npm - @hasna/knowledge - Versions diffs - 0.2.6 → 0.2.7 - Mend

@hasna/knowledge 0.2.6 → 0.2.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/README.md +21 -0
package/bin/open-knowledge-mcp.js +14 -1
package/bin/open-knowledge.js +58 -21
package/package.json +1 -1
package/src/cli.ts +138 -5
package/src/knowledge-db.ts +41 -1
package/src/manifest-ingest.ts +58 -9
package/src/outbox-consume.ts +33 -4
package/src/safety.ts +265 -0
package/src/workspace.ts +26 -0

package/src/cli.ts CHANGED Viewed

@@ -6,11 +6,12 @@
  */
 import { defaultStorePath, loadStore, saveStore, withLock, makeId, makeShortId, ensureStore, type KnowledgeItem } from './store';
 import { ensureKnowledgeWorkspace, readKnowledgeConfig, resolveScopedWorkspace } from './workspace';
-import { getKnowledgeDbStats, migrateKnowledgeDb } from './knowledge-db';
+import { getKnowledgeDbStats, migrateKnowledgeDb, openKnowledgeDb } from './knowledge-db';
 import { createArtifactStore } from './artifact-store';
 import { initializeWikiLayout } from './wiki-layout';
 import { ingestOpenFilesManifest } from './manifest-ingest';
 import { consumeOpenFilesOutbox } from './outbox-consume';
+import { approvalStatus, assertS3ReadAllowed, assertWebSearchAllowed, createApprovalGate, recordAuditEvent, recordRedactionFindings, redactSecrets, resolveSafetyPolicy } from './safety';
 import pkg from '../package.json' with { type: 'json' };
 type LogLevel = 'debug' | 'info' | 'warn' | 'error';
@@ -61,7 +62,7 @@ interface ParseResult {
   flags: Flags;
 }
-const COMMANDS = ['add', 'list', 'get', 'delete', 'update', 'archive', 'restore', 'upsert', 'untag', 'export', 'prune', 'dedupe', 'stats', 'paths', 'db', 'wiki', 'ingest', 'reindex', 'help'];
+const COMMANDS = ['add', 'list', 'get', 'delete', 'update', 'archive', 'restore', 'upsert', 'untag', 'export', 'prune', 'dedupe', 'stats', 'paths', 'db', 'wiki', 'ingest', 'reindex', 'safety', 'help'];
 const COMMAND_ALIASES: Record<string, string> = {
   ls: 'list',
   rm: 'delete',
@@ -166,6 +167,7 @@ Commands:
   wiki init                    Initialize scalable wiki/schema/index/log artifacts
   ingest manifest <file|s3://> Ingest an open-files manifest into knowledge.db
   reindex outbox <file|s3://>  Consume open-files change events and invalidate chunks
+  safety status|check|approve|audit|redact
   help [command]               Show help
 Global Options:
@@ -229,6 +231,7 @@ function printCommandHelp(command: string): void {
   if (command === 'wiki') { console.log('Usage: open-knowledge wiki init [--scope local|global|project] [--json]'); return; }
   if (command === 'ingest') { console.log('Usage: open-knowledge ingest manifest <file|s3://bucket/key> [--scope local|global|project] [--json]'); return; }
   if (command === 'reindex') { console.log('Usage: open-knowledge reindex outbox <file|s3://bucket/key> [--scope local|global|project] [--json]'); return; }
+  if (command === 'safety') { console.log('Usage: open-knowledge safety status|check|approve|audit|redact [args] [--scope local|global|project] [--json]'); return; }
   printGlobalHelp();
 }
@@ -273,11 +276,11 @@ async function run(argv: string[]): Promise<void> {
   if (flags.completions) {
     const shell = flags.completions;
     if (shell === 'bash') {
-      console.log(`_open_knowledge() { local cur; cur="${"$"}{COMP_WORDS[COMP_CWORD]}"; COMPREPLY=($(compgen -W "add list get update archive restore upsert untag delete export prune dedupe stats paths db wiki ingest reindex help ls rm edit unarchive --json --yes --help --version --desc --page --limit --search --sort --id --store --title --content --url --tag --format --completions --no-color --scope --archived --include-archived" -- "$cur")); }; complete -F _open_knowledge open-knowledge`);
