeLedgerEntries(legacyEntries, eventEntries);
+  return entries.filter((entry) => options.source === void 0 || entry.source === options.source).filter((entry) => options.since === void 0 || entry.ts >= options.since);
+}
+async function readLegacyLedger(projectRoot) {
+  const { readPath } = await resolveLedgerPaths(projectRoot);
+  let raw;
+  try {
+    raw = await readFile(readPath, "utf8");
+  } catch (error) {
+    if (isNodeError(error) && error.code === "ENOENT") {
+      return [];
+    }
+    throw error;
+  }
+  return raw.split(/\r?\n/).map((line) => line.trim()).filter((line) => line.length > 0).map((line, index) => parseLedgerLine(line, index)).filter((entry) => entry !== null);
+}
+async function appendLedgerEntry(projectRoot, entry) {
+  const nextEntry = createStoredLedgerEntry(entry);
+  for (const affectedPath of nextEntry.affected_paths) {
+    await appendEventLedgerEvent(projectRoot, {
+      event_type: "edit_intent_checked",
+      ts: nextEntry.ts,
+      path: affectedPath,
+      compliant: true,
+      intent: nextEntry.intent,
+      ledger_entry_id: nextEntry.id,
+      ledger_source: nextEntry.source,
+      commit_sha: nextEntry.source === "ai" ? nextEntry.commit_sha : void 0,
+      parent_sha: nextEntry.source === "human" ? nextEntry.parent_sha : void 0,
+      parent_ledger_entry_id: nextEntry.source === "human" ? nextEntry.parent_ledger_entry_id : void 0,
+      diff_stat: nextEntry.source === "human" ? nextEntry.diff_stat : void 0,
+      annotation: nextEntry.source === "human" ? nextEntry.annotation : void 0,
+      matched_rule_context_ts: null,
+      window_ms: 0
+    });
+  }
+  return nextEntry;
+}
+function createStoredLedgerEntry(entry) {
+  return ledgerEntrySchema.parse({
+    ...entry,
+    id: entry.id ?? `ledger:${randomUUID()}`
+  });
+}
+function parseLedgerLine(line, index) {
+  try {
+    const parsed = JSON.parse(line);
+    if (parsed.kind === "mcp-event") {
+      return null;
+    }
+    const result = ledgerEntrySchema.safeParse(parsed);
+    if (!result.success) {
+      return null;
+    }
+    return {
+      ...result.data,
+      id: result.data.id ?? createDerivedId(index, line)
+    };
+  } catch {
+    return null;
+  }
+}
+async function readLedgerFromEventLedger(projectRoot) {
+  const { events } = await readEventLedger(projectRoot);
+  const grouped = /* @__PURE__ */ new Map();
+  for (const event of events) {
+    const entry = projectLedgerEvent(event);
+    if (entry === null) {
+      continue;
+    }
+    const existing = grouped.get(entry.id);
+    if (existing === void 0) {
+      grouped.set(entry.id, entry);
+      continue;
+    }
+    grouped.set(entry.id, {
+      ...existing,
+      ts: Math.min(existing.ts, entry.ts),
+      affected_paths: dedupeStrings([...existing.affected_paths, ...entry.affected_paths])
+    });
+  }
+  return Array.from(grouped.values());
+}
+function projectLedgerEvent(event) {
+  if (event.event_type !== "edit_intent_checked") {
+    return null;
+  }
+  const base = {
+    id: event.ledger_entry_id,
+    ts: event.ts,
+    intent: event.intent,
+    affected_paths: [event.path]
+  };
+  if (event.ledger_source === "human") {
+    return {
+      ...base,
+      source: "human",
+      parent_sha: event.parent_sha ?? event.ledger_entry_id,
+      parent_ledger_entry_id: event.parent_ledger_entry_id,
+      diff_stat: event.diff_stat ?? "event-ledger",
+      annotation: event.annotation
+    };
+  }
+  return {
+    ...base,
+    source: "ai",
+    commit_sha: event.commit_sha
+  };
+}
+function mergeLedgerEntries(legacyEntries, eventEntries) {
+  const byId = /* @__PURE__ */ new Map();
+  for (const entry of [...legacyEntries, ...eventEntries]) {
+    if (!byId.has(entry.id)) {
+      byId.set(entry.id, entry);
+    }
+  }
+  return Array.from(byId.values()).sort((left, right) => left.ts - right.ts);
