@fiale-plus/pi-rogue-bundle 0.1.19 → 0.1.20

package/README.md

@@ -6,7 +6,7 @@ It stitches together (and bundles for a true single-package install):
 
 - `@fiale-plus/pi-core` (shared contracts/helpers)
 - `@fiale-plus/pi-rogue-advisor` (logic; direct releases paused)
-- `@fiale-plus/pi-rogue-context-broker` (beta context-broker runtime; disabled by default)
+- `@fiale-plus/pi-rogue-context-broker` (context-broker runtime; registered by default with an env kill switch)
 - `@fiale-plus/pi-rogue-orchestration` (logic; direct releases paused)
 
 Direct installs of the advisor/orchestration packages are paused (marked private). All users and future releases go through the bundle. See `docs/release.md` and root `AGENTS.md` / `README.md` for the release policy.
@@ -28,9 +28,9 @@ npm install
 ## Scope boundaries
 
 - **Lab / internal helpers are excluded from this bundle.**
-- The beta context-broker runtime is bundled for opt-in experiments but is not registered/enabled by default.
-- Opt-in consumers can import the runtime through the bundle subpath: `@fiale-plus/pi-rogue-bundle/context-broker`.
-- Set `PI_CONTEXT_BROKER_ENABLED=true` before starting Pi to register the beta `/context` command surface and prompt-load rewriting.
+- The context-broker runtime is bundled and registered by default in the bundle.
+- Consumers can import the runtime through the bundle subpath: `@fiale-plus/pi-rogue-bundle/context-broker`.
+- Set `PI_CONTEXT_BROKER_ENABLED=false` before starting Pi to disable the `/context` command surface and prompt-load rewriting.
 - Optional durable broker storage can be enabled with `PI_CONTEXT_BROKER_DURABLE=true` or `PI_CONTEXT_BROKER_STORE_DIR=/path/to/store`; it defaults to SQLite/FTS and supports `PI_CONTEXT_BROKER_BACKEND=jsonl` for the legacy JSONL/blob backend.
 - `@fiale-plus/pi-rogue-bundle` is the only published surface for the logic.
 - Internal helper packages (`@fiale-plus/pi-rogue-guardrails`, `@fiale-plus/pi-rogue-brain`, `@fiale-plus/pi-rogue-repo-arch`) are maintained separately in the lab section and not published.
@@ -38,7 +38,7 @@ npm install
 ## Command surface
 
 - Default: `/advisor`, `/goal`, `/loop`, `/autoresearch`, `/autoresearch-lab` plus status/config/command paths (all provided via the bundle).
-- Opt-in beta: `PI_CONTEXT_BROKER_ENABLED=true` adds `/context status`, `/context brief`, `/context lookup <handle|text>`, `/context pin <handle>`, and `/context prune` with autocomplete.
+- Context broker: enabled by default; `PI_CONTEXT_BROKER_ENABLED=false` disables `/context status`, `/context brief`, `/context lookup <handle|text>`, `/context pin <handle>`, `/context export <handle>`, and `/context prune` with autocomplete.
 
 ## Status
 

package/node_modules/@fiale-plus/pi-core/src/context-broker.ts

@@ -77,6 +77,8 @@ export interface ContextBrokerStatus {
 export interface ContextBrokerOptions {
   maxRecords?: number;
   maxBytes?: number;
+  globalMaxRecords?: number;
+  globalMaxBytes?: number;
   defaultTtlMs?: number;
   hotTtlMs?: number;
   warmTtlMs?: number;

package/node_modules/@fiale-plus/pi-rogue-context-broker/README.md

@@ -8,37 +8,46 @@ This package contains the executable in-memory bounded broker implementation:
 - Lookups support handle, session, kind, tag, path, command prefix, branch, tier, and text filters.
 - Omitted summaries become metadata-only placeholders, keeping raw payloads out of prompt briefs by default.
 - Artifacts are classified as hot/warm/cold on publish; prompt briefs render hot first, warm second, and exclude cold unless explicitly queried.
-- Pruning enforces per-session record/byte caps, tier-specific record/byte caps, TTL expiry on reads, and pinned-artifact retention.
+- Pruning enforces per-session record/byte caps, optional global (cross-session) record/byte caps, tier-specific caps, TTL expiry on reads, and pinned-artifact retention.
 
-It is intentionally disabled by default in the bundle.
+It is registered by default in the bundle, with an explicit env kill switch.
 
-## Opt-in beta extension
+## Mainline extension
 
-Set `PI_CONTEXT_BROKER_ENABLED=true` before starting Pi with the bundle installed to enable the beta extension:
+The bundle registers a `context_lookup` LLM tool plus `/context` commands by default. To disable the runtime for rollback:
 
 ```bash
-PI_CONTEXT_BROKER_ENABLED=true pi
+PI_CONTEXT_BROKER_ENABLED=false pi
 ```
 
-When enabled, the bundle registers a `context_lookup` LLM tool plus `/context` commands:
+When active, the bundle registers:
 
-- `/context status` — enabled state, record/byte counts, pinned counts.
+- `/context status` — enabled state, record/byte counts, pinned counts, and routing telemetry.
 - `/context brief` — bounded prompt-safe broker brief with handles and summaries.
 - `/context lookup <handle|text>` — exact handle rehydration or current-session text search.
 - `/context pin <handle>` — protect an artifact from normal TTL/cap pruning.
+- `/context export <handle>` — write full payload to a temp file without dumping it into prompt.
 - `/context prune` — run TTL/cap pruning immediately.
 
 The command includes autocomplete for subcommands and known artifact handles. Exact handle lookup returns clipped payload text; text search returns a smaller clipped excerpt, and truncation is marked explicitly.
 
 Optional durability is available with `PI_CONTEXT_BROKER_DURABLE=true` or `PI_CONTEXT_BROKER_STORE_DIR=/path/to/store`. Durable mode now defaults to SQLite (`artifacts.sqlite`) with an FTS index for text lookup, so exact handles, tier, and pin state survive restarts without replay reconstruction. Set `PI_CONTEXT_BROKER_BACKEND=jsonl` to use the legacy JSONL/blob backend.
 
+- `PI_CONTEXT_BROKER_REWRITE_THRESHOLD_BYTES` controls when large `toolResult` / `bashExecution` payloads are rewritten in-context. The default is `0` (rewritten), so raw tool evidence is replaced by handles by default.
+
+For quieter sessions, set `PI_CONTEXT_BROKER_REWRITE_THRESHOLD_BYTES` to a higher value to only rewrite larger outputs.
+
+
 ## Session behavior and limits
 
-- On session start/reload, the beta backfills the current Pi session branch from `toolResult` and prompt-visible `bashExecution` entries.
+- On session start/reload, the runtime backfills the current Pi session branch from `toolResult` and prompt-visible `bashExecution` entries.
 - Backfill is idempotent by session entry id, skips malformed entries instead of failing the session, and honors Pi's `excludeFromContext` bash entries.
 - Without durable mode, restarting Pi loses broker state until the current branch is backfilled again.
-- Prompt integration injects a bounded, tier-aware broker brief and lookup guidance; the LLM also gets a `context_lookup` tool for exact handle dereferencing.
-- The `context` hook rewrites large `toolResult` and prompt-visible `bashExecution` payloads in the LLM-bound message copy to broker handles and summaries, reducing prompt load while preserving exact `/context lookup` rehydration.
+- Prompt integration injects a bounded, tier-aware broker brief and lookup guidance; the LLM also gets a `context_lookup` tool for exact handle dereferencing. Payloads that hit hostile-binary heuristics are represented in prompt as handles plus short guidance to export the full content.
+- The `context` hook rewrites prompt-visible `toolResult` and `bashExecution` payloads in the LLM-bound message copy to broker handles and summaries, reducing prompt load while preserving exact `/context lookup` rehydration.
 - Pi `excludeFromContext` bash entries are not backfilled or rewritten into broker prompts.
 - Basic secret redaction runs before broker storage and display for common token/password/API-key patterns.
-- Rollback is immediate: unset `PI_CONTEXT_BROKER_ENABLED` and `/reload` or restart Pi. Disable durable writes by unsetting `PI_CONTEXT_BROKER_DURABLE` and `PI_CONTEXT_BROKER_STORE_DIR`.
+- Optional global caps can be configured via env vars:
+  - `PI_CONTEXT_BROKER_GLOBAL_MAX_RECORDS`
+  - `PI_CONTEXT_BROKER_GLOBAL_MAX_BYTES`
+- Rollback is immediate: set `PI_CONTEXT_BROKER_ENABLED=false` and `/reload` or restart Pi. Disable durable writes by unsetting `PI_CONTEXT_BROKER_DURABLE` and `PI_CONTEXT_BROKER_STORE_DIR`.

