@ijfw/memory-server 1.3.0

package/bin/ijfw

@@ -0,0 +1,27 @@
+#!/usr/bin/env bash
+# IJFW CLI launcher -- cross-audit/research/critique across AI families.
+# Resolves script location through symlinks (POSIX-portable).
+
+SOURCE="${BASH_SOURCE[0]:-$0}"
+while [ -L "$SOURCE" ]; do
+  DIR="$(cd -P "$(dirname "$SOURCE")" && pwd)"
+  SOURCE="$(readlink "$SOURCE")"
+  case "$SOURCE" in /*) ;; *) SOURCE="$DIR/$SOURCE" ;; esac
+done
+SCRIPT_DIR="$(cd -P "$(dirname "$SOURCE")" && pwd)"
+CLI="$SCRIPT_DIR/../src/cross-orchestrator-cli.js"
+
+if [ ! -f "$CLI" ]; then
+  echo "IJFW launcher expects CLI at $CLI -- re-run the installer to restore it." >&2
+  exit 1
+fi
+
+if ! command -v node >/dev/null 2>&1; then
+  echo "IJFW needs Node 18+ -- install from https://nodejs.org then retry." >&2
+  exit 1
+fi
+
+# Suppress only the ExperimentalWarning from node:sqlite -- keep all other
+# warnings visible (errors, deprecations, etc.). node:sqlite is marked
+# experimental through Node 22.x but is stable enough for read-only use.
+exec node --no-warnings=ExperimentalWarning "$CLI" "$@"

