@jhizzard/termdeck 0.6.0 → 0.6.2

package/README.md

@@ -81,7 +81,7 @@ What's excluded at this tier: **Flashback is silent**, the "Ask about this termi
 
 ### Tier 2 — Add Mnestra to light up Flashback
 
-Mnestra is a separate npm package — `@jhizzard/mnestra@0.2.0` — that ships a Postgres-backed persistent memory store with an MCP server, a webhook server, six search tools, and six SQL migrations. It can be consumed by TermDeck (for Flashback), by Claude Code (as an MCP memory layer), or by any tool that speaks the MCP protocol.
+Mnestra is a separate npm package — `@jhizzard/mnestra@0.2.1` — that ships a Postgres-backed persistent memory store with an MCP server, a webhook server, six search tools, and six SQL migrations. It can be consumed by TermDeck (for Flashback), by Claude Code (as an MCP memory layer), or by any tool that speaks the MCP protocol.
 
 To enable Flashback in TermDeck:
 
@@ -147,7 +147,7 @@ Restart Claude Code. Six MCP tools appear: `memory_remember`, `memory_recall`, `
 
 ### Tier 3 — Add Rumen for async learning
 
-Rumen is a separate npm package — `@jhizzard/rumen@0.4.5` — that ships as a Supabase Edge Function designed to run on a 15-minute `pg_cron` schedule. It's the async reflection layer over Mnestra: it reads recent session memories, cross-references them with your entire historical corpus via hybrid search, synthesizes insights via Claude Haiku, and writes the results back into `rumen_insights` (a new table alongside Mnestra's `memory_items`). TermDeck's Flashback and Claude Code's `memory_recall` both automatically benefit because insights flow back into the same database.
+Rumen is a separate npm package — `@jhizzard/rumen@0.4.3` — that ships as a Supabase Edge Function designed to run on a 15-minute `pg_cron` schedule. It's the async reflection layer over Mnestra: it reads recent session memories, cross-references them with your entire historical corpus via hybrid search, synthesizes insights via Claude Haiku, and writes the results back into `rumen_insights` (a new table alongside Mnestra's `memory_items`). TermDeck's Flashback and Claude Code's `memory_recall` both automatically benefit because insights flow back into the same database.
 
 **Rumen is live.** First full-kickstart run against a production Mnestra store on 2026-04-15 19:47 UTC: **111 sessions processed, 111 insights generated** in one pass. Insights surfaced patterns like "the error detection regex in Flashback misses `No such file or directory` — same class of blind spot as X" and "Practice sessions exist as a separate model but frontend components were built and never wired into the schedule view." The cognitive loop is closed.
 
@@ -171,7 +171,7 @@ Honest limits, stated upfront so the skeptic has nothing to chase:
 - **Not a replacement for reading docs.** It's the shortest path to a memory you already wrote. If the memory isn't there, the feature does nothing.
 - **Not fully local by default.** Tier 2+ reaches out to Supabase for storage and OpenAI for embeddings. Tier 1 is fully local. A fully-local Tier 2 (local Postgres + local embeddings) is on the roadmap.
 - **Not free forever.** Tier 2+ pays OpenAI fractions of a cent per memory for embeddings. Self-hosted embeddings via Ollama are on the roadmap.
-- **Not proven at scale.** v0.4.5, validated against 3,527 memories in one developer's production store. First full Rumen kickstart on 2026-04-15 processed 111 sessions into 111 insights in one pass. No multi-user data yet. Bug reports and issues welcome.
+- **Not proven at scale.** v0.6.1, validated against 4,590 memories in one developer's production store. The Rumen 2026-04-19 re-kickstart processed 166 sessions into 166 insights in ~5.5 minutes. No multi-user data yet. Bug reports and issues welcome.
 