+      console.log(`_open_knowledge() { local cur; cur="${"$"}{COMP_WORDS[COMP_CWORD]}"; COMPREPLY=($(compgen -W "add list get update archive restore upsert untag delete export prune dedupe stats paths db wiki ingest reindex safety help ls rm edit unarchive --json --yes --help --version --desc --page --limit --search --sort --id --store --title --content --url --tag --format --completions --no-color --scope --archived --include-archived" -- "$cur")); }; complete -F _open_knowledge open-knowledge`);
     } else if (shell === 'zsh') {
-      console.log(`#compdef open-knowledge\n_open_knowledge() { _arguments -C "1: :(add list get update archive restore upsert untag delete export prune dedupe stats paths db wiki ingest reindex help ls rm edit unarchive)" "(--json)--json" "(--yes)-y" "(--help)--help" "(--version)--version" "(--desc)--desc" "(--archived)--archived" "(--include-archived)--include-archived" "(-p --page)"{-p,--page}"[page number]:number:" "(-l --limit)"{-l,--limit}"[items per page]:number:" "(-s --search)"{-s,--search}"[search text]:text:" "(--sort)--sort"\{created,title\}:" "(--id)--id[item id]:id:" "(--store)--store[store path]:path:" "(--title)--title[new title]:" "(--content)--content[new content]:" "(--url)--url[source url]:" "(-t --tag)"{-t,--tag}"[tag]:tag:" "(--format)--format[json|jsonl]:" "(--completions)--completions[output completions]:shell:(bash zsh fish):" "(--no-color)--no-color[disable color]" "(--scope)--scope"\{local,global,project\}:" }; _open_knowledge`);
+      console.log(`#compdef open-knowledge\n_open_knowledge() { _arguments -C "1: :(add list get update archive restore upsert untag delete export prune dedupe stats paths db wiki ingest reindex safety help ls rm edit unarchive)" "(--json)--json" "(--yes)-y" "(--help)--help" "(--version)--version" "(--desc)--desc" "(--archived)--archived" "(--include-archived)--include-archived" "(-p --page)"{-p,--page}"[page number]:number:" "(-l --limit)"{-l,--limit}"[items per page]:number:" "(-s --search)"{-s,--search}"[search text]:text:" "(--sort)--sort"\{created,title\}:" "(--id)--id[item id]:id:" "(--store)--store[store path]:path:" "(--title)--title[new title]:" "(--content)--content[new content]:" "(--url)--url[source url]:" "(-t --tag)"{-t,--tag}"[tag]:tag:" "(--format)--format[json|jsonl]:" "(--completions)--completions[output completions]:shell:(bash zsh fish):" "(--no-color)--no-color[disable color]" "(--scope)--scope"\{local,global,project\}:" }; _open_knowledge`);
     } else if (shell === 'fish') {
-      console.log(`complete -c open-knowledge -f; complete -c open-knowledge -a "add list get update archive restore upsert untag delete export prune dedupe stats paths db wiki ingest reindex help ls rm edit unarchive"; complete -c open-knowledge -l json; complete -c open-knowledge -l yes -s y; complete -c open-knowledge -l help -s h; complete -c open-knowledge -l version -s v; complete -c open-knowledge -l desc; complete -c open-knowledge -l archived; complete -c open-knowledge -l include-archived; complete -c open-knowledge -s p -l page; complete -c open-knowledge -s l -l limit; complete -c open-knowledge -s s -l search; complete -c open-knowledge -l sort; complete -c open-knowledge -l id; complete -c open-knowledge -l store; complete -c open-knowledge -l title; complete -c open-knowledge -l content; complete -c open-knowledge -l url; complete -c open-knowledge -s t -l tag; complete -c open-knowledge -l format; complete -c open-knowledge -l completions; complete -c open-knowledge -l no-color; complete -c open-knowledge -l scope -a "local global project"`);
