@jhizzard/termdeck 0.3.6 → 0.3.8

package/README.md

@@ -161,7 +161,7 @@ Honest limits, stated upfront so the skeptic has nothing to chase:
 - **Not a replacement for reading docs.** It's the shortest path to a memory you already wrote. If the memory isn't there, the feature does nothing.
 - **Not fully local by default.** Tier 2+ reaches out to Supabase for storage and OpenAI for embeddings. Tier 1 is fully local. A fully-local Tier 2 (local Postgres + local embeddings) is on the roadmap.
 - **Not free forever.** Tier 2+ pays OpenAI fractions of a cent per memory for embeddings. Self-hosted embeddings via Ollama are on the roadmap.
-- **Not proven at scale.** v0.3.5, validated against 3,527 memories in one developer's production store. First full Rumen kickstart on 2026-04-15 processed 111 sessions into 111 insights in one pass. No multi-user data yet. Bug reports and issues welcome.
+- **Not proven at scale.** v0.3.8, validated against 3,527 memories in one developer's production store. First full Rumen kickstart on 2026-04-15 processed 111 sessions into 111 insights in one pass. No multi-user data yet. Bug reports and issues welcome.
 
 ---
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@jhizzard/termdeck",
-  "version": "0.3.6",
+  "version": "0.3.8",
   "description": "Browser-based terminal multiplexer with metadata overlays, panel flashback memory recall, and AI-aware session management",
   "bin": {
     "termdeck": "./packages/cli/src/index.js"

package/packages/cli/src/index.js

@@ -106,10 +106,30 @@ const port = config.port || 3000;
 const host = config.host || '127.0.0.1';
 const url = `http://${host}:${port}`;
 
+// Bind guardrail: refuse non-loopback without auth token
+const LOOPBACK = new Set(['127.0.0.1', 'localhost', '::1']);
+if (!LOOPBACK.has(host)) {
+  const authToken = config.auth?.token || process.env.TERMDECK_AUTH_TOKEN;
+  if (!authToken) {
+    console.error('[security] Refusing to bind to ' + host + ' without auth.token set.');
+    console.error('[security] Set auth.token in ~/.termdeck/config.yaml or TERMDECK_AUTH_TOKEN env var.');
+    console.error('[security] To bind locally only, set host: 127.0.0.1 in config.yaml');
+    process.exit(1);
+  }
+}
+
 server.listen(port, host, async () => {
+  // Box inner width is 38 (count of ═ between ╔ and ╗). Center the title
+  // dynamically so the right border stays aligned regardless of version length.
+  const innerWidth = 38;
+  const version = require(path.join(__dirname, '..', '..', '..', 'package.json')).version;
+  const title = `TermDeck v${version}`;
+  const leftPad = Math.max(0, Math.floor((innerWidth - title.length) / 2));
+  const titleLine = ' '.repeat(leftPad) + title + ' '.repeat(Math.max(0, innerWidth - leftPad - title.length));
+
   console.log(`
   ╔══════════════════════════════════════╗
-  ║            TermDeck v0.2.0           ║
+  ║${titleLine}║
   ╠══════════════════════════════════════╣
   ║  ${url.padEnd(34)}  ║
   ║                                      ║

package/packages/client/public/app.js

@@ -517,17 +517,137 @@
       });
       toast.addEventListener('click', () => {
         dismiss();
-        focusSessionById(id);
-        // Open the Memory tab so the user lands directly on the hit list
-        const entry2 = state.sessions.get(id);
-        if (entry2 && (!entry2.drawerOpen || entry2.activeTab !== 'memory')) {
-          toggleDrawerTab(id, 'memory');
-        }
+        showFlashbackModal(hit, id);
       });
 