 ---
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@jhizzard/termdeck",
-  "version": "0.6.0",
+  "version": "0.6.2",
   "description": "Browser-based terminal multiplexer with metadata overlays, panel flashback memory recall, and AI-aware session management",
   "bin": {
     "termdeck": "./packages/cli/src/index.js"

package/packages/cli/src/init-mnestra.js

@@ -13,7 +13,7 @@
 //
 // Flags:
 //   --help              Print usage and exit
-//   --yes               Accept defaults, skip confirmations (still prompts for secrets)
+//   --yes               Reserved (no-op as of v0.6.2 — wizard no longer asks "Proceed?" after secrets)
 //   --dry-run           Print what the wizard would do; don't touch the DB or filesystem
 //   --skip-verify       Skip the final memory_status_aggregation() check
 //
@@ -41,7 +41,7 @@ const HELP = [
   '',
   'Flags:',
   '  --help            Print this message and exit',
-  '  --yes             Assume "yes" on confirmations (still prompts for secret values)',
+  '  --yes             Reserved (no-op as of v0.6.2 — kept for forward compatibility)',
   '  --dry-run         Print the plan without touching the database or filesystem',
   '  --skip-verify     Skip the final memory_status_aggregation() sanity call',
   '',
@@ -129,14 +129,17 @@ async function collectInputs({ yes }) {
     }
   }
 
-  if (!yes) {
-    process.stdout.write('\n');
-    const go = await prompts.confirm(`Proceed with setup for project ${projectUrl.projectRef}?`);
-    if (!go) {
-      process.stdout.write('Cancelled.\n');
-      process.exit(0);
-    }
-  }
+  // No confirm here — the user already opted in by typing
+  // `termdeck init --mnestra` and supplying every secret. The previous
+  // confirm gate was the consistent failure point in Brad's reports
+  // (2026-04-25 twice + a third report after v0.6.1) on terminals that
+  // emit stray bytes (CRLF, ANSI cursor reports, paste-bracketing) which
+  // contaminated readline and made the confirm fast-resolve to "no" or
+  // an empty cancel. Migrations are `IF NOT EXISTS` so a re-run is safe;
+  // Ctrl-C still aborts cleanly. The `--yes` flag is preserved as a
+  // stable CLI surface for callers/scripts and for future use.
+  void yes;
+  process.stdout.write('\n');
 
   return {
     projectUrl,

package/packages/server/src/setup/prompts.js

@@ -105,13 +105,38 @@ async function askOptional(question, { validate } = {}) {
 // Secret prompt. On TTY we mute echo; on non-TTY we fall back to a visible
 // line read. Callers typically pass an empty string for `question` and write
 // their own label first.
+//
+// Reported as broken on MobaXterm SSH (Brad, 2026-04-25): the wizard would
+// abort after the Anthropic key prompt as if Ctrl-C were pressed. Three real
+// bugs hardened against here, all from the original raw-mode loop:
+//
+//   1. CRLF leak. When the terminal sends "\r\n" as a single chunk (Windows /
+//      MobaXterm Enter key), the original loop matched the "\r", resolved,
+//      and dropped the rest of the chunk on the floor. The trailing "\n"
+//      then surfaced through the next prompt's data path. Worst case the
+//      dropped chunk also contained  from a stray keystroke and the
+//      original SIGINT branch fired, killing the wizard mid-flow.
+//
+//   2. ANSI / escape-sequence pollution. Some terminals emit "[..."
+//      sequences for non-character events (focus changes, cursor reports,
+//      paste-bracketing). The old loop fed those bytes into the password
+//      buffer and echoed "*" for each one. We now consume escape sequences
+//      silently.
+//
+//   3. SIGINT during a secret prompt is now a soft cancel — return empty
+//      string, let the caller's shape validator re-prompt — instead of
+//      `process.kill`-ing the process. The hard-kill was masking the CRLF
+//      bug above and aborting the wizard from stray bytes.
+//
+// Carry-over bytes (anything in the chunk after the resolving "\r"/"\n")
+// are pushed back onto stdin via `stdin.unshift` so the next consumer
+// (readline, the next askSecret) reads from a clean stream. Regression
+// fixtures in tests/setup-prompts.test.js.
 async function askSecret(question) {
   if (!process.stdin.isTTY) {
     return ask(question);
   }
   if (question) process.stdout.write(`${question}: `);
-  // Raw-mode reader. Detach the shared readline for the duration so both
-  // consumers aren't racing on stdin 'data' events.
   return new Promise((resolve) => {
     if (rl) rl.pause();
     const stdin = process.stdin;
@@ -120,30 +145,78 @@ async function askSecret(question) {
     stdin.setEncoding('utf-8');
 