package/node_modules/@fiale-plus/pi-rogue-context-broker/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@fiale-plus/pi-rogue-context-broker",
   "version": "0.1.0",
-  "description": "Beta context broker runtime for Pi-Rogue. In-memory bounded broker implementation behind explicit opt-in.",
+  "description": "Context broker runtime for Pi-Rogue with bounded handle-first prompt payload storage.",
   "private": true,
   "type": "module",
   "license": "MIT",

package/node_modules/@fiale-plus/pi-rogue-context-broker/src/extension.test.ts

@@ -52,7 +52,7 @@ async function runHandlers(handlers: Map<string, any[]>, name: string, event: an
   }
 }
 
-describe("context broker beta enablement", () => {
+describe("context broker extension enablement", () => {
   const oldEnv = process.env.PI_CONTEXT_BROKER_ENABLED;
 
   afterEach(() => {
@@ -117,7 +117,7 @@ describe("context broker beta enablement", () => {
 
     expect(notifications[0].message).toContain("Backfilled 2/2");
     expect(notifications[1].message).toContain("Backfilled 0/2");
-    expect(notifications.at(-2)?.message).toContain("records=2");
+    expect(notifications.find((entry) => entry.message.includes("Context broker: enabled"))?.message).toContain("records=2");
     expect(notifications.at(-1)?.message).toContain("README.md");
   });
 
@@ -251,6 +251,33 @@ describe("context broker beta enablement", () => {
     rmSync(exportPath);
   });
 
+  it("omits hostile payloads from lookup output and suggests export", async () => {
+    const { pi, handlers, commands } = createPiMock();
+    registerContextBrokerBeta(pi);
+    const { ctx, notifications } = createCtx();
+    const payload = `safe\u0000binary${"\u0007".repeat(12)}tail`;
+
+    await runHandlers(handlers, "session_start", { type: "session_start" }, ctx);
+    await runHandlers(handlers, "tool_result", {
+      type: "tool_result",
+      toolCallId: "call-hostile",
+      toolName: "bash",
+      input: { command: "printf host" },
+      content: [{ type: "text", text: payload }],
+      isError: false,
+    }, ctx);
+
+    const lookupCompletion = commands.get("context").getArgumentCompletions("lookup ")?.[0];
+    expect(lookupCompletion?.value.startsWith("lookup ctx://")).toBe(true);
+    const lookupHandle = lookupCompletion?.value.replace(/^lookup /, "");
+
+    await commands.get("context").handler(`lookup ${lookupHandle}`, ctx);
+    const commandMessage = notifications.at(-1)?.message ?? "";
+    expect(commandMessage).toContain("payload intentionally omitted from prompt");
+    expect(commandMessage).toContain("/context export");
+    expect(commandMessage).not.toContain("\u0000");
+  });
+
   it("text search lookup returns a smaller byte-clipped excerpt", async () => {
     const { pi, handlers, commands } = createPiMock();
     registerContextBrokerBeta(pi, { lookupBytes: 80, searchBytes: 50 });
@@ -277,7 +304,7 @@ describe("context broker beta enablement", () => {
     const { pi, handlers, commands } = createPiMock();
     registerContextBrokerBeta(pi);
     const { ctx, notifications } = createCtx();
-    const rawPayload = `${"SAFE"}\u0000${"\x1B"}[31mBLOCK\u0000`;
+    const rawPayload = `${"SAFE"}\u0000${"x".repeat(220)}`;
 
     await runHandlers(handlers, "session_start", { type: "session_start" }, ctx);
     await runHandlers(handlers, "tool_result", {
@@ -294,7 +321,6 @@ describe("context broker beta enablement", () => {
 
     const message = notifications.at(-1)?.message ?? "";
     expect(message).toContain("\\u0000");
-    expect(message).toContain("\\u001b");
     expect(message).not.toContain(String.fromCharCode(0));
   });
 
@@ -319,6 +345,44 @@ describe("context broker beta enablement", () => {
     expect(result.content[0].text).toContain("exact evidence payload");
   });
 
+  it("reports routing telemetry in /context status", async () => {
+    const { pi, handlers, commands, tools } = createPiMock();
+    registerContextBrokerBeta(pi, { rewriteThresholdBytes: 1, lookupBytes: 500, searchBytes: 500 });
+    const { ctx, notifications } = createCtx();
+
+    await runHandlers(handlers, "session_start", { type: "session_start" }, ctx);
+    await runHandlers(handlers, "tool_result", {
+      type: "tool_result",
+      toolCallId: "call-tool-telemetry",
+      toolName: "bash",
+      input: { command: "echo telemetry" },
+      content: [{ type: "text", text: "telemetry_payload_" + "x".repeat(200) }],
+      isError: false,
+    }, ctx);
+
+    const handle = commands.get("context").getArgumentCompletions("lookup ")?.[0].value.replace(/^lookup /, "");
+    const toolResult = await tools.get("context_lookup").execute("lookup-call", { handle }, undefined, undefined, ctx);
+    await commands.get("context").handler(`lookup ${handle}`, ctx);
+    await commands.get("context").handler(`pin ${handle}`, ctx);
+    await commands.get("context").handler(`export ${handle}`, ctx);
+    const result = await handlers.get("context")?.[0]({
+      type: "context",
+      messages: [{ role: "toolResult", toolCallId: "tool-result-telemetry", toolName: "bash", content: [{ type: "text", text: "telemetry_payload_" + "y".repeat(150) }], isError: false, timestamp: 1 }],
+    }, ctx);
+
+    await commands.get("context").handler("status", ctx);
+
+    expect(handle).toBeTruthy();
+    expect(toolResult.content[0].text).toContain("telemetry_payload_");
+    expect(result).toBeDefined();
+    const telemetry = notifications.at(-1)?.message ?? "";
+    expect(telemetry).toContain("Context broker routing telemetry:");
+    expect(telemetry).toContain("lookups tool(calls=");
+    expect(telemetry).toContain("lookups slash(calls=");
+    expect(telemetry).toContain("exports=");
+    expect(telemetry).toContain("pins=");
+  });
+
   it("does not broker context_lookup results recursively", async () => {
     const { pi, handlers, commands, tools } = createPiMock();
     registerContextBrokerBeta(pi, { lookupBytes: 500, rewriteThresholdBytes: 1 });
@@ -429,9 +493,9 @@ describe("context broker beta enablement", () => {
     expect(notifications.at(-1)?.message).toContain("RAW_TOOL_OUTPUT_");
   });
 
-  it("leaves small tool results and excluded bash outputs unchanged in context", async () => {
+  it("rewrites small tool results and leaves excluded bash outputs unchanged in context", async () => {
     const { pi, handlers } = createPiMock();
-    registerContextBrokerBeta(pi, { rewriteThresholdBytes: 40 });
+    registerContextBrokerBeta(pi);
     const { ctx } = createCtx();
     const secret = "SECRET_TOKEN=" + "z".repeat(80);
 