+}
+function dedupeStrings(values) {
+  return Array.from(new Set(values));
+}
+function createDerivedId(index, line) {
+  return `ledger:${index + 1}:${sha256(line).slice("sha256:".length)}`;
+}
+async function pathExists(path) {
+  try {
+    await access(path);
+    return true;
+  } catch (error) {
+    if (isNodeError(error) && error.code === "ENOENT") {
+      return false;
+    }
+    throw error;
+  }
+}
+
+// src/api/events.ts
 var AGENTS_META_PATH = ".fabric/agents.meta.json";
-var HUMAN_LOCK_PATH = ".fabric/human-lock.json";
 var FORENSIC_PATH = ".fabric/forensic.json";
-var WATCHED_PATHS = [AGENTS_META_PATH, HUMAN_LOCK_PATH, FORENSIC_PATH, LEDGER_PATH, LEGACY_LEDGER_PATH];
+var WATCHED_PATHS = [
+  AGENTS_META_PATH,
+  FORENSIC_PATH,
+  EVENT_LEDGER_PATH,
+  LEDGER_PATH,
+  LEGACY_LEDGER_PATH
+];
 var CONNECTION_LIMIT = 10;
 var HEARTBEAT_INTERVAL_MS = 3e4;
 var WATCH_DEBOUNCE_MS = 75;
@@ -173,7 +303,8 @@ function createEventsHandler(options) {
     activeLedgerPath: getLedgerPath(projectRoot),
     ledgerOffset: 0,
     ledgerRemainder: "",
-    humanLockSnapshot: createEmptyHumanLockSnapshot(),
+    eventLedgerOffset: 0,
+    eventLedgerRemainder: "",
     nextEventId: 1,
     ringBuffer: new RingBuffer(RING_BUFFER_CAPACITY)
   };
@@ -252,7 +383,8 @@ async function ensureWatcher(state, projectRoot) {
   state.activeLedgerPath = ledgerState.path;
   state.ledgerOffset = ledgerState.size;
   state.ledgerRemainder = "";
-  state.humanLockSnapshot = await readHumanLockSnapshot(projectRoot);
+  state.eventLedgerOffset = await readFileSize(getEventLedgerPath(projectRoot));
+  state.eventLedgerRemainder = "";
   const watcher = chokidar.watch([...WATCHED_PATHS], {
     cwd: projectRoot,
     ignoreInitial: true,
@@ -306,13 +438,13 @@ async function readEventsForFile(state, projectRoot, relativePath) {
     const event = await readMetaUpdatedEvent(projectRoot);
     return event === null ? [] : [event];
   }
-  if (relativePath === HUMAN_LOCK_PATH) {
-    return await readHumanLockEvents(state, projectRoot);
-  }
   if (relativePath === FORENSIC_PATH) {
     const event = await readDriftDetectedEvent(projectRoot);
     return event === null ? [] : [event];
   }
+  if (relativePath === EVENT_LEDGER_PATH) {
+    return await readEventLedgerAppendedEvents(state, projectRoot);
+  }
   if (relativePath === LEDGER_PATH || relativePath === LEGACY_LEDGER_PATH) {
     return await readLedgerAppendedEvents(state, projectRoot);
   }
@@ -342,40 +474,6 @@ async function readDriftDetectedEvent(projectRoot) {
     payload: parsed
   };
 }
-async function readHumanLockEvents(state, projectRoot) {
-  const previousSnapshot = state.humanLockSnapshot;
-  const currentSnapshot = await readHumanLockSnapshot(projectRoot);
-  state.humanLockSnapshot = currentSnapshot;
-  const changedEntries = currentSnapshot.locked.filter((entry) => {
-    const key = getHumanLockKey(entry);
-    return previousSnapshot.hashByKey.get(key) !== entry.hash;
-  });
-  const approvedEntries = changedEntries.filter((entry) => {
-    const key = getHumanLockKey(entry);
-    return currentSnapshot.actualHashByKey.get(key) === entry.hash;
-  });
-  const driftChanged = !areSetsEqual(previousSnapshot.driftedKeys, currentSnapshot.driftedKeys);
-  const events = [];
-  if (approvedEntries.length > 0 || changedEntries.length > 0 && currentSnapshot.drifted.length === 0) {
-    events.push({
-      type: "lock:approved",
-      payload: {
-        locked: currentSnapshot.locked,
-        approved: approvedEntries.length > 0 ? approvedEntries : changedEntries
-      }
-    });
-  }
-  if (currentSnapshot.drifted.length > 0 && (driftChanged || approvedEntries.length === 0)) {
-    events.push({
-      type: "lock:drift",
-      payload: {
-        locked: currentSnapshot.locked,
