@kairos-sdk/core 0.4.5 → 0.5.1

package/dist/{chunk-6IXW3WCC.js → chunk-VPPWTMRJ.js}

@@ -1,6 +1,12 @@
 // src/utils/uuid.ts
 function generateUUID() {
-  return crypto.randomUUID();
+  if (typeof crypto !== "undefined" && typeof crypto.randomUUID === "function") {
+    return crypto.randomUUID();
+  }
+  return "xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx".replace(/[xy]/g, (c) => {
+    const r = Math.random() * 16 | 0;
+    return (c === "x" ? r : r & 3 | 8).toString(16);
+  });
 }
 
 // src/errors/base.ts
@@ -34,7 +40,26 @@ var ProviderError = class extends KairosError {
   }
 };
 
+// src/errors/guard-error.ts
+var GuardError = class extends KairosError {
+  constructor(message) {
+    super(message);
+    this.name = "GuardError";
+  }
+};
+
 // src/utils/retry.ts
+function isTransientNetworkError(err) {
+  const TRANSIENT_CODES = /* @__PURE__ */ new Set(["ECONNRESET", "ETIMEDOUT", "ECONNREFUSED", "ENOTFOUND", "ECONNABORTED"]);
+  let current = err;
+  for (let i = 0; i < 4; i++) {
+    if (current === null || typeof current !== "object") break;
+    const code = current.code;
+    if (typeof code === "string" && TRANSIENT_CODES.has(code)) return true;
+    current = current.cause;
+  }
+  return false;
+}
 async function withRetry(fn, maxAttempts, delayMs, shouldRetry) {
   let lastError;
   for (let attempt = 0; attempt < maxAttempts; attempt++) {
@@ -59,6 +84,7 @@ function fetchWithTimeout(url, init, timeoutMs) {
 
 // src/providers/n8n/api-client.ts
 var EXECUTION_LIMIT_CAP = 100;
+var N8N_API_PAGE_SIZE = 250;
 var REQUEST_TIMEOUT_MS = 3e4;
 var RETRY_ATTEMPTS = 3;
 var RETRY_DELAY_MS = 1e3;
@@ -67,6 +93,17 @@ var N8nApiClient = class {
     this.baseUrl = baseUrl;
     this.apiKey = apiKey;
     this.logger = logger;
+    if (!baseUrl || typeof baseUrl !== "string") {
+      throw new GuardError("N8nApiClient: baseUrl must be a non-empty string");
+    }
+    try {
+      new URL(baseUrl);
+    } catch {
+      throw new GuardError(`N8nApiClient: baseUrl is not a valid URL: "${baseUrl}"`);
+    }
+    if (!apiKey || typeof apiKey !== "string") {
+      throw new GuardError("N8nApiClient: apiKey must be a non-empty string");
+    }
   }
   baseUrl;
   apiKey;
@@ -76,7 +113,12 @@ var N8nApiClient = class {
     this.logger.debug(`n8n ${method} ${path}`);
     const isSafe = method === "GET";
     if (!isSafe) {
-      return this.singleRequest(url, method, path, body);
+      return withRetry(
+        () => this.singleRequest(url, method, path, body),
+        2,
+        RETRY_DELAY_MS,
+        isTransientNetworkError
+      );
     }
     return withRetry(
       () => this.singleRequest(url, method, path, body),
@@ -131,7 +173,7 @@ var N8nApiClient = class {
   }
   async listWorkflows() {
     const all = [];
-    let path = "/workflows?limit=250";
+    let path = `/workflows?limit=${N8N_API_PAGE_SIZE}`;
     for (; ; ) {
       const response = await this.request("GET", path);
       for (const w of response.data) {
@@ -145,7 +187,7 @@ var N8nApiClient = class {
         });
       }
       if (!response.nextCursor) break;
-      path = `/workflows?limit=250&cursor=${response.nextCursor}`;
+      path = `/workflows?limit=${N8N_API_PAGE_SIZE}&cursor=${response.nextCursor}`;
     }
     return all;
   }
@@ -175,14 +217,14 @@ var N8nApiClient = class {
   }
   async listTags() {
     const all = [];
-    let path = "/tags?limit=250";
+    let path = `/tags?limit=${N8N_API_PAGE_SIZE}`;
     for (; ; ) {
       const response = await this.request("GET", path);
       for (const t of response.data) {
         all.push({ id: t.id, name: t.name });
       }
       if (!response.nextCursor) break;
-      path = `/tags?limit=250&cursor=${response.nextCursor}`;
+      path = `/tags?limit=${N8N_API_PAGE_SIZE}&cursor=${response.nextCursor}`;
     }
     return all;
   }
@@ -206,6 +248,32 @@ var N8nApiClient = class {
       return [];
     }
   }
+  async triggerManual(workflowId) {
+    const raw = await this.request("POST", `/workflows/${workflowId}/run`);
+    const inner = raw["data"];
+    const execId = inner?.["executionId"] ?? raw["executionId"];
+    if (execId === void 0 || execId === null) {
+      throw new ProviderError(
+        `n8n trigger response missing executionId \u2014 got: ${JSON.stringify(raw)}`
+      );
+    }
+    return String(execId);
+  }
+  async triggerWebhookTest(path) {
+    const cleanPath = path.startsWith("/") ? path : `/${path}`;
+    const url = `${this.baseUrl.replace(/\/$/, "")}/webhook-test${cleanPath}`;
+    this.logger.debug(`n8n POST webhook-test ${cleanPath}`);
+    try {
+      const response = await fetchWithTimeout(
+        url,
+        { method: "POST", headers: { "Content-Type": "application/json" }, body: JSON.stringify({}) },
+        REQUEST_TIMEOUT_MS
+      );
+      return response.status;
+    } catch (err) {
+      throw new ProviderError(`Webhook test request failed for path "${path}"`, err);
+    }
+  }
   mapExecution(e) {
     return {
       id: e.id,
@@ -353,6 +421,14 @@ var NodeRegistry = class {
     if (!def) return true;
     return def.safeTypeVersions.includes(version);
   }
+  // Returns true when the version is a positive integer greater than the highest
+  // known safe version — indicates a newer release rather than a bad value.