package/bin/ijfw-dashboard

@@ -0,0 +1,180 @@
+#!/usr/bin/env node
+/**
+ * ijfw-dashboard -- PID-managed launcher for dashboard-server.js
+ * Usage: ijfw-dashboard start|stop|status [--port N] [--no-open]
+ */
+
+import { existsSync, readFileSync, writeFileSync, unlinkSync, mkdirSync, rmSync } from 'node:fs';
+import { join, dirname } from 'node:path';
+import { homedir } from 'node:os';
+import { fileURLToPath } from 'node:url';
+import { spawn, spawnSync } from 'node:child_process';
+import http from 'node:http';
+
+const __dirname = dirname(fileURLToPath(import.meta.url));
+const SERVER_JS  = join(__dirname, '..', 'src', 'dashboard-server.js');
+const IJFW_DIR   = join(homedir(), '.ijfw');
+const PID_FILE   = join(IJFW_DIR, 'dashboard.pid');
+const PORT_FILE  = join(IJFW_DIR, 'dashboard.port');
+const DEFAULT_PORT = 37891;
+
+function ensureDir() { mkdirSync(IJFW_DIR, { recursive: true }); }
+
+function readPid() {
+  try { return parseInt(readFileSync(PID_FILE, 'utf8').trim(), 10); } catch { return null; }
+}
+
+function readPort() {
+  try { return parseInt(readFileSync(PORT_FILE, 'utf8').trim(), 10); } catch { return DEFAULT_PORT; }
+}
+
+function isAlive(pid) {
+  if (!pid) return false;
+  try { process.kill(pid, 0); return true; } catch { return false; }
+}
+
+function removePidFiles() {
+  try { unlinkSync(PID_FILE); } catch {}
+  try { unlinkSync(PORT_FILE); } catch {}
+}
+
+function openBrowser(url) {
+  if (process.env.CI || process.env.NO_OPEN) return;
+  const cmd = process.platform === 'darwin' ? 'open'
+    : process.platform === 'win32' ? 'start'
+    : 'xdg-open';
+  try { spawn(cmd, [url], { detached: true, stdio: 'ignore' }).unref(); } catch {}
+}
+
+// Probe a URL for HTTP 200, retrying on connection-refused until timeoutMs elapses.
+// Port file appears slightly before the HTTP listener is accepting; we retry to ride that race.
+function probeHttp(url, timeoutMs, cb) {
+  const start = Date.now();
+  let done = false;
+  const finish = (ok) => { if (!done) { done = true; cb(ok); } };
+
+  const attempt = () => {
+    if (done) return;
+    const elapsed = Date.now() - start;
+    if (elapsed >= timeoutMs) return finish(false);
+    try {
+      const req = http.get(url, (res) => {
+        finish(res.statusCode === 200);
+        res.resume();
+      });
+      req.setTimeout(Math.min(500, timeoutMs - elapsed), () => req.destroy(new Error('probe-timeout')));
+      req.on('error', () => {
+        // Connection refused / reset = server still binding; retry after 100ms.
+        if (!done) setTimeout(attempt, 100);
+      });
+    } catch {
+      if (!done) setTimeout(attempt, 100);
+    }
+  };
+
+  attempt();
+}
+
+const argv = process.argv.slice(2);
+const sub  = argv[0] || 'status';
+const noOpen = argv.includes('--no-open');
+
+if (sub === 'start') {
+  ensureDir();
+  const existingPid = readPid();
+  if (existingPid && isAlive(existingPid)) {
+    const port = readPort();
+    console.log('Dashboard already running at http://localhost:' + port + ' (PID ' + existingPid + ')');
+    process.exit(0);
+  }
+  // Stale PID -- reclaim
+  removePidFiles();
+
+  // Remove stale port file before spawn so polling loop can't pick up a leftover from a dead session.
+  try { rmSync(PORT_FILE, { force: true }); } catch {}
+
+  // Spawn detached server; it writes its own PID + port files.
+  const child = spawn(process.execPath, [SERVER_JS, '--daemon'], {
+    detached: true,
+    stdio: ['ignore', 'ignore', 'ignore'],
+    env: { ...process.env, IJFW_PID_FILE: PID_FILE, IJFW_PORT_FILE: PORT_FILE },
+  });
+  child.unref();
+
+  // Poll for port file (server writes it after binding), max 2500ms / 25 polls.
+  // Cold Node startup or slow disks can take >500ms; 2500ms gives 5x headroom.
+  let waited = 0;
+  const interval = setInterval(() => {
+    waited += 100;
+    if (existsSync(PORT_FILE)) {
+      clearInterval(interval);
+      const port = readPort();
+      const url  = 'http://127.0.0.1:' + port;
+      // Probe HTTP to confirm the server actually started (W4.1).
+      probeHttp(url, 2000, (ok) => {
+        if (ok) {
+          console.log('[ijfw] Dashboard running at http://127.0.0.1:' + port);
+          if (!noOpen) openBrowser('http://localhost:' + port);
+          process.exit(0);
+        } else {
+          console.error('[ijfw] Dashboard start failed -- check ~/.ijfw/logs/dashboard.log');
+          process.exit(1);
+        }
+      });
+      return;
+    }
+    if (waited >= 2500) {
+      clearInterval(interval);
+      console.error('[ijfw] Dashboard start failed -- check ~/.ijfw/logs/dashboard.log');
+      process.exit(1);
+    }
+  }, 100);
+
+} else if (sub === 'stop') {
+  const pid = readPid();
+  if (!pid || !isAlive(pid)) {
+    removePidFiles();
+    console.log('Dashboard is not running.');
+    process.exit(0);
+  }
+  try {
+    process.kill(pid, 'SIGTERM');
+    // Wait up to 2s for clean exit, then SIGKILL.
+    let waited = 0;
+    const t = setInterval(() => {
+      waited += 100;
+      if (!isAlive(pid)) {
+        clearInterval(t);
+        removePidFiles();
+        console.log('Dashboard stopped.');
+        process.exit(0);
+      }
+      if (waited >= 2000) {
+        clearInterval(t);
+        try { process.kill(pid, 'SIGKILL'); } catch {}
+        removePidFiles();
+        console.log('Dashboard stopped (forced).');
+        process.exit(0);
+      }
+    }, 100);
+  } catch {
+    removePidFiles();
+    console.log('Dashboard stopped.');
+    process.exit(0);
+  }
+
+} else if (sub === 'status') {
+  const pid = readPid();
+  if (pid && isAlive(pid)) {
+    const port = readPort();
+    console.log('Dashboard running at http://localhost:' + port + ' (PID ' + pid + ')');
+  } else {
+    if (pid) removePidFiles();
+    console.log('Dashboard is not running. Start with: ijfw dashboard start');
+  }
+  process.exit(0);
+
+} else {
+  console.error('Usage: ijfw-dashboard start|stop|status [--no-open]');
+  process.exit(1);
+}