-        drifted: currentSnapshot.drifted
-      }
-    });
-  }
-  return events;
-}
 async function readLedgerAppendedEvents(state, projectRoot) {
   const ledgerState = await resolveLedgerWatchState(projectRoot);
   const ledgerPath = ledgerState.path;
@@ -407,6 +505,31 @@ async function readLedgerAppendedEvents(state, projectRoot) {
     await handle.close();
   }
 }
+async function readEventLedgerAppendedEvents(state, projectRoot) {
+  const eventLedgerPath = getEventLedgerPath(projectRoot);
+  const nextSize = await readFileSize(eventLedgerPath);
+  if (nextSize < state.eventLedgerOffset) {
+    state.eventLedgerOffset = 0;
+    state.eventLedgerRemainder = "";
+  }
+  if (nextSize === state.eventLedgerOffset) {
+    return [];
+  }
+  const startOffset = state.eventLedgerOffset;
+  state.eventLedgerOffset = nextSize;
+  const handle = await open(eventLedgerPath, "r");
+  try {
+    const length = nextSize - startOffset;
+    const buffer = Buffer.alloc(length);
+    await handle.read(buffer, 0, length, startOffset);
+    const chunk = `${state.eventLedgerRemainder}${buffer.toString("utf8")}`;
+    const lines = chunk.split(/\r?\n/);
+    state.eventLedgerRemainder = chunk.endsWith("\n") ? "" : lines.pop() ?? "";
+    return lines.map((line) => line.trim()).filter((line) => line.length > 0).map(parseEventLedgerAppendedEvent).filter((event) => event !== null);
+  } finally {
+    await handle.close();
+  }
+}
 async function resolveLedgerWatchState(projectRoot) {
   const paths = await resolveLedgerPaths(projectRoot);
   const path = paths.usingLegacy ? paths.legacyPath : paths.primaryPath;
@@ -419,7 +542,7 @@ function parseLedgerAppendedEvent(line) {
     if (parsed.kind === "mcp-event") {
       return null;
     }
-    const validation = ledgerEntrySchema.safeParse(parsed);
+    const validation = ledgerEntrySchema2.safeParse(parsed);
     if (!validation.success) {
       return null;
     }
@@ -431,6 +554,26 @@ function parseLedgerAppendedEvent(line) {
     return null;
   }
 }
+function parseEventLedgerAppendedEvent(line) {
+  try {
+    const parsed = eventLedgerEventSchema.safeParse(JSON.parse(line));
+    if (!parsed.success || parsed.data.event_type !== "edit_intent_checked") {
+      return null;
+    }
+    return {
+      type: "ledger:appended",
+      payload: {
+        id: parsed.data.ledger_entry_id,
+        ts: parsed.data.ts,
+        source: "ai",
+        intent: parsed.data.intent,
+        affected_paths: [parsed.data.path]
+      }
+    };
+  } catch {
+    return null;
+  }
+}
 function broadcastEvent(state, event) {
   const payload = fabricEventSchema.parse(event);
   const eventId = state.nextEventId++;
@@ -460,68 +603,6 @@ data: ${data}
     }
   }
 }
-async function readHumanLockSnapshot(projectRoot) {
-  const humanLockPath = join(projectRoot, HUMAN_LOCK_PATH);
-  const raw = await readUtf8File(humanLockPath);
-  if (raw === null) {
-    return createEmptyHumanLockSnapshot();
-  }
-  const parsed = humanLockFileSchema.parse(JSON.parse(raw));
-  const locked = parsed.locked ?? [];
-  const actualHashByKey = await readActualHumanLockHashes(projectRoot, locked);
-  const drifted = locked.filter((entry) => actualHashByKey.get(getHumanLockKey(entry)) !== entry.hash);
-  return {
-    locked,
-    drifted,
-    driftedKeys: new Set(drifted.map((entry) => getHumanLockKey(entry))),
-    hashByKey: new Map(locked.map((entry) => [getHumanLockKey(entry), entry.hash])),
-    actualHashByKey
-  };
-}
-async function readActualHumanLockHashes(projectRoot, locked) {
-  const uniqueFiles = Array.from(new Set(locked.map((entry) => entry.file)));
-  const fileContents = await Promise.all(
-    uniqueFiles.map(async (file) => {
-      const raw = await readUtf8File(join(projectRoot, file));
-      return [file, raw];
-    })
-  );
-  const contentByFile = new Map(fileContents);