@@ -444,7 +508,8 @@ describe("context broker beta enablement", () => {
       ],
     }, ctx);
 
-    expect(result).toBeUndefined();
+    expect(result?.messages[0].content?.[0]?.text).toContain("Context broker artifact");
+    expect(result?.messages[1]).toMatchObject({ role: "bashExecution", output: secret });
   });
 
   it("does not collapse repeated bash rewrites for the same command and timestamp", async () => {
@@ -497,7 +562,8 @@ describe("context broker beta enablement", () => {
       .map((message: any) => String(message.content?.[0]?.text ?? "").match(/ctx:\/\/\S+/)?.[0])
       .filter(Boolean);
     expect(handles.length).toBeLessThanOrEqual(2);
-    expect(result.messages.some((message: any) => String(message.content?.[0]?.text ?? "").includes("RAW_0_"))).toBe(true);
+    expect(result.messages[0].content[0].text).toContain("Context broker artifact pruned before prompt assembly");
+    expect(result.messages[0].content[0].text).not.toContain("RAW_0_");
 
     for (const handle of handles) {
       await commands.get("context").handler(`lookup ${handle}`, ctx);
@@ -506,6 +572,27 @@ describe("context broker beta enablement", () => {
     }
   });
 
+  it("does not restore pruned hostile payloads into prompt context", async () => {
+    const { pi, handlers } = createPiMock();
+    registerContextBrokerBeta(pi, { maxRecords: 1 });
+    const { ctx } = createCtx();
+    const hostile = `HOSTILE_RAW\u0000${"\u0007".repeat(20)}`;
+
+    await runHandlers(handlers, "session_start", { type: "session_start" }, ctx);
+    const result = await handlers.get("context")?.[0]({
+      type: "context",
+      messages: [
+        { role: "toolResult", toolCallId: "hostile-one", toolName: "bash", content: [{ type: "text", text: hostile }], isError: false, timestamp: 1 },
+        { role: "toolResult", toolCallId: "hostile-two", toolName: "bash", content: [{ type: "text", text: `SECOND\u0000${"\u0007".repeat(20)}` }], isError: false, timestamp: 2 },
+      ],
+    }, ctx);
+
+    const firstText = result.messages[0].content[0].text;
+    expect(firstText).toContain("Raw hostile/binary payload omitted from prompt");
+    expect(firstText).not.toContain("HOSTILE_RAW");
+    expect(firstText).not.toContain("\u0000");
+  });
+
   it("redacts secrets before storing and displaying payloads", async () => {
     const { pi, handlers, commands } = createPiMock();
     registerContextBrokerBeta(pi);
@@ -572,7 +659,7 @@ describe("context broker beta enablement", () => {
     const dir = mkdtempSync(join(tmpdir(), "ctx-broker-test-"));
     try {
       const first = createPiMock();
-      registerContextBrokerBeta(first.pi, { durable: true, storeDir: dir });
+      await registerContextBrokerBeta(first.pi, { durable: true, storeDir: dir });
       const { ctx } = createCtx();
       await runHandlers(first.handlers, "session_start", { type: "session_start" }, ctx);
       await runHandlers(first.handlers, "tool_result", {
@@ -589,7 +676,7 @@ describe("context broker beta enablement", () => {
 
       const second = createPiMock();
       const secondRun = createCtx();
-      registerContextBrokerBeta(second.pi, { durable: true, storeDir: dir });
+      await registerContextBrokerBeta(second.pi, { durable: true, storeDir: dir });
       await runHandlers(second.handlers, "session_start", { type: "session_start" }, secondRun.ctx);
       const secondHandle = second.commands.get("context").getArgumentCompletions("lookup ")?.[0].value.replace(/^lookup /, "");
       await second.commands.get("context").handler(`lookup ${handle}`, secondRun.ctx);
@@ -597,7 +684,7 @@ describe("context broker beta enablement", () => {
 
       const third = createPiMock();
       const thirdRun = createCtx();
-      registerContextBrokerBeta(third.pi, { durable: true, storeDir: dir });
+      await registerContextBrokerBeta(third.pi, { durable: true, storeDir: dir });
       await runHandlers(third.handlers, "session_start", { type: "session_start" }, thirdRun.ctx);
       await third.commands.get("context").handler(`lookup ${secondHandle}`, thirdRun.ctx);
       await third.commands.get("context").handler("brief", thirdRun.ctx);

package/node_modules/@fiale-plus/pi-rogue-context-broker/src/extension.ts

@@ -9,12 +9,13 @@ import type { ExtensionAPI, ExtensionContext, ToolResultEvent } from "@earendil-
 import type { ContextArtifact } from "@fiale-plus/pi-core";
 import { createFileContextBroker } from "./file.js";
 import { createInMemoryContextBroker } from "./index.js";
-import { createSqliteContextBroker } from "./sqlite.js";
 
 export interface ContextBrokerBetaOptions {
   enabled?: boolean;
   maxRecords?: number;
   maxBytes?: number;
+  globalMaxRecords?: number;
+  globalMaxBytes?: number;
   briefBytes?: number;
   lookupBytes?: number;
   searchBytes?: number;
@@ -29,7 +30,7 @@ type SessionContextLike = Pick<ExtensionContext, "cwd" | "sessionManager"> & { u
 const DEFAULT_BRIEF_BYTES = 1_800;
 const DEFAULT_LOOKUP_BYTES = 12_000;
 const DEFAULT_SEARCH_BYTES = 2_000;
-const DEFAULT_REWRITE_THRESHOLD_BYTES = 2_000;
+const DEFAULT_REWRITE_THRESHOLD_BYTES = 0;
 const DEFAULT_TTL_MS = 24 * 60 * 60 * 1000;
 const ENABLED_VALUES = new Set(["1", "true", "yes", "on"]);
 
@@ -37,6 +38,14 @@ function envFlag(name: string): boolean {
   return ENABLED_VALUES.has(String(process.env[name] ?? "").trim().toLowerCase());
 }
 
+function envNonNegativeInt(name: string): number | undefined {
+  const raw = process.env[name];
+  if (!raw) return undefined;
+  const value = Number.parseInt(raw, 10);
+  if (!Number.isFinite(value) || value < 0) return undefined;
+  return value;
+}
+
 function isEnvEnabled(): boolean {
   return envFlag("PI_CONTEXT_BROKER_ENABLED");
 }
@@ -76,13 +85,57 @@ function sanitizeForPrompt(text: string): string {
   return String(text).replace(/[\u0000-\u0008\u000B\u000C\u000E-\u001F\u007F-\u009F]/g, (char) => `\\x${char.charCodeAt(0).toString(16).padStart(2, "0")}`);
 }
 
+function isHostilePayload(payload: string): boolean {
+  return hasHostileText(payload);
+}
+
+function hasHostileText(text: string): boolean {
+  let suspicious = 0;
+  let scanned = 0;
+  for (const char of text.slice(0, 4096)) {
+    const code = char.codePointAt(0) ?? 0;
+    scanned += 1;
+    if (
+      code === 0x00
+      || (code >= 0x01 && code <= 0x08)
+      || (code >= 0x0E && code <= 0x1F)
+      || (code >= 0x7F && code <= 0x9F)
+    ) {
+      suspicious += 1;
+    }
+  }
+  if (scanned < 12) return suspicious > 0;
+  return suspicious / scanned >= 0.05;
+}
+
+function hasHostileValue(value: unknown): boolean {
+  if (typeof value === "string") return hasHostileText(value);
+  if (Array.isArray(value)) return value.some(hasHostileValue);
+  if (value && typeof value === "object") {
+    return Object.values(value as Record<string, unknown>).some((entry) => hasHostileValue(entry));
+  }
+  return false;
+}
+
 function renderLookupOutput(item: ContextArtifact, payloadLimit: number): string {
+  const isBinary = item.tags.includes("hostile") || item.tags.includes("binary");
+  const payloadLines = isBinary
+    ? [
+      "payload:",
+      "[payload intentionally omitted from prompt for safety; use /context export",
+      sanitizeForPrompt(item.handle),
+      "for full content]",
+    ]
+    : [
+      "payload:",
+      truncateUtf8(sanitizeForPrompt(item.payload), payloadLimit),
+    ];
+
   return [
     sanitizeForPrompt(item.handle),
     `tier=${item.tier} kind=${item.kind} bytes=${item.bytes}`,
     `summary=${sanitizeForPrompt(item.summary)}`,
-    "payload:",
-    truncateUtf8(sanitizeForPrompt(item.payload), payloadLimit),
+    ...payloadLines,
   ].join("\n");
 }
 