package/bin/ijfw-dispatch-plan

@@ -0,0 +1,41 @@
+#!/usr/bin/env bash
+# ijfw-dispatch-plan -- emit dispatch manifest for a phase PLAN.md.
+#
+# Called by the ijfw-workflow skill at Wave 4 entry to decide shared-branch
+# vs worktree-isolated parallelism per sub-wave.
+#
+# Usage:
+#   ijfw-dispatch-plan <plan.md> [all-worktree | all-shared]
+
+SOURCE="${BASH_SOURCE[0]:-$0}"
+while [ -L "$SOURCE" ]; do
+  DIR="$(cd -P "$(dirname "$SOURCE")" && pwd)"
+  SOURCE="$(readlink "$SOURCE")"
+  case "$SOURCE" in /*) ;; *) SOURCE="$DIR/$SOURCE" ;; esac
+done
+SCRIPT_DIR="$(cd -P "$(dirname "$SOURCE")" && pwd)"
+MOD="$SCRIPT_DIR/../src/dispatch-planner.js"
+
+if [ -z "${1-}" ]; then
+  echo "Usage: ijfw-dispatch-plan <plan.md> [all-worktree|all-shared]" >&2
+  exit 1
+fi
+if [ ! -f "$1" ]; then
+  echo "Plan file not found: $1" >&2
+  exit 1
+fi
+if ! command -v node >/dev/null 2>&1; then
+  echo "ijfw-dispatch-plan needs Node 18+ -- install from https://nodejs.org" >&2
+  exit 1
+fi
+
+exec node -e '
+import("'"$MOD"'").then(async (m) => {
+  const { readFile } = await import("node:fs/promises");
+  const md = await readFile(process.argv[1], "utf8");
+  const override = process.argv[2] || null;
+  const manifest = m.buildManifest(m.parsePlan(md), { override });
+  console.log(m.manifestSummary(manifest));
+  console.log(JSON.stringify(manifest, null, 2));
+}).catch(err => { console.error(err.message); process.exit(1); });
+' "$1" "${2-}"