-  return new Map(
-    locked.map((entry) => {
-      const content = contentByFile.get(entry.file);
-      return [getHumanLockKey(entry), content == null ? "missing" : hashLockedContent(content, entry)];
-    })
-  );
-}
-function hashLockedContent(content, entry) {
-  const lines = content.split(/\r?\n/);
-  const slice = lines.slice(Math.max(entry.start_line - 1, 0), Math.max(entry.end_line, 0)).join("\n");
-  return `sha256:${createHash("sha256").update(slice).digest("hex")}`;
-}
-function getHumanLockKey(entry) {
-  return `${entry.file}:${entry.start_line}:${entry.end_line}`;
-}
-function createEmptyHumanLockSnapshot() {
-  return {
-    locked: [],
-    drifted: [],
-    driftedKeys: /* @__PURE__ */ new Set(),
-    hashByKey: /* @__PURE__ */ new Map(),
-    actualHashByKey: /* @__PURE__ */ new Map()
-  };
-}
-function areSetsEqual(left, right) {
-  if (left.size !== right.size) {
-    return false;
-  }
-  for (const value of left) {
-    if (!right.has(value)) {
-      return false;
-    }
-  }
-  return true;
-}
 function readLastEventId(req) {
   const header = req.headers["last-event-id"];
   const headerValue = Array.isArray(header) ? header[0] : header;
@@ -542,9 +623,9 @@ function normalizePath(value) {
 }
 async function readUtf8File(path) {
   try {
-    return await readFile(path, "utf8");
+    return await readFile2(path, "utf8");
   } catch (error) {
-    if (isNodeError(error) && error.code === "ENOENT") {
+    if (isNodeError2(error) && error.code === "ENOENT") {
       return null;
     }
     throw error;
@@ -555,13 +636,13 @@ async function readFileSize(path) {
     const fileStat = await stat(path);
     return fileStat.size;
   } catch (error) {
-    if (isNodeError(error) && error.code === "ENOENT") {
+    if (isNodeError2(error) && error.code === "ENOENT") {
       return 0;
     }
     throw error;
   }
 }
-function isNodeError(error) {
+function isNodeError2(error) {
   return error instanceof Error;
 }
 
@@ -572,17 +653,26 @@ import { historyStateQuerySchema } from "@fenglimg/fabric-shared";
 import { execFile } from "child_process";
 import { promisify } from "util";
 import { agentsMetaSchema as agentsMetaSchema2 } from "@fenglimg/fabric-shared";
+import { IOFabricError, RuleError } from "@fenglimg/fabric-shared/errors";
 var execFileAsync = promisify(execFile);
 var AGENTS_META_GIT_PATH = ".fabric/agents.meta.json";
-var HistoryReplayError = class extends Error {
-  constructor(message, code, status) {
-    super(message);
-    this.code = code;
-    this.status = status;
-    this.name = "HistoryReplayError";
-  }
-  code;
-  status;
+var HistoryStateNotFoundError = class extends IOFabricError {
+  code = "HISTORY_STATE_NOT_FOUND";
+  httpStatus = 404;
+  constructor(message, opts) {
+    super(message, {
+      actionHint: opts?.actionHint ?? "Ensure the ledger exists and the requested timestamp or entry ID is within its range"
+    });
+  }
+};
+var LedgerEntryNotFoundError = class extends RuleError {
+  code = "LEDGER_ENTRY_NOT_FOUND";
+  httpStatus = 404;
+  constructor(message, opts) {
+    super(message, {
+      actionHint: opts?.actionHint ?? "Verify the ledger entry ID exists in the current ledger"
+    });
+  }
 };
 async function rehydrateAgentsMetaAt(projectRoot, target) {
   const ledger = await readLedger(projectRoot);
@@ -590,10 +680,8 @@ async function rehydrateAgentsMetaAt(projectRoot, target) {
   const replayedEntries = ledger.slice(0, selectedIndex + 1);
   const selectedEntry = replayedEntries.at(-1);
   if (selectedEntry === void 0) {
-    throw new HistoryReplayError(
-      "Cannot rehydrate history state because the ledger is empty.",
-      "HISTORY_STATE_NOT_FOUND",
-      404
+    throw new HistoryStateNotFoundError(
+      "Cannot rehydrate history state because the ledger is empty."