     let buffer = '';
+    let inEscape = false;
+    let escapeDepth = 0;
+
+    const cleanup = () => {
+      stdin.setRawMode(false);
+      stdin.removeListener('data', onData);
+      process.stdout.write('\n');
+      if (rl) rl.resume();
+    };
+
+    const carryOver = (chunk, fromIndex) => {
+      if (fromIndex >= chunk.length) return;
+      const tail = chunk.slice(fromIndex);
+      // Drop a single leading \n if we just consumed \r (CRLF pair already
+      // accounted for at the call site).
+      const trimmed = tail[0] === '\n' ? tail.slice(1) : tail;
+      if (trimmed.length > 0) {
+        try { stdin.unshift(Buffer.from(trimmed, 'utf-8')); } catch (_e) { /* unsupported on some Node versions */ }
+      }
+    };
+
     const onData = (chunk) => {
-      for (const ch of chunk) {
-        if (ch === '\n' || ch === '\r' || ch === '\u0004') {
-          stdin.setRawMode(false);
-          stdin.removeListener('data', onData);
-          process.stdout.write('\n');
-          if (rl) rl.resume();
+      for (let i = 0; i < chunk.length; i++) {
+        const ch = chunk[i];
+
+        // Bug #2: silently consume ANSI escape sequences. ESC (\u001b) starts one;
+        // we consume until a final byte (CSI: 0x40..0x7E) or run out of
+        // patience (16 bytes).
+        if (inEscape) {
+          escapeDepth++;
+          if ((escapeDepth === 1 && ch !== '[') ||
+              (escapeDepth > 1 && ch >= '@' && ch <= '~') ||
+              escapeDepth > 16) {
+            inEscape = false;
+            escapeDepth = 0;
+          }
+          continue;
+        }
+        if (ch === '') { inEscape = true; escapeDepth = 0; continue; }
+
+        // Line terminators — the resolve path. Bug #1 handled here via the
+        // explicit CRLF drain inside the same chunk.
+        if (ch === '\n' || ch === '\r' || ch === '') {
+          let consumeUpTo = i + 1;
+          if (ch === '\r' && chunk[i + 1] === '\n') consumeUpTo++;
+          cleanup();
+          carryOver(chunk, consumeUpTo);
           resolve(buffer);
           return;
         }
-        if (ch === '\u0003') {
-          stdin.setRawMode(false);
-          stdin.removeListener('data', onData);
-          process.stdout.write('\n');
-          process.kill(process.pid, 'SIGINT');
+
+        // Bug #3: Ctrl-C during a secret prompt → soft cancel, not SIGINT.
+        if (ch === '') {
+          cleanup();
+          carryOver(chunk, i + 1);
+          resolve('');
           return;
         }
-        if (ch === '\u007f' || ch === '\b') {
+
+        // Backspace / DEL.
+        if (ch === '' || ch === '\b') {
           if (buffer.length > 0) {
             buffer = buffer.slice(0, -1);
             process.stdout.write('\b \b');
           }
           continue;
         }
+
+        // Drop any other control character silently; never let them into
+        // the password buffer.
+        if (ch < ' ' && ch !== '\t') continue;
+
         buffer += ch;
         process.stdout.write('*');
       }