+      console.log(`complete -c open-knowledge -f; complete -c open-knowledge -a "add list get update archive restore upsert untag delete export prune dedupe stats paths db wiki ingest reindex safety help ls rm edit unarchive"; complete -c open-knowledge -l json; complete -c open-knowledge -l yes -s y; complete -c open-knowledge -l help -s h; complete -c open-knowledge -l version -s v; complete -c open-knowledge -l desc; complete -c open-knowledge -l archived; complete -c open-knowledge -l include-archived; complete -c open-knowledge -s p -l page; complete -c open-knowledge -s l -l limit; complete -c open-knowledge -s s -l search; complete -c open-knowledge -l sort; complete -c open-knowledge -l id; complete -c open-knowledge -l store; complete -c open-knowledge -l title; complete -c open-knowledge -l content; complete -c open-knowledge -l url; complete -c open-knowledge -s t -l tag; complete -c open-knowledge -l format; complete -c open-knowledge -l completions; complete -c open-knowledge -l no-color; complete -c open-knowledge -l scope -a "local global project"`);
     } else {
       throw new Error("Invalid --completions value. Use 'bash', 'zsh', or 'fish'.");
     }
@@ -347,6 +350,132 @@ async function run(argv: string[]): Promise<void> {
     return;
   }
+  if (command === 'safety') {
+    const action = positional[1] ?? 'status';
+    const resolvedWorkspace = ensureKnowledgeWorkspace(workspace.home);
+    const config = readKnowledgeConfig(resolvedWorkspace.configPath);
+    const policy = resolveSafetyPolicy(config, resolvedWorkspace);
+    migrateKnowledgeDb(resolvedWorkspace.knowledgeDbPath);
+    const db = openKnowledgeDb(resolvedWorkspace.knowledgeDbPath);
+    try {
+      if (action === 'status') {
+        output({
+          ok: true,
+          mode: policy.mode,
+          workspace: resolvedWorkspace.home,
+          allow_write_roots: policy.allowWriteRoots,
+          read_only_source_access: policy.readOnlySourceAccess,
+          network: policy.network,
+          redaction: policy.redaction,
+          approvals: policy.approvals,
+          message: `Safety policy: ${policy.mode}`,
+        }, flags.json);
+        return;
+      }
+      if (action === 'check') {
+        const checkAction = positional[2] ?? 'generated_write';
+        const target = positional[3] ?? null;
+        let decision: ReturnType<typeof approvalStatus> | { action: string; target_uri: string | null; approval_required: false; approved: boolean; decision: string };
+        try {
+          if (checkAction === 'web_search') {
+            assertWebSearchAllowed(policy);
+            decision = { action: checkAction, target_uri: target, approval_required: false, approved: true, decision: 'allow' };
+          } else if (checkAction === 's3_read') {
+            if (!target) throw new Error('safety check s3_read requires an s3:// target.');
+            assertS3ReadAllowed(target, policy);
+            decision = { action: checkAction, target_uri: target, approval_required: false, approved: true, decision: 'allow' };
+          } else {
+            decision = approvalStatus(db, policy, checkAction, target);
+          }
+          recordAuditEvent(db, {
+            event_type: 'safety_check',
+            action: checkAction,
+            target_uri: target,
+            decision: decision.decision === 'allow' ? 'allow' : 'requires_approval',
+            metadata: decision,
+          });
+          output({ ok: true, ...decision, message: `Safety check ${decision.decision}` }, flags.json);
