@hasna/cloud 0.1.31 → 0.1.32

package/dist/mcp/index.js

@@ -10596,7 +10596,7 @@ var require_arrayParser = __commonJS((exports, module) => {
   };
 });
 
-// node_modules/pg-types/node_modules/postgres-date/index.js
+// node_modules/postgres-date/index.js
 var require_postgres_date = __commonJS((exports, module) => {
   var DATE_TIME = /(\d{1,})-(\d{2})-(\d{2}) (\d{2}):(\d{2}):(\d{2})(\.\d{1,})?.*?( BC)?$/;
   var DATE = /^(\d{1,})-(\d{2})-(\d{2})( BC)?$/;
@@ -10698,7 +10698,7 @@ var require_mutable = __commonJS((exports, module) => {
   }
 });
 
-// node_modules/pg-types/node_modules/postgres-interval/index.js
+// node_modules/postgres-interval/index.js
 var require_postgres_interval = __commonJS((exports, module) => {
   var extend2 = require_mutable();
   module.exports = PostgresInterval;
@@ -10790,7 +10790,7 @@ var require_postgres_interval = __commonJS((exports, module) => {
   }
 });
 
-// node_modules/pg-types/node_modules/postgres-bytea/index.js
+// node_modules/postgres-bytea/index.js
 var require_postgres_bytea = __commonJS((exports, module) => {
   var bufferFrom = Buffer.from || Buffer;
   module.exports = function parseBytea(input) {
@@ -11814,7 +11814,7 @@ var require_cert_signatures = __commonJS((exports, module) => {
 
 // node_modules/pg/lib/crypto/sasl.js
 var require_sasl = __commonJS((exports, module) => {
-  var crypto = require_utils3();
+  var crypto2 = require_utils3();
   var { signatureAlgorithmHashFromCertificate } = require_cert_signatures();
   function startSession(mechanisms, stream) {
     const candidates = ["SCRAM-SHA-256"];
@@ -11827,7 +11827,7 @@ var require_sasl = __commonJS((exports, module) => {
     if (mechanism === "SCRAM-SHA-256-PLUS" && typeof stream.getPeerCertificate !== "function") {
       throw new Error("SASL: Mechanism SCRAM-SHA-256-PLUS requires a certificate");
     }
-    const clientNonce = crypto.randomBytes(18).toString("base64");
+    const clientNonce = crypto2.randomBytes(18).toString("base64");
     const gs2Header = mechanism === "SCRAM-SHA-256-PLUS" ? "p=tls-server-end-point" : stream ? "y" : "n";
     return {
       mechanism,
@@ -11863,20 +11863,20 @@ var require_sasl = __commonJS((exports, module) => {
       let hashName = signatureAlgorithmHashFromCertificate(peerCert);
       if (hashName === "MD5" || hashName === "SHA-1")
         hashName = "SHA-256";
-      const certHash = await crypto.hashByName(hashName, peerCert);
+      const certHash = await crypto2.hashByName(hashName, peerCert);
       const bindingData = Buffer.concat([Buffer.from("p=tls-server-end-point,,"), Buffer.from(certHash)]);
       channelBinding = bindingData.toString("base64");
     }
     const clientFinalMessageWithoutProof = "c=" + channelBinding + ",r=" + sv.nonce;
     const authMessage = clientFirstMessageBare + "," + serverFirstMessage + "," + clientFinalMessageWithoutProof;
     const saltBytes = Buffer.from(sv.salt, "base64");
-    const saltedPassword = await crypto.deriveKey(password, saltBytes, sv.iteration);
-    const clientKey = await crypto.hmacSha256(saltedPassword, "Client Key");
-    const storedKey = await crypto.sha256(clientKey);
-    const clientSignature = await crypto.hmacSha256(storedKey, authMessage);
+    const saltedPassword = await crypto2.deriveKey(password, saltBytes, sv.iteration);
+    const clientKey = await crypto2.hmacSha256(saltedPassword, "Client Key");
+    const storedKey = await crypto2.sha256(clientKey);
+    const clientSignature = await crypto2.hmacSha256(storedKey, authMessage);
     const clientProof = xorBuffers(Buffer.from(clientKey), Buffer.from(clientSignature)).toString("base64");
-    const serverKey = await crypto.hmacSha256(saltedPassword, "Server Key");
-    const serverSignatureBytes = await crypto.hmacSha256(serverKey, authMessage);
+    const serverKey = await crypto2.hmacSha256(saltedPassword, "Server Key");
+    const serverSignatureBytes = await crypto2.hmacSha256(serverKey, authMessage);
     session.message = "SASLResponse";
     session.serverSignature = Buffer.from(serverSignatureBytes).toString("base64");
     session.response = clientFinalMessageWithoutProof + ",p=" + clientProof;
@@ -13930,7 +13930,7 @@ var require_client = __commonJS((exports, module) => {
   var Query = require_query();
   var defaults = require_defaults2();
   var Connection = require_connection();
-  var crypto = require_utils3();
+  var crypto2 = require_utils3();
   var activeQueryDeprecationNotice = nodeUtils.deprecate(() => {}, "Client.activeQuery is deprecated and will be removed in pg@9.0");
   var queryQueueDeprecationNotice = nodeUtils.deprecate(() => {}, "Client.queryQueue is deprecated and will be removed in pg@9.0.");
   var pgPassDeprecationNotice = nodeUtils.deprecate(() => {}, "pgpass support is deprecated and will be removed in pg@9.0. " + "You can provide an async function as the password property to the Client/Pool constructor that returns a password instead. Within this function you can call the pgpass module in your own code.");
@@ -14146,7 +14146,7 @@ var require_client = __commonJS((exports, module) => {
     _handleAuthMD5Password(msg) {
       this._getPassword(async () => {
         try {
-          const hashedPassword = await crypto.postgresMd5PasswordHash(this.user, this.password, msg.salt);
+          const hashedPassword = await crypto2.postgresMd5PasswordHash(this.user, this.password, msg.salt);
           this.connection.password(hashedPassword);
         } catch (e) {
           this.emit("error", e);
@@ -15697,6 +15697,520 @@ var init_dotfile = __esm(() => {
   HASNA_DIR = join(homedir(), ".hasna");
 });
 
+// src/discover.ts
+var exports_discover = {};
+__export(exports_discover, {
+  isSyncExcludedTable: () => isSyncExcludedTable,
+  getServiceDbPath: () => getServiceDbPath,
+  discoverSyncableServices: () => discoverSyncableServices,
+  discoverServices: () => discoverServices,
+  SYNC_EXCLUDED_TABLE_PATTERNS: () => SYNC_EXCLUDED_TABLE_PATTERNS,
+  KNOWN_PG_SERVICES: () => KNOWN_PG_SERVICES
+});
+import { readdirSync as readdirSync2, existsSync as existsSync2 } from "fs";
+import { join as join2 } from "path";
+import { homedir as homedir2 } from "os";
+function isSyncExcludedTable(table) {
+  return SYNC_EXCLUDED_TABLE_PATTERNS.some((p) => p.test(table));
+}
+function discoverServices() {
+  const dataDir = join2(homedir2(), ".hasna");
+  if (!existsSync2(dataDir))
+    return [];
+  try {
+    const entries = readdirSync2(dataDir, { withFileTypes: true });
+    return entries.filter((e) => {
+      if (!e.isDirectory())
+        return false;
+      if (e.name === "cloud" || e.name.startsWith("."))
+        return false;
+      return true;
+    }).map((e) => e.name).sort();
+  } catch {
+    return [];
+  }
+}
+function discoverSyncableServices() {
+  const local = discoverServices();
+  const pgSet = new Set(KNOWN_PG_SERVICES);
+  return local.filter((s) => pgSet.has(s));
+}
+function getServiceDbPath(service) {
+  const dataDir = join2(homedir2(), ".hasna", service);
+  if (!existsSync2(dataDir))
+    return null;
+  const candidates = [
+    join2(dataDir, `${service}.db`),
+    join2(dataDir, "data.db"),
+    join2(dataDir, "database.db")
+  ];
+  try {
+    const files = readdirSync2(dataDir);
+    for (const f of files) {
+      if (f.endsWith(".db") && !f.endsWith("-wal") && !f.endsWith("-shm")) {
+        candidates.push(join2(dataDir, f));
+      }
+    }
+  } catch {}
+  for (const p of candidates) {
+    if (existsSync2(p))
+      return p;
+  }
+  return null;
+}
+var KNOWN_PG_SERVICES, SYNC_EXCLUDED_TABLE_PATTERNS;
+var init_discover = __esm(() => {
+  KNOWN_PG_SERVICES = [
+    "assistants",
+    "attachments",
+    "brains",
+    "configs",
+    "connectors",
+    "contacts",
+    "context",
+    "conversations",
+    "crawl",
+    "deployment",
+    "economy",
+    "emails",
+    "files",
+    "hooks",
+    "implementations",
+    "logs",
+    "mcps",
+    "mementos",
+    "microservices",
+    "predictor",
+    "prompts",
+    "recordings",
+    "researcher",
+    "sandboxes",
+    "search",
+    "secrets",
+    "sessions",
+    "signatures",
+    "skills",
+    "telephony",
+    "terminal",
+    "testers",
+    "tickets",
+    "todos",
+    "wallets"
+  ];
+  SYNC_EXCLUDED_TABLE_PATTERNS = [
+    /^sqlite_/,
+    /_fts$/,
+    /_fts_/,
+    /^_sync_/,
+    /^_pg_migrations$/
+  ];
+});
+
+// src/machines.ts
+import { spawnSync } from "child_process";
+import { existsSync as existsSync3 } from "fs";
+import { homedir as homedir3, hostname as hostname2, platform, arch, userInfo } from "os";
+import { dirname, join as join3 } from "path";
+function quoteSqlString(value) {
+  return `'${value.replace(/'/g, "''")}'`;
+}
+function normalizePlatform(value) {
+  if (value === "darwin")
+    return "macos";
+  if (value === "win32")
+    return "windows";
+  return value;
+}
+function detectWorkspacePath() {
+  const home = homedir3();
+  const candidates = [join3(home, "workspace"), join3(home, "Workspace")];
+  for (const candidate of candidates) {
+    if (existsSync3(candidate))
+      return candidate;
+  }
+  const cwd = process.cwd();
+  const workspaceIdx = cwd.indexOf("/workspace/");
+  if (workspaceIdx >= 0) {
+    return cwd.slice(0, workspaceIdx + "/workspace".length);
+  }
+  const workspaceUpperIdx = cwd.indexOf("/Workspace/");
+  if (workspaceUpperIdx >= 0) {
+    return cwd.slice(0, workspaceUpperIdx + "/Workspace".length);
+  }
+  return cwd;
+}
+function detectBunPath() {
+  return dirname(process.execPath);
+}
+function toFlag(value, fallback = 0) {
+  if (value === undefined)
+    return fallback;
+  return value ? 1 : 0;
+}
+function getCurrentMachineId() {
+  return hostname2();
+}
+function detectCurrentMachine(opts = {}) {
+  const id = opts.id ?? getCurrentMachineId();
+  const username = userInfo().username;
+  return {
+    id,
+    ssh_address: opts.ssh_address ?? `${username}@${id}`,
+    arch: opts.arch ?? `${normalizePlatform(platform())}-${arch()}`,
+    workspace_path: opts.workspace_path ?? detectWorkspacePath(),
+    bun_path: opts.bun_path ?? detectBunPath(),
+    is_primary: opts.is_primary,
+    archived: opts.archived,
+    last_seen_at: opts.last_seen_at,
+    registered_at: opts.registered_at
+  };
+}
+function ensureMachinesTable(db) {
+  db.exec(MACHINES_TABLE_SQL);
+}
+function getMachineRecord(db, id) {
+  ensureMachinesTable(db);
+  return db.get(`SELECT id, ssh_address, arch, workspace_path, bun_path, is_primary, last_seen_at, registered_at, archived
+       FROM machines
+       WHERE id = ?`, id) ?? null;
+}
+function registerMachine(db, opts = {}) {
+  ensureMachinesTable(db);
+  const detected = detectCurrentMachine(opts);
+  const id = detected.id ?? getCurrentMachineId();
+  const now = new Date().toISOString();
+  const existing = getMachineRecord(db, id);
+  const isPrimary = toFlag(detected.is_primary, existing?.is_primary ?? 0);
+  const archived = toFlag(detected.archived, existing?.archived ?? 0);
+  if (isPrimary === 1 && archived === 1) {
+    throw new Error(`Primary machine "${id}" cannot be archived.`);
+  }
+  const record3 = {
+    id,
+    ssh_address: detected.ssh_address ?? existing?.ssh_address ?? "",
+    arch: detected.arch ?? existing?.arch ?? "",
+    workspace_path: detected.workspace_path ?? existing?.workspace_path ?? "",
+    bun_path: detected.bun_path ?? existing?.bun_path ?? "",
+    is_primary: isPrimary,
+    last_seen_at: detected.last_seen_at ?? now,
+    registered_at: existing?.registered_at ?? detected.registered_at ?? now,
+    archived
+  };
+  db.run(`INSERT INTO machines (
+      id,
+      ssh_address,
+      arch,
+      workspace_path,
+      bun_path,
+      is_primary,
+      last_seen_at,
+      registered_at,
+      archived
+    ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)
+    ON CONFLICT(id) DO UPDATE SET
+      ssh_address = excluded.ssh_address,
+      arch = excluded.arch,
+      workspace_path = excluded.workspace_path,
+      bun_path = excluded.bun_path,
+      is_primary = excluded.is_primary,
+      last_seen_at = excluded.last_seen_at,
+      registered_at = excluded.registered_at,
+      archived = excluded.archived`, record3.id, record3.ssh_address, record3.arch, record3.workspace_path, record3.bun_path, record3.is_primary, record3.last_seen_at, record3.registered_at, record3.archived);
+  return getMachineRecord(db, record3.id) ?? record3;
+}
+function listMachines(db, opts = {}) {
+  ensureMachinesTable(db);
+  const includeArchived = opts.includeArchived ?? false;
+  const whereClause = includeArchived ? "" : "WHERE archived = 0";