package/bin/ijfw-memorize

@@ -0,0 +1,273 @@
+#!/usr/bin/env node
+// IJFW session-end synthesizer (W5.P5.2 / H1).
+// Reads .ijfw/.session-signals.jsonl + .session-feedback.jsonl + transcript
+// payload on stdin (Stop-hook json), produces structured memory entries,
+// and appends them to .ijfw/memory/knowledge.md via the existing store helpers.
+//
+// Deterministic by default: feedback/signals promote 1:1. LLM-based synthesis
+// activates only when IJFW_AUTOMEM_MODEL is set (documented as a wiring point;
+// current build emits a TODO marker instead of calling an LLM).
+//
+// Consent: reads .ijfw/.automem-consent. If absent or consented=false, exits 0
+// silently. User sets consent via `/ijfw memory consent yes|no|ask`.
+
+import { readFileSync, writeFileSync, existsSync, appendFileSync, mkdirSync, rmdirSync, statSync } from 'node:fs';
+import { join } from 'node:path';
+import { redactSecrets } from '../src/redactor.js';
+import { applyCaps } from '../src/caps.js';
+import { ensureSchemaHeader, SCHEMA_HEADER } from '../src/schema.js';
+import { searchCorpus } from '../src/search-bm25.js';
+import { sanitizeContent } from '../src/sanitizer.js';
+
+const IJFW_DIR = '.ijfw';
+const MEMORY_DIR = join(IJFW_DIR, 'memory');
+const SIGNALS = join(IJFW_DIR, '.session-signals.jsonl');
+const FEEDBACK = join(IJFW_DIR, '.session-feedback.jsonl');
+const CONSENT = join(IJFW_DIR, '.automem-consent');
+const KNOWLEDGE = join(MEMORY_DIR, 'knowledge.md');
+
+function readConsent() {
+  if (!existsSync(CONSENT)) return { consented: null };
+  try { return JSON.parse(readFileSync(CONSENT, 'utf8')); } catch { return { consented: null }; }
+}
+
+function readJsonl(path) {
+  if (!existsSync(path)) return [];
+  try {
+    return readFileSync(path, 'utf8').split('\n').filter(Boolean).map(l => {
+      try { return JSON.parse(l); } catch { return null; }
+    }).filter(Boolean);
+  } catch { return []; }
+}
+
+function readExistingKnowledge() {
+  if (!existsSync(KNOWLEDGE)) return '';
+  try { return readFileSync(KNOWLEDGE, 'utf8'); } catch { return ''; }
+}
+
+// Y2 / R2-D -- relative BM25 dedupe. A fixed threshold doesn't generalize:
+// BM25 scores scale with corpus size (IDF depends on N) and query length.
+// Round-1 fix approximated the ceiling via a 1-doc self-corpus, but that
+// produces a DIFFERENT IDF than the N-doc candidate corpus -- incomparable
+// scores. R2-D fix: inject a synthetic self-doc INTO the existing corpus
+// so both candidate and ceiling scores share the same IDF denominator.
+function isDuplicate(summary, existingText) {
+  if (!existingText || !summary) return false;
+  const lines = existingText.split('\n').filter(l => l.trim().length > 0);
+  if (lines.length === 0) return false;
+  const corpusWithSelf = lines.map((line, i) => ({ id: `e${i}`, text: line }));
+  corpusWithSelf.push({ id: '_self', text: summary });
+  const results = searchCorpus(summary, corpusWithSelf, { limit: 5 });
+  if (results.length === 0) return false;
+  const selfHit = results.find(r => r.id === '_self');
+  const bestExisting = results.find(r => r.id !== '_self');
+  if (!selfHit || !bestExisting) return false;
+  // Duplicate if best existing hit is within 80% of the perfect-match ceiling.
+  return bestExisting.score >= selfHit.score * 0.8;
+}
+
+// C2 / ST5 / R2-C / R2-G -- file lock around multi-line structured appends.
+// Uses mkdir-based locking (atomic on POSIX + Windows). On contention:
+//   1. Check lock's mtime; if older than STALE_LOCK_MS, reclaim it (prior
+//      process likely crashed without releasing).
+//   2. Otherwise sleep (not busy-wait) for ~50ms via Atomics.wait on a
+//      shared buffer -- sync sleep that doesn't burn CPU.
+//   3. Retry up to ~2s deadline.
+// Always writes the holder's pid to a sidecar file inside the lock dir so
+// crashes are diagnosable.
+const LOCK_DIR = join(MEMORY_DIR, '.knowledge.lock');
+const LOCK_PID_FILE = join(LOCK_DIR, 'pid');
+const STALE_LOCK_MS = 10_000;
+
+// R2-G -- sync sleep without busy-wait. Atomics.wait blocks the thread on
+// a SharedArrayBuffer-backed Int32Array. Timeout in ms.
+const _sleepBuf = new Int32Array(new SharedArrayBuffer(4));
+function sleepSync(ms) { Atomics.wait(_sleepBuf, 0, 0, ms); }
+
+function tryReclaimStale() {
+  try {
+    const age = Date.now() - statSync(LOCK_DIR).mtimeMs;
+    if (age > STALE_LOCK_MS) {
+      try { rmdirSync(LOCK_DIR, { recursive: true }); } catch { /* fall through */ }
+      return true;
+    }
+  } catch { /* lock dir may have just been released */ }
+  return false;
+}
+
+function withLock(fn) {
+  const deadline = Date.now() + 2000;
+  let acquired = false;
+  while (!acquired && Date.now() < deadline) {
+    try {
+      mkdirSync(LOCK_DIR);
+      // Best-effort pid tag inside the lock for diagnostics.
+      try { writeFileSync(LOCK_PID_FILE, String(process.pid)); } catch { /* ignore */ }
+      acquired = true;
+    } catch {
+      // Contention. Consider reclaiming if stale; otherwise sleep + retry.
+      if (tryReclaimStale()) continue;
+      sleepSync(50);
+    }
+  }
+  if (!acquired) {
+    // Degrade to no-lock rather than lose the write -- record the incident.
+    try {
+      mkdirSync(IJFW_DIR, { recursive: true });
+      appendFileSync(
+        join(IJFW_DIR, '.error.log'),
+        `${new Date().toISOString()} ijfw-memorize: lock acquisition timed out after 2s; proceeding without lock\n`
+      );
+    } catch { /* ignore */ }
+    return fn();
+  }
+  try { return fn(); }
+  finally {
+    try { rmdirSync(LOCK_DIR, { recursive: true }); } catch { /* ignore */ }
+  }
+}
+
+function appendEntry({ type, summary, content, why, howToApply, tags }) {