@@ -180,11 +233,20 @@ function contextLookupHistoryPlaceholder(): string {
   ].join("\n");
 }
 
-function summarizeTool(event: { toolName: string; input?: any; isError?: boolean }, bytes: number): string {
+function prunedPayloadPlaceholder(hostile = false): string {
+  return [
+    "Context broker artifact pruned before prompt assembly.",
+    hostile ? "Raw hostile/binary payload omitted from prompt for safety." : "Raw payload omitted from prompt to avoid restoring pruned broker evidence.",
+    "Re-run the originating command or use a retained ctx:// handle if exact evidence is still needed.",
+  ].join("\n");
+}
+
+function summarizeTool(event: { toolName: string; input?: any; isError?: boolean }, bytes: number, hostile = false): string {
   const command = event.toolName === "bash" ? event.input?.command : undefined;
   const path = event.input?.path;
   const target = command ? ` command=${compact(String(command), 120)}` : path ? ` path=${path}` : "";
-  return `${event.isError ? "failed" : "completed"} ${event.toolName}${target}; payload=${bytes} bytes`;
+  const marker = hostile ? "; payload marked hostile; use /context export for full content" : "";
+  return `${event.isError ? "failed" : "completed"} ${event.toolName}${target}; payload=${bytes} bytes${marker}`;
 }
 
 const NON_BROKERED_TOOL_NAMES = new Set(["context_lookup"]);
@@ -198,7 +260,7 @@ function ttlFromNowFor(createdAt: number | undefined): number | undefined {
   return Math.max(DEFAULT_TTL_MS, Date.now() - createdAt + DEFAULT_TTL_MS);
 }
 
-export function registerContextBrokerBeta(pi: ExtensionAPI, options: ContextBrokerBetaOptions = {}): void {
+export async function registerContextBrokerBeta(pi: ExtensionAPI, options: ContextBrokerBetaOptions = {}): Promise<void> {
   const p = pi as any;
   if (p.__piRogueContextBrokerBetaRegistered) return;
   p.__piRogueContextBrokerBetaRegistered = true;
@@ -206,10 +268,15 @@ export function registerContextBrokerBeta(pi: ExtensionAPI, options: ContextBrok
   const briefBytes = options.briefBytes ?? DEFAULT_BRIEF_BYTES;
   const lookupBytes = options.lookupBytes ?? DEFAULT_LOOKUP_BYTES;
   const searchBytes = options.searchBytes ?? DEFAULT_SEARCH_BYTES;
-  const rewriteThresholdBytes = options.rewriteThresholdBytes ?? DEFAULT_REWRITE_THRESHOLD_BYTES;
+  const rewriteThresholdBytes =
+    options.rewriteThresholdBytes
+    ?? envNonNegativeInt("PI_CONTEXT_BROKER_REWRITE_THRESHOLD_BYTES")
+    ?? DEFAULT_REWRITE_THRESHOLD_BYTES;
   const brokerOptions = {
     maxRecords: options.maxRecords ?? 64,
     maxBytes: options.maxBytes ?? 8 * 1024 * 1024,
+    globalMaxRecords: options.globalMaxRecords ?? envNonNegativeInt("PI_CONTEXT_BROKER_GLOBAL_MAX_RECORDS"),
+    globalMaxBytes: options.globalMaxBytes ?? envNonNegativeInt("PI_CONTEXT_BROKER_GLOBAL_MAX_BYTES"),
     briefBytes,
   };
   const durable = options.durable ?? (envFlag("PI_CONTEXT_BROKER_DURABLE") || Boolean(options.storeDir ?? process.env.PI_CONTEXT_BROKER_STORE_DIR));
@@ -217,22 +284,55 @@ export function registerContextBrokerBeta(pi: ExtensionAPI, options: ContextBrok
   const broker = durable
     ? durableBackend === "jsonl"
       ? createFileContextBroker({ ...brokerOptions, dir: options.storeDir ?? process.env.PI_CONTEXT_BROKER_STORE_DIR })
-      : createSqliteContextBroker({ ...brokerOptions, dir: options.storeDir ?? process.env.PI_CONTEXT_BROKER_STORE_DIR })
+      : (await import("./sqlite.js")).createSqliteContextBroker({ ...brokerOptions, dir: options.storeDir ?? process.env.PI_CONTEXT_BROKER_STORE_DIR })
     : createInMemoryContextBroker(brokerOptions);
   const seenSourceIds = new Set<string>();
   const sourceHandles = new Map<string, string>();
   let activeSessionId = process.cwd();
+  const routingTelemetry = {
+    contextHookCalls: 0,
+    contextHookToolResults: 0,
+    contextHookToolResultRewrites: 0,
+    contextHookToolResultHostile: 0,
+    contextHookBash: 0,
+    contextHookBashRewrites: 0,
+    contextHookBashHostile: 0,
+    toolResultEvents: 0,
+    toolResultArtifacts: 0,
+    backfillScans: 0,
+    backfillAdded: 0,
+    backfillErrors: 0,
+    toolLookupCalls: 0,
+    toolLookupExactCalls: 0,
+    toolLookupTextCalls: 0,
+    toolLookupHits: 0,
+    toolLookupMisses: 0,
+    commandLookupCalls: 0,
+    commandLookupExactCalls: 0,
+    commandLookupTextCalls: 0,
+    commandLookupHits: 0,
+    commandLookupMisses: 0,
+    exportCalls: 0,
+    pinCalls: 0,
+    statusCalls: 0,
+    pruneCalls: 0,
+  };
 
-  function currentBrief(): string {
-    return broker.renderBrief({ sessionId: activeSessionId, budgetBytes: briefBytes });
+  function formatRoutingTelemetry(): string {
+    const line = [
+      `contextHook calls=${routingTelemetry.contextHookCalls}`,
+      `toolResults seen=${routingTelemetry.contextHookToolResults} rewritten=${routingTelemetry.contextHookToolResultRewrites} hostile=${routingTelemetry.contextHookToolResultHostile}`,
+      `bash seen=${routingTelemetry.contextHookBash} rewritten=${routingTelemetry.contextHookBashRewrites} hostile=${routingTelemetry.contextHookBashHostile}`,
+      `lookups tool(calls=${routingTelemetry.toolLookupCalls}, hits=${routingTelemetry.toolLookupHits}, misses=${routingTelemetry.toolLookupMisses})`,
+      `lookups slash(calls=${routingTelemetry.commandLookupCalls}, hits=${routingTelemetry.commandLookupHits}, misses=${routingTelemetry.commandLookupMisses})`,
+      `exports=${routingTelemetry.exportCalls}`,
+      `pins=${routingTelemetry.pinCalls}`,
+      `pruneCalls=${routingTelemetry.pruneCalls}`,
+      `backfill scans=${routingTelemetry.backfillScans} added=${routingTelemetry.backfillAdded} errors=${routingTelemetry.backfillErrors}`,
+    ];
+    return `Context broker routing telemetry: ${line.join(", ")}`;
   }
 
