@legioncodeinc/honeycomb 0.1.0 → 0.1.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (41) hide show
  1. package/.claude-plugin/marketplace.json +18 -18
  2. package/.claude-plugin/plugin.json +1 -1
  3. package/LICENSE +661 -661
  4. package/README.md +268 -268
  5. package/assets/logos/honeycomb-memory-cluster.svg +17 -17
  6. package/assets/readme.md +117 -117
  7. package/assets/styles.css +11 -11
  8. package/assets/tokens/base.css +76 -76
  9. package/assets/tokens/colors.css +111 -111
  10. package/assets/tokens/fonts.css +32 -32
  11. package/assets/tokens/spacing.css +48 -48
  12. package/assets/tokens/typography.css +38 -38
  13. package/bundle/cli.js +3 -3
  14. package/daemon/index.js +33 -5
  15. package/embeddings/embed-daemon.js +1 -1
  16. package/harnesses/claude-code/.claude-plugin/plugin.json +1 -1
  17. package/harnesses/claude-code/bundle/capture.js +0 -0
  18. package/harnesses/claude-code/bundle/index.js +0 -0
  19. package/harnesses/claude-code/bundle/pre-tool-use.js +0 -0
  20. package/harnesses/claude-code/bundle/session-end.js +0 -0
  21. package/harnesses/claude-code/bundle/session-start.js +0 -0
  22. package/harnesses/claude-code/hooks/hooks.json +86 -86
  23. package/harnesses/codex/bundle/capture.js +0 -0
  24. package/harnesses/codex/bundle/index.js +0 -0
  25. package/harnesses/codex/bundle/pre-tool-use.js +0 -0
  26. package/harnesses/codex/bundle/session-start.js +0 -0
  27. package/harnesses/codex/package.json +1 -1
  28. package/harnesses/cursor/bundle/capture.js +0 -0
  29. package/harnesses/cursor/bundle/index.js +0 -0
  30. package/harnesses/cursor/bundle/pre-tool-use.js +0 -0
  31. package/harnesses/cursor/bundle/session-end.js +0 -0
  32. package/harnesses/cursor/bundle/session-start.js +0 -0
  33. package/harnesses/hermes/bundle/index.js +0 -0
  34. package/harnesses/openclaw/dist/index.js +1 -1
  35. package/harnesses/openclaw/openclaw.plugin.json +1 -1
  36. package/harnesses/openclaw/package.json +1 -1
  37. package/harnesses/pi/bundle/index.js +0 -0
  38. package/mcp/bundle/server.js +1 -1
  39. package/package.json +141 -137
  40. package/scripts/ensure-embed-deps.mjs +67 -67
  41. package/scripts/ensure-tree-sitter.mjs +89 -89
@@ -1,86 +1,86 @@
1
- {
2
- "description": "Honeycomb memory — captures session activity and renders prior context via the local Honeycomb daemon (PRD-021c reference harness)",
3
- "hooks": {
4
- "SessionStart": [
5
- {
6
- "hooks": [
7
- {
8
- "type": "command",
9
- "command": "node \"${CLAUDE_PLUGIN_ROOT}/bundle/index.js\"",
10
- "timeout": 10
11
- }
12
- ]
13
- }
14
- ],
15
- "UserPromptSubmit": [
16
- {
17
- "hooks": [
18
- {
19
- "type": "command",
20
- "command": "node \"${CLAUDE_PLUGIN_ROOT}/bundle/index.js\"",
21
- "timeout": 10,
22
- "async": true
23
- }
24
- ]
25
- }
26
- ],
27
- "PreToolUse": [
28
- {
29
- "hooks": [
30
- {
31
- "type": "command",
32
- "command": "node \"${CLAUDE_PLUGIN_ROOT}/bundle/index.js\"",
33
- "timeout": 60
34
- }
35
- ]
36
- }
37
- ],
38
- "PostToolUse": [
39
- {
40
- "hooks": [
41
- {
42
- "type": "command",
43
- "command": "node \"${CLAUDE_PLUGIN_ROOT}/bundle/index.js\"",
44
- "timeout": 15,
45
- "async": true
46
- }