     );
   }
   const commitCandidates = collectCommitCandidates(replayedEntries);
@@ -628,10 +716,8 @@ function resolveTargetIndex(ledger, target) {
   if ("ledgerEntryId" in target) {
     const index = ledger.findIndex((entry) => entry.id === target.ledgerEntryId);
     if (index === -1) {
-      throw new HistoryReplayError(
-        `Cannot find ledger entry: ${target.ledgerEntryId}`,
-        "LEDGER_ENTRY_NOT_FOUND",
-        404
+      throw new LedgerEntryNotFoundError(
+        `Cannot find ledger entry: ${target.ledgerEntryId}`
       );
     }
     return index;
@@ -641,10 +727,8 @@ function resolveTargetIndex(ledger, target) {
       return index;
     }
   }
-  throw new HistoryReplayError(
-    `Cannot find ledger entry at or before timestamp: ${new Date(target.timestamp).toISOString()}`,
-    "HISTORY_STATE_NOT_FOUND",
-    404
+  throw new HistoryStateNotFoundError(
+    `Cannot find ledger entry at or before timestamp: ${new Date(target.timestamp).toISOString()}`
   );
 }
 function collectCommitCandidates(entries) {
@@ -746,58 +830,6 @@ function registerHistoryApi(app, projectRoot) {
   });
 }
 
-// src/api/human-lock.ts
-import { humanLockApproveRequestSchema, humanLockFileParamsSchema } from "@fenglimg/fabric-shared";
-function registerHumanLockApi(app, projectRoot) {
-  app.get("/api/human-lock", async (_req, res) => {
-    try {
-      await readAgentsMeta(projectRoot);
-      res.json(await readHumanLock(projectRoot));
-    } catch (error) {
-      sendUnknownError(res, error);
-    }
-  });
-  app.get(/^\/api\/human-lock\/(.+)$/, async (req, res) => {
-    const rawFile = typeof req.params[0] === "string" ? decodeURIComponent(req.params[0]) : "";
-    const validation = humanLockFileParamsSchema.safeParse({
-      file: rawFile
-    });
-    if (!validation.success) {
-      sendValidationError(res, "Invalid human-lock file path", validation.error.flatten());
-      return;
-    }
-    try {
-      await readAgentsMeta(projectRoot);
-      const entry = await readHumanLockEntry(projectRoot, validation.data.file);
-      if (entry === null) {
-        sendError(
-          res,
-          404,
-          "HUMAN_LOCK_ENTRY_NOT_FOUND",
-          `Cannot find human lock entry: ${validation.data.file}`
-        );
-        return;
-      }
-      res.json(entry);
-    } catch (error) {
-      sendUnknownError(res, error);
-    }
-  });
-  app.post("/api/human-lock/approve", async (req, res) => {
-    const validation = humanLockApproveRequestSchema.safeParse(req.body);
-    if (!validation.success) {
-      sendValidationError(res, "Invalid human-lock approval payload", validation.error.flatten());
-      return;
-    }
-    try {
-      await readAgentsMeta(projectRoot);
-      res.json(await approveHumanLock(projectRoot, validation.data));
-    } catch (error) {
-      sendUnknownError(res, error);
-    }
-  });
-}
-
 // src/api/intent.ts
 import { annotateIntentRequestSchema } from "@fenglimg/fabric-shared";
 
@@ -806,7 +838,7 @@ async function annotateIntent(projectRoot, input) {
   const entries = await readLedger(projectRoot);
   const parentEntry = entries.find((entry2) => entry2.id === input.ledger_entry_id);
   if (parentEntry === void 0) {
-    throw new Error(`Cannot find ledger entry: ${input.ledger_entry_id}`);
+    throw new LedgerEntryNotFoundError(`Cannot find ledger entry: ${input.ledger_entry_id}`);
   }
   const lastEntry = entries[entries.length - 1];
   if (lastEntry?.source === "human" && lastEntry.parent_ledger_entry_id === input.ledger_entry_id && lastEntry.annotation === input.annotation) {
@@ -1065,7 +1097,7 @@ function warnMissingDashboard(staticDir) {