-  p.__piRogueContextBroker = {
-    renderBrief: currentBrief,
-    lookup: broker.lookup,
-    status: broker.status,
-  };
-
   function publishToolArtifact(event: {
     toolName: string;
     input?: any;
@@ -265,18 +365,25 @@ export function registerContextBrokerBeta(pi: ExtensionAPI, options: ContextBrok
     };
     const payload = toolPayload(sanitizedEvent);
     const bytes = Buffer.byteLength(payload, "utf8");
+    const hostilePayload = isHostilePayload(payload) || hasHostileValue(sanitizedEvent);
     const artifact = broker.publish({
       sessionId: activeSessionId,
       kind: "tool_output",
       payload,
-      summary: summarizeTool(sanitizedEvent, bytes),
-      tags: [event.toolName, event.isError ? "error" : "ok", event.sourceId ? "session-backfill" : "live"],
+      summary: summarizeTool(sanitizedEvent, bytes, hostilePayload),
+      tags: [
+        event.toolName,
+        event.isError ? "error" : "ok",
+        event.sourceId ? "session-backfill" : "live",
+        ...(hostilePayload ? ["hostile", "binary"] : []),
+      ],
       command: event.toolName === "bash" && typeof sanitizedEvent.input?.command === "string" ? sanitizedEvent.input.command : undefined,
       paths: typeof sanitizedEvent.input?.path === "string" ? [sanitizedEvent.input.path] : [],
       ttlMs: event.ttlMs ?? DEFAULT_TTL_MS,
       parentIds: event.sourceId ? [event.sourceId] : [],
       createdAt: event.createdAt,
     });
+    if (artifact) routingTelemetry.toolResultArtifacts += 1;
     if (event.sourceId) sourceHandles.set(event.sourceId, artifact.handle);
     return artifact;
   }
@@ -317,6 +424,7 @@ export function registerContextBrokerBeta(pi: ExtensionAPI, options: ContextBrok
 
         if (entry?.type === "message" && entry.message?.role === "toolResult") {
           scanned += 1;
+          routingTelemetry.backfillScans += 1;
           const sourceId = typeof entry.message.toolCallId === "string" ? entry.message.toolCallId : entryId;
           const toolInput = sourceId ? toolInputs.get(sourceId) : undefined;
           const alreadySeen = sourceId ? seenSourceIds.has(sourceId) || sourceHandles.has(sourceId) : false;
@@ -329,12 +437,16 @@ export function registerContextBrokerBeta(pi: ExtensionAPI, options: ContextBrok
             sourceId,
             createdAt,
             ttlMs: ttlFromNowFor(createdAt),
-          }) && !alreadySeen) added += 1;
+          }) && !alreadySeen) {
+            added += 1;
+            routingTelemetry.backfillAdded += 1;
+          }
         }
 
         if (entry?.type === "message" && entry.message?.role === "bashExecution") {
           if (entry.message.excludeFromContext === true) continue;
           scanned += 1;
+          routingTelemetry.backfillScans += 1;
           const sourceId = entryId;
           const alreadySeen = sourceId ? seenSourceIds.has(sourceId) || sourceHandles.has(sourceId) : false;
           if (publishToolArtifact({
@@ -351,16 +463,30 @@ export function registerContextBrokerBeta(pi: ExtensionAPI, options: ContextBrok
             sourceId,
             createdAt,
             ttlMs: ttlFromNowFor(createdAt),
-          }) && !alreadySeen) added += 1;
+          }) && !alreadySeen) {
+            added += 1;
+            routingTelemetry.backfillAdded += 1;
+          }
         }
       } catch {
         errors += 1;
+        routingTelemetry.backfillErrors += 1;
       }
     }
 
     return { added, scanned, errors };
   }
 
+  function currentBrief(): string {
+    return broker.renderBrief({ sessionId: activeSessionId, budgetBytes: briefBytes });
+  }
+
+  p.__piRogueContextBroker = {
+    renderBrief: currentBrief,
+    lookup: broker.lookup,
+    status: broker.status,
+  };
+
   const contextActions: AutocompleteItem[] = [
     { value: "status", label: "status", description: "Show broker record, byte, and pinned counts" },
     { value: "brief", label: "brief", description: "Show the bounded broker brief" },
@@ -408,9 +534,9 @@ export function registerContextBrokerBeta(pi: ExtensionAPI, options: ContextBrok
 
   pi.on("session_start", async (_event, ctx) => {
     const { added, scanned, errors } = backfillSessionArtifacts(ctx);
-    ctx.ui.setStatus?.("context-broker", "ctx:on beta");
+    ctx.ui.setStatus?.("context-broker", "ctx:on");
     ctx.ui.notify(
-      `Context broker beta enabled. Backfilled ${added}/${scanned} current-branch tool artifacts${errors ? ` (${errors} malformed skipped)` : ""}. Use /context status or /context brief.`,
+      `Context broker enabled. Backfilled ${added}/${scanned} current-branch tool artifacts${errors ? ` (${errors} malformed skipped)` : ""}. Use /context status or /context brief.`,
       errors ? "warning" : "info",
     );
   });
@@ -427,18 +553,24 @@ export function registerContextBrokerBeta(pi: ExtensionAPI, options: ContextBrok
 
   pi.on("tool_result", async (event: ToolResultEvent, ctx) => {
     activeSessionId = sessionIdFor(ctx);
+    routingTelemetry.toolResultEvents += 1;
     publishToolArtifact({ ...event, sourceId: event.toolCallId });
   });
 
   pi.on("context", async (event, ctx) => {
     activeSessionId = sessionIdFor(ctx);
+    routingTelemetry.contextHookCalls += 1;
     const toolInputs = collectToolInputs(event.messages);
-    const drafts = event.messages.map((message: any): { original: any; replacement?: any; artifact?: ContextArtifact; rewrite?: (artifact: ContextArtifact) => any } => {
+    const drafts = event.messages.map((message: any): { original: any; replacement?: any; artifact?: ContextArtifact; rewrite?: (artifact: ContextArtifact) => any; safeFallback?: any } => {
       if (message?.role === "toolResult") {
+        routingTelemetry.contextHookToolResults += 1;
         const raw = contentText(message.content);
-        if (Buffer.byteLength(raw, "utf8") <= rewriteThresholdBytes) return { original: message };
         const toolInput = typeof message.toolCallId === "string" ? toolInputs.get(message.toolCallId) : undefined;
         const toolName = String(message.toolName ?? toolInput?.toolName ?? "tool");
+        const hostile = hasHostileText(raw) || hasHostileValue(message.content);
+        if (hostile) routingTelemetry.contextHookToolResultHostile += 1;
+        const shouldRewrite = Buffer.byteLength(raw, "utf8") > rewriteThresholdBytes || hostile;
+        if (!shouldRewrite) return { original: message };
         if (!shouldBrokerToolName(toolName)) {
           return { original: message, replacement: { ...message, content: [{ type: "text", text: contextLookupHistoryPlaceholder() }] } };
         }
@@ -453,12 +585,22 @@ export function registerContextBrokerBeta(pi: ExtensionAPI, options: ContextBrok
           ttlMs: ttlFromNowFor(typeof message.timestamp === "number" ? message.timestamp : undefined),
         });
         if (!artifact) return { original: message };
-        return { original: message, artifact, rewrite: (live) => ({ ...message, content: [{ type: "text", text: brokerPlaceholder(live) }] }) };
+        routingTelemetry.contextHookToolResultRewrites += 1;
+        return {
+          original: message,
+          artifact,
+          rewrite: (live) => ({ ...message, content: [{ type: "text", text: brokerPlaceholder(live) }] }),
+          safeFallback: { ...message, content: [{ type: "text", text: prunedPayloadPlaceholder(hostile) }] },
+        };
       }
 