47
- ]
48
- }
49
- ],
50
- "Stop": [
51
- {
52
- "hooks": [
53
- {
54
- "type": "command",
55
- "command": "node \"${CLAUDE_PLUGIN_ROOT}/bundle/index.js\"",
56
- "timeout": 30,
57
- "async": true
58
- }
59
- ]
60
- }
61
- ],
62
- "SubagentStop": [
63
- {
64
- "hooks": [
65
- {
66
- "type": "command",
67
- "command": "node \"${CLAUDE_PLUGIN_ROOT}/bundle/index.js\"",
68
- "timeout": 30,
69
- "async": true
70
- }
71
- ]
72
- }
73
- ],
74
- "SessionEnd": [
75
- {
76
- "hooks": [
77
- {
78
- "type": "command",
79
- "command": "node \"${CLAUDE_PLUGIN_ROOT}/bundle/index.js\"",
80
- "timeout": 60
81
- }
82
- ]
83
- }
84
- ]
85
- }
86
- }
1
+ {
2
+ "description": "Honeycomb memory — captures session activity and renders prior context via the local Honeycomb daemon (PRD-021c reference harness)",
3
+ "hooks": {
4
+ "SessionStart": [
5
+ {
6
+ "hooks": [
7
+ {
8
+ "type": "command",
9
+ "command": "node \"${CLAUDE_PLUGIN_ROOT}/bundle/index.js\"",
10
+ "timeout": 10
11
+ }
12
+ ]
13
+ }
14
+ ],
15
+ "UserPromptSubmit": [
16
+ {
17
+ "hooks": [
18
+ {
19
+ "type": "command",
20
+ "command": "node \"${CLAUDE_PLUGIN_ROOT}/bundle/index.js\"",
21
+ "timeout": 10,
22
+ "async": true
23
+ }
24
+ ]
25
+ }
26
+ ],
27
+ "PreToolUse": [
28
+ {
29
+ "hooks": [
30
+ {
31
+ "type": "command",
32
+ "command": "node \"${CLAUDE_PLUGIN_ROOT}/bundle/index.js\"",
33
+ "timeout": 60
34
+ }
35
+ ]
36
+ }
37
+ ],
38
+ "PostToolUse": [
39
+ {
40
+ "hooks": [
41
+ {
42
+ "type": "command",
43
+ "command": "node \"${CLAUDE_PLUGIN_ROOT}/bundle/index.js\"",
44
+ "timeout": 15,
45
+ "async": true
46
+ }
47
+ ]
48
+ }
49
+ ],
50
+ "Stop": [
51
+ {
52
+ "hooks": [
53
+ {
54
+ "type": "command",
55
+ "command": "node \"${CLAUDE_PLUGIN_ROOT}/bundle/index.js\"",
56
+ "timeout": 30,
57
+ "async": true
58
+ }
59
+ ]
60
+ }
61
+ ],
62
+ "SubagentStop": [
63
+ {
64
+ "hooks": [
65
+ {
66
+ "type": "command",
67
+ "command": "node \"${CLAUDE_PLUGIN_ROOT}/bundle/index.js\"",
68
+ "timeout": 30,
69
+ "async": true
70
+ }
71
+ ]
72
+ }
73
+ ],
74
+ "SessionEnd": [
75
+ {
76
+ "hooks": [
77
+ {
78
+ "type": "command",
79
+ "command": "node \"${CLAUDE_PLUGIN_ROOT}/bundle/index.js\"",
80
+ "timeout": 60
81
+ }
82
+ ]
83
+ }
84
+ ]
85
+ }
86
+ }
File without changes
File without changes
File without changes
File without changes
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "honeycomb-codex",
3
- "version": "0.1.0",
3
+ "version": "0.1.4",
4
4
  "description": "Honeycomb — persistent shared memory for OpenAI Codex CLI via the local Honeycomb daemon",
5
5
  "type": "module",
6
6
  "license": "MIT"
File without changes
File without changes
File without changes
File without changes
File without changes
File without changes
@@ -3,7 +3,7 @@ globalThis.__honeycomb_tuning__ ??= {};
3
3
  // src/shared/constants.ts
4
4
  var DAEMON_PORT = 3850;
5
5
  var DAEMON_HOST = "127.0.0.1";
6
- var HONEYCOMB_VERSION = true ? "0.1.0" : "0.0.0-dev";
6
+ var HONEYCOMB_VERSION = true ? "0.1.4" : "0.0.0-dev";
7
7
 
8
8
  // src/daemon-client/index.ts
9
9
  function createDaemonClient(endpoint) {
@@ -43,5 +43,5 @@
43
43
  }
44
44
  }
45
45
  },
46
- "version": "0.1.0"
46
+ "version": "0.1.4"
47
47
  }