       toast._autoTimer = setTimeout(dismiss, 30000);
     }
 
+    // ===== Flashback modal (Sprint 16 T2) =====
+    let _flashbackModalEl = null;
+    let _flashbackKeyHandler = null;
+    let _flashbackPrevFocus = null;
+
+    function closeFlashbackModal() {
+      if (!_flashbackModalEl) return;
+      _flashbackModalEl.remove();
+      _flashbackModalEl = null;
+      if (_flashbackKeyHandler) {
+        document.removeEventListener('keydown', _flashbackKeyHandler);
+        _flashbackKeyHandler = null;
+      }
+      if (_flashbackPrevFocus && typeof _flashbackPrevFocus.focus === 'function') {
+        try { _flashbackPrevFocus.focus(); } catch {}
+      }
+      _flashbackPrevFocus = null;
+    }
+
+    function logFlashbackFeedback(hit, sessionId, verdict) {
+      // Fire-and-forget; no dedicated endpoint yet.
+      const payload = {
+        verdict,
+        sessionId: sessionId || null,
+        project: hit?.project || null,
+        sourceType: hit?.source_type || hit?.sourceType || null,
+        similarity: typeof hit?.similarity === 'number' ? hit.similarity : null,
+        contentPreview: (hit?.content || hit?.text || '').slice(0, 160),
+        at: new Date().toISOString(),
+      };
+      console.log('[flashback] feedback', payload);
+    }
+
+    function showFlashbackModal(hit, sessionId) {
+      // Replace any existing modal (new toast wins).
+      if (_flashbackModalEl) closeFlashbackModal();
+
+      _flashbackPrevFocus = document.activeElement;
+
+      const content = (hit?.content || hit?.text || '').trim();
+      const project = hit?.project || '';
+      const sourceType = hit?.source_type || hit?.sourceType || '';
+      const createdAt = hit?.created_at || hit?.createdAt || '';
+      const scoreNum = typeof hit?.similarity === 'number' ? hit.similarity : null;
+      const scorePct = scoreNum !== null ? `${(scoreNum * 100).toFixed(0)}%` : '';
+
+      const overlay = document.createElement('div');
+      overlay.className = 'flashback-modal open';
+      overlay.setAttribute('role', 'dialog');
+      overlay.setAttribute('aria-modal', 'true');
+      overlay.setAttribute('aria-labelledby', 'flashbackTitle');
+
+      const projectChip = project
+        ? `<span class="fb-chip fb-chip-project">${escapeHtml(project)}</span>`
+        : '';
+      const scoreChip = scorePct
+        ? `<span class="fb-chip fb-chip-score">${escapeHtml(scorePct)}</span>`
+        : '';
+      const sourceLine = sourceType
+        ? `<span class="fb-meta-item"><span class="fb-meta-label">source</span> ${escapeHtml(sourceType)}</span>`
+        : '';
+      const timeLine = createdAt
+        ? `<span class="fb-meta-item"><span class="fb-meta-label">when</span> ${escapeHtml(timeAgo(createdAt))}</span>`
+        : '';
+      const projectLine = project
+        ? `<span class="fb-meta-item"><span class="fb-meta-label">project</span> ${escapeHtml(project)}</span>`
+        : '';
+
+      overlay.innerHTML = `
+        <div class="fb-backdrop"></div>
+        <div class="fb-card" tabindex="-1">
+          <header>
+            <h3 id="flashbackTitle">
+              <span class="fb-title-text">Flashback — similar issue found</span>
+              <span class="fb-title-chips">${projectChip}${scoreChip}</span>
+            </h3>
+            <button class="fb-x" type="button" aria-label="Close">×</button>
+          </header>
+          <div class="fb-body">
+            <pre class="fb-content">${escapeHtml(content || '(empty memory)')}</pre>
+            <div class="fb-meta">
+              ${projectLine}
+              ${sourceLine}
+              ${timeLine}
+            </div>
+          </div>
+          <footer>
+            <div class="fb-feedback">
+              <button class="fb-btn fb-helped" type="button">This helped</button>
+              <button class="fb-btn fb-not-relevant" type="button">Not relevant</button>
+            </div>
+            <button class="fb-btn fb-dismiss" type="button">Dismiss</button>
+          </footer>
+        </div>
+      `;
+
+      document.body.appendChild(overlay);
+      _flashbackModalEl = overlay;
+
+      overlay.querySelector('.fb-backdrop').addEventListener('click', closeFlashbackModal);
+      overlay.querySelector('.fb-x').addEventListener('click', closeFlashbackModal);
+      overlay.querySelector('.fb-dismiss').addEventListener('click', closeFlashbackModal);
+      overlay.querySelector('.fb-helped').addEventListener('click', () => {
+        logFlashbackFeedback(hit, sessionId, 'helped');
+        closeFlashbackModal();
+      });
+      overlay.querySelector('.fb-not-relevant').addEventListener('click', () => {
+        logFlashbackFeedback(hit, sessionId, 'not_relevant');
+        closeFlashbackModal();
+      });
+
+      _flashbackKeyHandler = (e) => {
+        if (e.key === 'Escape') {
+          e.preventDefault();
+          closeFlashbackModal();
+        }
+      };
+      document.addEventListener('keydown', _flashbackKeyHandler);
+
+      setTimeout(() => {
+        const card = overlay.querySelector('.fb-card');
+        if (card) card.focus();
+      }, 30);
+    }
+
     // ===== Reply / send-to-terminal (T1.3) =====
     // Flip this to false to force the local-WS fallback even when the server
     // endpoint is available — handy for debugging.
@@ -2565,9 +2685,13 @@
     const TIER23_CHECKS = new Set(['mnestra_reachable', 'mnestra_has_memories', 'rumen_recent', 'database_url']);
 