+  mkdirSync(MEMORY_DIR, { recursive: true });
+  withLock(() => {
+    ensureSchemaHeader(KNOWLEDGE);
+    const ts = new Date().toISOString();
+    // X2 -- sanitize EVERY string that flows into the knowledge file.
+    // redactSecrets handles credentials; sanitizeContent defangs markdown
+    // structure + <system>-style tags + control chars. Both are needed.
+    const safeSummary      = sanitizeContent(summary);
+    const safeContent      = sanitizeContent(content);
+    const safeWhy          = sanitizeContent(why);
+    const safeHowToApply   = sanitizeContent(howToApply);
+    const safeTags         = tags.map(t => sanitizeContent(String(t)).replace(/[^a-zA-Z0-9_-]/g, ''));
+    const tagLine = safeTags.join(', ');
+    const block = [
+      '',
+      '---',
+      `type: ${type}`,
+      `summary: ${safeSummary}`,
+      `stored: ${ts}`,
+      `tags: [${tagLine}]`,
+      '---',
+      safeContent,
+      safeWhy ? `\n**Why:** ${safeWhy}` : '',
+      safeHowToApply ? `\n**How to apply:** ${safeHowToApply}` : '',
+      ''
+    ].filter(l => l !== '').join('\n') + '\n';
+    appendFileSync(KNOWLEDGE, block);
+  });
+}
+
+async function main() {
+  if (!existsSync(IJFW_DIR)) return;
+
+  const consent = readConsent();
+  if (consent.consented !== true) {
+    // Silent no-op if consent not granted. Consent is an explicit opt-in.
+    return;
+  }
+
+  const signals = readJsonl(SIGNALS);
+  const feedback = readJsonl(FEEDBACK);
+  if (signals.length === 0 && feedback.length === 0) return;
+
+  const existing = readExistingKnowledge();
+  let stored = 0;
+  const storedSummaries = [];
+  // X4 -- in-run dedupe. isDuplicate only sees the pre-run snapshot, so
+  // identical feedback lines within one session would both promote.
+  // Track summaries stored in THIS run as an additional blocklist.
+  const thisRunSummaries = new Set();
+  const alreadyStored = (summary) =>
+    thisRunSummaries.has(summary) || isDuplicate(summary, existing);
+
+  // 1:1 deterministic promotion of feedback.
+  for (const f of feedback) {
+    const rawPhrase = redactSecrets(f.phrase || '');
+    const rawContext = redactSecrets(f.context || '');
+    if (!rawPhrase) continue;
+    const summary = rawPhrase.slice(0, 110);
+    if (alreadyStored(summary)) continue;
+    const capped = applyCaps({
+      content: rawContext || rawPhrase,
+      summary,
+      why: `User stated during session: "${rawPhrase}"`,
+      how_to_apply: f.kind === 'correction' ? 'Avoid repeating the corrected pattern.'
+                 : f.kind === 'confirmation' ? 'Keep the approach that was confirmed.'
+                 : f.kind === 'preference'   ? 'Default to this preference on future similar tasks.'
+                 : 'Apply the stated rule consistently.',
+    });
+    appendEntry({
+      type: f.kind === 'preference' ? 'preference' : 'pattern',
+      summary: capped.summary,
+      content: capped.content,
+      why: capped.why,
+      howToApply: capped.how_to_apply,
+      tags: ['auto-memorize', f.kind],
+    });
+    stored++;
+    storedSummaries.push(capped.summary);
+    thisRunSummaries.add(capped.summary);
+  }
+
+  // 1:1 promotion of signal occurrences -- but only if the same error
+  // appears >=2x in the session (suggests a real blocker worth remembering).
+  const errorCounts = new Map();
+  for (const s of signals) {
+    const key = redactSecrets(s.error || s.fail || '');
+    if (!key) continue;
+    errorCounts.set(key, (errorCounts.get(key) || 0) + 1);
+  }
+  for (const [err, count] of errorCounts) {
+    if (count < 2) continue;
+    const summary = `Recurring error: ${err.slice(0, 90)}`;
+    if (alreadyStored(summary)) continue;
+    const capped = applyCaps({
+      content: err,
+      summary,
+      why: `Hit ${count} times in one session -- likely not a fluke.`,
+      how_to_apply: 'Next time this error surfaces, check prior session handoffs before debugging from scratch.',
+    });
+    appendEntry({
+      type: 'observation',
+      summary: capped.summary,
+      content: capped.content,
+      why: capped.why,
+      howToApply: capped.how_to_apply,
+      tags: ['auto-memorize', 'recurring-error'],
+    });
+    stored++;
+    storedSummaries.push(capped.summary);
+    thisRunSummaries.add(capped.summary);
+  }
+
+  // TODO: LLM-synthesis path (IJFW_AUTOMEM_MODEL). Stub emits a marker
+  // so downstream tooling can detect that a richer synthesis could run.
+  if (process.env.IJFW_AUTOMEM_MODEL && process.env.IJFW_AUTOMEM_MODEL !== 'off') {
+    // Wiring point -- Phase 5+ connects this to Anthropic SDK / Ollama.
+    // For now, record the opportunity.
+    try {
+      mkdirSync(IJFW_DIR, { recursive: true });
+      appendFileSync(join(IJFW_DIR, '.automem-llm-queue.jsonl'),
+        JSON.stringify({ ts: new Date().toISOString(), model: process.env.IJFW_AUTOMEM_MODEL, pending: true }) + '\n');
+    } catch {}
+  }
+
+  if (stored > 0) {
+    process.stdout.write(`Stored ${stored} new memor${stored === 1 ? 'y' : 'ies'}: ${storedSummaries.slice(0, 3).join('; ')}${storedSummaries.length > 3 ? '…' : ''}\n`);
+  }
+}
+
+// R2-H -- log errors before silent exit so EACCES / EDQUOT / malformed-JSON
+// failures are diagnosable. Hook caller sees exit 0 (never crashes Claude
+// Code); .ijfw/.error.log is the debug trail.
+main().catch((e) => {
+  try {
+    mkdirSync(IJFW_DIR, { recursive: true });
+    appendFileSync(
+      join(IJFW_DIR, '.error.log'),
+      `${new Date().toISOString()} ijfw-memorize: ${e && e.stack ? e.stack : (e && e.message) || String(e)}\n`
+    );
+  } catch { /* last-resort silent */ }
+  process.exit(0);
+});