+  isVersionNewer(type, version) {
+    const def = this.byType.get(type);
+    if (!def || def.safeTypeVersions.length === 0) return false;
+    const max = Math.max(...def.safeTypeVersions);
+    return Number.isInteger(version) && version > max;
+  }
   getRequiredParams(type) {
     return this.byType.get(type)?.requiredParams ?? [];
   }
@@ -405,6 +481,14 @@ var N8nValidator = class {
     this.checkRule24(workflow, issues);
     this.checkRule25(workflow, issues);
     this.checkRule26(workflow, issues);
+    this.checkRule27(workflow, issues);
+    this.checkRule28(workflow, issues);
+    this.checkRule29(workflow, issues);
+    this.checkRule30(workflow, issues);
+    this.checkRule31(workflow, issues);
+    this.checkRule32(workflow, issues);
+    this.checkRule33(workflow, issues);
+    this.checkRule34(workflow, issues);
     if (Array.isArray(workflow.nodes)) {
       const nodeById = new Map(workflow.nodes.map((n) => [n.id, n.type]));
       for (const issue of issues) {
@@ -656,19 +740,22 @@ var N8nValidator = class {
       }
     }
   }
-  // Rule 19 (WARN): typeVersion is within known safe range for registered node types
+  // Rule 19 (WARN): typeVersion is within known safe range for registered node types.
+  // In lenient mode (KAIROS_REGISTRY_STRICT != 'true'), versions higher than the known
+  // max are allowed — they likely represent newer n8n releases Kairos hasn't catalogued yet.
   checkRule19(w, issues) {
     if (!Array.isArray(w.nodes)) return;
+    const strict = process.env["KAIROS_REGISTRY_STRICT"] === "true";
     for (const node of w.nodes) {
       if (typeof node.type !== "string" || typeof node.typeVersion !== "number") continue;
-      if (!this.registry.isVersionSafe(node.type, node.typeVersion)) {
-        this.warn(
-          issues,
-          19,
-          `Node "${node.name}" uses typeVersion ${node.typeVersion} for type "${node.type}" which is not in the known safe list`,
-          node.id
-        );
-      }
+      if (this.registry.isVersionSafe(node.type, node.typeVersion)) continue;
+      if (!strict && this.registry.isVersionNewer(node.type, node.typeVersion)) continue;
+      this.warn(
+        issues,
+        19,
+        `Node "${node.name}" uses typeVersion ${node.typeVersion} for type "${node.type}" which is not in the known safe list`,
+        node.id
+      );
     }
   }
   // Rule 20 (WARN): cycle detection — no node should be reachable from itself
@@ -717,6 +804,27 @@ var N8nValidator = class {
       }
     }
   }
+  // Rule 21 (WARN): webhook with responseMode="responseNode" must have respondToWebhook node
+  checkRule21(w, issues) {
+    if (!Array.isArray(w.nodes)) return;
+    const webhooksNeedingResponse = w.nodes.filter((n) => {
+      if (!n.type.includes("webhook")) return false;
+      const params = n.parameters;
+      return params?.responseMode === "responseNode";
+    });
+    if (webhooksNeedingResponse.length === 0) return;
+    const hasRespondNode = w.nodes.some((n) => n.type.includes("respondToWebhook"));
+    if (!hasRespondNode) {
+      for (const wh of webhooksNeedingResponse) {
+        this.warn(
+          issues,
+          21,
+          `Webhook "${wh.name}" uses responseMode "responseNode" but no respondToWebhook node exists in the workflow`,
+          wh.id
+        );
+      }
+    }
+  }
   // Rule 22 (WARN): check requiredParams from registry
   checkRule22(w, issues) {
     if (!Array.isArray(w.nodes)) return;
@@ -825,23 +933,162 @@ var N8nValidator = class {
     walk(params);
     return expressions;
   }
-  // Rule 21 (WARN): webhook with responseMode="responseNode" must have respondToWebhook node
-  checkRule21(w, issues) {
+  // Rule 27 (WARN): httpRequest URL is a placeholder
+  checkRule27(w, issues) {
     if (!Array.isArray(w.nodes)) return;
-    const webhooksNeedingResponse = w.nodes.filter((n) => {
-      if (!n.type.includes("webhook")) return false;
-      const params = n.parameters;
-      return params?.responseMode === "responseNode";
-    });
-    if (webhooksNeedingResponse.length === 0) return;
-    const hasRespondNode = w.nodes.some((n) => n.type.includes("respondToWebhook"));
-    if (!hasRespondNode) {
-      for (const wh of webhooksNeedingResponse) {
+    const PLACEHOLDER_RE = [
+      /^https?:\/\/example\.com/i,
+      /your[-_]?(api[-_]?)?url/i,
+      /^https?:\/\/$/,
+      /^<.+>$/,
+      /placeholder/i
+    ];
+    for (const node of w.nodes) {
+      if (node.type !== "n8n-nodes-base.httpRequest") continue;
+      const params = node.parameters;
+      const url = params?.["url"];
+      if (typeof url !== "string" || url.trim() === "") continue;
+      if (PLACEHOLDER_RE.some((re) => re.test(url.trim()))) {
         this.warn(
           issues,
-          21,
-          `Webhook "${wh.name}" uses responseMode "responseNode" but no respondToWebhook node exists in the workflow`,