     function filterChecksByTier(checks) {
-      const hasDb = checks.some(c => c.name === 'database_url' && c.passed);
-      if (hasDb) return checks; // full stack configured — show everything
-      // No DATABASE_URL: only show Tier 1 checks
+      // Show Tier 2/3 checks if DATABASE_URL was ATTEMPTED (exists in results),
+      // regardless of pass/fail. Only hide higher-tier checks when the user
+      // has no DATABASE_URL at all (detail says "not set").
+      const dbCheck = checks.find(c => c.name === 'database_url');
+      const dbConfigured = dbCheck && !/not set/i.test(dbCheck.detail || '');
+      if (dbConfigured) return checks; // full stack configured — show everything
+      // No DATABASE_URL configured: only show Tier 1 checks
       return checks.filter(c => TIER1_CHECKS.has(c.name));
     }
 

package/packages/client/public/style.css

@@ -1350,6 +1350,164 @@
       to { opacity: 1; transform: translateY(0); }
     }
 
+    /* ===== Flashback modal (Sprint 16 T2) ===== */
+    .flashback-modal {
+      display: none;
+      position: fixed;
+      inset: 0;
+      z-index: 3200;
+      align-items: center;
+      justify-content: center;
+    }
+    .flashback-modal.open { display: flex; }
+    .fb-backdrop {
+      position: absolute;
+      inset: 0;
+      background: rgba(0, 0, 0, 0.72);
+    }
+    .fb-card {
+      position: relative;
+      background: var(--tg-surface);
+      border: 1px solid var(--tg-accent-dim);
+      border-left: 3px solid var(--tg-purple);
+      border-radius: 10px;
+      width: 600px;
+      max-width: calc(100vw - 40px);
+      max-height: calc(100vh - 80px);
+      display: flex;
+      flex-direction: column;
+      box-shadow: 0 16px 48px rgba(0, 0, 0, 0.55);
+      font-family: var(--tg-sans);
+      color: var(--tg-text);
+      outline: none;
+      animation: fb-in 0.14s ease;
+    }
+    @keyframes fb-in {
+      from { opacity: 0; transform: translateY(4px); }
+      to   { opacity: 1; transform: translateY(0); }
+    }
+    .fb-card header {
+      display: flex;
+      align-items: flex-start;
+      gap: 10px;
+      padding: 14px 18px 10px;
+      border-bottom: 1px solid var(--tg-border);
+    }
+    .fb-card header h3 {
+      flex: 1;
+      margin: 0;
+      font-size: 13px;
+      font-weight: 600;
+      color: var(--tg-purple);
+      text-transform: uppercase;
+      letter-spacing: 0.5px;
+      display: flex;
+      flex-direction: column;
+      gap: 6px;
+    }
+    .fb-card header .fb-title-chips {
+      display: flex;
+      gap: 6px;
+      flex-wrap: wrap;
+    }
+    .fb-chip {
+      display: inline-block;
+      padding: 2px 8px;
+      border-radius: 8px;
+      font-size: 10px;
+      font-family: var(--tg-mono);
+      text-transform: none;
+      letter-spacing: 0;
+      background: var(--tg-bg);
+      border: 1px solid var(--tg-border);
+      color: var(--tg-text-dim);
+    }
+    .fb-chip-project {
+      color: var(--tg-accent);
+      border-color: var(--tg-accent-dim);
+    }
+    .fb-chip-score {
+      color: var(--tg-purple);
+      border-color: var(--tg-purple);
+    }
+    .fb-x {