+  return db.all(`SELECT id, ssh_address, arch, workspace_path, bun_path, is_primary, last_seen_at, registered_at, archived
+     FROM machines
+     ${whereClause}
+     ORDER BY is_primary DESC, id ASC`);
+}
+function pingMachine(machine) {
+  const record3 = typeof machine === "string" ? {
+    id: machine,
+    ssh_address: machine
+  } : machine;
+  const startedAt = Date.now();
+  const checkedAt = new Date().toISOString();
+  const currentId = getCurrentMachineId();
+  if (record3.id === currentId) {
+    return {
+      id: record3.id,
+      online: true,
+      checked_at: checkedAt,
+      latency_ms: Date.now() - startedAt
+    };
+  }
+  const target = record3.ssh_address || record3.id;
+  if (!target) {
+    return {
+      id: record3.id,
+      online: false,
+      error: "Machine has no ssh target.",
+      checked_at: checkedAt,
+      latency_ms: Date.now() - startedAt
+    };
+  }
+  const result = spawnSync("ssh", ["-o", "BatchMode=yes", "-o", "ConnectTimeout=5", target, "true"], {
+    encoding: "utf-8",
+    timeout: 6000
+  });
+  return {
+    id: record3.id,
+    online: result.status === 0,
+    error: result.status === 0 ? undefined : (result.stderr || result.error?.message || "SSH health check failed").trim(),
+    checked_at: checkedAt,
+    latency_ms: Date.now() - startedAt
+  };
+}
+function getMachineStatus(db, opts = {}) {
+  return listMachines(db, opts).map((machine) => pingMachine(machine));
+}
+function tableExists(db, table) {
+  try {
+    if (typeof db.query === "function") {
+      const rows2 = db.all(`SELECT name FROM sqlite_master WHERE type='table' AND name = ?`, table);
+      return rows2.length > 0;
+    }
+    const rows = db.all(`SELECT table_name
+       FROM information_schema.tables
+       WHERE table_schema = 'public' AND table_name = ?`, table);
+    return rows.length > 0;
+  } catch {
+    return false;
+  }
+}
+function hasMachineIdColumn(db, table) {
+  try {
+    if (typeof db.query === "function") {
+      const rows2 = db.all(`PRAGMA table_info("${table}")`);
+      return rows2.some((row) => row.name === "machine_id");
+    }
+    const rows = db.all(`SELECT column_name
+       FROM information_schema.columns
+       WHERE table_schema = 'public' AND table_name = ? AND column_name = 'machine_id'`, table);
+    return rows.length > 0;
+  } catch {
+    return false;
+  }
+}
+function shouldTrackMachineId(table) {
+  return table !== "machines" && !isSyncExcludedTable(table);
+}
+function ensureMachineIdColumn(db, table) {
+  if (!shouldTrackMachineId(table) || !tableExists(db, table)) {
+    return false;
+  }
+  if (hasMachineIdColumn(db, table)) {
+    return false;
+  }
+  db.exec(`ALTER TABLE "${table}" ADD COLUMN machine_id TEXT DEFAULT ''`);
+  return true;
+}
+function extractTableName(sql, pattern) {
+  const match = sql.match(pattern);
+  if (!match)
+    return null;
+  return match[2] ?? match[3] ?? null;
+}
+function appendLiteralToValueTuples(sql, literal3) {
+  let output = "";
+  let depth = 0;
+  let inSingle = false;
+  let inDouble = false;
+  let sawTuple = false;
+  let inValues = true;
+  for (let i = 0;i < sql.length; i++) {
+    const char = sql[i];
+    const prev = sql[i - 1];
+    if (!inDouble && char === "'" && prev !== "\\") {
+      inSingle = !inSingle;
+      output += char;
+      continue;
+    }
+    if (!inSingle && char === `"` && prev !== "\\") {
+      inDouble = !inDouble;
+      output += char;
+      continue;
+    }
+    if (inSingle || inDouble) {
+      output += char;
+      continue;
+    }
+    if (inValues && char === "(") {
+      depth += 1;
+      if (depth === 1)
+        sawTuple = true;
+      output += char;
+      continue;
+    }
+    if (inValues && char === ")" && depth === 1) {
+      output += `, ${literal3})`;
+      depth = 0;
+      continue;
+    }
+    if (inValues && char === ")" && depth > 1) {
+      depth -= 1;
+      output += char;
+      continue;
+    }
+    if (inValues && depth === 0 && sawTuple && /[A-Za-z]/.test(char)) {
+      inValues = false;
+    }
+    output += char;
+  }
+  return sawTuple ? output : null;
+}
+function rewriteInsertSql(sql, machineId) {
+  const match = sql.match(/^\s*(insert(?:\s+or\s+\w+)?\s+into\s+((?:"([^"]+)")|([A-Za-z_][\w$]*))\s*)\(([^)]*)\)(\s*values\s*)([\s\S]*)$/i);
+  if (!match)
+    return null;
+  const table = match[3] ?? match[4];
+  if (!table || !shouldTrackMachineId(table))
+    return null;
+  const columns = match[5].split(",").map((column) => column.trim().replace(/^"|"$/g, ""));
+  if (columns.some((column) => column.toLowerCase() === "machine_id")) {
+    return { table, sql };
+  }
+  const rewrittenValues = appendLiteralToValueTuples(match[7], quoteSqlString(machineId));
+  if (!rewrittenValues)
+    return { table, sql };
+  const nextColumns = `${match[5].trim()}, "machine_id"`;
+  return {
+    table,
+    sql: `${match[1]}(${nextColumns})${match[6]}${rewrittenValues}`
+  };
+}
+function rewriteUpdateSql(sql, machineId) {
+  const match = sql.match(/^\s*(update\s+((?:"([^"]+)")|([A-Za-z_][\w$]*))\s+set\s*)([\s\S]*?)(\s+(?:where|returning)\b[\s\S]*|\s*)$/i);
+  if (!match)
+    return null;
+  const table = match[3] ?? match[4];
+  if (!table || !shouldTrackMachineId(table))
+    return null;
+  if (/\bmachine_id\b/i.test(match[5])) {
+    return { table, sql };
+  }
+  return {
+    table,
+    sql: `${match[1]}${match[5].trimEnd()}, "machine_id" = ${quoteSqlString(machineId)}${match[6]}`
+  };
+}
+function maybeRewriteMachineSql(db, sql, machineId) {
+  const trimmed = sql.trimStart();
+  if (/^insert\b/i.test(trimmed)) {
+    const rewritten = rewriteInsertSql(sql, machineId);
+    if (rewritten?.table) {
+      ensureMachineIdColumn(db, rewritten.table);
+      return rewritten.sql;
+    }
+    return sql;
+  }
+  if (/^update\b/i.test(trimmed)) {
+    const rewritten = rewriteUpdateSql(sql, machineId);
+    if (rewritten?.table) {
+      ensureMachineIdColumn(db, rewritten.table);
+      return rewritten.sql;
+    }
+    return sql;
+  }
+  return sql;
+}
+function maybeEnsureCreatedTableHasMachineId(db, sql) {
+  const table = extractTableName(sql, /^\s*(create\s+table(?:\s+if\s+not\s+exists)?\s+((?:"([^"]+)")|([A-Za-z_][\w$]*)))/i);
+  if (table) {
+    ensureMachineIdColumn(db, table);
+  }
+}
+function createMachineRegistry(db, machineId = getCurrentMachineId()) {
+  return {
+    register(opts = {}) {
+      return registerMachine(db, { ...opts, id: opts.id ?? machineId });
+    },
+    list(opts = {}) {
+      return listMachines(db, opts);
+    },
+    ping(machine) {
+      if (!machine) {
+        return pingMachine(registerMachine(db, { id: machineId }));
+      }
+      return pingMachine(typeof machine === "string" ? getMachineRecord(db, machine) ?? machine : machine);
+    },
+    status(opts = {}) {
+      return getMachineStatus(db, opts);
+    },
+    currentMachine() {
+      return registerMachine(db, { id: machineId });
+    }
+  };
+}
+function createMachineAwareAdapter(db) {
+  ensureMachinesTable(db);
+  const machineId = registerMachine(db).id;
+  const machines = createMachineRegistry(db, machineId);
+  const wrapped = {
+    machine_id: machineId,
+    machines,
+    run(sql, ...params) {
+      return db.run(maybeRewriteMachineSql(db, sql, machineId), ...params);
+    },
+    get(sql, ...params) {
+      return db.get(sql, ...params);
+    },
+    all(sql, ...params) {
+      return db.all(sql, ...params);
+    },
+    exec(sql) {
+      db.exec(sql);
+      maybeEnsureCreatedTableHasMachineId(db, sql);
+    },
+    prepare(sql) {
+      const statement = db.prepare(maybeRewriteMachineSql(db, sql, machineId));
+      return {
+        run(...params) {
+          return statement.run(...params);
+        },
+        get(...params) {
+          return statement.get(...params);
+        },
+        all(...params) {
+          return statement.all(...params);
+        },
+        finalize() {
+          statement.finalize();
+        }
+      };
+    },
+    close() {
+      db.close();
+    },
+    transaction(fn) {
+      return db.transaction(fn);
+    },
+    raw: db.raw,
+    query: typeof db.query === "function" ? db.query.bind(db) : undefined
+  };
+  return wrapped;
+}
+var MACHINES_TABLE_SQL = `
+CREATE TABLE IF NOT EXISTS machines (
+  id TEXT PRIMARY KEY,
+  ssh_address TEXT DEFAULT '',
+  arch TEXT DEFAULT '',
+  workspace_path TEXT DEFAULT '',
+  bun_path TEXT DEFAULT '',
+  is_primary INTEGER DEFAULT 0 CHECK (is_primary IN (0, 1)),
+  last_seen_at TEXT,
+  registered_at TEXT,
+  archived INTEGER DEFAULT 0 CHECK (archived IN (0, 1)),
+  CHECK (NOT (is_primary = 1 AND archived = 1))
+)`;
+var init_machines = __esm(() => {
+  init_discover();
+});
+
 // src/config.ts
 var exports_config = {};
 __export(exports_config, {
@@ -15708,9 +16222,9 @@ __export(exports_config, {
   createDatabase: () => createDatabase2,
   CloudConfigSchema: () => CloudConfigSchema2
 });
-import { existsSync as existsSync3, mkdirSync as mkdirSync3, readFileSync as readFileSync2, writeFileSync as writeFileSync2 } from "fs";
-import { homedir as homedir3 } from "os";
-import { join as join3 } from "path";
+import { existsSync as existsSync5, mkdirSync as mkdirSync3, readFileSync as readFileSync2, writeFileSync as writeFileSync2 } from "fs";
+import { homedir as homedir5 } from "os";
+import { join as join5 } from "path";
 function getConfigDir() {
   return CONFIG_DIR2;
 }
@@ -15718,7 +16232,7 @@ function getConfigPath() {
   return CONFIG_PATH2;
 }
 function getCloudConfig2() {
-  if (!existsSync3(CONFIG_PATH2)) {
+  if (!existsSync5(CONFIG_PATH2)) {
     return CloudConfigSchema2.parse({});
   }
   try {
@@ -15751,16 +16265,32 @@ function createDatabase2(options) {
   const mode = options.mode ?? config2.mode;
   if (mode === "cloud") {
     const connStr = options.pgConnectionString ?? getConnectionString2(options.service);
-    return new PgAdapter(connStr);
+    return createMachineAwareAdapter(new PgAdapter(connStr));
   }
   const dbPath = options.sqlitePath ?? getDbPath(options.service);
-  return new SqliteAdapter(dbPath);
+  return createMachineAwareAdapter(new SqliteAdapter(dbPath));
 }
-var CloudConfigSchema2, CONFIG_DIR2, CONFIG_PATH2;
+var DaemonConfigSchema2, CloudConfigSchema2, CONFIG_DIR2, CONFIG_PATH2;
 var init_config = __esm(() => {
   init_zod();
   init_adapter();
   init_dotfile();
+  init_machines();
+  DaemonConfigSchema2 = exports_external.object({
+    enabled: exports_external.boolean().default(false),
+    paused: exports_external.boolean().default(false),
+    watch_interval_seconds: exports_external.number().int().positive().default(5),
+    pull_interval_seconds: exports_external.number().int().positive().default(60),
+    push_debounce_seconds: exports_external.number().int().positive().default(5),
+    conflict_strategy: exports_external.enum(["newest-wins", "local-wins", "remote-wins"]).default("newest-wins"),
+    services: exports_external.array(exports_external.string()).default([]),
+    table_intervals: exports_external.record(exports_external.string(), exports_external.record(exports_external.string(), exports_external.number().int().positive())).default({}),
+    file_rules: exports_external.array(exports_external.object({
+      path: exports_external.string(),
+      interval_seconds: exports_external.number().int().positive().default(30),
+      enabled: exports_external.boolean().default(true)
+    })).default([])
+  }).default({});
   CloudConfigSchema2 = exports_external.object({
     rds: exports_external.object({
       host: exports_external.string().default(""),
@@ -15774,34 +16304,35 @@ var init_config = __esm(() => {
     feedback_endpoint: exports_external.string().default("https://feedback.hasna.com/api/v1/feedback"),
     sync: exports_external.object({
       schedule_minutes: exports_external.number().default(0)
-    }).default({})
+    }).default({}),
+    daemon: DaemonConfigSchema2
   });
-  CONFIG_DIR2 = join3(homedir3(), ".hasna", "cloud");
-  CONFIG_PATH2 = join3(CONFIG_DIR2, "config.json");
+  CONFIG_DIR2 = join5(homedir5(), ".hasna", "cloud");
+  CONFIG_PATH2 = join5(CONFIG_DIR2, "config.json");
 });
 
 // src/discover.ts
-var exports_discover = {};
-__export(exports_discover, {
-  isSyncExcludedTable: () => isSyncExcludedTable,
-  getServiceDbPath: () => getServiceDbPath,
-  discoverSyncableServices: () => discoverSyncableServices,
-  discoverServices: () => discoverServices,
-  SYNC_EXCLUDED_TABLE_PATTERNS: () => SYNC_EXCLUDED_TABLE_PATTERNS,
-  KNOWN_PG_SERVICES: () => KNOWN_PG_SERVICES
+var exports_discover2 = {};
+__export(exports_discover2, {