-          wh.id
+          27,
+          `Node "${node.name}" httpRequest URL appears to be a placeholder: "${url}" \u2014 replace with your actual endpoint`,
+          node.id
+        );
+      }
+    }
+  }
+  // Rule 28 (WARN): code node with empty or comment-only code
+  checkRule28(w, issues) {
+    if (!Array.isArray(w.nodes)) return;
+    for (const node of w.nodes) {
+      if (node.type !== "n8n-nodes-base.code") continue;
+      const params = node.parameters;
+      const jsCode = typeof params?.["jsCode"] === "string" ? params["jsCode"] : "";
+      const pythonCode = typeof params?.["pythonCode"] === "string" ? params["pythonCode"] : "";
+      const code = jsCode || pythonCode;
+      const stripped = code.replace(/\/\/[^\n]*/g, "").replace(/\/\*[\s\S]*?\*\//g, "").replace(/#[^\n]*/g, "").trim();
+      if (!stripped) {
+        this.warn(issues, 28, `Node "${node.name}" code node has no executable code`, node.id);
+      }
+    }
+  }
+  // Rule 29 (WARN): slack node message operation missing channel
+  checkRule29(w, issues) {
+    if (!Array.isArray(w.nodes)) return;
+    for (const node of w.nodes) {
+      if (node.type !== "n8n-nodes-base.slack") continue;
+      const params = node.parameters;
+      const resource = params?.["resource"];
+      const operation = params?.["operation"];
+      const isMessageOp = resource === "message" || operation === "sendMessage" || operation === "post";
+      if (!isMessageOp) continue;
+      const channel = params?.["channel"] ?? params?.["channelId"];
+      const rlValue = typeof channel === "object" && channel !== null ? channel["value"] : void 0;
+      const isEmpty = channel === void 0 || channel === null || typeof channel === "string" && channel.trim() === "" || typeof channel === "object" && (!rlValue || typeof rlValue === "string" && rlValue.trim() === "");
+      if (isEmpty) {
+        this.warn(issues, 29, `Node "${node.name}" Slack message has no channel specified`, node.id);
+      }
+    }
+  }
+  // Rule 30 (WARN): gmail node send operation missing recipient
+  checkRule30(w, issues) {
+    if (!Array.isArray(w.nodes)) return;
+    for (const node of w.nodes) {
+      if (node.type !== "n8n-nodes-base.gmail") continue;
+      const params = node.parameters;
+      const operation = params?.["operation"];
+      if (operation !== "send") continue;
+      const to = params?.["to"] ?? params?.["toList"];
+      const isEmpty = to === void 0 || to === null || typeof to === "string" && to.trim() === "" || Array.isArray(to) && to.length === 0;
+      if (isEmpty) {
+        this.warn(issues, 30, `Node "${node.name}" gmail send has no recipient (to) specified`, node.id);
+      }
+    }
+  }
+  // Rule 31 (WARN): if node with empty conditions
+  checkRule31(w, issues) {
+    if (!Array.isArray(w.nodes)) return;
+    for (const node of w.nodes) {
+      if (node.type !== "n8n-nodes-base.if") continue;
+      const params = node.parameters;
+      const conditions = params?.["conditions"];
+      if (conditions === void 0 || conditions === null) {
+        this.warn(issues, 31, `Node "${node.name}" if node has no conditions defined`, node.id);
+        continue;
+      }
+      if (typeof conditions === "object" && !Array.isArray(conditions)) {
+        const conds = conditions["conditions"];
+        if (!Array.isArray(conds) || conds.length === 0) {
+          this.warn(issues, 31, `Node "${node.name}" if node conditions array is empty`, node.id);
+        }
+      } else if (Array.isArray(conditions) && conditions.length === 0) {
+        this.warn(issues, 31, `Node "${node.name}" if node conditions array is empty`, node.id);
+      }
+    }
+  }
+  // Rule 32 (WARN): set node with no assignments
+  checkRule32(w, issues) {
+    if (!Array.isArray(w.nodes)) return;
+    for (const node of w.nodes) {
+      if (node.type !== "n8n-nodes-base.set") continue;
+      const params = node.parameters;
+      const assignmentsObj = params?.["assignments"];
+      const assignmentsArr = assignmentsObj?.["assignments"];
+      const valuesObj = params?.["values"];
+      const hasV1 = valuesObj && Object.values(valuesObj).some((v) => Array.isArray(v) && v.length > 0);
+      const hasV3 = Array.isArray(assignmentsArr) && assignmentsArr.length > 0;
+      if (!hasV1 && !hasV3) {
+        this.warn(
+          issues,
+          32,
+          `Node "${node.name}" set node has no fields defined \u2014 it will pass data through unchanged`,
+          node.id
+        );
+      }
+    }
+  }
+  // Rule 33 (WARN): scheduleTrigger with no schedule rules
+  checkRule33(w, issues) {
+    if (!Array.isArray(w.nodes)) return;
+    for (const node of w.nodes) {
+      if (node.type !== "n8n-nodes-base.scheduleTrigger") continue;
+      const params = node.parameters;