+      background: none;
+      border: none;
+      color: var(--tg-text-dim);
+      cursor: pointer;
+      font-size: 20px;
+      line-height: 1;
+      padding: 0 4px;
+      margin-top: -2px;
+    }
+    .fb-x:hover { color: var(--tg-text); }
+    .fb-body {
+      flex: 1;
+      overflow-y: auto;
+      padding: 14px 18px;
+    }
+    .fb-content {
+      margin: 0 0 12px;
+      padding: 12px 14px;
+      background: var(--tg-bg);
+      border: 1px solid var(--tg-border);
+      border-radius: 6px;
+      font-family: var(--tg-mono);
+      font-size: 12px;
+      line-height: 1.5;
+      color: var(--tg-text);
+      white-space: pre-wrap;
+      word-break: break-word;
+      max-height: 320px;
+      overflow-y: auto;
+    }
+    .fb-meta {
+      display: flex;
+      flex-wrap: wrap;
+      gap: 10px 16px;
+      font-family: var(--tg-mono);
+      font-size: 10px;
+      color: var(--tg-text-dim);
+    }
+    .fb-meta-item { display: inline-flex; gap: 5px; align-items: center; }
+    .fb-meta-label {
+      text-transform: uppercase;
+      letter-spacing: 0.4px;
+      opacity: 0.7;
+    }
+    .fb-card footer {
+      padding: 10px 18px 14px;
+      border-top: 1px solid var(--tg-border);
+      display: flex;
+      justify-content: space-between;
+      gap: 10px;
+      flex-wrap: wrap;
+    }
+    .fb-feedback { display: flex; gap: 8px; flex-wrap: wrap; }
+    .fb-btn {
+      background: none;
+      border: 1px solid var(--tg-border);
+      color: var(--tg-text-dim);
+      font-family: var(--tg-mono);
+      font-size: 11px;
+      padding: 5px 14px;
+      border-radius: 3px;
+      cursor: pointer;
+      transition: color 0.12s, border-color 0.12s, background 0.12s;
+    }
+    .fb-btn:hover {
+      color: var(--tg-text);
+      border-color: var(--tg-border-active);
+    }
+    .fb-helped:hover {
+      color: var(--tg-green);
+      border-color: var(--tg-green);
+    }
+    .fb-not-relevant:hover {
+      color: var(--tg-red, #ff6b6b);
+      border-color: var(--tg-red, #ff6b6b);
+    }
+
     /* ===== Control dashboard (T1.6) ===== */
     .control-feed {
       display: none;

package/packages/server/src/index.js

@@ -585,11 +585,16 @@ function createServer(config) {
     const unseen = typeof req.query.unseen === 'string' &&
       /^(1|true|yes)$/i.test(req.query.unseen);
 
+    let minConfidence = parseFloat(req.query.minConfidence);
+    if (!Number.isFinite(minConfidence)) minConfidence = 0.15;
+    minConfidence = Math.max(0, Math.min(1, minConfidence));
+
     const where = [];
     const params = [];
     if (project) { params.push(project); where.push(`$${params.length} = ANY(projects)`); }
     if (since)   { params.push(since);   where.push(`created_at >= $${params.length}`); }
     if (unseen)  { where.push(`acted_upon = FALSE`); }
+    params.push(minConfidence); where.push(`confidence >= $${params.length}`);
     const whereSql = where.length ? `WHERE ${where.join(' AND ')}` : '';
 
     try {

package/packages/server/src/mnestra-bridge/index.js

@@ -9,6 +9,7 @@
 // Errors are thrown as plain Error objects; the caller maps them to HTTP responses.
 