+  isSyncExcludedTable: () => isSyncExcludedTable2,
+  getServiceDbPath: () => getServiceDbPath2,
+  discoverSyncableServices: () => discoverSyncableServices2,
+  discoverServices: () => discoverServices2,
+  SYNC_EXCLUDED_TABLE_PATTERNS: () => SYNC_EXCLUDED_TABLE_PATTERNS2,
+  KNOWN_PG_SERVICES: () => KNOWN_PG_SERVICES2
 });
-import { readdirSync as readdirSync3, existsSync as existsSync5 } from "fs";
-import { join as join5 } from "path";
-import { homedir as homedir5 } from "os";
-function isSyncExcludedTable(table) {
-  return SYNC_EXCLUDED_TABLE_PATTERNS.some((p) => p.test(table));
+import { readdirSync as readdirSync4, existsSync as existsSync7 } from "fs";
+import { join as join7 } from "path";
+import { homedir as homedir7 } from "os";
+function isSyncExcludedTable2(table) {
+  return SYNC_EXCLUDED_TABLE_PATTERNS2.some((p) => p.test(table));
 }
-function discoverServices() {
-  const dataDir = join5(homedir5(), ".hasna");
-  if (!existsSync5(dataDir))
+function discoverServices2() {
+  const dataDir = join7(homedir7(), ".hasna");
+  if (!existsSync7(dataDir))
     return [];
   try {
-    const entries = readdirSync3(dataDir, { withFileTypes: true });
+    const entries = readdirSync4(dataDir, { withFileTypes: true });
     return entries.filter((e) => {
       if (!e.isDirectory())
         return false;
@@ -15813,37 +16344,37 @@ function discoverServices() {
     return [];
   }
 }
-function discoverSyncableServices() {
-  const local = discoverServices();
-  const pgSet = new Set(KNOWN_PG_SERVICES);
+function discoverSyncableServices2() {
+  const local = discoverServices2();
+  const pgSet = new Set(KNOWN_PG_SERVICES2);
   return local.filter((s) => pgSet.has(s));
 }
-function getServiceDbPath(service) {
-  const dataDir = join5(homedir5(), ".hasna", service);
-  if (!existsSync5(dataDir))
+function getServiceDbPath2(service) {
+  const dataDir = join7(homedir7(), ".hasna", service);
+  if (!existsSync7(dataDir))
     return null;
   const candidates = [
-    join5(dataDir, `${service}.db`),
-    join5(dataDir, "data.db"),
-    join5(dataDir, "database.db")
+    join7(dataDir, `${service}.db`),
+    join7(dataDir, "data.db"),
+    join7(dataDir, "database.db")
   ];
   try {
-    const files = readdirSync3(dataDir);
+    const files = readdirSync4(dataDir);
     for (const f of files) {
       if (f.endsWith(".db") && !f.endsWith("-wal") && !f.endsWith("-shm")) {
-        candidates.push(join5(dataDir, f));
+        candidates.push(join7(dataDir, f));
       }
     }
   } catch {}
   for (const p of candidates) {
-    if (existsSync5(p))
+    if (existsSync7(p))
       return p;
   }
   return null;
 }
-var KNOWN_PG_SERVICES, SYNC_EXCLUDED_TABLE_PATTERNS;
-var init_discover = __esm(() => {
-  KNOWN_PG_SERVICES = [
+var KNOWN_PG_SERVICES2, SYNC_EXCLUDED_TABLE_PATTERNS2;
+var init_discover2 = __esm(() => {
+  KNOWN_PG_SERVICES2 = [
     "assistants",
     "attachments",
     "brains",
@@ -15880,116 +16411,7 @@ var init_discover = __esm(() => {
     "todos",
     "wallets"
   ];
-  SYNC_EXCLUDED_TABLE_PATTERNS = [
-    /^sqlite_/,
-    /_fts$/,
-    /_fts_/,
-    /^_sync_/,
-    /^_pg_migrations$/
-  ];
-});
-
-// src/discover.ts
-var exports_discover2 = {};
-__export(exports_discover2, {
-  isSyncExcludedTable: () => isSyncExcludedTable2,
-  getServiceDbPath: () => getServiceDbPath2,
-  discoverSyncableServices: () => discoverSyncableServices2,
-  discoverServices: () => discoverServices2,
-  SYNC_EXCLUDED_TABLE_PATTERNS: () => SYNC_EXCLUDED_TABLE_PATTERNS2,
-  KNOWN_PG_SERVICES: () => KNOWN_PG_SERVICES2
-});
-import { readdirSync as readdirSync4, existsSync as existsSync6 } from "fs";
-import { join as join6 } from "path";
-import { homedir as homedir6 } from "os";
-function isSyncExcludedTable2(table) {
-  return SYNC_EXCLUDED_TABLE_PATTERNS2.some((p) => p.test(table));
-}
-function discoverServices2() {
-  const dataDir = join6(homedir6(), ".hasna");
-  if (!existsSync6(dataDir))
-    return [];
-  try {
-    const entries = readdirSync4(dataDir, { withFileTypes: true });
-    return entries.filter((e) => {
-      if (!e.isDirectory())
-        return false;
-      if (e.name === "cloud" || e.name.startsWith("."))
-        return false;
-      return true;
-    }).map((e) => e.name).sort();
-  } catch {
-    return [];
-  }
-}
-function discoverSyncableServices2() {
-  const local = discoverServices2();
-  const pgSet = new Set(KNOWN_PG_SERVICES2);
-  return local.filter((s) => pgSet.has(s));
-}
-function getServiceDbPath2(service) {
-  const dataDir = join6(homedir6(), ".hasna", service);
-  if (!existsSync6(dataDir))
-    return null;
-  const candidates = [
-    join6(dataDir, `${service}.db`),
-    join6(dataDir, "data.db"),
-    join6(dataDir, "database.db")
-  ];
-  try {
-    const files = readdirSync4(dataDir);
-    for (const f of files) {
-      if (f.endsWith(".db") && !f.endsWith("-wal") && !f.endsWith("-shm")) {
-        candidates.push(join6(dataDir, f));
-      }
-    }
-  } catch {}
-  for (const p of candidates) {
-    if (existsSync6(p))
-      return p;
-  }
-  return null;
-}
-var KNOWN_PG_SERVICES2, SYNC_EXCLUDED_TABLE_PATTERNS2;
-var init_discover2 = __esm(() => {
-  KNOWN_PG_SERVICES2 = [
-    "assistants",
-    "attachments",
-    "brains",
-    "configs",
-    "connectors",
-    "contacts",
-    "context",
-    "conversations",
-    "crawl",
-    "deployment",
-    "economy",
-    "emails",
-    "files",
-    "hooks",
-    "implementations",
-    "logs",
-    "mcps",
-    "mementos",
-    "microservices",
-    "predictor",
-    "prompts",
-    "recordings",
-    "researcher",
-    "sandboxes",
-    "search",
-    "secrets",
-    "sessions",
-    "signatures",
-    "skills",
-    "telephony",
-    "terminal",
-    "testers",
-    "tickets",
-    "todos",
-    "wallets"
-  ];
-  SYNC_EXCLUDED_TABLE_PATTERNS2 = [
+  SYNC_EXCLUDED_TABLE_PATTERNS2 = [
     /^sqlite_/,
     /_fts$/,
     /_fts_/,
@@ -16081,7 +16503,7 @@ async function migrateService(service, connectionString) {
   return applyPgMigrations(connStr, migrations, service);
 }
 async function migrateAllServices() {
-  const { discoverServices: discoverServices3 } = await Promise.resolve().then(() => (init_discover2(), exports_discover2));
+  const { discoverServices: discoverServices3 } = await Promise.resolve().then(() => (init_discover(), exports_discover));
   const services = discoverServices3();
   const results = [];
   for (const service of services) {
@@ -16121,7 +16543,7 @@ async function ensurePgDatabase(service) {
   }
 }
 async function ensureAllPgDatabases() {
-  const { discoverServices: discoverServices3 } = await Promise.resolve().then(() => (init_discover2(), exports_discover2));
+  const { discoverServices: discoverServices3 } = await Promise.resolve().then(() => (init_discover(), exports_discover));
   const services = discoverServices3();
   const results = [];
   for (const service of services) {
@@ -20781,6 +21203,7 @@ config(en_default2());
 
 // node_modules/@modelcontextprotocol/sdk/dist/esm/types.js
 var LATEST_PROTOCOL_VERSION = "2025-11-25";
+var DEFAULT_NEGOTIATED_PROTOCOL_VERSION = "2025-03-26";
 var SUPPORTED_PROTOCOL_VERSIONS = [LATEST_PROTOCOL_VERSION, "2025-06-18", "2025-03-26", "2024-11-05", "2024-10-07"];
 var RELATED_TASK_META_KEY = "io.modelcontextprotocol/related-task";
 var JSONRPC_VERSION = "2.0";
@@ -20953,6 +21376,7 @@ var InitializeRequestSchema = RequestSchema.extend({
   method: literal("initialize"),
   params: InitializeRequestParamsSchema
 });
+var isInitializeRequest = (value) => InitializeRequestSchema.safeParse(value).success;
 var ServerCapabilitiesSchema = object2({
   experimental: record(string2(), AssertObjectSchema).optional(),
   logging: AssertObjectSchema.optional(),
@@ -25133,9 +25557,25 @@ init_external();
 init_zod();
 init_adapter();
 init_dotfile();
-import { existsSync as existsSync2, mkdirSync as mkdirSync2, readFileSync, writeFileSync } from "fs";
-import { homedir as homedir2 } from "os";
-import { join as join2 } from "path";
+init_machines();
+import { existsSync as existsSync4, mkdirSync as mkdirSync2, readFileSync, writeFileSync } from "fs";
+import { homedir as homedir4 } from "os";
+import { join as join4 } from "path";
+var DaemonConfigSchema = exports_external.object({
+  enabled: exports_external.boolean().default(false),
+  paused: exports_external.boolean().default(false),
+  watch_interval_seconds: exports_external.number().int().positive().default(5),
+  pull_interval_seconds: exports_external.number().int().positive().default(60),
+  push_debounce_seconds: exports_external.number().int().positive().default(5),
+  conflict_strategy: exports_external.enum(["newest-wins", "local-wins", "remote-wins"]).default("newest-wins"),
+  services: exports_external.array(exports_external.string()).default([]),
+  table_intervals: exports_external.record(exports_external.string(), exports_external.record(exports_external.string(), exports_external.number().int().positive())).default({}),
+  file_rules: exports_external.array(exports_external.object({
+    path: exports_external.string(),
+    interval_seconds: exports_external.number().int().positive().default(30),
+    enabled: exports_external.boolean().default(true)
+  })).default([])
+}).default({});
 var CloudConfigSchema = exports_external.object({
   rds: exports_external.object({
     host: exports_external.string().default(""),
@@ -25149,12 +25589,13 @@ var CloudConfigSchema = exports_external.object({
   feedback_endpoint: exports_external.string().default("https://feedback.hasna.com/api/v1/feedback"),
   sync: exports_external.object({
     schedule_minutes: exports_external.number().default(0)
-  }).default({})
+  }).default({}),
+  daemon: DaemonConfigSchema
 });
-var CONFIG_DIR = join2(homedir2(), ".hasna", "cloud");
-var CONFIG_PATH = join2(CONFIG_DIR, "config.json");
+var CONFIG_DIR = join4(homedir4(), ".hasna", "cloud");
+var CONFIG_PATH = join4(CONFIG_DIR, "config.json");
 function getCloudConfig() {
-  if (!existsSync2(CONFIG_PATH)) {
+  if (!existsSync4(CONFIG_PATH)) {
     return CloudConfigSchema.parse({});
   }
   try {
@@ -25182,10 +25623,10 @@ function createDatabase(options) {
   const mode = options.mode ?? config2.mode;
   if (mode === "cloud") {
     const connStr = options.pgConnectionString ?? getConnectionString(options.service);
-    return new PgAdapter(connStr);
+    return createMachineAwareAdapter(new PgAdapter(connStr));
   }
   const dbPath = options.sqlitePath ?? getDbPath(options.service);
-  return new SqliteAdapter(dbPath);
+  return createMachineAwareAdapter(new SqliteAdapter(dbPath));
 }
 
 // src/sync.ts
@@ -25364,6 +25805,9 @@ async function ensureTablesExist(source, target, tables) {
 }
 async function filterColumnsForTarget(target, table, sourceColumns) {
   try {
+    if (sourceColumns.includes("machine_id") && table !== "machines") {
+      await ensureMachineIdColumnInTarget(target, table);
+    }
     if (!isAsyncAdapter(target)) {
       const colInfo = target.all(`PRAGMA table_info("${table}")`);
       if (Array.isArray(colInfo) && colInfo.length > 0) {
@@ -25386,6 +25830,22 @@ async function filterColumnsForTarget(target, table, sourceColumns) {
   } catch {}
   return sourceColumns;
 }
+async function ensureMachineIdColumnInTarget(target, table) {
+  if (!isAsyncAdapter(target)) {
+    const colInfo2 = target.all(`PRAGMA table_info("${table}")`);
+    const hasMachineId = Array.isArray(colInfo2) ? colInfo2.some((column) => column.name === "machine_id") : false;
+    if (!hasMachineId) {
+      target.exec(`ALTER TABLE "${table}" ADD COLUMN machine_id TEXT DEFAULT ''`);
+    }
+    return;
+  }
+  const colInfo = await target.all(`SELECT column_name
+     FROM information_schema.columns
+     WHERE table_schema = 'public' AND table_name = '${table}' AND column_name = 'machine_id'`);
+  if (colInfo.length === 0) {
+    await target.exec(`ALTER TABLE "${table}" ADD COLUMN machine_id TEXT DEFAULT ''`);
+  }
+}
 async function syncTransfer(source, target, options, _direction) {
   const {
     tables,
@@ -25621,7 +26081,7 @@ async function listPgTables(db) {
 
 // src/feedback.ts
 init_config();
-import { hostname as hostname2 } from "os";
+import { hostname as hostname3 } from "os";
 var FEEDBACK_TABLE_SQL = `
 CREATE TABLE IF NOT EXISTS feedback (
   id TEXT PRIMARY KEY,
@@ -25639,7 +26099,7 @@ function saveFeedback(db, feedback) {
   ensureFeedbackTable(db);
   const id = feedback.id ?? Math.random().toString(36).slice(2) + Date.now().toString(36);
   const now = new Date().toISOString();
-  const machineId = feedback.machine_id ?? hostname2();