+      const rule = params?.["rule"];
+      const intervals = rule?.["interval"];
+      if (!Array.isArray(intervals) || intervals.length === 0) {
+        this.warn(issues, 33, `Node "${node.name}" scheduleTrigger has no schedule rules defined`, node.id);
+      }
+    }
+  }
+  // Rule 34 (WARN): webhook path contains spaces, starts with slash, or looks like a full URL
+  checkRule34(w, issues) {
+    if (!Array.isArray(w.nodes)) return;
+    for (const node of w.nodes) {
+      if (node.type !== "n8n-nodes-base.webhook") continue;
+      const params = node.parameters;
+      const path = params?.["path"];
+      if (typeof path !== "string") continue;
+      if (/\s/.test(path)) {
+        this.warn(
+          issues,
+          34,
+          `Node "${node.name}" webhook path contains spaces: "${path}" \u2014 use hyphens or underscores instead`,
+          node.id
+        );
+      } else if (/^https?:\/\//i.test(path)) {
+        this.warn(
+          issues,
+          34,
+          `Node "${node.name}" webhook path looks like a full URL \u2014 it should be a relative path (e.g. "my-hook")`,
+          node.id
+        );
+      } else if (path.startsWith("/")) {
+        this.warn(
+          issues,
+          34,
+          `Node "${node.name}" webhook path starts with "/" \u2014 n8n adds the leading slash automatically`,
+          node.id
         );
       }
     }
@@ -943,19 +1190,20 @@ var TelemetryReader = class {
     }
     const events = await this.readRecentEvents(days);
     const buildSessions = new Set(
-      events.filter((e) => e.eventType === "build_complete").map((e) => e.sessionId)
+      events.filter((e) => e.eventType === "build_complete").map((e) => e.runId ?? e.sessionId)
     );
     const MIN_BUILDS_FOR_RATES = 3;
     if (buildSessions.size < MIN_BUILDS_FOR_RATES) return [];
     const ruleSessions = /* @__PURE__ */ new Map();
     for (const event of events) {
       if (event.eventType !== "generation_attempt") continue;
-      if (!buildSessions.has(event.sessionId)) continue;
+      const eventKey = event.runId ?? event.sessionId;
+      if (!buildSessions.has(eventKey)) continue;
       const data = event.data;
       if (data.validationPassed || !data.issues) continue;
       for (const issue of data.issues) {
         const entry = ruleSessions.get(issue.rule) ?? { sessions: /* @__PURE__ */ new Set(), messages: /* @__PURE__ */ new Map() };
-        entry.sessions.add(event.sessionId);
+        entry.sessions.add(eventKey);
         entry.messages.set(issue.message, (entry.messages.get(issue.message) ?? 0) + 1);
         ruleSessions.set(issue.rule, entry);
       }
@@ -994,7 +1242,7 @@ import { join as join4 } from "path";
 import { homedir as homedir3 } from "os";
 
 // src/validation/rule-metadata.ts
-var VALIDATOR_RULE_IDS = Array.from({ length: 26 }, (_, i) => i + 1);
+var VALIDATOR_RULE_IDS = Array.from({ length: 34 }, (_, i) => i + 1);
 var RULE_PIPELINE_STAGES = {
   1: "node_generation",
   2: "node_generation",
@@ -1021,7 +1269,15 @@ var RULE_PIPELINE_STAGES = {
   23: "node_generation",
   24: "expression_syntax",
   25: "expression_syntax",
-  26: "expression_syntax"
+  26: "expression_syntax",
+  27: "node_generation",
+  28: "node_generation",
+  29: "node_generation",
+  30: "node_generation",
+  31: "node_generation",
+  32: "node_generation",
+  33: "node_generation",
+  34: "node_generation"
 };
 var RULE_EXAMPLES = {
   17: {
@@ -1039,6 +1295,38 @@ var RULE_EXAMPLES = {
   26: {
     bad: "$('Fetch Data').json.email",
     good: "$('Fetch Data').first().json.email"
+  },
+  27: {
+    bad: '"url": "https://example.com/api/data"',
+    good: '"url": "https://api.yourservice.com/v1/endpoint"'
+  },
+  28: {
+    bad: '"jsCode": "// TODO: implement this"',
+    good: '"jsCode": "return items.map(item => ({ json: { result: item.json.value * 2 } }))"'
+  },
+  29: {
+    bad: '"channelId": ""',
+    good: '"channelId": { "__rl": true, "value": "C0123456789", "mode": "id" }'
+  },
+  30: {
+    bad: '"operation": "send", "to": ""',
+    good: '"operation": "send", "to": "recipient@example.com"'
+  },
+  31: {
+    bad: '"conditions": { "combinator": "and", "conditions": [] }',
+    good: '"conditions": { "combinator": "and", "conditions": [{ "leftValue": "={{ $json.status }}", "rightValue": "active", "operator": { "type": "string", "operation": "equals" } }] }'
+  },
+  32: {
+    bad: '"assignments": { "assignments": [] }',
+    good: '"assignments": { "assignments": [{ "id": "f1", "name": "status", "value": "processed", "type": "string" }] }'
+  },
+  33: {
+    bad: '"rule": { "interval": [] }',
+    good: '"rule": { "interval": [{ "field": "cronExpression", "expression": "0 9 * * 1-5" }] }'
+  },
+  34: {
+    bad: '"path": "/my webhook"',
+    good: '"path": "my-webhook"'
   }
 };
 var RULE_MITIGATIONS = {