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "honeycomb-openclaw",
3
- "version": "0.1.0",
3
+ "version": "0.1.4",
4
4
  "type": "module",
5
5
  "description": "Honeycomb — persistent shared memory for AI agents, OpenClaw harness",
6
6
  "license": "MIT",
File without changes
@@ -6892,7 +6892,7 @@ var require_dist = __commonJS({
6892
6892
  // dist/src/shared/constants.js
6893
6893
  var DAEMON_PORT = 3850;
6894
6894
  var DAEMON_HOST = "127.0.0.1";
6895
- var HONEYCOMB_VERSION = true ? "0.1.0" : "0.0.0-dev";
6895
+ var HONEYCOMB_VERSION = true ? "0.1.4" : "0.0.0-dev";
6896
6896
 
6897
6897
  // dist/src/daemon-client/index.js
6898
6898
  function createDaemonClient(endpoint) {
package/package.json CHANGED
@@ -1,137 +1,141 @@
1
- {
2
- "name": "@legioncodeinc/honeycomb",
3
- "version": "0.1.0",
4
- "//go-public": "Go-public switches are flipped: scoped name, public+provenance publishConfig live, `private` removed. CI auth is npm Trusted Publishing (OIDC); there is NO NPM_TOKEN. The go-live procedure is RELEASING.md 'Cut the release': the first publish is a one-time manual 2FA bootstrap that creates the package, after which every CI publish from release.yaml is tokenless OIDC.",
5
- "publishConfig": {
6
- "access": "public",
7
- "provenance": true
8
- },
9
- "description": "Honeycomb monorepo foundation: a long-lived daemon plus thin clients for six coding harnesses, the unified honeycomb CLI, the MCP server, and the embed daemon.",
10
- "license": "AGPL-3.0-or-later",
11
- "type": "module",
12
- "//build-order": "Fixed dependency direction enforced by import direction under one tsc pass: (1) core = src/shared + src/daemon-client, (2) connector-base = src/daemon, (3) plugins/native = embeddings, (4) connectors = harnesses/* + mcp + src/cli, (5) assembled distribution = esbuild per-target bundles (PRD-001b). tsc compiles the whole graph in one pass; dependents never import upward, so the single tsc invocation respects this order. PRD-001b appends '&& node esbuild.config.mjs' to the build script; that seam is intentional.",
13
- "bin": {
14
- "honeycomb": "bundle/cli.js"
15
- },
16
- "//exports": "PRD-019e: @legioncodeinc/honeycomb subpath exports. The core entry (.) is the fetch-only, browser-safe HoneycombClient (`@legioncodeinc/honeycomb`); the three framework helpers ship as separate entry points (`@legioncodeinc/honeycomb/react`, `/vercel`, `/openai`) reusing the core's token/actor model. react + ai are peerDependencies (never bundled into core).",
17
- "exports": {
18
- ".": "./sdk/index.js",
19
- "./react": "./sdk/react.js",
20
- "./vercel": "./sdk/vercel.js",
21
- "./openai": "./sdk/openai.js"
22
- },
23
- "files": [
24
- "bundle",
25
- "sdk",
26
- "daemon",
27
- "assets/styles.css",
28
- "assets/tokens",
29
- "assets/logos/honeycomb-memory-cluster.svg",
30
- "assets/logos/fonts",
31
- "harnesses/claude-code/bundle",
32
- "harnesses/claude-code/.claude-plugin",
33
- "harnesses/claude-code/hooks",
34
- "harnesses/codex/bundle",
35
- "harnesses/codex/package.json",
36
- "harnesses/cursor/bundle",
37
- "harnesses/hermes/bundle",
38
- "harnesses/pi/bundle",
39
- "harnesses/openclaw/dist",
40
- "harnesses/openclaw/openclaw.plugin.json",