+  const machineId = feedback.machine_id ?? hostname3();
   db.run(`INSERT INTO feedback (id, service, version, message, email, machine_id, created_at)
      VALUES (?, ?, ?, ?, ?, ?, ?)`, id, feedback.service, feedback.version ?? "", feedback.message, feedback.email ?? "", machineId, feedback.created_at ?? now);
   return id;
@@ -25647,7 +26107,7 @@ function saveFeedback(db, feedback) {
 async function sendFeedback(feedback, db) {
   const config2 = getCloudConfig2();
   const id = feedback.id ?? Math.random().toString(36).slice(2) + Date.now().toString(36);
-  const machineId = feedback.machine_id ?? hostname2();
+  const machineId = feedback.machine_id ?? hostname3();
   const now = new Date().toISOString();
   const payload = {
     id,
@@ -25687,22 +26147,22 @@ async function sendFeedback(feedback, db) {
 
 // src/dotfile.ts
 import {
-  existsSync as existsSync4,
+  existsSync as existsSync6,
   mkdirSync as mkdirSync4,
-  readdirSync as readdirSync2,
+  readdirSync as readdirSync3,
   copyFileSync as copyFileSync2
 } from "fs";
-import { homedir as homedir4 } from "os";
-import { join as join4, relative as relative2 } from "path";
-var HASNA_DIR2 = join4(homedir4(), ".hasna");
+import { homedir as homedir6 } from "os";
+import { join as join6, relative as relative2 } from "path";
+var HASNA_DIR2 = join6(homedir6(), ".hasna");
 function getDataDir2(serviceName) {
-  const dir = join4(HASNA_DIR2, serviceName);
+  const dir = join6(HASNA_DIR2, serviceName);
   mkdirSync4(dir, { recursive: true });
   return dir;
 }
 function getDbPath2(serviceName) {
   const dir = getDataDir2(serviceName);
-  return join4(dir, `${serviceName}.db`);
+  return join6(dir, `${serviceName}.db`);
 }
 
 // src/adapter.ts
@@ -25824,282 +26284,1509 @@ class PgAdapterAsync2 {
   }
 }
 
-// src/mcp/index.ts
-var server = new McpServer({
-  name: "cloud",
-  version: "0.1.0"
-});
-server.tool("cloud_status", "Show cloud configuration and connection health", {}, async () => {
-  const config2 = getCloudConfig();
-  const lines = [
-    `Mode: ${config2.mode}`,
-    `RDS Host: ${config2.rds.host || "(not configured)"}`,
-    `RDS Port: ${config2.rds.port}`,
-    `RDS Username: ${config2.rds.username || "(not configured)"}`,
-    `SSL: ${config2.rds.ssl}`,
-    `Auto-sync: ${config2.auto_sync_interval_minutes ? `${config2.auto_sync_interval_minutes} min` : "disabled"}`
-  ];
-  if (config2.rds.host && config2.rds.username) {
-    try {
-      const connStr = getConnectionString("postgres");
-      const pg2 = new PgAdapterAsync2(connStr);
-      await pg2.get("SELECT 1 as ok");
-      lines.push("PostgreSQL: connected");
-      await pg2.close();
-    } catch (err) {
-      lines.push(`PostgreSQL: connection failed \u2014 ${err?.message}`);
-    }
+// src/mcp/http.ts
+import { createServer } from "node:http";
+
+// node_modules/@hono/node-server/dist/index.mjs
+import { Http2ServerRequest as Http2ServerRequest2 } from "http2";
+import { Http2ServerRequest } from "http2";
+import { Readable } from "stream";
+import crypto2 from "crypto";
+var RequestError = class extends Error {
+  constructor(message, options) {
+    super(message, options);
+    this.name = "RequestError";
   }
-  return { content: [{ type: "text", text: lines.join(`
-`) }] };
-});
-server.tool("sync_push", "Push local SQLite data to cloud PostgreSQL", {
-  service: exports_external.string().describe("Service name"),
-  tables: exports_external.string().optional().describe("Comma-separated table names (default: all)")
-}, async ({ service, tables: tablesStr }) => {
-  const config2 = getCloudConfig();
-  if (config2.mode === "local") {
-    return {
-      content: [
-        {
-          type: "text",
-          text: "Error: mode is 'local'. Configure cloud mode first via `cloud setup`."
-        }
-      ],
-      isError: true
-    };
+};
+var toRequestError = (e) => {
+  if (e instanceof RequestError) {
+    return e;
   }
-  const dbPath = getDbPath2(service);
-  const local = new SqliteAdapter2(dbPath);
-  const connStr = getConnectionString(service);
-  const cloud = new PgAdapterAsync2(connStr);
-  let tableList;
-  if (tablesStr) {
-    tableList = tablesStr.split(",").map((t) => t.trim());
-  } else {
-    tableList = listSqliteTables(local);
-  }
-  const results = await syncPush(local, cloud, { tables: tableList });
-  local.close();
-  await cloud.close();
-  const totalWritten = results.reduce((s, r) => s + r.rowsWritten, 0);
-  const totalErrors = results.reduce((s, r) => s + r.errors.length, 0);
-  const lines = [
-    `Pushed ${tableList.length} table(s): ${totalWritten} rows, ${totalErrors} errors.`
-  ];
-  for (const r of results) {
-    lines.push(`  ${r.table}: ${r.rowsWritten} written, ${r.rowsSkipped} skipped`);
-    for (const e of r.errors) {
-      lines.push(`    ERROR: ${e}`);
+  return new RequestError(e.message, { cause: e });
+};
+var GlobalRequest = global.Request;
+var Request = class extends GlobalRequest {
+  constructor(input, options) {
+    if (typeof input === "object" && getRequestCache in input) {
+      input = input[getRequestCache]();
     }
+    if (typeof options?.body?.getReader !== "undefined") {
+      options.duplex ??= "half";
+    }
+    super(input, options);
   }
-  return { content: [{ type: "text", text: lines.join(`
-`) }] };
-});
-server.tool("sync_pull", "Pull cloud PostgreSQL data to local SQLite", {
-  service: exports_external.string().describe("Service name"),
-  tables: exports_external.string().optional().describe("Comma-separated table names (default: all)")
-}, async ({ service, tables: tablesStr }) => {
-  const config2 = getCloudConfig();
-  if (config2.mode === "local") {
-    return {
-      content: [
-        {
-          type: "text",
-          text: "Error: mode is 'local'. Configure cloud mode first via `cloud setup`."
+};
+var newHeadersFromIncoming = (incoming) => {
+  const headerRecord = [];
+  const rawHeaders = incoming.rawHeaders;
+  for (let i = 0;i < rawHeaders.length; i += 2) {
+    const { [i]: key, [i + 1]: value } = rawHeaders;
+    if (key.charCodeAt(0) !== 58) {
+      headerRecord.push([key, value]);
+    }
+  }
+  return new Headers(headerRecord);
+};
+var wrapBodyStream = Symbol("wrapBodyStream");
+var newRequestFromIncoming = (method, url, headers, incoming, abortController) => {
+  const init = {
+    method,
+    headers,
+    signal: abortController.signal
+  };
+  if (method === "TRACE") {
+    init.method = "GET";
+    const req = new Request(url, init);
+    Object.defineProperty(req, "method", {
+      get() {
+        return "TRACE";
+      }
+    });
+    return req;
+  }
+  if (!(method === "GET" || method === "HEAD")) {
+    if ("rawBody" in incoming && incoming.rawBody instanceof Buffer) {
+      init.body = new ReadableStream({
+        start(controller) {
+          controller.enqueue(incoming.rawBody);
+          controller.close();
         }
-      ],
-      isError: true
-    };
+      });
+    } else if (incoming[wrapBodyStream]) {
+      let reader;
+      init.body = new ReadableStream({
+        async pull(controller) {
+          try {
+            reader ||= Readable.toWeb(incoming).getReader();
+            const { done, value } = await reader.read();
+            if (done) {
+              controller.close();
+            } else {
+              controller.enqueue(value);
+            }
+          } catch (error2) {
+            controller.error(error2);
+          }
+        }
+      });
+    } else {
+      init.body = Readable.toWeb(incoming);
+    }
   }
-  const dbPath = getDbPath2(service);
-  const local = new SqliteAdapter2(dbPath);
-  const connStr = getConnectionString(service);
-  const cloud = new PgAdapterAsync2(connStr);
-  let tableList;
-  if (tablesStr) {
-    tableList = tablesStr.split(",").map((t) => t.trim());
-  } else {
+  return new Request(url, init);
+};
+var getRequestCache = Symbol("getRequestCache");
+var requestCache = Symbol("requestCache");
+var incomingKey = Symbol("incomingKey");
+var urlKey = Symbol("urlKey");
+var headersKey = Symbol("headersKey");
+var abortControllerKey = Symbol("abortControllerKey");
+var getAbortController = Symbol("getAbortController");
+var requestPrototype = {
+  get method() {
+    return this[incomingKey].method || "GET";
+  },
+  get url() {
+    return this[urlKey];
+  },
+  get headers() {
+    return this[headersKey] ||= newHeadersFromIncoming(this[incomingKey]);
+  },
+  [getAbortController]() {
+    this[getRequestCache]();
+    return this[abortControllerKey];
+  },
+  [getRequestCache]() {
+    this[abortControllerKey] ||= new AbortController;
+    return this[requestCache] ||= newRequestFromIncoming(this.method, this[urlKey], this.headers, this[incomingKey], this[abortControllerKey]);
+  }
+};
+[
+  "body",
+  "bodyUsed",
+  "cache",
+  "credentials",
+  "destination",
+  "integrity",
+  "mode",
+  "redirect",
+  "referrer",
+  "referrerPolicy",
+  "signal",
+  "keepalive"
+].forEach((k) => {
+  Object.defineProperty(requestPrototype, k, {
+    get() {
+      return this[getRequestCache]()[k];
+    }
+  });
+});
+["arrayBuffer", "blob", "clone", "formData", "json", "text"].forEach((k) => {
+  Object.defineProperty(requestPrototype, k, {
+    value: function() {
+      return this[getRequestCache]()[k]();
+    }
+  });
+});
+Object.setPrototypeOf(requestPrototype, Request.prototype);
+var newRequest = (incoming, defaultHostname) => {
+  const req = Object.create(requestPrototype);
+  req[incomingKey] = incoming;
+  const incomingUrl = incoming.url || "";
+  if (incomingUrl[0] !== "/" && (incomingUrl.startsWith("http://") || incomingUrl.startsWith("https://"))) {
+    if (incoming instanceof Http2ServerRequest) {
+      throw new RequestError("Absolute URL for :path is not allowed in HTTP/2");
+    }
     try {
-      tableList = await listPgTables(cloud);
-    } catch {
-      local.close();
-      await cloud.close();
-      return {
-        content: [
-          { type: "text", text: "Error: failed to list tables from cloud." }
-        ],
-        isError: true
-      };
+      const url2 = new URL(incomingUrl);
+      req[urlKey] = url2.href;
+    } catch (e) {
+      throw new RequestError("Invalid absolute URL", { cause: e });
     }
+    return req;
   }
-  const results = await syncPull(cloud, local, { tables: tableList });
-  local.close();
-  await cloud.close();
-  const totalWritten = results.reduce((s, r) => s + r.rowsWritten, 0);
-  const totalErrors = results.reduce((s, r) => s + r.errors.length, 0);
-  const lines = [
-    `Pulled ${tableList.length} table(s): ${totalWritten} rows, ${totalErrors} errors.`
-  ];
-  for (const r of results) {
-    lines.push(`  ${r.table}: ${r.rowsWritten} written, ${r.rowsSkipped} skipped`);
-    for (const e of r.errors) {
-      lines.push(`    ERROR: ${e}`);
+  const host = (incoming instanceof Http2ServerRequest ? incoming.authority : incoming.headers.host) || defaultHostname;
+  if (!host) {
+    throw new RequestError("Missing host header");
+  }
+  let scheme;
+  if (incoming instanceof Http2ServerRequest) {
+    scheme = incoming.scheme;
+    if (!(scheme === "http" || scheme === "https")) {
+      throw new RequestError("Unsupported scheme");
     }
+  } else {
+    scheme = incoming.socket && incoming.socket.encrypted ? "https" : "http";
   }
-  return { content: [{ type: "text", text: lines.join(`
-`) }] };
-});
-server.tool("send_feedback", "Send feedback for a service", {
-  service: exports_external.string().describe("Service name"),
-  message: exports_external.string().describe("Feedback message"),
-  email: exports_external.string().optional().describe("Contact email"),
-  version: exports_external.string().optional().describe("Service version")
-}, async ({ service, message, email: email2, version: version2 }) => {
-  const db = createDatabase({ service: "cloud" });
-  const result = await sendFeedback({ service, message, email: email2, version: version2 }, db);
-  db.close();
-  if (result.sent) {
-    return {
-      content: [
-        {
-          type: "text",
-          text: `Feedback sent successfully (id: ${result.id})`
-        }
-      ]
-    };
+  const url = new URL(`${scheme}://${host}${incomingUrl}`);
+  if (url.hostname.length !== host.length && url.hostname !== host.replace(/:\d+$/, "")) {
+    throw new RequestError("Invalid host header");
   }
-  return {
-    content: [
-      {
-        type: "text",
-        text: `Feedback saved locally (id: ${result.id}). Remote send failed: ${result.error}`
+  req[urlKey] = url.href;
+  return req;
+};