 const { spawn } = require('child_process');
+const { resolveProjectName } = require('../rag');
 
 function createBridge(config) {
   const mode = config.rag?.mnestraMode || 'direct';
@@ -214,15 +215,27 @@ function createBridge(config) {
     }
   }
 
-  async function queryMnestra({ question, project, searchAll }) {
+  async function queryMnestra({ question, project, searchAll, sessionContext, cwd }) {
+    // Flashback callers pass the session's project (from config.yaml). If that
+    // slot is empty — e.g. a session created without an explicit project — fall
+    // back to resolving the session's cwd against config.projects so queries
+    // don't leak into unrelated repos via basename collisions.
+    let effectiveProject = project;
+    if (!effectiveProject) {
+      const ctxCwd = cwd || (sessionContext && sessionContext.cwd);
+      if (ctxCwd) {
+        effectiveProject = resolveProjectName(ctxCwd, config);
+      }
+    }
+
     switch (mode) {
       case 'webhook':
-        return queryWebhook({ question, project, searchAll });
+        return queryWebhook({ question, project: effectiveProject, searchAll });
       case 'mcp':
-        return queryMcp({ question, project, searchAll });
+        return queryMcp({ question, project: effectiveProject, searchAll });
       case 'direct':
       default:
-        return queryDirect({ question, project, searchAll });
+        return queryDirect({ question, project: effectiveProject, searchAll });
     }
   }
 

package/packages/server/src/rag.js

@@ -2,8 +2,44 @@
 // Layers: session → project → developer (cross-project)
 // Syncs to Supabase tables with configurable namespaces
 
+const path = require('path');
+const os = require('os');
 const { logRagEvent, getUnsyncedRagEvents, markRagEventsSynced } = require('./database');
 
+// Resolve a working directory to a canonical project name defined in
+// ~/.termdeck/config.yaml. Sessions without an explicit `project` field
+// otherwise end up tagged with raw directory segments (e.g. "chopin-nashville"
+// from ~/Documents/Graciella/ChopinNashville/...), which pollutes Mnestra
+// memory tagging across unrelated repos that share an ancestor folder.
+//
+// Strategy: walk config.projects and pick the entry whose resolved path is the
+// longest prefix of cwd (supports subdirectories of a registered project).
+// Fallback is the directory basename, which is still better than an arbitrary
+// mid-path segment.
+function resolveProjectName(cwd, config) {
+  if (!cwd) return null;
+
+  const cwdResolved = path.resolve(String(cwd).replace(/^~/, os.homedir()));
+  const projects = (config && config.projects) || {};
+
+  const entries = Object.entries(projects)
+    .map(([name, def]) => {
+      const rawPath = def && def.path;
+      if (!rawPath || typeof rawPath !== 'string') return null;
+      const resolved = path.resolve(rawPath.replace(/^~/, os.homedir()));
+      return { name, resolved };
+    })
+    .filter(Boolean)
+    .sort((a, b) => b.resolved.length - a.resolved.length);
+
+  for (const { name, resolved } of entries) {
+    if (cwdResolved === resolved) return name;
+    if (cwdResolved.startsWith(resolved + path.sep)) return name;
+  }
+
+  return path.basename(cwdResolved) || null;
+}
+
 class RAGIntegration {
   constructor(config, db) {
     this.config = config;
@@ -55,6 +91,13 @@ class RAGIntegration {
     }
   }
 