       if (message?.role === "bashExecution" && message.excludeFromContext !== true) {
+        routingTelemetry.contextHookBash += 1;
         const raw = String(message.output ?? "");
-        if (Buffer.byteLength(raw, "utf8") <= rewriteThresholdBytes) return { original: message };
+        const hostile = hasHostileText(raw) || hasHostileValue(message.output);
+        if (hostile) routingTelemetry.contextHookBashHostile += 1;
+        const shouldRewrite = Buffer.byteLength(raw, "utf8") > rewriteThresholdBytes || hostile;
+        if (!shouldRewrite) return { original: message };
         const sourceId = typeof message.timestamp === "number"
           ? `bash:${message.timestamp}:${stableHash([message.command ?? "", raw, message.exitCode ?? "", message.cancelled ?? ""].join("\n"))}`
           : `bash:${stableHash([message.command ?? "", raw, message.exitCode ?? "", message.cancelled ?? ""].join("\n"))}`;
@@ -478,7 +620,13 @@ export function registerContextBrokerBeta(pi: ExtensionAPI, options: ContextBrok
           ttlMs: ttlFromNowFor(typeof message.timestamp === "number" ? message.timestamp : undefined),
         });
         if (!artifact) return { original: message };
-        return { original: message, artifact, rewrite: (live) => ({ ...message, output: brokerPlaceholder(live), truncated: true }) };
+        routingTelemetry.contextHookBashRewrites += 1;
+        return {
+          original: message,
+          artifact,
+          rewrite: (live) => ({ ...message, output: brokerPlaceholder(live), truncated: true }),
+          safeFallback: { ...message, output: prunedPayloadPlaceholder(hostile), truncated: true },
+        };
       }
 
       return { original: message };
@@ -494,6 +642,10 @@ export function registerContextBrokerBeta(pi: ExtensionAPI, options: ContextBrok
       const live = broker.lookup({ handle: draft.artifact.handle })[0];
       if (!live) {
         for (const parentId of draft.artifact.parentIds) sourceHandles.delete(parentId);
+        if (draft.safeFallback) {
+          changed = true;
+          return draft.safeFallback;
+        }
         return draft.original;
       }
       changed = true;
@@ -510,7 +662,7 @@ export function registerContextBrokerBeta(pi: ExtensionAPI, options: ContextBrok
       systemPrompt: [
         event.systemPrompt,
         brief,
-        "Context broker beta rule: use /context lookup <handle> for exact evidence when a broker handle is relevant. Broker briefs are bounded summaries and never raw payload dumps.",
+        "Context broker rule: use /context lookup <handle> for exact evidence when a broker handle is relevant. Broker briefs are bounded summaries and never raw payload dumps.",
       ].join("\n\n"),
     };
   });
@@ -535,8 +687,11 @@ export function registerContextBrokerBeta(pi: ExtensionAPI, options: ContextBrok
     }),
     async execute(_toolCallId, params, _signal, _onUpdate, ctx) {
       activeSessionId = sessionIdFor(ctx);
+      routingTelemetry.toolLookupCalls += 1;
       const p = params as { handle?: string; text?: string; path?: string; tag?: string; kind?: any; tier?: any; limit?: number };
       const exact = typeof p.handle === "string" && p.handle.startsWith("ctx://");
+      routingTelemetry.toolLookupExactCalls += exact ? 1 : 0;
+      routingTelemetry.toolLookupTextCalls += exact ? 0 : 1;
       const focused = exact || Boolean(p.text?.trim() || p.path?.trim() || p.tag?.trim() || p.kind || p.tier);
       if (!focused) {
         return textResult("context_lookup requires a focused filter: handle, text, path, tag, kind, or tier. Empty lookups are refused to avoid dumping brokered payloads into the prompt.");
@@ -551,13 +706,17 @@ export function registerContextBrokerBeta(pi: ExtensionAPI, options: ContextBrok
         tier: p.tier,
         limit: Math.min(10, Math.max(1, Math.floor(p.limit ?? (exact ? 1 : 5)))),
       });
-      if (!results.length) return textResult("No context artifacts matched. Missing or expired handles should be reported explicitly.");
+      if (!results.length) {
+        routingTelemetry.toolLookupMisses += 1;
+        return textResult("No context artifacts matched. Missing or expired handles should be reported explicitly.");
+      }
+      routingTelemetry.toolLookupHits += 1;
       return textResult(results.map((item) => renderLookupOutput(item, exact ? lookupBytes : searchBytes)).join("\n\n---\n\n"));
     },
   });
 
   pi.registerCommand("context", {
-    description: "Inspect the beta context broker: status | brief | lookup <handle-or-text> | pin <handle-or-id> | export <handle-or-id> | prune",
+    description: "Inspect the context broker: status | brief | lookup <handle-or-text> | pin <handle-or-id> | export <handle-or-id> | prune",
     getArgumentCompletions: contextArgumentCompletions,
     handler: async (args, ctx) => {
       activeSessionId = sessionIdFor(ctx);
@@ -565,11 +724,13 @@ export function registerContextBrokerBeta(pi: ExtensionAPI, options: ContextBrok
       const query = rest.join(" ");
 
       if (action === "status") {
+        routingTelemetry.statusCalls += 1;
         const status = broker.status();
         ctx.ui.notify(
-          `Context broker beta: enabled, session=${activeSessionId}, records=${status.records}, bytes=${status.bytes}/${status.maxBytes}, tiers=hot:${status.hotRecords}/${status.hotBytes} warm:${status.warmRecords}/${status.warmBytes} cold:${status.coldRecords}/${status.coldBytes}, pinned=${status.pinnedRecords}/${status.pinnedBytes} bytes`,
+          `Context broker: enabled, session=${activeSessionId}, records=${status.records}, bytes=${status.bytes}/${status.maxBytes}, tiers=hot:${status.hotRecords}/${status.hotBytes} warm:${status.warmRecords}/${status.warmBytes} cold:${status.coldRecords}/${status.coldBytes}, pinned=${status.pinnedRecords}/${status.pinnedBytes} bytes`,
           "info",
         );
+        ctx.ui.notify(formatRoutingTelemetry(), "info");
         return;
       }
 
@@ -583,8 +744,16 @@ export function registerContextBrokerBeta(pi: ExtensionAPI, options: ContextBrok
           ctx.ui.notify("Usage: /context lookup <ctx://handle-or-text>", "warning");
           return;
         }
+        routingTelemetry.commandLookupCalls += 1;
         const exact = query.startsWith("ctx://");
+        routingTelemetry.commandLookupExactCalls += exact ? 1 : 0;
+        routingTelemetry.commandLookupTextCalls += exact ? 0 : 1;
         const results = broker.lookup(exact ? { handle: query } : { sessionId: activeSessionId, text: query, limit: 5 });
+        if (results.length) {
+          routingTelemetry.commandLookupHits += 1;
+        } else {
+          routingTelemetry.commandLookupMisses += 1;
+        }
         ctx.ui.notify(results.length ? results.map((item) => renderLookupOutput(item, exact ? lookupBytes : searchBytes)).join("\n\n---\n\n") : "No context artifacts matched.", "info");
         return;
       }
@@ -595,6 +764,7 @@ export function registerContextBrokerBeta(pi: ExtensionAPI, options: ContextBrok
           return;
         }
         const pinned = broker.pin(query, true);
+        routingTelemetry.pinCalls += 1;
         ctx.ui.notify(pinned ? `Pinned ${pinned.handle}` : "No artifact matched that handle/id.", pinned ? "info" : "warning");
         return;
       }
@@ -608,18 +778,20 @@ export function registerContextBrokerBeta(pi: ExtensionAPI, options: ContextBrok
         const exact = query.startsWith("ctx://");
         const artifact = exact ? broker.lookup({ handle: query })[0] : broker.lookup({ id: query })[0];
         if (!artifact) {
-          ctx.ui.notify("No artifact matched that handle/id.", "warning");
+          ctx.ui.notify("No artifact matched that handle-or-id.", "warning");
           return;
         }
 