+var responseCache = Symbol("responseCache");
+var getResponseCache = Symbol("getResponseCache");
+var cacheKey = Symbol("cache");
+var GlobalResponse = global.Response;
+var Response2 = class _Response {
+  #body;
+  #init;
+  [getResponseCache]() {
+    delete this[cacheKey];
+    return this[responseCache] ||= new GlobalResponse(this.#body, this.#init);
+  }
+  constructor(body, init) {
+    let headers;
+    this.#body = body;
+    if (init instanceof _Response) {
+      const cachedGlobalResponse = init[responseCache];
+      if (cachedGlobalResponse) {
+        this.#init = cachedGlobalResponse;
+        this[getResponseCache]();
+        return;
+      } else {
+        this.#init = init.#init;
+        headers = new Headers(init.#init.headers);
       }
-    ]
-  };
+    } else {
+      this.#init = init;
+    }
+    if (typeof body === "string" || typeof body?.getReader !== "undefined" || body instanceof Blob || body instanceof Uint8Array) {
+      this[cacheKey] = [init?.status || 200, body, headers || init?.headers];
+    }
+  }
+  get headers() {
+    const cache = this[cacheKey];
+    if (cache) {
+      if (!(cache[2] instanceof Headers)) {
+        cache[2] = new Headers(cache[2] || { "content-type": "text/plain; charset=UTF-8" });
+      }
+      return cache[2];
+    }
+    return this[getResponseCache]().headers;
+  }
+  get status() {
+    return this[cacheKey]?.[0] ?? this[getResponseCache]().status;
+  }
+  get ok() {
+    const status = this.status;
+    return status >= 200 && status < 300;
+  }
+};
+["body", "bodyUsed", "redirected", "statusText", "trailers", "type", "url"].forEach((k) => {
+  Object.defineProperty(Response2.prototype, k, {
+    get() {
+      return this[getResponseCache]()[k];
+    }
+  });
 });
-server.tool("sync_all", "Sync all discovered services between local and cloud. Pulls from PG to SQLite by default.", {
-  direction: exports_external.enum(["pull", "push"]).default("pull").describe("Sync direction")
-}, async ({ direction }) => {
-  const config2 = getCloudConfig();
-  if (config2.mode === "local") {
-    return {
-      content: [{ type: "text", text: "Error: mode is 'local'. Configure cloud mode first via `cloud setup`." }],
-      isError: true
-    };
+["arrayBuffer", "blob", "clone", "formData", "json", "text"].forEach((k) => {
+  Object.defineProperty(Response2.prototype, k, {
+    value: function() {
+      return this[getResponseCache]()[k]();
+    }
+  });
+});
+Object.setPrototypeOf(Response2, GlobalResponse);
+Object.setPrototypeOf(Response2.prototype, GlobalResponse.prototype);
+async function readWithoutBlocking(readPromise) {
+  return Promise.race([readPromise, Promise.resolve().then(() => Promise.resolve(undefined))]);
+}
+function writeFromReadableStreamDefaultReader(reader, writable, currentReadPromise) {
+  const cancel = (error2) => {
+    reader.cancel(error2).catch(() => {});
+  };
+  writable.on("close", cancel);
+  writable.on("error", cancel);
+  (currentReadPromise ?? reader.read()).then(flow, handleStreamError);
+  return reader.closed.finally(() => {
+    writable.off("close", cancel);
+    writable.off("error", cancel);
+  });
+  function handleStreamError(error2) {
+    if (error2) {
+      writable.destroy(error2);
+    }
   }
-  const { discoverServices: discoverServices3, isSyncExcludedTable: isSyncExcludedTable3 } = await Promise.resolve().then(() => (init_discover(), exports_discover));
-  const services = discoverServices3();
-  const lines = [`Syncing ${services.length} services (${direction})...`];
-  let grandTotal = 0;
-  let grandErrors = 0;
-  for (const service of services) {
+  function onDrain() {
+    reader.read().then(flow, handleStreamError);
+  }
+  function flow({ done, value }) {
     try {
-      const dbPath = getDbPath2(service);
-      const local = new SqliteAdapter2(dbPath);
-      const connStr = getConnectionString(service);
-      const cloud = new PgAdapterAsync2(connStr);
-      let tableList;
-      if (direction === "push") {
-        tableList = listSqliteTables(local).filter((t) => !isSyncExcludedTable3(t));
+      if (done) {
+        writable.end();
+      } else if (!writable.write(value)) {
+        writable.once("drain", onDrain);
       } else {
-        try {
-          tableList = (await listPgTables(cloud)).filter((t) => !isSyncExcludedTable3(t));
-        } catch {
-          local.close();
-          await cloud.close();
-          continue;
-        }
-      }
-      if (tableList.length === 0) {
-        local.close();
-        await cloud.close();
-        continue;
+        return reader.read().then(flow, handleStreamError);
       }
-      const results = direction === "push" ? await syncPush(local, cloud, { tables: tableList }) : await syncPull(cloud, local, { tables: tableList });
-      local.close();
-      await cloud.close();
-      const written = results.reduce((s, r) => s + r.rowsWritten, 0);
-      const errors4 = results.reduce((s, r) => s + r.errors.length, 0);
-      grandTotal += written;
-      grandErrors += errors4;
-      if (written > 0 || errors4 > 0) {
-        lines.push(`  ${service}: ${written} rows${errors4 > 0 ? `, ${errors4} errors` : ""}`);
-      }
-    } catch (err) {
-      grandErrors++;
-      lines.push(`  ${service}: ERROR \u2014 ${err?.message ?? String(err)}`);
+    } catch (e) {
+      handleStreamError(e);
     }
   }
-  lines.push(`
-Done. ${services.length} services, ${grandTotal} rows, ${grandErrors} errors.`);
-  return { content: [{ type: "text", text: lines.join(`
-`) }] };
-});
-server.tool("migrate_all", "Run PG migrations for all discovered services. Creates databases if needed.", {}, async () => {
-  const { migrateAllServices: migrateAllServices2, ensureAllPgDatabases: ensureAllPgDatabases2 } = await Promise.resolve().then(() => (init_pg_migrate(), exports_pg_migrate));
-  const lines = ["Running PG migrations..."];
-  const dbResults = await ensureAllPgDatabases2();
-  for (const r of dbResults) {
-    if (r.created)
-      lines.push(`  Created DB: ${r.service}`);
-    if (r.error)
-      lines.push(`  DB error: ${r.service} \u2014 ${r.error}`);
-  }
-  const results = await migrateAllServices2();
-  let totalApplied = 0;
-  for (const r of results) {
-    totalApplied += r.applied.length;
-    if (r.applied.length > 0 || r.errors.length > 0) {
-      lines.push(`  ${r.service}: ${r.applied.length} applied${r.errors.length > 0 ? `, ${r.errors.length} errors` : ""}`);
-      for (const e of r.errors)
-        lines.push(`    ${e}`);
-    }
-  }
-  lines.push(`
-Done. ${results.length} services, ${totalApplied} migrations applied.`);
-  return { content: [{ type: "text", text: lines.join(`
-`) }] };
+}
+function writeFromReadableStream(stream, writable) {
+  if (stream.locked) {
+    throw new TypeError("ReadableStream is locked.");
+  } else if (writable.destroyed) {
+    return;
+  }
+  return writeFromReadableStreamDefaultReader(stream.getReader(), writable);
+}
+var buildOutgoingHttpHeaders = (headers) => {
+  const res = {};
+  if (!(headers instanceof Headers)) {
+    headers = new Headers(headers ?? undefined);
+  }
+  const cookies = [];
+  for (const [k, v] of headers) {
+    if (k === "set-cookie") {
+      cookies.push(v);
+    } else {
+      res[k] = v;
+    }
+  }
+  if (cookies.length > 0) {
+    res["set-cookie"] = cookies;
+  }
+  res["content-type"] ??= "text/plain; charset=UTF-8";
+  return res;
+};
+var X_ALREADY_SENT = "x-hono-already-sent";
+if (typeof global.crypto === "undefined") {
+  global.crypto = crypto2;
+}
+var outgoingEnded = Symbol("outgoingEnded");
+var handleRequestError = () => new Response(null, {
+  status: 400
 });
-var mcpAgentRegistry = new Map;
-server.tool("register_agent", "Register an agent session for attribution", {
-  name: exports_external.string().describe("Agent name"),
-  session_id: exports_external.string().optional().describe("Session identifier")
-}, async ({ name, session_id }) => {
-  const existing = [...mcpAgentRegistry.values()].find((a) => a.name === name);
-  if (existing) {
-    existing.last_seen_at = new Date().toISOString();
-    return { content: [{ type: "text", text: JSON.stringify({ agent_id: existing.id, name: existing.name, last_seen_at: existing.last_seen_at }) }] };
-  }
-  const id = Math.random().toString(36).slice(2, 10);
-  const agent = { id, name, last_seen_at: new Date().toISOString() };
-  mcpAgentRegistry.set(id, agent);
-  return { content: [{ type: "text", text: JSON.stringify(agent) }] };
-});
-server.tool("heartbeat", "Update agent last_seen_at", {
-  agent_id: exports_external.string().optional().describe("Agent ID (optional \u2014 updates by name if registered)")
-}, async () => {
-  return { content: [{ type: "text", text: `heartbeat at ${new Date().toISOString()}` }] };
-});
-server.tool("list_agents", "List registered agents", {}, async () => {
-  const agents = [...mcpAgentRegistry.values()];
-  return { content: [{ type: "text", text: agents.length > 0 ? JSON.stringify(agents) : "No agents registered" }] };
-});
-server.tool("set_focus", "Set active project context", {
-  agent_id: exports_external.string().describe("Agent ID"),
-  project_id: exports_external.string().optional().describe("Project to focus on")
-}, async ({ agent_id, project_id }) => {
-  const agent = mcpAgentRegistry.get(agent_id);
-  if (!agent)
-    return { content: [{ type: "text", text: `Agent not found: ${agent_id}` }], isError: true };
-  agent.project_id = project_id;
-  return { content: [{ type: "text", text: project_id ? `Focus set: ${project_id}` : "Focus cleared" }] };
+var handleFetchError = (e) => new Response(null, {
+  status: e instanceof Error && (e.name === "TimeoutError" || e.constructor.name === "TimeoutError") ? 504 : 500
 });
-async function main() {
-  const transport = new StdioServerTransport;
+var handleResponseError = (e, outgoing) => {
+  const err = e instanceof Error ? e : new Error("unknown error", { cause: e });
+  if (err.code === "ERR_STREAM_PREMATURE_CLOSE") {
+    console.info("The user aborted a request.");
+  } else {
+    console.error(e);
+    if (!outgoing.headersSent) {
+      outgoing.writeHead(500, { "Content-Type": "text/plain" });
+    }
+    outgoing.end(`Error: ${err.message}`);
+    outgoing.destroy(err);
+  }
+};
+var flushHeaders = (outgoing) => {
+  if ("flushHeaders" in outgoing && outgoing.writable) {
+    outgoing.flushHeaders();
+  }
+};
+var responseViaCache = async (res, outgoing) => {
+  let [status, body, header] = res[cacheKey];
+  let hasContentLength = false;
+  if (!header) {
+    header = { "content-type": "text/plain; charset=UTF-8" };
+  } else if (header instanceof Headers) {
+    hasContentLength = header.has("content-length");
+    header = buildOutgoingHttpHeaders(header);
+  } else if (Array.isArray(header)) {
+    const headerObj = new Headers(header);
+    hasContentLength = headerObj.has("content-length");
+    header = buildOutgoingHttpHeaders(headerObj);
+  } else {
+    for (const key in header) {
+      if (key.length === 14 && key.toLowerCase() === "content-length") {
+        hasContentLength = true;
+        break;
+      }
+    }
+  }
+  if (!hasContentLength) {
+    if (typeof body === "string") {
+      header["Content-Length"] = Buffer.byteLength(body);
+    } else if (body instanceof Uint8Array) {
+      header["Content-Length"] = body.byteLength;
+    } else if (body instanceof Blob) {
+      header["Content-Length"] = body.size;
+    }
+  }
+  outgoing.writeHead(status, header);
+  if (typeof body === "string" || body instanceof Uint8Array) {
+    outgoing.end(body);
+  } else if (body instanceof Blob) {
+    outgoing.end(new Uint8Array(await body.arrayBuffer()));
+  } else {
+    flushHeaders(outgoing);
+    await writeFromReadableStream(body, outgoing)?.catch((e) => handleResponseError(e, outgoing));
+  }
+  outgoing[outgoingEnded]?.();
+};
+var isPromise = (res) => typeof res.then === "function";
+var responseViaResponseObject = async (res, outgoing, options = {}) => {
+  if (isPromise(res)) {
+    if (options.errorHandler) {
+      try {
+        res = await res;
+      } catch (err) {
+        const errRes = await options.errorHandler(err);
+        if (!errRes) {
+          return;
+        }
+        res = errRes;
+      }
+    } else {
+      res = await res.catch(handleFetchError);
+    }
+  }
+  if (cacheKey in res) {
+    return responseViaCache(res, outgoing);
+  }
+  const resHeaderRecord = buildOutgoingHttpHeaders(res.headers);
+  if (res.body) {
+    const reader = res.body.getReader();
+    const values = [];
+    let done = false;
+    let currentReadPromise = undefined;