+          return;
+        } catch (error) {
+          recordAuditEvent(db, {
+            event_type: 'safety_check',
+            action: checkAction,
+            target_uri: target,
+            decision: 'deny',
+            metadata: { error: error instanceof Error ? error.message : String(error) },
+          });
+          throw error;
+        }
+      }
+      if (action === 'approve') {
+        const approveAction = positional[2] ?? 'generated_write';
+        const target = positional[3] ?? null;
+        const approval = createApprovalGate(db, {
+          action: approveAction,
+          target_uri: target,
+          reason: 'local-cli approval',
+          metadata: { scope: flags.scope ?? 'global' },
+        });
+        recordAuditEvent(db, {
+          event_type: 'approval',
+          action: approveAction,
+          target_uri: target,
+          decision: 'allow',
+          metadata: { approval_id: approval.id },
+        });
+        output({ ok: true, ...approval, action: approveAction, target_uri: target, message: `Approved ${approveAction}` }, flags.json);
+        return;
+      }
+      if (action === 'audit') {
+        const rows = db.query<{
+          id: string;
+          event_type: string;
+          action: string;
+          target_uri: string | null;
+          decision: string;
+          metadata_json: string;
+          created_at: string;
+        }, []>(
+          'SELECT id, event_type, action, target_uri, decision, metadata_json, created_at FROM audit_events ORDER BY created_at DESC LIMIT 50',
+        ).all().map((row) => ({
+          id: row.id,
+          event_type: row.event_type,
+          action: row.action,
+          target_uri: row.target_uri,
+          decision: row.decision,
+          metadata: JSON.parse(row.metadata_json),
+          created_at: row.created_at,
+        }));
+        output({ ok: true, events: rows, message: `${rows.length} audit event(s)` }, flags.json);
+        return;
+      }
+      if (action === 'redact') {
+        const text = positional.slice(2).join(' ');
+        if (!text) throw new Error('Usage: open-knowledge safety redact <text>');
+        const result = redactSecrets(text, policy);
+        if (result.findings.length > 0) {
+          recordRedactionFindings(db, {
+            source_uri: 'safety://redact',
+            findings: result.findings,
+            metadata: { command: 'safety redact' },
+          });
+        }
+        recordAuditEvent(db, {
+          event_type: 'redaction',
+          action: 'safety_redact',
+          target_uri: 'safety://redact',
+          decision: result.findings.length > 0 ? 'redacted' : 'allow',
+          metadata: { findings: result.findings.length },
+        });
+        output({ ok: true, text: result.text, findings: result.findings, message: `Redacted ${result.findings.length} finding(s)` }, flags.json);
+        return;
+      }
+      throw new Error("Invalid safety action. Use 'status', 'check', 'approve', 'audit', or 'redact'.");
+    } finally {
+      db.close();
+    }
+  }
   if (command === 'ingest') {
     const action = positional[1] ?? '';
     if (action !== 'manifest') throw new Error("Invalid ingest action. Use 'manifest'.");
@@ -354,10 +483,12 @@ async function run(argv: string[]): Promise<void> {
     if (!input) throw new Error('Usage: open-knowledge ingest manifest <file|s3://bucket/key>');
     const resolvedWorkspace = ensureKnowledgeWorkspace(workspace.home);
     const config = readKnowledgeConfig(resolvedWorkspace.configPath);