package/bin/ijfw-memory

@@ -0,0 +1,51 @@
+#!/usr/bin/env bash
+# IJFW Memory Server launcher.
+# Auto-resolves server.js relative to this script's location, so it works
+# regardless of how it was invoked (npm link, absolute path, symlink, PATH).
+# Avoids the ${IJFW_HOME} expansion pitfall in MCP client args arrays.
+
+# Resolve real script dir even through symlinks (POSIX-portable).
+SOURCE="${BASH_SOURCE[0]:-$0}"
+while [ -L "$SOURCE" ]; do
+  DIR="$(cd -P "$(dirname "$SOURCE")" && pwd)"
+  SOURCE="$(readlink "$SOURCE")"
+  case "$SOURCE" in /*) ;; *) SOURCE="$DIR/$SOURCE" ;; esac
+done
+SCRIPT_DIR="$(cd -P "$(dirname "$SOURCE")" && pwd)"
+SERVER="$SCRIPT_DIR/../src/server.js"
+
+if [ ! -f "$SERVER" ]; then
+  # Server file missing -- emit MCP-spec parse-error then exit cleanly so the
+  # client gets a recoverable signal instead of hanging.
+  printf '{"jsonrpc":"2.0","id":null,"error":{"code":-32000,"message":"IJFW server file not found at %s"}}\n' "$SERVER" >&2
+  exit 1
+fi
+
+# Find node: command -v first, then common install locations.
+# Claude Code spawns MCP servers with a stripped PATH that excludes
+# /opt/homebrew/bin (macOS + Homebrew) and ~/.nvm/ (nvm users).
+NODE="$(command -v node 2>/dev/null)"
+if [ -z "$NODE" ]; then
+  for candidate in \
+    /opt/homebrew/bin/node \
+    /usr/local/bin/node \
+    "$HOME/.nvm/versions/node"/*/bin/node \
+    "$HOME/.volta/bin/node" \
+    "$HOME/.fnm/node-versions"/*/installation/bin/node \
+    /usr/bin/node; do
+    # shellcheck disable=SC2086
+    for resolved in $candidate; do
+      if [ -x "$resolved" ]; then
+        NODE="$resolved"
+        break 2
+      fi
+    done
+  done
+fi
+
+if [ -z "$NODE" ]; then
+  printf '{"jsonrpc":"2.0","id":null,"error":{"code":-32001,"message":"node not found in PATH or common locations (/opt/homebrew/bin, /usr/local/bin, ~/.nvm, ~/.volta). Install Node 18+ and retry."}}\n' >&2
+  exit 1
+fi
+
+exec "$NODE" "$SERVER" "$@"