 }
 
 // src/middleware/bearer-auth.ts
-import { createHash as createHash2, timingSafeEqual } from "crypto";
+import { createHash, timingSafeEqual } from "crypto";
 function createBearerAuthMiddleware(token) {
   const expectedDigest = hashToken(token);
   return function bearerAuthMiddleware(req, res, next) {
@@ -1098,30 +1130,25 @@ function tokensMatch(token, expectedDigest) {
   return timingSafeEqual(hashToken(token), expectedDigest);
 }
 function hashToken(token) {
-  return createHash2("sha256").update(token, "utf8").digest();
+  return createHash("sha256").update(token, "utf8").digest();
 }
 
 // src/http.ts
 var DEFAULT_HOST = "127.0.0.1";
 var NOTIFY_DEBOUNCE_MS = 200;
 var JsonlEventStore = class {
-  constructor(projectRoot, ledgerPath) {
+  constructor(projectRoot) {
     this.projectRoot = projectRoot;
-    this.ledgerPath = ledgerPath;
   }
   projectRoot;
-  ledgerPath;
   async storeEvent(streamId, message) {
-    const eventId = randomUUID();
-    const entry = {
-      kind: "mcp-event",
-      eventId,
-      streamId,
+    const eventId = randomUUID2();
+    await appendEventLedgerEvent(this.projectRoot, {
+      event_type: "mcp_event",
+      mcp_event_id: eventId,
+      stream_id: streamId,
       message
-    };
-    await ensureParentDirectory(this.ledgerPath);
-    await appendFile(this.ledgerPath, `${JSON.stringify(entry)}
-`, "utf8");
+    });
     return eventId;
   }
   async getStreamIdForEventId(eventId) {
@@ -1147,15 +1174,30 @@ var JsonlEventStore = class {
     return streamId;
   }
   async readEvents() {
+    const { events: eventLedgerEvents } = await readEventLedger(this.projectRoot);
+    const projectedEvents = eventLedgerEvents.flatMap((event) => {
+      if (event.event_type !== "mcp_event") {
+        return [];
+      }
+      return [{
+        kind: "mcp-event",
+        eventId: event.mcp_event_id,
+        streamId: event.stream_id,
+        message: event.message
+      }];
+    });
+    if (projectedEvents.length > 0) {
+      return projectedEvents;
+    }
     let raw;
     try {
-      raw = await readFile2(this.ledgerPath, "utf8");
+      raw = await readFile3(getLedgerPath(this.projectRoot), "utf8");
     } catch (error) {
-      if (isNodeError2(error) && error.code === "ENOENT") {
+      if (isNodeError3(error) && error.code === "ENOENT") {
         try {
-          raw = await readFile2(getLegacyLedgerPath(this.projectRoot), "utf8");
+          raw = await readFile3(getLegacyLedgerPath(this.projectRoot), "utf8");
         } catch (legacyError) {
-          if (isNodeError2(legacyError) && legacyError.code === "ENOENT") {
+          if (isNodeError3(legacyError) && legacyError.code === "ENOENT") {
             return [];
           }
           throw legacyError;
@@ -1167,15 +1209,45 @@ var JsonlEventStore = class {
     return raw.split(/\r?\n/).map((line) => line.trim()).filter((line) => line.length > 0).map((line) => parseStoredMcpEvent(line)).filter((event) => event !== null);
   }
 };
+function handleCacheWatcherEvent(relativePath, projectRoot, sessions, timers) {
+  const normalized = relativePath.replaceAll("\\", "/");
+  if (normalized === ".fabric/agents.meta.json") {
+    contextCache.invalidate("file_watch", projectRoot);
+    clearTimeout(timers.getToolListTimer());
+    timers.setToolListTimer(
+      setTimeout(() => {
+        notifyAllSessions(sessions, "tools/list_changed");
+      }, NOTIFY_DEBOUNCE_MS)
+    );
+    return;
+  }
+  if (normalized === ".fabric/bootstrap/README.md") {
+    contextCache.invalidate("file_watch", projectRoot);
+    clearTimeout(timers.getAgentsMdTimer());
+    timers.setAgentsMdTimer(