+    const safetyPolicy = resolveSafetyPolicy(config, resolvedWorkspace);
     const result = await ingestOpenFilesManifest({
       dbPath: resolvedWorkspace.knowledgeDbPath,
       input,
       config,
+      safetyPolicy,
     });
     output({ ok: true, ...result, message: `Ingested ${result.items_seen} manifest item(s)` }, flags.json);
     return;
@@ -370,10 +501,12 @@ async function run(argv: string[]): Promise<void> {
     if (!input) throw new Error('Usage: open-knowledge reindex outbox <file|s3://bucket/key>');
     const resolvedWorkspace = ensureKnowledgeWorkspace(workspace.home);
     const config = readKnowledgeConfig(resolvedWorkspace.configPath);
+    const safetyPolicy = resolveSafetyPolicy(config, resolvedWorkspace);
     const result = await consumeOpenFilesOutbox({
       dbPath: resolvedWorkspace.knowledgeDbPath,
       input,
       config,
+      safetyPolicy,
     });
     output({ ok: true, ...result, message: `Consumed ${result.events_seen} outbox event(s)` }, flags.json);
     return;

package/src/knowledge-db.ts CHANGED Viewed

@@ -1,7 +1,7 @@
 import { Database } from 'bun:sqlite';
 import { ensureParentDir } from './workspace';
-export const CURRENT_SCHEMA_VERSION = 2;
+export const CURRENT_SCHEMA_VERSION = 3;
 export interface KnowledgeDbStats {
   schema_version: number;
@@ -13,6 +13,9 @@ export interface KnowledgeDbStats {
   indexes: number;
   runs: number;
   run_events: number;
+  redaction_findings: number;
+  audit_events: number;
+  approval_gates: number;
 }
 const MIGRATION_1 = `
@@ -199,6 +202,39 @@ INSERT OR IGNORE INTO schema_versions(version, applied_at)
 VALUES (2, datetime('now'));
 `;
+const MIGRATION_3 = `
+CREATE TABLE IF NOT EXISTS audit_events (
+  id TEXT PRIMARY KEY,
+  event_type TEXT NOT NULL,
+  action TEXT NOT NULL,
+  target_uri TEXT,
+  decision TEXT NOT NULL,
+  metadata_json TEXT NOT NULL DEFAULT '{}',
+  created_at TEXT NOT NULL
+);
+CREATE TABLE IF NOT EXISTS approval_gates (
+  id TEXT PRIMARY KEY,
+  action TEXT NOT NULL,
+  target_uri TEXT,
+  status TEXT NOT NULL,
+  reason TEXT,
+  approved_by TEXT,
+  metadata_json TEXT NOT NULL DEFAULT '{}',
+  created_at TEXT NOT NULL,
+  updated_at TEXT NOT NULL
+);
+CREATE INDEX IF NOT EXISTS idx_audit_events_action ON audit_events(action);
+CREATE INDEX IF NOT EXISTS idx_audit_events_target ON audit_events(target_uri);
+CREATE INDEX IF NOT EXISTS idx_audit_events_created ON audit_events(created_at);
+CREATE INDEX IF NOT EXISTS idx_approval_gates_action ON approval_gates(action);
+CREATE INDEX IF NOT EXISTS idx_approval_gates_status ON approval_gates(status);
+INSERT OR IGNORE INTO schema_versions(version, applied_at)
+VALUES (3, datetime('now'));
+`;
 export function openKnowledgeDb(path: string): Database {
   ensureParentDir(path);
   const db = new Database(path);
@@ -211,6 +247,7 @@ export function migrateKnowledgeDb(path: string): { path: string; schema_version
   try {
     db.exec(MIGRATION_1);
     if (getSchemaVersion(db) < 2) db.exec(MIGRATION_2);
+    if (getSchemaVersion(db) < 3) db.exec(MIGRATION_3);
     return { path, schema_version: getSchemaVersion(db) };
   } finally {
     db.close();
@@ -240,6 +277,9 @@ export function getKnowledgeDbStats(path: string): KnowledgeDbStats {
       indexes: count(db, 'knowledge_indexes'),
       runs: count(db, 'runs'),
       run_events: count(db, 'run_events'),
+      redaction_findings: count(db, 'redaction_findings'),
+      audit_events: count(db, 'audit_events'),
+      approval_gates: count(db, 'approval_gates'),
     };
   } finally {
     db.close();

package/src/manifest-ingest.ts CHANGED Viewed