package/fixtures/demo-target.js

@@ -0,0 +1,28 @@
+// IJFW Demo Target - three deliberate bugs for the Trident to catch.
+// Do not fix these - this file is shipped for `ijfw demo` and must stay broken.
+//
+// Contract (asserted by test-demo.js):
+//   CWE-476 - Null pointer dereference
+//   CWE-89  - SQL injection via string concatenation
+//   CWE-755 - Silent error swallow; failure is indistinguishable from success
+
+// Bug 1: CWE-476 - Null pointer dereference.
+function getUserEmail(user) {
+  return user.profile.email.toLowerCase();  // crashes if user.profile is null
+}
+
+// Bug 2: CWE-89 - SQL injection via string concatenation.
+function findUserByName(db, name) {
+  return db.query("SELECT * FROM users WHERE name = '" + name + "'");
+}
+
+// Bug 3: CWE-755 - Silent error swallow; failure is indistinguishable from success.
+async function loadConfig(path) {
+  try {
+    return JSON.parse(await readFile(path));
+  } catch (e) {
+    return {};  // bug: silently returns empty config instead of surfacing read/parse errors
+  }
+}
+
+export { getUserEmail, findUserByName, loadConfig };

package/package.json

@@ -0,0 +1,53 @@
+{
+  "name": "@ijfw/memory-server",
+  "version": "1.3.0",
+  "description": "Cross-platform persistent memory server for IJFW. 10 MCP tools (memory + admin/update). Works with 13 MCP-using platforms (Claude Code, Codex, Gemini CLI, Cursor, Windsurf, Copilot, Hermes, Wayland, OpenCode, QwenCode, Cline, KimiCode, OpenClaw) plus Aider via rules-only tier.",
+  "author": "Sean Donahoe",
+  "license": "MIT",
+  "type": "module",
+  "main": "src/server.js",
+  "bin": {
+    "ijfw-memory": "./bin/ijfw-memory",
+    "ijfw": "./bin/ijfw",
+    "ijfw-dispatch-plan": "./bin/ijfw-dispatch-plan"
+  },
+  "scripts": {
+    "start": "node src/server.js",
+    "dev": "node --watch src/server.js",
+    "test": "node test.js"
+  },
+  "engines": {
+    "node": ">=18.0.0"
+  },
+  "dependencies": {
+    "better-sqlite3": "^11.5.0"
+  },
+  "devDependencies": {
+    "ajv": "^8.12.0",
+    "ajv-formats": "^3.0.1"
+  },
+  "optionalDependencies": {
+    "@xenova/transformers": "^2.17.0"
+  },
+  "peerDependenciesMeta": {
+    "@xenova/transformers": {
+      "optional": true
+    }
+  },
+  "files": [
+    "bin/",
+    "src/",
+    "fixtures/",
+    "templates/"
+  ],
+  "keywords": [
+    "mcp",
+    "memory",
+    "ijfw",
+    "claude-code",
+    "codex",
+    "gemini",
+    "cursor",
+    "ai-efficiency"
+  ]
+}