+  // Canonical project tag for a session. Prefers the explicit config.yaml name
+  // (set at session creation), falls back to cwd → config.projects resolution.
+  _projectFor(session) {
+    if (session.meta.project) return session.meta.project;
+    return resolveProjectName(session.meta.cwd, this.config);
+  }
+
   // Event types to record
   onSessionCreated(session) {
     this.record(session.id, 'session_created', {
@@ -62,7 +105,7 @@ class RAGIntegration {
       command: session.meta.command,
       cwd: session.meta.cwd,
       reason: session.meta.reason
-    }, session.meta.project);
+    }, this._projectFor(session));
   }
 
   onCommandExecuted(session, command, outputSnippet) {
@@ -70,7 +113,7 @@ class RAGIntegration {
       command,
       output_snippet: outputSnippet?.slice(0, 500), // Truncate for storage
       type: session.meta.type
-    }, session.meta.project);
+    }, this._projectFor(session));
   }
 
   onStatusChanged(session, oldStatus, newStatus) {
@@ -79,7 +122,7 @@ class RAGIntegration {
       to: newStatus,
       detail: session.meta.statusDetail,
       type: session.meta.type
-    }, session.meta.project);
+    }, this._projectFor(session));
   }
 
   onSessionEnded(session) {
@@ -88,7 +131,7 @@ class RAGIntegration {
       duration_ms: Date.now() - new Date(session.meta.createdAt).getTime(),
       command_count: session.meta.lastCommands.length,
       exit_code: session.meta.exitCode
-    }, session.meta.project);
+    }, this._projectFor(session));
   }
 
   onFileEdited(session, filepath, editType) {
@@ -96,7 +139,7 @@ class RAGIntegration {
       filepath,
       edit_type: editType,
       type: session.meta.type
-    }, session.meta.project);
+    }, this._projectFor(session));
   }
 
   // Circuit breaker check — returns true if pushes to this table are disabled
@@ -259,4 +302,4 @@ class RAGIntegration {
   }
 }
 
-module.exports = { RAGIntegration };
+module.exports = { RAGIntegration, resolveProjectName };

package/packages/server/src/session.js

@@ -55,7 +55,11 @@ const PATTERNS = {
   // tools (cat, ls, cd, rm, etc.) report filesystem misses in plain English
   // without ever emitting the ENOENT errno code. Flagged as a gap by Rumen's
   // first production kickstart insight on 2026-04-15.
-  error: /\b(error|Error|ERROR|exception|Exception|Traceback|fatal|FATAL|segmentation fault|panic|EACCES|ECONNREFUSED|ENOENT|command not found|undefined reference|cannot find module|failed with exit code|No such file or directory|Permission denied|\b5\d\d\b)\b/
+  error: /\b(error|Error|ERROR|exception|Exception|Traceback|fatal|FATAL|segmentation fault|panic|EACCES|ECONNREFUSED|ENOENT|command not found|undefined reference|cannot find module|failed with exit code|No such file or directory|Permission denied|\b5\d\d\b)\b/,
+  // Stricter line-anchored variant for Claude Code, whose tool output (grep
+  // results, test logs, file contents) routinely mentions "Error" mid-line
+  // without representing an actual failure of the agent itself.
+  errorLineStart: /^\s*(error|Error|ERROR|exception|Exception|Traceback|fatal|FATAL|segmentation fault|panic|EACCES|ECONNREFUSED|ENOENT|command not found|undefined reference|cannot find module|failed with exit code|No such file or directory|Permission denied)\b/m
 };
 
 class Session {
@@ -291,7 +295,20 @@ class Session {
   }
 
   _detectErrors(clean) {
-    if (!PATTERNS.error.test(clean)) return;
+    // After a clean PTY exit (code 0), the session has already completed
+    // successfully — index.js sets status='exited' / exitCode=0 in onExit.
+    // Trailing data events that contain error-like strings (Claude Code tool
+    // output, log tails) shouldn't retroactively flip the panel back to
+    // 'errored'. Real errors surface via non-zero exit codes.
+    if (this.meta.exitCode === 0) return;
+
+    // Claude Code's tool output frequently contains "error"/"Error" mid-line
+    // (grep matches, test results, log dumps). Use a line-anchored pattern
+    // for that session type so we don't flag content as failure.
+    const pattern = this.meta.type === 'claude-code'
+      ? PATTERNS.errorLineStart
+      : PATTERNS.error;
+    if (!pattern.test(clean)) return;
 
     const oldStatus = this.meta.status;
     this.meta.status = 'errored';