@@ -5,11 +5,20 @@ import type { Database } from 'bun:sqlite';
 import { migrateKnowledgeDb, openKnowledgeDb } from './knowledge-db';
 import { parseSourceRef, type SourceRef } from './source-ref';
 import type { KnowledgeConfig } from './workspace';
+import {
+  assertS3ReadAllowed,
+  assertWriteAllowed,
+  recordAuditEvent,
+  recordRedactionFindings,
+  redactSecrets,
+  type SafetyPolicy,
+} from './safety';
 export interface ManifestIngestOptions {
   dbPath: string;
   input: string;
   config?: KnowledgeConfig;
+  safetyPolicy?: SafetyPolicy;
   now?: Date;
   maxChunkChars?: number;
   chunkOverlapChars?: number;
@@ -23,6 +32,7 @@ export interface ManifestIngestResult {
   revisions_upserted: number;
   chunks_inserted: number;
   chunks_deleted: number;
+  redactions: number;
   skipped: number;
 }
@@ -209,11 +219,12 @@ function parseManifestText(text: string): ManifestObject[] {
   });
 }
-async function readS3Text(uri: string, config?: KnowledgeConfig): Promise<string> {
+async function readS3Text(uri: string, config?: KnowledgeConfig, safetyPolicy?: SafetyPolicy): Promise<string> {
   const parsed = new URL(uri);
   const bucket = parsed.hostname;
   const key = decodeURIComponent(parsed.pathname.replace(/^\/+/, ''));
   if (!bucket || !key) throw new Error(`Invalid S3 manifest URI: ${uri}`);
+  if (safetyPolicy) assertS3ReadAllowed(uri, safetyPolicy);
   const [{ S3Client, GetObjectCommand }, { fromIni }] = await Promise.all([
     import('@aws-sdk/client-s3'),
     import('@aws-sdk/credential-providers'),
@@ -229,8 +240,8 @@ async function readS3Text(uri: string, config?: KnowledgeConfig): Promise<string
   return await response.Body.transformToString();
 }
-async function readManifestInput(input: string, config?: KnowledgeConfig): Promise<string> {
-  if (input.startsWith('s3://')) return readS3Text(input, config);
+async function readManifestInput(input: string, config?: KnowledgeConfig, safetyPolicy?: SafetyPolicy): Promise<string> {
+  if (input.startsWith('s3://')) return readS3Text(input, config, safetyPolicy);
   if (!existsSync(input)) throw new Error(`Manifest not found: ${input}`);
   return readFileSync(input, 'utf8');
 }
@@ -338,9 +349,26 @@ function upsertRevision(db: Database, sourceId: string, item: NormalizedManifest
   return row.id;
 }
-function insertChunks(db: Database, sourceRevisionId: string, item: NormalizedManifestItem, now: string, maxChars: number, overlapChars: number): number {
-  if (!item.text || item.status.toLowerCase() === 'deleted') return 0;
-  const chunks = chunkText(item.text, maxChars, overlapChars);
+function insertChunks(db: Database, sourceRevisionId: string, item: NormalizedManifestItem, now: string, maxChars: number, overlapChars: number, safetyPolicy?: SafetyPolicy): { chunksInserted: number; redactions: number } {
+  if (!item.text || item.status.toLowerCase() === 'deleted') return { chunksInserted: 0, redactions: 0 };
+  const redacted = redactSecrets(item.text, safetyPolicy);
+  if (redacted.findings.length > 0) {
+    recordRedactionFindings(db, {
+      source_uri: item.sourceUri,
+      findings: redacted.findings,
+      metadata: { source_ref: item.sourceRef, revision: item.revision },
+      created_at: now,
+    });
+    recordAuditEvent(db, {
+      event_type: 'redaction',
+      action: 'source_text_redact',
+      target_uri: item.sourceUri,
+      decision: 'redacted',
+      metadata: { findings: redacted.findings.length, source_ref: item.sourceRef, revision: item.revision },
+      created_at: now,
+    });
+  }
+  const chunks = chunkText(redacted.text, maxChars, overlapChars);