         const exportDir = mkdtempSync(join(tmpdir(), "pi-context-broker-export-"));
         const exportPath = join(exportDir, `${artifact.id}.txt`);
         writeFileSync(exportPath, artifact.payload, "utf8");
+        routingTelemetry.exportCalls += 1;
         ctx.ui.notify(`Exported full payload for ${sanitizeForPrompt(artifact.handle)} (${artifact.bytes} bytes) to ${exportPath}`, "info");
         return;
       }
 
       if (action === "prune") {
+        routingTelemetry.pruneCalls += 1;
         const status = broker.prune();
         ctx.ui.notify(`Pruned. ${status.records} records, ${status.bytes} bytes remain.`, "info");
         return;

package/node_modules/@fiale-plus/pi-rogue-context-broker/src/index.test.ts

@@ -287,4 +287,16 @@ describe("createInMemoryContextBroker", () => {
     expect(broker.lookup({ handle: pinned.handle })[0]?.payload).toBe("keep");
     expect(broker.lookup({ handle: other.handle })[0]?.payload).toBe("other");
   });
+
+  it("enforces optional global caps across sessions", () => {
+    const broker = createInMemoryContextBroker({ maxRecords: 8, globalMaxRecords: 2 });
+    const first = broker.publish({ sessionId: "s1", kind: "tool_output", payload: "alpha", summary: "alpha" });
+    const second = broker.publish({ sessionId: "s2", kind: "tool_output", payload: "bravo", summary: "bravo" });
+    const pinned = broker.publish({ sessionId: "s3", kind: "tool_output", payload: "charlie", summary: "charlie", pinned: true });
+    broker.publish({ sessionId: "s1", kind: "tool_output", payload: "delta", summary: "delta" });
+
+    expect(broker.lookup({ handle: first.handle })).toEqual([]);
+    expect(broker.lookup({ handle: second.handle })).toEqual([]);
+    expect(broker.lookup({ handle: pinned.handle })[0]?.payload).toBe("charlie");
+  });
 });

package/node_modules/@fiale-plus/pi-rogue-context-broker/src/index.ts

@@ -127,6 +127,12 @@ function tierLine(artifact: ContextArtifact): string {
 export function createInMemoryContextBroker(options: ContextBrokerOptions = {}): BoundedContextBroker {
   const maxRecords = Math.max(1, Math.floor(options.maxRecords ?? DEFAULT_MAX_RECORDS));
   const maxBytes = Math.max(1, Math.floor(options.maxBytes ?? DEFAULT_MAX_BYTES));
+  const globalMaxRecords = typeof options.globalMaxRecords === "number" && Number.isFinite(options.globalMaxRecords)
+    ? Math.max(1, Math.floor(options.globalMaxRecords))
+    : Number.POSITIVE_INFINITY;
+  const globalMaxBytes = typeof options.globalMaxBytes === "number" && Number.isFinite(options.globalMaxBytes)
+    ? Math.max(1, Math.floor(options.globalMaxBytes))
+    : Number.POSITIVE_INFINITY;
   const defaultTtlMs = Math.max(0, Math.floor(options.defaultTtlMs ?? DEFAULT_TTL_MS));
   const tierTtlMs: Record<ContextArtifactTier, number> = {
     hot: Math.max(0, Math.floor(options.hotTtlMs ?? defaultTtlMs)),
@@ -190,6 +196,19 @@ export function createInMemoryContextBroker(options: ContextBrokerOptions = {}):
       });
   }
 
+  function removalCandidatesGlobal(protectedIds: Set<string>, tier?: ContextArtifactTier): Array<{ artifact: ContextArtifact & { sequence: number; baseTier: ContextArtifactTier }; index: number }> {
+    return artifacts
+      .map((artifact, index) => ({ artifact, index }))
+      .filter(({ artifact }) => !artifact.pinned && !protectedIds.has(artifact.id) && (!tier || artifact.tier === tier))
+      .sort((a, b) => {
+        if (!tier && TIER_REMOVAL_ORDER[a.artifact.tier] !== TIER_REMOVAL_ORDER[b.artifact.tier]) {
+          return TIER_REMOVAL_ORDER[a.artifact.tier] - TIER_REMOVAL_ORDER[b.artifact.tier];
+        }
+        if (a.artifact.createdAt !== b.artifact.createdAt) return a.artifact.createdAt - b.artifact.createdAt;
+        return a.artifact.sequence - b.artifact.sequence;
+      });
+  }
+
   function withinCaps(sessionId: string, tier?: ContextArtifactTier): boolean {
     const sessionArtifacts = artifacts.filter((artifact) => artifact.sessionId === sessionId && (!tier || artifact.tier === tier));
     const recordsCap = tier ? tierMaxRecords[tier] : maxRecords;
@@ -197,6 +216,13 @@ export function createInMemoryContextBroker(options: ContextBrokerOptions = {}):
     return sessionArtifacts.length <= recordsCap && sessionArtifacts.reduce((sum, artifact) => sum + artifact.bytes, 0) <= bytesCap;
   }
 
+  function withinGlobalCaps(): boolean {
+    if (globalMaxRecords === Number.POSITIVE_INFINITY && globalMaxBytes === Number.POSITIVE_INFINITY) return true;
+    const records = artifacts.length;
+    const bytes = artifacts.reduce((sum, artifact) => sum + artifact.bytes, 0);
+    return records <= globalMaxRecords && bytes <= globalMaxBytes;
+  }
+
   function prune(now = Date.now(), protectedIds = new Set<string>()): ContextBrokerStatus {
     dropExpired(now, protectedIds);
 
@@ -216,6 +242,12 @@ export function createInMemoryContextBroker(options: ContextBrokerOptions = {}):
       }
     }
 
+    while (!withinGlobalCaps()) {
+      const candidate = removalCandidatesGlobal(protectedIds)[0];
+      if (!candidate) break;
+      artifacts.splice(candidate.index, 1);
+    }
+
     return currentStatus();
   }
 

package/node_modules/@fiale-plus/pi-rogue-context-broker/src/sqlite.test.ts

@@ -95,4 +95,28 @@ describe("createSqliteContextBroker", () => {
       rmSync(dir, { recursive: true, force: true });
     }
   });
+
+  it("enforces optional global caps across sessions", () => {
+    const dir = mkdtempSync(join(tmpdir(), "ctx-sqlite-test-"));
+    try {
+      const path = join(dir, "artifacts.sqlite");
+      const broker = createSqliteContextBroker({
+        path,
+        defaultTtlMs: 0,
+        globalMaxBytes: 10,
+        globalMaxRecords: Number.POSITIVE_INFINITY,
+      });
+      const one = broker.publish({ sessionId: "s1", kind: "tool_output", payload: "aaa", summary: "first" });
+      const two = broker.publish({ sessionId: "s2", kind: "tool_output", payload: "bbb", summary: "second" });
+      const pinned = broker.publish({ sessionId: "s3", kind: "tool_output", payload: "ccc", summary: "third", pinned: true });
+      const four = broker.publish({ sessionId: "s1", kind: "tool_output", payload: "ddd", summary: "fourth" });
+
+      expect(broker.lookup({ handle: one.handle })).toEqual([]);
+      expect(broker.lookup({ handle: two.handle })[0]?.payload).toBe("bbb");
+      expect(broker.lookup({ handle: pinned.handle })[0]?.payload).toBe("ccc");
+      expect(broker.lookup({ handle: four.handle })[0]?.payload).toBe("ddd");
+    } finally {
+      rmSync(dir, { recursive: true, force: true });
+    }
+  });
 });