+    if (resHeaderRecord["transfer-encoding"] !== "chunked") {
+      let maxReadCount = 2;
+      for (let i = 0;i < maxReadCount; i++) {
+        currentReadPromise ||= reader.read();
+        const chunk = await readWithoutBlocking(currentReadPromise).catch((e) => {
+          console.error(e);
+          done = true;
+        });
+        if (!chunk) {
+          if (i === 1) {
+            await new Promise((resolve) => setTimeout(resolve));
+            maxReadCount = 3;
+            continue;
+          }
+          break;
+        }
+        currentReadPromise = undefined;
+        if (chunk.value) {
+          values.push(chunk.value);
+        }
+        if (chunk.done) {
+          done = true;
+          break;
+        }
+      }
+      if (done && !("content-length" in resHeaderRecord)) {
+        resHeaderRecord["content-length"] = values.reduce((acc, value) => acc + value.length, 0);
+      }
+    }
+    outgoing.writeHead(res.status, resHeaderRecord);
+    values.forEach((value) => {
+      outgoing.write(value);
+    });
+    if (done) {
+      outgoing.end();
+    } else {
+      if (values.length === 0) {
+        flushHeaders(outgoing);
+      }
+      await writeFromReadableStreamDefaultReader(reader, outgoing, currentReadPromise);
+    }
+  } else if (resHeaderRecord[X_ALREADY_SENT]) {} else {
+    outgoing.writeHead(res.status, resHeaderRecord);
+    outgoing.end();
+  }
+  outgoing[outgoingEnded]?.();
+};
+var getRequestListener = (fetchCallback, options = {}) => {
+  const autoCleanupIncoming = options.autoCleanupIncoming ?? true;
+  if (options.overrideGlobalObjects !== false && global.Request !== Request) {
+    Object.defineProperty(global, "Request", {
+      value: Request
+    });
+    Object.defineProperty(global, "Response", {
+      value: Response2
+    });
+  }
+  return async (incoming, outgoing) => {
+    let res, req;
+    try {
+      req = newRequest(incoming, options.hostname);
+      let incomingEnded = !autoCleanupIncoming || incoming.method === "GET" || incoming.method === "HEAD";
+      if (!incomingEnded) {
+        incoming[wrapBodyStream] = true;
+        incoming.on("end", () => {
+          incomingEnded = true;
+        });
+        if (incoming instanceof Http2ServerRequest2) {
+          outgoing[outgoingEnded] = () => {
+            if (!incomingEnded) {
+              setTimeout(() => {
+                if (!incomingEnded) {
+                  setTimeout(() => {
+                    incoming.destroy();
+                    outgoing.destroy();
+                  });
+                }
+              });
+            }
+          };
+        }
+      }
+      outgoing.on("close", () => {
+        const abortController = req[abortControllerKey];
+        if (abortController) {
+          if (incoming.errored) {
+            req[abortControllerKey].abort(incoming.errored.toString());
+          } else if (!outgoing.writableFinished) {
+            req[abortControllerKey].abort("Client connection prematurely closed.");
+          }
+        }
+        if (!incomingEnded) {
+          setTimeout(() => {
+            if (!incomingEnded) {
+              setTimeout(() => {
+                incoming.destroy();
+              });
+            }
+          });
+        }
+      });
+      res = fetchCallback(req, { incoming, outgoing });
+      if (cacheKey in res) {
+        return responseViaCache(res, outgoing);
+      }
+    } catch (e) {
+      if (!res) {
+        if (options.errorHandler) {
+          res = await options.errorHandler(req ? e : toRequestError(e));
+          if (!res) {
+            return;
+          }
+        } else if (!req) {
+          res = handleRequestError();
+        } else {
+          res = handleFetchError(e);
+        }
+      } else {
+        return handleResponseError(e, outgoing);
+      }
+    }
+    try {
+      return await responseViaResponseObject(res, outgoing, options);
+    } catch (e) {
+      return handleResponseError(e, outgoing);
+    }
+  };
+};
+
+// node_modules/@modelcontextprotocol/sdk/dist/esm/server/webStandardStreamableHttp.js
+class WebStandardStreamableHTTPServerTransport {
+  constructor(options = {}) {
+    this._started = false;
+    this._hasHandledRequest = false;
+    this._streamMapping = new Map;
+    this._requestToStreamMapping = new Map;
+    this._requestResponseMap = new Map;
+    this._initialized = false;
+    this._enableJsonResponse = false;
+    this._standaloneSseStreamId = "_GET_stream";
+    this.sessionIdGenerator = options.sessionIdGenerator;
+    this._enableJsonResponse = options.enableJsonResponse ?? false;
+    this._eventStore = options.eventStore;
+    this._onsessioninitialized = options.onsessioninitialized;
+    this._onsessionclosed = options.onsessionclosed;
+    this._allowedHosts = options.allowedHosts;
+    this._allowedOrigins = options.allowedOrigins;
+    this._enableDnsRebindingProtection = options.enableDnsRebindingProtection ?? false;
+    this._retryInterval = options.retryInterval;
+  }
+  async start() {
+    if (this._started) {
+      throw new Error("Transport already started");
+    }
+    this._started = true;
+  }
+  createJsonErrorResponse(status, code, message, options) {
+    const error2 = { code, message };
+    if (options?.data !== undefined) {
+      error2.data = options.data;
+    }
+    return new Response(JSON.stringify({
+      jsonrpc: "2.0",
+      error: error2,
+      id: null
+    }), {
+      status,
+      headers: {
+        "Content-Type": "application/json",
+        ...options?.headers
+      }
+    });
+  }
+  validateRequestHeaders(req) {
+    if (!this._enableDnsRebindingProtection) {
+      return;
+    }
+    if (this._allowedHosts && this._allowedHosts.length > 0) {
+      const hostHeader = req.headers.get("host");
+      if (!hostHeader || !this._allowedHosts.includes(hostHeader)) {
+        const error2 = `Invalid Host header: ${hostHeader}`;
+        this.onerror?.(new Error(error2));
+        return this.createJsonErrorResponse(403, -32000, error2);
+      }
+    }
+    if (this._allowedOrigins && this._allowedOrigins.length > 0) {
+      const originHeader = req.headers.get("origin");
+      if (originHeader && !this._allowedOrigins.includes(originHeader)) {
+        const error2 = `Invalid Origin header: ${originHeader}`;
+        this.onerror?.(new Error(error2));
+        return this.createJsonErrorResponse(403, -32000, error2);
+      }
+    }
+    return;
+  }
+  async handleRequest(req, options) {
+    if (!this.sessionIdGenerator && this._hasHandledRequest) {
+      throw new Error("Stateless transport cannot be reused across requests. Create a new transport per request.");
+    }
+    this._hasHandledRequest = true;
+    const validationError = this.validateRequestHeaders(req);
+    if (validationError) {
+      return validationError;
+    }
+    switch (req.method) {
+      case "POST":
+        return this.handlePostRequest(req, options);
+      case "GET":
+        return this.handleGetRequest(req);
+      case "DELETE":
+        return this.handleDeleteRequest(req);
+      default:
+        return this.handleUnsupportedRequest();
+    }
+  }
+  async writePrimingEvent(controller, encoder, streamId, protocolVersion) {
+    if (!this._eventStore) {
+      return;
+    }
+    if (protocolVersion < "2025-11-25") {
+      return;
+    }
+    const primingEventId = await this._eventStore.storeEvent(streamId, {});
+    let primingEvent = `id: ${primingEventId}
+data: 
+
+`;
+    if (this._retryInterval !== undefined) {
+      primingEvent = `id: ${primingEventId}
+retry: ${this._retryInterval}
+data: 
+
+`;
+    }
+    controller.enqueue(encoder.encode(primingEvent));
+  }
+  async handleGetRequest(req) {
+    const acceptHeader = req.headers.get("accept");
+    if (!acceptHeader?.includes("text/event-stream")) {
+      this.onerror?.(new Error("Not Acceptable: Client must accept text/event-stream"));
+      return this.createJsonErrorResponse(406, -32000, "Not Acceptable: Client must accept text/event-stream");
+    }
+    const sessionError = this.validateSession(req);
+    if (sessionError) {
+      return sessionError;
+    }
+    const protocolError = this.validateProtocolVersion(req);
+    if (protocolError) {
+      return protocolError;
+    }
+    if (this._eventStore) {
+      const lastEventId = req.headers.get("last-event-id");
+      if (lastEventId) {
+        return this.replayEvents(lastEventId);
+      }
+    }
+    if (this._streamMapping.get(this._standaloneSseStreamId) !== undefined) {
+      this.onerror?.(new Error("Conflict: Only one SSE stream is allowed per session"));
+      return this.createJsonErrorResponse(409, -32000, "Conflict: Only one SSE stream is allowed per session");
+    }
+    const encoder = new TextEncoder;
+    let streamController;
+    const readable = new ReadableStream({
+      start: (controller) => {
+        streamController = controller;
+      },
+      cancel: () => {
+        this._streamMapping.delete(this._standaloneSseStreamId);
+      }
+    });
+    const headers = {
+      "Content-Type": "text/event-stream",
+      "Cache-Control": "no-cache, no-transform",
+      Connection: "keep-alive"
+    };
+    if (this.sessionId !== undefined) {
+      headers["mcp-session-id"] = this.sessionId;
+    }
+    this._streamMapping.set(this._standaloneSseStreamId, {
+      controller: streamController,
+      encoder,
+      cleanup: () => {
+        this._streamMapping.delete(this._standaloneSseStreamId);
+        try {
+          streamController.close();
+        } catch {}
+      }
+    });
+    return new Response(readable, { headers });
+  }
+  async replayEvents(lastEventId) {
+    if (!this._eventStore) {
+      this.onerror?.(new Error("Event store not configured"));
+      return this.createJsonErrorResponse(400, -32000, "Event store not configured");
+    }
+    try {
+      let streamId;
+      if (this._eventStore.getStreamIdForEventId) {
+        streamId = await this._eventStore.getStreamIdForEventId(lastEventId);
+        if (!streamId) {
+          this.onerror?.(new Error("Invalid event ID format"));
+          return this.createJsonErrorResponse(400, -32000, "Invalid event ID format");
+        }
+        if (this._streamMapping.get(streamId) !== undefined) {
+          this.onerror?.(new Error("Conflict: Stream already has an active connection"));
+          return this.createJsonErrorResponse(409, -32000, "Conflict: Stream already has an active connection");
+        }
+      }
+      const headers = {
+        "Content-Type": "text/event-stream",
+        "Cache-Control": "no-cache, no-transform",
+        Connection: "keep-alive"
+      };
+      if (this.sessionId !== undefined) {
+        headers["mcp-session-id"] = this.sessionId;
+      }
+      const encoder = new TextEncoder;
+      let streamController;
+      const readable = new ReadableStream({
+        start: (controller) => {
+          streamController = controller;
+        },
+        cancel: () => {}
+      });
+      const replayedStreamId = await this._eventStore.replayEventsAfter(lastEventId, {
+        send: async (eventId, message) => {
+          const success = this.writeSSEEvent(streamController, encoder, message, eventId);
+          if (!success) {
+            this.onerror?.(new Error("Failed replay events"));
+            try {
+              streamController.close();
+            } catch {}
+          }
+        }
+      });
+      this._streamMapping.set(replayedStreamId, {
+        controller: streamController,
+        encoder,
+        cleanup: () => {
+          this._streamMapping.delete(replayedStreamId);
+          try {
+            streamController.close();
+          } catch {}
+        }
+      });
+      return new Response(readable, { headers });
+    } catch (error2) {
+      this.onerror?.(error2);
+      return this.createJsonErrorResponse(500, -32000, "Error replaying events");
+    }
+  }
+  writeSSEEvent(controller, encoder, message, eventId) {
+    try {
+      let eventData = `event: message
+`;
+      if (eventId) {
+        eventData += `id: ${eventId}
+`;
+      }
+      eventData += `data: ${JSON.stringify(message)}
+
+`;
+      controller.enqueue(encoder.encode(eventData));
+      return true;
+    } catch (error2) {
+      this.onerror?.(error2);
+      return false;
+    }
+  }
+  handleUnsupportedRequest() {
+    this.onerror?.(new Error("Method not allowed."));
+    return new Response(JSON.stringify({
+      jsonrpc: "2.0",
+      error: {
+        code: -32000,
+        message: "Method not allowed."