@@ -1067,7 +1355,15 @@ var RULE_MITIGATIONS = {
   23: "Use node types that exist in the n8n registry \u2014 check with kairos_sync",
   24: 'Use modern accessor syntax: $("NodeName").item.json.field instead of deprecated $node["NodeName"].json.field',
   25: "Access item fields directly with $json.field \u2014 n8n flattens items automatically, do not use $json.items[0]",
-  26: 'Use $("NodeName").first().json.field or $("NodeName").all() \u2014 bare $("NodeName").json without .first() or .all() throws at runtime'
+  26: 'Use $("NodeName").first().json.field or $("NodeName").all() \u2014 bare $("NodeName").json without .first() or .all() throws at runtime',
+  27: 'Replace placeholder URLs with your actual API endpoint \u2014 do not use "example.com" or "YOUR_URL" patterns',
+  28: "Add executable code to the code node \u2014 empty or comment-only code nodes do nothing at runtime",
+  29: "Set the channel parameter for Slack message operations (channelId with __rl object, or channel as string)",
+  30: "Set the to parameter for Gmail send operations with at least one recipient email address",
+  31: "Add at least one condition to the if node \u2014 conditions.conditions array must be non-empty",
+  32: "Add field assignments to the set node \u2014 assignments.assignments array must be non-empty for typeVersion 3.x",
+  33: "Add at least one schedule rule to scheduleTrigger \u2014 rule.interval array must have at least one entry",
+  34: 'Webhook path must be a relative path without spaces, leading slashes, or protocol prefixes (e.g. "my-hook")'
 };
 
 // src/telemetry/pattern-analyzer.ts
@@ -1076,22 +1372,24 @@ var PatternAnalyzer = class _PatternAnalyzer {
   telemetryDir;
   outputDir;
   _cachedEvents = null;
+  _cachedPreviousPatterns = null;
   constructor(telemetryDir) {
     const defaultDir = join4(homedir3(), ".kairos", "telemetry");
     this.telemetryDir = telemetryDir ?? defaultDir;
     this.outputDir = telemetryDir ? join4(telemetryDir, "..") : join4(homedir3(), ".kairos");
   }
   async loadPreviousPatterns() {
+    if (this._cachedPreviousPatterns !== null) return this._cachedPreviousPatterns;
     try {
       const raw = await fsReadFile(join4(this.outputDir, "patterns.json"), "utf-8");
       const prev = JSON.parse(raw);
       const version = prev.schemaVersion ?? 0;
       const patterns = prev.topFailureRules ?? [];
-      if (version === PATTERN_SCHEMA_VERSION) return patterns;
-      return this.migratePatterns(patterns, version);
+      this._cachedPreviousPatterns = version === PATTERN_SCHEMA_VERSION ? patterns : this.migratePatterns(patterns, version);
     } catch {
-      return [];
+      this._cachedPreviousPatterns = [];
     }
+    return this._cachedPreviousPatterns;
   }
   migratePatterns(patterns, fromVersion) {
     let migrated = patterns;
@@ -1123,7 +1421,7 @@ var PatternAnalyzer = class _PatternAnalyzer {
     this._cachedEvents = events;
     const starts = events.filter((e) => e.eventType === "build_start");
     const attempts = events.filter((e) => e.eventType === "generation_attempt");
-    const passed = attempts.filter(
+    const _passed = attempts.filter(
       (a) => a.data.validationPassed === true
     );
     const failed = attempts.filter(
@@ -1391,6 +1689,7 @@ var PatternAnalyzer = class _PatternAnalyzer {
     const tmpPath = `${outputPath}.tmp`;
     await writeFile(tmpPath, JSON.stringify(analysis, null, 2), "utf-8");
     await rename(tmpPath, outputPath);
+    this._cachedPreviousPatterns = null;
     const historySummary = {
       timestamp: analysis.generatedAt,
       totalBuilds: analysis.summary.totalBuilds,
@@ -1439,7 +1738,7 @@ var PatternAnalyzer = class _PatternAnalyzer {
         })
       ));
       return {
-        sessionId: bc.sessionId,
+        sessionId: bc.runId ?? bc.sessionId,
         date: bc.fileDate,
         description: data.description ?? "",
         workflowType: data.workflowType ?? null,
@@ -1472,7 +1771,7 @@ var PatternAnalyzer = class _PatternAnalyzer {
         alerts.push({
           type: "stale_pattern",
           rule: p.rule,
-          message: `Pattern references Rule ${p.rule} which does not exist in the current validator (rules 1-26)`
+          message: `Pattern references Rule ${p.rule} which does not exist in the current validator (rules 1-34)`
         });
       }
     }
@@ -1560,12 +1859,32 @@ var nullLogger = {
 };
 
 // src/library/scorer.ts
-var WEIGHTS = {
-  tfidf: 0.35,
-  nodeFingerprint: 0.3,
-  outcome: 0.2,
-  deploy: 0.15
-};
+function loadWeights() {
+  const raw = {
+    tfidf: parseFloat(process.env["KAIROS_WEIGHT_TFIDF"] ?? ""),
+    nodeFingerprint: parseFloat(process.env["KAIROS_WEIGHT_JACCARD"] ?? ""),
+    outcome: parseFloat(process.env["KAIROS_WEIGHT_OUTCOME"] ?? ""),
+    deploy: parseFloat(process.env["KAIROS_WEIGHT_DEPLOY"] ?? "")
+  };