package/node_modules/@fiale-plus/pi-rogue-context-broker/src/sqlite.ts

@@ -204,6 +204,12 @@ export function createSqliteContextBroker(options: SqliteContextBrokerOptions =
 
   const maxRecords = Math.max(1, Math.floor(options.maxRecords ?? DEFAULT_MAX_RECORDS));
   const maxBytes = Math.max(1, Math.floor(options.maxBytes ?? DEFAULT_MAX_BYTES));
+  const globalMaxRecords = typeof options.globalMaxRecords === "number" && Number.isFinite(options.globalMaxRecords)
+    ? Math.max(1, Math.floor(options.globalMaxRecords))
+    : Number.POSITIVE_INFINITY;
+  const globalMaxBytes = typeof options.globalMaxBytes === "number" && Number.isFinite(options.globalMaxBytes)
+    ? Math.max(1, Math.floor(options.globalMaxBytes))
+    : Number.POSITIVE_INFINITY;
   const defaultTtlMs = Math.max(0, Math.floor(options.defaultTtlMs ?? DEFAULT_TTL_MS));
   const tierTtlMs: Record<ContextArtifactTier, number> = {
     hot: Math.max(0, Math.floor(options.hotTtlMs ?? defaultTtlMs)),
@@ -286,6 +292,17 @@ export function createSqliteContextBroker(options: SqliteContextBrokerOptions =
     return stats.records <= (tier ? tierMaxRecords[tier] : maxRecords) && stats.bytes <= (tier ? tierMaxBytes[tier] : maxBytes);
   }
 
+  function globalStats(): { records: number; bytes: number } {
+    const row = db.prepare("SELECT COUNT(*) AS records, COALESCE(SUM(bytes), 0) AS bytes FROM artifacts").get();
+    return { records: Number(row?.records ?? 0), bytes: Number(row?.bytes ?? 0) };
+  }
+
+  function withinGlobalCaps(): boolean {
+    if (globalMaxRecords === Number.POSITIVE_INFINITY && globalMaxBytes === Number.POSITIVE_INFINITY) return true;
+    const { records, bytes } = globalStats();
+    return records <= globalMaxRecords && bytes <= globalMaxBytes;
+  }
+
   function removalCandidate(sessionId: string, protectedIds: Set<string>, tier?: ContextArtifactTier): string | undefined {
     const protectedList = [...protectedIds];
     const protectedClause = protectedList.length ? `AND id NOT IN (${protectedList.map(() => "?").join(",")})` : "";
@@ -296,6 +313,20 @@ export function createSqliteContextBroker(options: SqliteContextBrokerOptions =
     return row?.id == null ? undefined : String(row.id);
   }
 
+  function removalCandidateGlobal(protectedIds: Set<string>, tier?: ContextArtifactTier): string | undefined {
+    const protectedList = [...protectedIds];
+    const protectedClause = protectedList.length ? `AND id NOT IN (${protectedList.map(() => "?").join(",")})` : "";
+    const tierClause = tier ? "AND tier = ?" : "";
+    const order = tier
+      ? "createdAt ASC, rowid ASC"
+      : "CASE tier WHEN 'cold' THEN 0 WHEN 'warm' THEN 1 ELSE 2 END ASC, createdAt ASC, rowid ASC";
+    const params = tier ? [tier, ...protectedList] : [...protectedList];
+    const row = db.prepare(
+      `SELECT id FROM artifacts WHERE pinned = 0 ${tierClause} ${protectedClause} ORDER BY ${order} LIMIT 1`,
+    ).get(...params);
+    return row?.id == null ? undefined : String(row.id);
+  }
+
   function prune(now = Date.now(), protectedIds = new Set<string>()): ContextBrokerStatus {
     dropExpired(now, protectedIds);
     const sessions = db.prepare("SELECT DISTINCT sessionId FROM artifacts").all().map((row) => String(row.sessionId));
@@ -314,6 +345,12 @@ export function createSqliteContextBroker(options: SqliteContextBrokerOptions =
         deleteArtifact(id);
       }
     }
+
+    while (!withinGlobalCaps()) {
+      const id = removalCandidateGlobal(protectedIds);
+      if (!id) break;
+      deleteArtifact(id);
+    }
     return currentStatus();
   }
 

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@fiale-plus/pi-rogue-bundle",
-  "version": "0.1.19",
-  "description": "Public Pi-Rogue bundle for advisor, orchestration, and beta context broker. Single consolidated artefact (leaf releases paused; private packages are bundled here).",
+  "version": "0.1.20",
+  "description": "Public Pi-Rogue bundle for advisor, orchestration, and context broker. Single consolidated artefact (leaf releases paused; private packages are bundled here).",
   "type": "module",
   "license": "MIT",
   "repository": {

package/src/extension.test.ts

@@ -33,27 +33,27 @@ describe("bundle extension defaults", () => {
     else process.env.PI_CONTEXT_BROKER_ENABLED = oldEnv;
   });
 
-  it("does not register the beta context broker by default", async () => {
+  it("registers the context broker by default", async () => {
     delete process.env.PI_CONTEXT_BROKER_ENABLED;
     const { pi, commands } = createPiMock();
 
     await registerBundle(pi);
 
-    expect(commands.has("context")).toBe(false);
+    expect(commands.has("context")).toBe(true);
   });
 
-  it("registers the beta context broker only when explicitly enabled", async () => {
-    process.env.PI_CONTEXT_BROKER_ENABLED = "true";
+  it("keeps an explicit env kill switch for context broker rollout", async () => {
+    process.env.PI_CONTEXT_BROKER_ENABLED = "false";
     const { pi, commands } = createPiMock();
 
     await registerBundle(pi);
 
-    expect(commands.has("context")).toBe(true);
+    expect(commands.has("context")).toBe(false);
   });
 });
 
 describe("bundle context-broker export", () => {
-  it("exposes the beta context broker runtime for explicit opt-in", () => {
+  it("exposes the context broker runtime through a bundle subpath", () => {
     const broker = createInMemoryContextBroker({ defaultTtlMs: 0 });
     const artifact = broker.publish({ sessionId: "bundle-test", kind: "memory_note", payload: "hello" });
 

package/src/extension.ts

@@ -2,10 +2,10 @@ import type { ExtensionAPI } from "@earendil-works/pi-coding-agent";
 import { registerAdvisor } from "@fiale-plus/pi-rogue-advisor";
 import { registerOrchestration } from "@fiale-plus/pi-rogue-orchestration";
 
-const ENABLED_VALUES = new Set(["1", "true", "yes", "on"]);
+const DISABLED_VALUES = new Set(["0", "false", "no", "off"]);
 
-function contextBrokerBetaEnabled(): boolean {
-  return ENABLED_VALUES.has(String(process.env.PI_CONTEXT_BROKER_ENABLED ?? "").trim().toLowerCase());
+function contextBrokerEnabled(): boolean {
+  return !DISABLED_VALUES.has(String(process.env.PI_CONTEXT_BROKER_ENABLED ?? "").trim().toLowerCase());
 }
 
 export async function registerBundle(pi: ExtensionAPI): Promise<void> {
@@ -13,9 +13,9 @@ export async function registerBundle(pi: ExtensionAPI): Promise<void> {
   if (p.__piRogueBundleRegistered) return;
   p.__piRogueBundleRegistered = true;
 
-  if (contextBrokerBetaEnabled()) {
+  if (contextBrokerEnabled()) {
     const { registerContextBrokerBeta } = await import("@fiale-plus/pi-rogue-context-broker/extension");
-    registerContextBrokerBeta(pi);
+    await registerContextBrokerBeta(pi);
   }
 
   registerAdvisor(pi);