+      },
+      id: null
+    }), {
+      status: 405,
+      headers: {
+        Allow: "GET, POST, DELETE",
+        "Content-Type": "application/json"
+      }
+    });
+  }
+  async handlePostRequest(req, options) {
+    try {
+      const acceptHeader = req.headers.get("accept");
+      if (!acceptHeader?.includes("application/json") || !acceptHeader.includes("text/event-stream")) {
+        this.onerror?.(new Error("Not Acceptable: Client must accept both application/json and text/event-stream"));
+        return this.createJsonErrorResponse(406, -32000, "Not Acceptable: Client must accept both application/json and text/event-stream");
+      }
+      const ct = req.headers.get("content-type");
+      if (!ct || !ct.includes("application/json")) {
+        this.onerror?.(new Error("Unsupported Media Type: Content-Type must be application/json"));
+        return this.createJsonErrorResponse(415, -32000, "Unsupported Media Type: Content-Type must be application/json");
+      }
+      const requestInfo = {
+        headers: Object.fromEntries(req.headers.entries()),
+        url: new URL(req.url)
+      };
+      let rawMessage;
+      if (options?.parsedBody !== undefined) {
+        rawMessage = options.parsedBody;
+      } else {
+        try {
+          rawMessage = await req.json();
+        } catch {
+          this.onerror?.(new Error("Parse error: Invalid JSON"));
+          return this.createJsonErrorResponse(400, -32700, "Parse error: Invalid JSON");
+        }
+      }
+      let messages;
+      try {
+        if (Array.isArray(rawMessage)) {
+          messages = rawMessage.map((msg) => JSONRPCMessageSchema.parse(msg));
+        } else {
+          messages = [JSONRPCMessageSchema.parse(rawMessage)];
+        }
+      } catch {
+        this.onerror?.(new Error("Parse error: Invalid JSON-RPC message"));
+        return this.createJsonErrorResponse(400, -32700, "Parse error: Invalid JSON-RPC message");
+      }
+      const isInitializationRequest = messages.some(isInitializeRequest);
+      if (isInitializationRequest) {
+        if (this._initialized && this.sessionId !== undefined) {
+          this.onerror?.(new Error("Invalid Request: Server already initialized"));
+          return this.createJsonErrorResponse(400, -32600, "Invalid Request: Server already initialized");
+        }
+        if (messages.length > 1) {
+          this.onerror?.(new Error("Invalid Request: Only one initialization request is allowed"));
+          return this.createJsonErrorResponse(400, -32600, "Invalid Request: Only one initialization request is allowed");
+        }
+        this.sessionId = this.sessionIdGenerator?.();
+        this._initialized = true;
+        if (this.sessionId && this._onsessioninitialized) {
+          await Promise.resolve(this._onsessioninitialized(this.sessionId));
+        }
+      }
+      if (!isInitializationRequest) {
+        const sessionError = this.validateSession(req);
+        if (sessionError) {
+          return sessionError;
+        }
+        const protocolError = this.validateProtocolVersion(req);
+        if (protocolError) {
+          return protocolError;
+        }
+      }
+      const hasRequests = messages.some(isJSONRPCRequest);
+      if (!hasRequests) {
+        for (const message of messages) {
+          this.onmessage?.(message, { authInfo: options?.authInfo, requestInfo });
+        }
+        return new Response(null, { status: 202 });
+      }
+      const streamId = crypto.randomUUID();
+      const initRequest = messages.find((m) => isInitializeRequest(m));
+      const clientProtocolVersion = initRequest ? initRequest.params.protocolVersion : req.headers.get("mcp-protocol-version") ?? DEFAULT_NEGOTIATED_PROTOCOL_VERSION;
+      if (this._enableJsonResponse) {
+        return new Promise((resolve) => {
+          this._streamMapping.set(streamId, {
+            resolveJson: resolve,
+            cleanup: () => {
+              this._streamMapping.delete(streamId);
+            }
+          });
+          for (const message of messages) {
+            if (isJSONRPCRequest(message)) {
+              this._requestToStreamMapping.set(message.id, streamId);
+            }
+          }
+          for (const message of messages) {
+            this.onmessage?.(message, { authInfo: options?.authInfo, requestInfo });
+          }
+        });
+      }
+      const encoder = new TextEncoder;
+      let streamController;
+      const readable = new ReadableStream({
+        start: (controller) => {
+          streamController = controller;
+        },
+        cancel: () => {
+          this._streamMapping.delete(streamId);
+        }
+      });
+      const headers = {
+        "Content-Type": "text/event-stream",
+        "Cache-Control": "no-cache",
+        Connection: "keep-alive"
+      };
+      if (this.sessionId !== undefined) {
+        headers["mcp-session-id"] = this.sessionId;
+      }
+      for (const message of messages) {
+        if (isJSONRPCRequest(message)) {
+          this._streamMapping.set(streamId, {
+            controller: streamController,
+            encoder,
+            cleanup: () => {
+              this._streamMapping.delete(streamId);
+              try {
+                streamController.close();
+              } catch {}
+            }
+          });
+          this._requestToStreamMapping.set(message.id, streamId);
+        }
+      }
+      await this.writePrimingEvent(streamController, encoder, streamId, clientProtocolVersion);
+      for (const message of messages) {
+        let closeSSEStream;
+        let closeStandaloneSSEStream;
+        if (isJSONRPCRequest(message) && this._eventStore && clientProtocolVersion >= "2025-11-25") {
+          closeSSEStream = () => {
+            this.closeSSEStream(message.id);
+          };
+          closeStandaloneSSEStream = () => {
+            this.closeStandaloneSSEStream();
+          };
+        }
+        this.onmessage?.(message, { authInfo: options?.authInfo, requestInfo, closeSSEStream, closeStandaloneSSEStream });
+      }
+      return new Response(readable, { status: 200, headers });
+    } catch (error2) {
+      this.onerror?.(error2);
+      return this.createJsonErrorResponse(400, -32700, "Parse error", { data: String(error2) });
+    }
+  }
+  async handleDeleteRequest(req) {
+    const sessionError = this.validateSession(req);
+    if (sessionError) {
+      return sessionError;
+    }
+    const protocolError = this.validateProtocolVersion(req);
+    if (protocolError) {
+      return protocolError;
+    }
+    await Promise.resolve(this._onsessionclosed?.(this.sessionId));
+    await this.close();
+    return new Response(null, { status: 200 });
+  }
+  validateSession(req) {
+    if (this.sessionIdGenerator === undefined) {
+      return;
+    }
+    if (!this._initialized) {
+      this.onerror?.(new Error("Bad Request: Server not initialized"));
+      return this.createJsonErrorResponse(400, -32000, "Bad Request: Server not initialized");
+    }
+    const sessionId = req.headers.get("mcp-session-id");
+    if (!sessionId) {
+      this.onerror?.(new Error("Bad Request: Mcp-Session-Id header is required"));
+      return this.createJsonErrorResponse(400, -32000, "Bad Request: Mcp-Session-Id header is required");
+    }
+    if (sessionId !== this.sessionId) {
+      this.onerror?.(new Error("Session not found"));
+      return this.createJsonErrorResponse(404, -32001, "Session not found");
+    }
+    return;
+  }
+  validateProtocolVersion(req) {
+    const protocolVersion = req.headers.get("mcp-protocol-version");
+    if (protocolVersion !== null && !SUPPORTED_PROTOCOL_VERSIONS.includes(protocolVersion)) {
+      this.onerror?.(new Error(`Bad Request: Unsupported protocol version: ${protocolVersion}` + ` (supported versions: ${SUPPORTED_PROTOCOL_VERSIONS.join(", ")})`));
+      return this.createJsonErrorResponse(400, -32000, `Bad Request: Unsupported protocol version: ${protocolVersion} (supported versions: ${SUPPORTED_PROTOCOL_VERSIONS.join(", ")})`);
+    }
+    return;
+  }
+  async close() {
+    this._streamMapping.forEach(({ cleanup }) => {
+      cleanup();
+    });
+    this._streamMapping.clear();
+    this._requestResponseMap.clear();
+    this.onclose?.();
+  }
+  closeSSEStream(requestId) {
+    const streamId = this._requestToStreamMapping.get(requestId);
+    if (!streamId)
+      return;
+    const stream = this._streamMapping.get(streamId);
+    if (stream) {
+      stream.cleanup();
+    }
+  }
+  closeStandaloneSSEStream() {
+    const stream = this._streamMapping.get(this._standaloneSseStreamId);
+    if (stream) {
+      stream.cleanup();
+    }
+  }
+  async send(message, options) {
+    let requestId = options?.relatedRequestId;
+    if (isJSONRPCResultResponse(message) || isJSONRPCErrorResponse(message)) {
+      requestId = message.id;
+    }
+    if (requestId === undefined) {
+      if (isJSONRPCResultResponse(message) || isJSONRPCErrorResponse(message)) {
+        throw new Error("Cannot send a response on a standalone SSE stream unless resuming a previous client request");
+      }
+      let eventId;
+      if (this._eventStore) {
+        eventId = await this._eventStore.storeEvent(this._standaloneSseStreamId, message);
+      }
+      const standaloneSse = this._streamMapping.get(this._standaloneSseStreamId);
+      if (standaloneSse === undefined) {
+        return;
+      }
+      if (standaloneSse.controller && standaloneSse.encoder) {
+        this.writeSSEEvent(standaloneSse.controller, standaloneSse.encoder, message, eventId);
+      }
+      return;
+    }
+    const streamId = this._requestToStreamMapping.get(requestId);
+    if (!streamId) {
+      throw new Error(`No connection established for request ID: ${String(requestId)}`);
+    }
+    const stream = this._streamMapping.get(streamId);
+    if (!this._enableJsonResponse && stream?.controller && stream?.encoder) {
+      let eventId;
+      if (this._eventStore) {
+        eventId = await this._eventStore.storeEvent(streamId, message);
+      }
+      this.writeSSEEvent(stream.controller, stream.encoder, message, eventId);
+    }
+    if (isJSONRPCResultResponse(message) || isJSONRPCErrorResponse(message)) {
+      this._requestResponseMap.set(requestId, message);
+      const relatedIds = Array.from(this._requestToStreamMapping.entries()).filter(([_, sid]) => sid === streamId).map(([id]) => id);
+      const allResponsesReady = relatedIds.every((id) => this._requestResponseMap.has(id));
+      if (allResponsesReady) {
+        if (!stream) {
+          throw new Error(`No connection established for request ID: ${String(requestId)}`);
+        }
+        if (this._enableJsonResponse && stream.resolveJson) {
+          const headers = {
+            "Content-Type": "application/json"
+          };
+          if (this.sessionId !== undefined) {
+            headers["mcp-session-id"] = this.sessionId;
+          }
+          const responses = relatedIds.map((id) => this._requestResponseMap.get(id));
+          if (responses.length === 1) {
+            stream.resolveJson(new Response(JSON.stringify(responses[0]), { status: 200, headers }));
+          } else {
+            stream.resolveJson(new Response(JSON.stringify(responses), { status: 200, headers }));
+          }
+        } else {
+          stream.cleanup();
+        }
+        for (const id of relatedIds) {
+          this._requestResponseMap.delete(id);
+          this._requestToStreamMapping.delete(id);
+        }
+      }
+    }
+  }
+}
+
+// node_modules/@modelcontextprotocol/sdk/dist/esm/server/streamableHttp.js
+class StreamableHTTPServerTransport {
+  constructor(options = {}) {
+    this._requestContext = new WeakMap;
+    this._webStandardTransport = new WebStandardStreamableHTTPServerTransport(options);
+    this._requestListener = getRequestListener(async (webRequest) => {
+      const context = this._requestContext.get(webRequest);
+      return this._webStandardTransport.handleRequest(webRequest, {
+        authInfo: context?.authInfo,
+        parsedBody: context?.parsedBody
+      });
+    }, { overrideGlobalObjects: false });
+  }
+  get sessionId() {
+    return this._webStandardTransport.sessionId;
+  }
+  set onclose(handler) {
+    this._webStandardTransport.onclose = handler;
+  }
+  get onclose() {
+    return this._webStandardTransport.onclose;
+  }
+  set onerror(handler) {
+    this._webStandardTransport.onerror = handler;
+  }
+  get onerror() {
+    return this._webStandardTransport.onerror;
+  }
+  set onmessage(handler) {
+    this._webStandardTransport.onmessage = handler;
+  }
+  get onmessage() {
+    return this._webStandardTransport.onmessage;
+  }
+  async start() {
+    return this._webStandardTransport.start();
+  }
+  async close() {
+    return this._webStandardTransport.close();
+  }
+  async send(message, options) {
+    return this._webStandardTransport.send(message, options);
+  }
+  async handleRequest(req, res, parsedBody) {
+    const authInfo = req.auth;
+    const handler = getRequestListener(async (webRequest) => {
+      return this._webStandardTransport.handleRequest(webRequest, {
+        authInfo,
+        parsedBody
+      });
+    }, { overrideGlobalObjects: false });
+    await handler(req, res);
+  }
+  closeSSEStream(requestId) {
+    this._webStandardTransport.closeSSEStream(requestId);
+  }
+  closeStandaloneSSEStream() {
+    this._webStandardTransport.closeStandaloneSSEStream();
+  }
+}
+
+// src/mcp/http.ts
+var DEFAULT_MCP_HTTP_PORT = 8804;
+var MCP_SERVICE_NAME = "cloud";
+function resolveMcpHttpPort(explicit) {
+  if (explicit != null && !Number.isNaN(explicit))
+    return explicit;
+  const env = process.env.MCP_HTTP_PORT;
+  if (env) {
+    const parsed = parseInt(env, 10);
+    if (!Number.isNaN(parsed))
+      return parsed;
+  }
+  return DEFAULT_MCP_HTTP_PORT;
+}
+function isHttpMode(argv = process.argv) {
+  return argv.includes("--http") || process.env.MCP_HTTP === "1";
+}
+function parseHttpArgv(argv = process.argv) {
+  const http = isHttpMode(argv);
+  let port;
+  const portIdx = argv.indexOf("--port");
+  if (portIdx !== -1 && argv[portIdx + 1]) {
+    port = parseInt(argv[portIdx + 1], 10);
+  }
+  return { http, port };
+}
+async function readJsonBody(req) {
+  const chunks = [];
+  for await (const chunk of req)
+    chunks.push(chunk);
+  if (chunks.length === 0)
+    return;
+  const text = Buffer.concat(chunks).toString("utf8");
+  return text ? JSON.parse(text) : undefined;
+}
+async function handleStatelessMcpNode(req, res, getServer = buildServer) {
+  const server = await getServer();
+  const transport = new StreamableHTTPServerTransport({ sessionIdGenerator: undefined });
+  await server.connect(transport);
+  const body = req.method === "POST" ? await readJsonBody(req) : undefined;
+  await transport.handleRequest(req, res, body);
+  res.on("close", () => {
+    transport.close();
+    server.close();
+  });
+}
+function healthPayload(name = MCP_SERVICE_NAME) {
+  return { status: "ok", name };
+}
+async function startMcpHttpServer(options = {}) {
+  const port = options.port ?? resolveMcpHttpPort();
+  const host = "127.0.0.1";
+  const getServer = options.getServer ?? buildServer;
+  const name = options.name ?? MCP_SERVICE_NAME;
+  const httpServer = createServer(async (req, res) => {
+    const url = new URL(req.url ?? "/", `http://${host}:${port}`);
+    if (req.method === "GET" && url.pathname === "/health") {
+      res.writeHead(200, { "Content-Type": "application/json" });
+      res.end(JSON.stringify(healthPayload(name)));
+      return;
+    }
+    if (url.pathname === "/mcp") {
+      await handleStatelessMcpNode(req, res, getServer);
+      return;
+    }
+    res.writeHead(404);
+    res.end("Not found");
+  });
+  await new Promise((resolve, reject) => {
+    httpServer.once("error", reject);
+    httpServer.listen(port, host, () => resolve());
+  });
+  const address = httpServer.address();
+  const boundPort = typeof address === "object" && address ? address.port : port;
+  return {
+    port: boundPort,
+    close: () => new Promise((resolve, reject) => {
+      httpServer.close((err) => err ? reject(err) : resolve());
+    })
+  };
+}
+async function runMcpHttpServer(options = {}) {
+  const { port } = await startMcpHttpServer(options);
+  console.error(`cloud-mcp listening on http://127.0.0.1:${port}/mcp`);
+  await new Promise(() => {});
+}
+
+// src/mcp/index.ts
+function buildServer() {
+  const server = new McpServer({
+    name: "cloud",
+    version: "0.1.0"
+  });
+  server.tool("cloud_status", "Show cloud configuration and connection health", {}, async () => {
+    const config2 = getCloudConfig();
+    const lines = [
+      `Mode: ${config2.mode}`,
+      `RDS Host: ${config2.rds.host || "(not configured)"}`,
+      `RDS Port: ${config2.rds.port}`,
+      `RDS Username: ${config2.rds.username || "(not configured)"}`,
+      `SSL: ${config2.rds.ssl}`,
+      `Auto-sync: ${config2.auto_sync_interval_minutes ? `${config2.auto_sync_interval_minutes} min` : "disabled"}`
+    ];
+    if (config2.rds.host && config2.rds.username) {
+      try {
+        const connStr = getConnectionString("postgres");
+        const pg2 = new PgAdapterAsync2(connStr);
+        await pg2.get("SELECT 1 as ok");
+        lines.push("PostgreSQL: connected");
+        await pg2.close();
+      } catch (err) {
+        const message = err instanceof Error ? err.message : String(err);
+        lines.push(`PostgreSQL: connection failed \u2014 ${message}`);
+      }
+    }
+    return { content: [{ type: "text", text: lines.join(`
+`) }] };
+  });
+  server.tool("sync_push", "Push local SQLite data to cloud PostgreSQL", {
+    service: exports_external.string().describe("Service name"),
+    tables: exports_external.string().optional().describe("Comma-separated table names (default: all)")
+  }, async ({ service, tables: tablesStr }) => {
+    const config2 = getCloudConfig();
+    if (config2.mode === "local") {
+      return {
+        content: [
+          {
+            type: "text",
+            text: "Error: mode is 'local'. Configure cloud mode first via `cloud setup`."