+  const defaults = { tfidf: 0.35, nodeFingerprint: 0.3, outcome: 0.2, deploy: 0.15 };
+  const anySet = Object.values(raw).some((v) => !isNaN(v) && v >= 0);
+  if (!anySet) return defaults;
+  const w = {
+    tfidf: !isNaN(raw.tfidf) && raw.tfidf >= 0 ? raw.tfidf : defaults.tfidf,
+    nodeFingerprint: !isNaN(raw.nodeFingerprint) && raw.nodeFingerprint >= 0 ? raw.nodeFingerprint : defaults.nodeFingerprint,
+    outcome: !isNaN(raw.outcome) && raw.outcome >= 0 ? raw.outcome : defaults.outcome,
+    deploy: !isNaN(raw.deploy) && raw.deploy >= 0 ? raw.deploy : defaults.deploy
+  };
+  const total = w.tfidf + w.nodeFingerprint + w.outcome + w.deploy;
+  if (total <= 0) return defaults;
+  return {
+    tfidf: w.tfidf / total,
+    nodeFingerprint: w.nodeFingerprint / total,
+    outcome: w.outcome / total,
+    deploy: w.deploy / total
+  };
+}
+var WEIGHTS = loadWeights();
 var NODE_KEYWORDS = {
   slack: ["slack", "slackApi"],
   email: ["gmail", "sendEmail", "emailSend", "emailReadImap"],
@@ -1750,6 +2069,8 @@ function clusterWorkflows(workflows) {
   }
   return clusters.sort((a, b) => b.members.length - a.members.length);
 }
+var NOVELTY_BOOST = 0.05;
+var NOVELTY_PENALTY = 0.03;
 function rerank(candidates, clusters) {
   const clusterMap = /* @__PURE__ */ new Map();
   for (const cluster of clusters) {
@@ -1757,7 +2078,7 @@ function rerank(candidates, clusters) {
       clusterMap.set(member.id, cluster);
     }
   }
-  return candidates.map((c) => {
+  const pass1 = candidates.map((c) => {
     const cluster = clusterMap.get(c.workflow.id);
     let boost = 0;
     if (cluster && cluster.avgFirstTryPassRate > 0) {
@@ -1769,13 +2090,31 @@ function rerank(candidates, clusters) {
     return {
       workflow: c.workflow,
       score: Math.max(0, Math.min(1, c.score + boost)),
-      ...cluster ? { clusterPattern: cluster.pattern } : {}
+      cluster
+    };
+  }).sort((a, b) => b.score - a.score);
+  const seenFingerprints = /* @__PURE__ */ new Set();
+  return pass1.map((c) => {
+    const fpKey = c.cluster ? fingerprintKey(c.cluster.fingerprint) : null;
+    let noveltyAdjust = 0;
+    if (fpKey !== null) {
+      if (!seenFingerprints.has(fpKey)) {
+        seenFingerprints.add(fpKey);
+        noveltyAdjust = NOVELTY_BOOST;
+      } else {
+        noveltyAdjust = -NOVELTY_PENALTY;
+      }
+    }
+    return {
+      workflow: c.workflow,
+      score: Math.max(0, Math.min(1, c.score + noveltyAdjust)),
+      ...c.cluster ? { clusterPattern: c.cluster.pattern } : {}
     };
   }).sort((a, b) => b.score - a.score);
 }
 
 // src/library/file-library.ts
-import { readFile, writeFile as writeFile2, rename as rename2, mkdir as mkdir3, stat } from "fs/promises";
+import { readFile, writeFile as writeFile2, rename as rename2, mkdir as mkdir3, stat, readdir as readdir2, unlink, open } from "fs/promises";
 import { join as join5 } from "path";
 import { homedir as homedir4 } from "os";
 
@@ -1800,7 +2139,11 @@ function buildSearchCorpus(w) {
   });
   return `${w.description} ${w.workflow.name} ${w.tags.join(" ")} ${nodeTokens.join(" ")}`;
 }
-var MAX_LIBRARY_SIZE = 500;
+var _rawSize = parseInt(process.env["KAIROS_LIBRARY_SIZE"] ?? "500", 10);
+var MAX_LIBRARY_SIZE = Number.isFinite(_rawSize) && _rawSize >= 10 ? _rawSize : 500;
+function evictionScore(m) {
+  return (m.deployCount ?? 0) * 3 + (m.timesRetrieved ?? 0) + (m.outcomeStats?.totalUses ?? 0);
+}
 function isValidMeta(item) {
   return typeof item === "object" && item !== null && typeof item.id === "string" && typeof item.description === "string" && typeof item.workflowName === "string" && Array.isArray(item.cachedNodeTypes);
 }
@@ -1848,6 +2191,7 @@ var FileLibrary = class {
       } catch {
         this.meta = [];
       }
+      await this.scanForOrphansAndCleanup();
     } else {
       try {
         const raw = await readFile(indexPath, "utf-8");
@@ -1862,6 +2206,31 @@ var FileLibrary = class {
       await mkdir3(this.workflowsDir, { recursive: true });
     }
   }
+  async scanForOrphansAndCleanup() {
+    let entries;
+    try {
+      entries = await readdir2(this.workflowsDir);
+    } catch {
+      return;
+    }
+    const indexedIds = new Set(this.meta.map((m) => m.id));
+    const orphanIds = [];
+    for (const filename of entries) {
+      if (filename.endsWith(".tmp")) {
+        await unlink(join5(this.workflowsDir, filename)).catch(() => {
+        });
+        continue;
+      }
+      if (!filename.endsWith(".json")) continue;
+      const id = filename.slice(0, -5);
+      if (!indexedIds.has(id)) {
+        orphanIds.push(id);
+      }
+    }
+    if (orphanIds.length > 0) {
+      console.warn(`[FileLibrary] Found ${orphanIds.length} orphaned workflow file(s) not in index: ${orphanIds.join(", ")}`);
+    }
+  }
   /**
    * One-time transparent migration from v0.4.x monolithic index.json.