   for (const chunk of chunks) {
     const chunkId = stableId('chk', `${sourceRevisionId}\u0000${chunk.ordinal}\u0000${chunk.text}`);
     const metadata = {
@@ -373,7 +401,7 @@ function insertChunks(db: Database, sourceRevisionId: string, item: NormalizedMa
       [chunkId, chunk.text, item.title ?? '', item.sourceUri],
     );
   }
-  return chunks.length;
+  return { chunksInserted: chunks.length, redactions: redacted.findings.length };
 }
 export async function ingestOpenFilesManifest(options: ManifestIngestOptions): Promise<ManifestIngestResult> {
@@ -383,8 +411,9 @@ export async function ingestOpenFilesManifest(options: ManifestIngestOptions): P
   if (maxChunkChars < 500) throw new Error('maxChunkChars must be at least 500.');
   if (chunkOverlapChars < 0 || chunkOverlapChars >= maxChunkChars) throw new Error('chunkOverlapChars must be less than maxChunkChars.');
+  if (options.safetyPolicy) assertWriteAllowed(options.dbPath, options.safetyPolicy);
   migrateKnowledgeDb(options.dbPath);
-  const text = await readManifestInput(options.input, options.config);
+  const text = await readManifestInput(options.input, options.config, options.safetyPolicy);
   const items = parseManifestText(text);
   const db = openKnowledgeDb(options.dbPath);
   try {
@@ -393,7 +422,16 @@ export async function ingestOpenFilesManifest(options: ManifestIngestOptions): P
       const seenRevisions = new Set<string>();
       let chunksInserted = 0;
       let chunksDeleted = 0;
+      let redactions = 0;
       let skipped = 0;
+      recordAuditEvent(db, {
+        event_type: 'source_read',
+        action: options.input.startsWith('s3://') ? 's3_manifest_read' : 'local_manifest_read',
+        target_uri: options.input,
+        decision: 'allow',
+        metadata: { items: items.length, read_only: true },
+        created_at: now,
+      });
       for (const raw of items) {
         const item = normalizeManifestItem(raw, now);
         const sourceId = upsertSource(db, item, now);
@@ -403,8 +441,18 @@ export async function ingestOpenFilesManifest(options: ManifestIngestOptions): P
         if (item.text || item.status.toLowerCase() === 'deleted') {
           chunksDeleted += deleteChunksForRevision(db, revisionId);
         }
-        chunksInserted += insertChunks(db, revisionId, item, now, maxChunkChars, chunkOverlapChars);
+        const inserted = insertChunks(db, revisionId, item, now, maxChunkChars, chunkOverlapChars, options.safetyPolicy);
+        chunksInserted += inserted.chunksInserted;
+        redactions += inserted.redactions;
       }
+      recordAuditEvent(db, {
+        event_type: 'write',
+        action: 'knowledge_manifest_ingest',
+        target_uri: options.dbPath,
+        decision: 'allow',
+        metadata: { items: items.length, sources: seenSources.size, revisions: seenRevisions.size, chunks_inserted: chunksInserted, redactions },
+        created_at: now,
+      });
       return {
         path: options.input,
         db_path: options.dbPath,
@@ -413,6 +461,7 @@ export async function ingestOpenFilesManifest(options: ManifestIngestOptions): P
         revisions_upserted: seenRevisions.size,
         chunks_inserted: chunksInserted,
         chunks_deleted: chunksDeleted,
+        redactions,
         skipped,
       };
     })();

package/src/outbox-consume.ts CHANGED Viewed

@@ -5,6 +5,7 @@ import type { Database } from 'bun:sqlite';
 import { migrateKnowledgeDb, openKnowledgeDb } from './knowledge-db';
 import { parseSourceRef, type SourceRef } from './source-ref';
 import type { KnowledgeConfig } from './workspace';