+          }
+        ],
+        isError: true
+      };
+    }
+    const dbPath = getDbPath2(service);
+    const local = new SqliteAdapter2(dbPath);
+    const connStr = getConnectionString(service);
+    const cloud = new PgAdapterAsync2(connStr);
+    let tableList;
+    if (tablesStr) {
+      tableList = tablesStr.split(",").map((t) => t.trim());
+    } else {
+      tableList = listSqliteTables(local);
+    }
+    const results = await syncPush(local, cloud, { tables: tableList });
+    local.close();
+    await cloud.close();
+    const totalWritten = results.reduce((s, r) => s + r.rowsWritten, 0);
+    const totalErrors = results.reduce((s, r) => s + r.errors.length, 0);
+    const lines = [
+      `Pushed ${tableList.length} table(s): ${totalWritten} rows, ${totalErrors} errors.`
+    ];
+    for (const r of results) {
+      lines.push(`  ${r.table}: ${r.rowsWritten} written, ${r.rowsSkipped} skipped`);
+      for (const e of r.errors) {
+        lines.push(`    ERROR: ${e}`);
+      }
+    }
+    return { content: [{ type: "text", text: lines.join(`
+`) }] };
+  });
+  server.tool("sync_pull", "Pull cloud PostgreSQL data to local SQLite", {
+    service: exports_external.string().describe("Service name"),
+    tables: exports_external.string().optional().describe("Comma-separated table names (default: all)")
+  }, async ({ service, tables: tablesStr }) => {
+    const config2 = getCloudConfig();
+    if (config2.mode === "local") {
+      return {
+        content: [
+          {
+            type: "text",
+            text: "Error: mode is 'local'. Configure cloud mode first via `cloud setup`."
+          }
+        ],
+        isError: true
+      };
+    }
+    const dbPath = getDbPath2(service);
+    const local = new SqliteAdapter2(dbPath);
+    const connStr = getConnectionString(service);
+    const cloud = new PgAdapterAsync2(connStr);
+    let tableList;
+    if (tablesStr) {
+      tableList = tablesStr.split(",").map((t) => t.trim());
+    } else {
+      try {
+        tableList = await listPgTables(cloud);
+      } catch {
+        local.close();
+        await cloud.close();
+        return {
+          content: [
+            { type: "text", text: "Error: failed to list tables from cloud." }
+          ],
+          isError: true
+        };
+      }
+    }
+    const results = await syncPull(cloud, local, { tables: tableList });
+    local.close();
+    await cloud.close();
+    const totalWritten = results.reduce((s, r) => s + r.rowsWritten, 0);
+    const totalErrors = results.reduce((s, r) => s + r.errors.length, 0);
+    const lines = [
+      `Pulled ${tableList.length} table(s): ${totalWritten} rows, ${totalErrors} errors.`
+    ];
+    for (const r of results) {
+      lines.push(`  ${r.table}: ${r.rowsWritten} written, ${r.rowsSkipped} skipped`);
+      for (const e of r.errors) {
+        lines.push(`    ERROR: ${e}`);
+      }
+    }
+    return { content: [{ type: "text", text: lines.join(`
+`) }] };
+  });
+  server.tool("send_feedback", "Send feedback for a service", {
+    service: exports_external.string().describe("Service name"),
+    message: exports_external.string().describe("Feedback message"),
+    email: exports_external.string().optional().describe("Contact email"),
+    version: exports_external.string().optional().describe("Service version")
+  }, async ({ service, message, email: email2, version: version2 }) => {
+    const db = createDatabase({ service: "cloud" });
+    const result = await sendFeedback({ service, message, email: email2, version: version2 }, db);
+    db.close();
+    if (result.sent) {
+      return {
+        content: [
+          {
+            type: "text",
+            text: `Feedback sent successfully (id: ${result.id})`
+          }
+        ]
+      };
+    }
+    return {
+      content: [
+        {
+          type: "text",
+          text: `Feedback saved locally (id: ${result.id}). Remote send failed: ${result.error}`
+        }
+      ]
+    };
+  });
+  server.tool("sync_all", "Sync all discovered services between local and cloud. Pulls from PG to SQLite by default.", {
+    direction: exports_external.enum(["pull", "push"]).default("pull").describe("Sync direction")
+  }, async ({ direction }) => {
+    const config2 = getCloudConfig();
+    if (config2.mode === "local") {
+      return {
+        content: [{ type: "text", text: "Error: mode is 'local'. Configure cloud mode first via `cloud setup`." }],
+        isError: true
+      };
+    }
+    const { discoverServices: discoverServices3, isSyncExcludedTable: isSyncExcludedTable3 } = await Promise.resolve().then(() => (init_discover2(), exports_discover2));
+    const services = discoverServices3();
+    const lines = [`Syncing ${services.length} services (${direction})...`];
+    let grandTotal = 0;
+    let grandErrors = 0;
+    for (const service of services) {
+      try {
+        const dbPath = getDbPath2(service);
+        const local = new SqliteAdapter2(dbPath);
+        const connStr = getConnectionString(service);
+        const cloud = new PgAdapterAsync2(connStr);
+        let tableList;
+        if (direction === "push") {
+          tableList = listSqliteTables(local).filter((t) => !isSyncExcludedTable3(t));
+        } else {
+          try {
+            tableList = (await listPgTables(cloud)).filter((t) => !isSyncExcludedTable3(t));
+          } catch {
+            local.close();
+            await cloud.close();
+            continue;
+          }
+        }
+        if (tableList.length === 0) {
+          local.close();
+          await cloud.close();
+          continue;
+        }
+        const results = direction === "push" ? await syncPush(local, cloud, { tables: tableList }) : await syncPull(cloud, local, { tables: tableList });
+        local.close();
+        await cloud.close();
+        const written = results.reduce((s, r) => s + r.rowsWritten, 0);
+        const errors4 = results.reduce((s, r) => s + r.errors.length, 0);
+        grandTotal += written;
+        grandErrors += errors4;
+        if (written > 0 || errors4 > 0) {
+          lines.push(`  ${service}: ${written} rows${errors4 > 0 ? `, ${errors4} errors` : ""}`);
+        }
+      } catch (err) {
+        grandErrors++;
+        const message = err instanceof Error ? err.message : String(err);
+        lines.push(`  ${service}: ERROR \u2014 ${message}`);
+      }
+    }
+    lines.push(`
+Done. ${services.length} services, ${grandTotal} rows, ${grandErrors} errors.`);
+    return { content: [{ type: "text", text: lines.join(`
+`) }] };
+  });
+  server.tool("migrate_all", "Run PG migrations for all discovered services. Creates databases if needed.", {}, async () => {
+    const { migrateAllServices: migrateAllServices2, ensureAllPgDatabases: ensureAllPgDatabases2 } = await Promise.resolve().then(() => (init_pg_migrate(), exports_pg_migrate));
+    const lines = ["Running PG migrations..."];
+    const dbResults = await ensureAllPgDatabases2();
+    for (const r of dbResults) {
+      if (r.created)
+        lines.push(`  Created DB: ${r.service}`);
+      if (r.error)
+        lines.push(`  DB error: ${r.service} \u2014 ${r.error}`);
+    }
+    const results = await migrateAllServices2();
+    let totalApplied = 0;
+    for (const r of results) {
+      totalApplied += r.applied.length;
+      if (r.applied.length > 0 || r.errors.length > 0) {
+        lines.push(`  ${r.service}: ${r.applied.length} applied${r.errors.length > 0 ? `, ${r.errors.length} errors` : ""}`);
+        for (const e of r.errors)
+          lines.push(`    ${e}`);
+      }
+    }
+    lines.push(`
+Done. ${results.length} services, ${totalApplied} migrations applied.`);
+    return { content: [{ type: "text", text: lines.join(`
+`) }] };
+  });
+  const mcpAgentRegistry = new Map;
+  server.tool("register_agent", "Register an agent session for attribution", {
+    name: exports_external.string().describe("Agent name"),
+    session_id: exports_external.string().optional().describe("Session identifier")
+  }, async ({ name }) => {
+    const existing = [...mcpAgentRegistry.values()].find((a) => a.name === name);
+    if (existing) {
+      existing.last_seen_at = new Date().toISOString();
+      return { content: [{ type: "text", text: JSON.stringify({ agent_id: existing.id, name: existing.name, last_seen_at: existing.last_seen_at }) }] };
+    }
+    const id = Math.random().toString(36).slice(2, 10);
+    const agent = { id, name, last_seen_at: new Date().toISOString() };
+    mcpAgentRegistry.set(id, agent);
+    return { content: [{ type: "text", text: JSON.stringify(agent) }] };
+  });
+  server.tool("heartbeat", "Update agent last_seen_at", {
+    agent_id: exports_external.string().optional().describe("Agent ID (optional \u2014 updates by name if registered)")
+  }, async () => {
+    return { content: [{ type: "text", text: `heartbeat at ${new Date().toISOString()}` }] };
+  });
+  server.tool("list_agents", "List registered agents", {}, async () => {
+    const agents = [...mcpAgentRegistry.values()];
+    return { content: [{ type: "text", text: agents.length > 0 ? JSON.stringify(agents) : "No agents registered" }] };
+  });
+  server.tool("set_focus", "Set active project context", {
+    agent_id: exports_external.string().describe("Agent ID"),
+    project_id: exports_external.string().optional().describe("Project to focus on")
+  }, async ({ agent_id, project_id }) => {
+    const agent = mcpAgentRegistry.get(agent_id);
+    if (!agent)
+      return { content: [{ type: "text", text: `Agent not found: ${agent_id}` }], isError: true };
+    agent.project_id = project_id;
+    return { content: [{ type: "text", text: project_id ? `Focus set: ${project_id}` : "Focus cleared" }] };
+  });
+  return server;
+}
+async function main() {
+  const { http, port } = parseHttpArgv();
+  if (http) {
+    await runMcpHttpServer({ port: resolveMcpHttpPort(port) });
+    return;
+  }
+  const server = buildServer();
+  const transport = new StdioServerTransport;
   await server.connect(transport);
 }
 main().catch((err) => {
   console.error("cloud-mcp failed to start:", err);
   process.exit(1);
 });
+export {
+  buildServer
+};