    * Splits each stored workflow into a per-file workflow JSON and a lightweight
@@ -1932,10 +2301,12 @@ var FileLibrary = class {
     const docTokenSets = docTokenArrays.map((tokens) => new Set(tokens));
     const docCount = shells.length;
     const idf = /* @__PURE__ */ new Map();
+    const idfCeiling = Math.log(docCount + 1) + 1;
     const allTokens = new Set(queryTokens);
     for (const token of allTokens) {
       const docsWithToken = docTokenSets.filter((d) => d.has(token)).length;
-      idf.set(token, Math.log((docCount + 1) / (docsWithToken + 1)) + 1);
+      const rawIdf = Math.log((docCount + 1) / (docsWithToken + 1)) + 1;
+      idf.set(token, rawIdf / idfCeiling);
     }
     const scored = hybridScore(queryTokens, description, shells, docTokenArrays, idf).filter((m) => m.score > 0).sort((a, b) => b.score - a.score);
     const clusters = clusterWorkflows(shells);
@@ -1961,6 +2332,27 @@ var FileLibrary = class {
     return results.filter((r) => r !== null);
   }
   async save(workflow, metadata) {
+    const existingByN8nId = metadata.n8nWorkflowId ? this.meta.find((m) => m.n8nWorkflowId === metadata.n8nWorkflowId) : void 0;
+    const normalizedDesc = metadata.description.trim().toLowerCase();
+    const existing = existingByN8nId ?? this.meta.find((m) => m.description.trim().toLowerCase() === normalizedDesc);
+    if (existing) {
+      existing.description = metadata.description;
+      existing.workflowName = workflow.name;
+      existing.cachedNodeTypes = workflow.nodes.map((n) => n.type);
+      if (metadata.n8nWorkflowId) existing.n8nWorkflowId = metadata.n8nWorkflowId;
+      if (metadata.generationAttempts != null) {
+        existing.generationAttempts = metadata.generationAttempts;
+      }
+      if (metadata.failurePatterns?.length) {
+        existing.failurePatterns = this.deduplicateFailurePatterns(metadata.failurePatterns);
+      }
+      if (metadata.tags?.length) {
+        existing.tags = [.../* @__PURE__ */ new Set([...existing.tags, ...metadata.tags])];
+      }
+      await this.writeWorkflowFile(existing.id, workflow);
+      await this.persist();
+      return existing.id;
+    }
     const id = generateUUID();
     await this.writeWorkflowFile(id, workflow);
     const failurePatterns = this.deduplicateFailurePatterns(metadata.failurePatterns);
@@ -1982,25 +2374,27 @@ var FileLibrary = class {
       ...metadata.sourceKind ? { sourceKind: metadata.sourceKind } : {},
       ...metadata.sourceId ? { sourceId: metadata.sourceId } : {},
       ...metadata.sourceUrl ? { sourceUrl: metadata.sourceUrl } : {},
-      ...metadata.trustLevel ? { trustLevel: metadata.trustLevel } : {}
+      ...metadata.trustLevel ? { trustLevel: metadata.trustLevel } : {},
+      ...metadata.n8nWorkflowId ? { n8nWorkflowId: metadata.n8nWorkflowId } : {}
     };
     this.meta.push(meta);
     if (this.meta.length > MAX_LIBRARY_SIZE) {
       this.meta.sort((a, b) => {
         if (a.id === id) return -1;
         if (b.id === id) return 1;
-        return (b.deployCount ?? 0) - (a.deployCount ?? 0);
+        return evictionScore(b) - evictionScore(a);
       });
       this.meta = this.meta.slice(0, MAX_LIBRARY_SIZE);
     }
     await this.persist();
     return id;
   }
-  async recordDeployment(id) {
+  async recordDeployment(id, n8nWorkflowId) {
     const m = this.meta.find((m2) => m2.id === id);
     if (m) {
       m.deployCount++;
       m.lastDeployedAt = (/* @__PURE__ */ new Date()).toISOString();
+      if (n8nWorkflowId) m.n8nWorkflowId = n8nWorkflowId;
       await this.persist();
     }
   }
@@ -2063,37 +2457,98 @@ var FileLibrary = class {
     }
     return [...map.values()];
   }
+  // ── Cross-process file locking ────────────────────────────────────────────
+  // Uses O_EXCL (exclusive create) which is atomic on POSIX and Windows NTFS.