+import { assertS3ReadAllowed, assertWriteAllowed, recordAuditEvent, type SafetyPolicy } from './safety';
 type OutboxObject = Record<string, unknown>;
@@ -12,6 +13,7 @@ export interface OutboxConsumeOptions {
   dbPath: string;
   input: string;
   config?: KnowledgeConfig;
+  safetyPolicy?: SafetyPolicy;
   now?: Date;
 }
@@ -165,11 +167,12 @@ function parseOutboxText(text: string): OutboxObject[] {
   });
 }
-async function readS3Text(uri: string, config?: KnowledgeConfig): Promise<string> {
+async function readS3Text(uri: string, config?: KnowledgeConfig, safetyPolicy?: SafetyPolicy): Promise<string> {
   const parsed = new URL(uri);
   const bucket = parsed.hostname;
   const key = decodeURIComponent(parsed.pathname.replace(/^\/+/, ''));
   if (!bucket || !key) throw new Error(`Invalid S3 outbox URI: ${uri}`);
+  if (safetyPolicy) assertS3ReadAllowed(uri, safetyPolicy);
   const [{ S3Client, GetObjectCommand }, { fromIni }] = await Promise.all([
     import('@aws-sdk/client-s3'),
     import('@aws-sdk/credential-providers'),
@@ -185,8 +188,8 @@ async function readS3Text(uri: string, config?: KnowledgeConfig): Promise<string
   return await response.Body.transformToString();
 }
-async function readOutboxInput(input: string, config?: KnowledgeConfig): Promise<string> {
-  if (input.startsWith('s3://')) return readS3Text(input, config);
+async function readOutboxInput(input: string, config?: KnowledgeConfig, safetyPolicy?: SafetyPolicy): Promise<string> {
+  if (input.startsWith('s3://')) return readS3Text(input, config, safetyPolicy);
   if (!existsSync(input)) throw new Error(`Outbox not found: ${input}`);
   return readFileSync(input, 'utf8');
 }
@@ -318,8 +321,9 @@ function isPermissionEvent(eventType: string): boolean {
 export async function consumeOpenFilesOutbox(options: OutboxConsumeOptions): Promise<OutboxConsumeResult> {
   const now = (options.now ?? new Date()).toISOString();
+  if (options.safetyPolicy) assertWriteAllowed(options.dbPath, options.safetyPolicy);
   migrateKnowledgeDb(options.dbPath);
-  const text = await readOutboxInput(options.input, options.config);
+  const text = await readOutboxInput(options.input, options.config, options.safetyPolicy);
   const events = parseOutboxText(text);
   const db = openKnowledgeDb(options.dbPath);
   const runId = `run_${randomUUID()}`;
@@ -350,6 +354,15 @@ export async function consumeOpenFilesOutbox(options: OutboxConsumeOptions): Pro
       let movedSources = 0;
       let permissionUpdates = 0;
+      recordAuditEvent(db, {
+        event_type: 'source_read',
+        action: options.input.startsWith('s3://') ? 's3_outbox_read' : 'local_outbox_read',
+        target_uri: options.input,
+        decision: 'allow',
+        metadata: { events: events.length, read_only: true },
+        created_at: now,
+      });
       events.forEach((raw, index) => {
         const event = normalizeEvent(raw, now);
         const sourceId = ensureSource(db, event, now);
@@ -404,6 +417,22 @@ export async function consumeOpenFilesOutbox(options: OutboxConsumeOptions): Pro
         ],
       );
+      recordAuditEvent(db, {
+        event_type: 'write',
+        action: 'knowledge_outbox_invalidation',
+        target_uri: options.dbPath,
+        decision: 'allow',
+        metadata: {
+          run_id: runId,
+          events: events.length,
+          sources: sourcesTouched.size,
+          revisions: revisionsTouched.size,
+          chunks_deleted: chunksDeleted,
+          embeddings_deleted: embeddingsDeleted,
+        },
+        created_at: now,
+      });
       return {
         path: options.input,
         db_path: options.dbPath,