+      setTimeout(() => {
+        notifyAllSessions(sessions, "resource_updated", AGENTS_MD_RESOURCE_URI);
+      }, NOTIFY_DEBOUNCE_MS)
+    );
+    return;
+  }
+  if (normalized.startsWith(".fabric/rules/") && normalized.endsWith(".md")) {
+    contextCache.invalidate("file_watch", projectRoot);
+    invalidateRuleSyncCooldown(projectRoot);
+  }
+}
 function createFabricHttpApp(options) {
   const { projectRoot, host = DEFAULT_HOST, authToken, dashboardDistPath, dev } = options;
   const app = createMcpExpressApp({ host });
-  const ledgerPath = getLedgerPath(projectRoot);
-  const eventStore = new JsonlEventStore(projectRoot, ledgerPath);
+  const eventStore = new JsonlEventStore(projectRoot);
   const sessions = /* @__PURE__ */ new Map();
   process.env.FABRIC_PROJECT_ROOT = projectRoot;
   const cacheWatcher = chokidar2.watch(
-    [".fabric/agents.meta.json", ".fabric/bootstrap/README.md"],
+    [
+      ".fabric/agents.meta.json",
+      ".fabric/bootstrap/README.md",
+      ".fabric/rules/**/*.md"
+    ],
     {
       cwd: projectRoot,
       ignoreInitial: true,
@@ -1187,22 +1259,21 @@ function createFabricHttpApp(options) {
   );
   let agentsMdNotifyTimer;
   let toolListNotifyTimer;
-  cacheWatcher.on("change", (relativePath) => {
-    const normalized = relativePath.replaceAll("\\", "/");
-    if (normalized === ".fabric/agents.meta.json") {
-      contextCache.invalidate("file_watch", projectRoot);
-      clearTimeout(toolListNotifyTimer);
-      toolListNotifyTimer = setTimeout(() => {
-        notifyAllSessions(sessions, "tools/list_changed");
-      }, NOTIFY_DEBOUNCE_MS);
-    } else if (normalized === ".fabric/bootstrap/README.md") {
-      contextCache.invalidate("file_watch", projectRoot);
-      clearTimeout(agentsMdNotifyTimer);
-      agentsMdNotifyTimer = setTimeout(() => {
-        notifyAllSessions(sessions, "resource_updated", AGENTS_MD_RESOURCE_URI);
-      }, NOTIFY_DEBOUNCE_MS);
-    }
-  });
+  const onCacheWatcherEvent = (relativePath) => {
+    handleCacheWatcherEvent(relativePath, projectRoot, sessions, {
+      getAgentsMdTimer: () => agentsMdNotifyTimer,
+      getToolListTimer: () => toolListNotifyTimer,
+      setAgentsMdTimer: (t) => {
+        agentsMdNotifyTimer = t;
+      },
+      setToolListTimer: (t) => {
+        toolListNotifyTimer = t;
+      }
+    });
+  };
+  cacheWatcher.on("change", onCacheWatcherEvent);
+  cacheWatcher.on("add", onCacheWatcherEvent);
+  cacheWatcher.on("unlink", onCacheWatcherEvent);
   let disposed = false;
   app.dispose = async () => {
     if (disposed) {
@@ -1226,7 +1297,6 @@ function createFabricHttpApp(options) {
   registerHistoryApi(app, projectRoot);
   registerScanApi(app, projectRoot);
   registerDoctorApi(app, projectRoot);
-  registerHumanLockApi(app, projectRoot);
   registerIntentApi(app, projectRoot);
   app.get("/events", createEventsHandler({ projectRoot }));
   app.all("/mcp", async (req, res) => {
@@ -1268,7 +1338,7 @@ async function createSession(eventStore, sessions) {
   const { createFabricServer } = await import("./index.js");
   const server = createFabricServer();
   const transport = new StreamableHTTPServerTransport({
-    sessionIdGenerator: randomUUID,
+    sessionIdGenerator: randomUUID2,
     enableJsonResponse: true,
     eventStore,
     onsessioninitialized: async (sessionId) => {
@@ -1331,10 +1401,10 @@ function writeJsonRpcError(res, status, code, message) {
     id: null
   });
 }
-function isNodeError2(error) {
+function isNodeError3(error) {
   return error instanceof Error;
 }
 export {
   createFabricHttpApp,
-  notifyAllSessions
+  handleCacheWatcherEvent
 };