+  // Protects the read-modify-write cycle in persist() from concurrent writers
+  // in separate OS processes (e.g. MCP server + CLI running simultaneously).
+  get lockPath() {
+    return join5(this.dir, ".index.lock");
+  }
+  async acquireLock(timeoutMs = 3e3) {
+    const deadline = Date.now() + timeoutMs;
+    let delayMs = 10;
+    while (true) {
+      try {
+        const fh = await open(this.lockPath, "wx");
+        await fh.writeFile(String(process.pid));
+        await fh.close();
+        return async () => {
+          await unlink(this.lockPath).catch(() => {
+          });
+        };
+      } catch {
+        try {
+          const content = await readFile(this.lockPath, "utf-8");
+          const lockPid = parseInt(content.trim(), 10);
+          const fileStat = await stat(this.lockPath);
+          const ageMs = Date.now() - fileStat.mtimeMs;
+          if (ageMs > 1e4) {
+            await unlink(this.lockPath).catch(() => {
+            });
+            continue;
+          }
+          if (!isNaN(lockPid)) {
+            try {
+              process.kill(lockPid, 0);
+            } catch {
+              await unlink(this.lockPath).catch(() => {
+              });
+              continue;
+            }
+          }
+        } catch {
+          continue;
+        }
+        if (Date.now() > deadline) {
+          return async () => {
+          };
+        }
+        await new Promise((r) => setTimeout(r, delayMs));
+        delayMs = Math.min(delayMs * 1.5, 200);
+      }
+    }
+  }
   /**
    * Direct write used only during migration (before writeQueue is needed).
    */
   async persistNow() {
-    const indexPath = join5(this.dir, "index.json");
-    const tmpPath = `${indexPath}.tmp`;
-    await writeFile2(tmpPath, JSON.stringify(this.meta, null, 2), "utf-8");
-    await rename2(tmpPath, indexPath);
+    const releaseLock = await this.acquireLock();
+    try {
+      const indexPath = join5(this.dir, "index.json");
+      const tmpPath = `${indexPath}.tmp`;
+      await writeFile2(tmpPath, JSON.stringify(this.meta, null, 2), "utf-8");
+      await rename2(tmpPath, indexPath);
+    } finally {
+      await releaseLock();
+    }
   }
   persist() {
     this.writeQueue = this.writeQueue.then(async () => {
-      const indexPath = join5(this.dir, "index.json");
-      let onDisk = [];
+      const releaseLock = await this.acquireLock();
       try {
-        const raw = await readFile(indexPath, "utf-8");
-        const parsed = JSON.parse(raw);
-        if (Array.isArray(parsed)) {
-          onDisk = parsed.filter(isValidMeta);
+        const indexPath = join5(this.dir, "index.json");
+        let onDisk = [];
+        try {
+          const raw = await readFile(indexPath, "utf-8");
+          const parsed = JSON.parse(raw);
+          if (Array.isArray(parsed)) {
+            onDisk = parsed.filter(isValidMeta);
+          }
+        } catch {
         }
-      } catch {
-      }
-      const ourIds = new Set(this.meta.map((m) => m.id));
-      const external = onDisk.filter((m) => !ourIds.has(m.id));
-      let merged = [...this.meta, ...external];
-      if (merged.length > MAX_LIBRARY_SIZE) {
-        merged.sort((a, b) => (b.deployCount ?? 0) - (a.deployCount ?? 0));
-        merged = merged.slice(0, MAX_LIBRARY_SIZE);
+        const ourIds = new Set(this.meta.map((m) => m.id));
+        const external = onDisk.filter((m) => !ourIds.has(m.id));
+        let merged = [...this.meta, ...external];
+        if (merged.length > MAX_LIBRARY_SIZE) {
+          merged.sort((a, b) => evictionScore(b) - evictionScore(a));
+          merged = merged.slice(0, MAX_LIBRARY_SIZE);
+        }
+        const tmpPath = `${indexPath}.tmp`;
+        await writeFile2(tmpPath, JSON.stringify(merged, null, 2), "utf-8");
+        await rename2(tmpPath, indexPath);
+      } finally {
+        await releaseLock();
       }
-      const tmpPath = `${indexPath}.tmp`;
-      await writeFile2(tmpPath, JSON.stringify(merged, null, 2), "utf-8");
-      await rename2(tmpPath, indexPath);
     });
     return this.writeQueue;
   }
@@ -2104,6 +2559,7 @@ export {
   KairosError,
   ApiError,
   ProviderError,
+  GuardError,
   N8nApiClient,
   N8nFieldStripper,
   DEFAULT_REGISTRY,
@@ -2123,4 +2579,4 @@ export {
   buildSearchCorpus,
   FileLibrary
 };
-//# sourceMappingURL=chunk-6IXW3WCC.js.map
+//# sourceMappingURL=chunk-VPPWTMRJ.js.map