41
- "harnesses/openclaw/package.json",
42
- "mcp/bundle",
43
- "embeddings/embed-daemon.js",
44
- ".claude-plugin",
45
- "scripts/ensure-tree-sitter.mjs",
46
- "scripts/ensure-embed-deps.mjs",
47
- "README.md"
48
- ],
49
- "scripts": {
50
- "prebuild": "node scripts/sync-versions.mjs",
51
- "version": "node scripts/sync-versions.mjs && git add .claude-plugin/plugin.json harnesses/claude-code/.claude-plugin/plugin.json harnesses/openclaw/openclaw.plugin.json harnesses/openclaw/package.json harnesses/codex/package.json .claude-plugin/marketplace.json",
52
- "build": "tsc && node esbuild.config.mjs",
53
- "bundle": "node esbuild.config.mjs",
54
- "typecheck": "tsc --noEmit",
55
- "lint": "biome check .",
56
- "format": "biome format --write .",
57
- "dup": "jscpd src harnesses mcp embeddings",
58
- "test": "vitest run",
59
- "test:watch": "vitest",
60
- "test:integration": "vitest run --config vitest.integration.config.ts",
61
- "smoke:golden-path": "node scripts/golden-path-smoke.mjs",
62
- "smoke:login": "node scripts/login-smoke.mjs",
63
- "smoke:data-api": "node scripts/dogfood-acceptance-smoke.mjs",
64
- "eval:recall": "node scripts/eval-recall.mjs",
65
- "eval:prime": "node scripts/eval-prime.mjs",
66
- "bench:hybrid": "node scripts/bench-hybrid.mjs",
67
- "deeplake:stress": "node scripts/deeplake-stress.mjs",
68
- "audit:openclaw": "node scripts/audit-openclaw-bundle.mjs",
69
- "audit:sql": "node scripts/audit-sql-safety.mjs",
70
- "mutation": "npm run mutation:sql && npm run mutation:prune && npm run mutation:normalize && npm run mutation:state",
71
- "mutation:sql": "stryker run stryker/sql.json",
72
- "mutation:prune": "stryker run stryker/prune.json",
73
- "mutation:normalize": "stryker run stryker/normalize.json",
74
- "mutation:state": "stryker run stryker/state.json",
75
- "pack:check": "node scripts/pack-check.mjs",
76
- "rebuild:native": "node scripts/ensure-tree-sitter.mjs",
77
- "ensure:embed-deps": "node scripts/ensure-embed-deps.mjs",
78
- "ci": "npm run typecheck && npm run dup && npm run test && npm run audit:sql",
79
- "postinstall": "node scripts/ensure-tree-sitter.mjs && node scripts/ensure-embed-deps.mjs",
80
- "prepack": "npm run build",
81
- "smoke:daemon-bundle": "node scripts/smoke-daemon-bundle.mjs"
82
- },
83
- "devDependencies": {
84
- "@biomejs/biome": "^2.5.0",
85
- "@stryker-mutator/core": "^8.7.1",
86
- "@stryker-mutator/vitest-runner": "^8.7.1",
87
- "@types/node": "^22.0.0",
88
- "@types/react": "^18.3.31",
89
- "@types/react-dom": "^18.3.7",
90
- "@vitest/coverage-v8": "^3.2.6",
91
- "esbuild": "^0.28.1",
92
- "fast-check": "^4.8.0",
93
- "jscpd": "^4.0.5",
94
- "jsdom": "^25.0.1",
95
- "react": "18.3.1",
96
- "react-dom": "18.3.1",
97
- "typescript": "^5.7.0",
98
- "vitest": "^3.2.6"
99
- },
100
- "engines": {
101
- "node": ">=22.5.0"
102
- },
103
- "//peerDependencies": "PRD-019e: react powers @legioncodeinc/honeycomb/react; ai powers @legioncodeinc/honeycomb/vercel. Both are OPTIONAL peers (peerDependenciesMeta) so the core entry stays dependency-free for Node/Bun/browser. The core client (.) pulls in NEITHER.",
104
- "peerDependencies": {
105
- "ai": ">=3.0.0",
106
- "react": ">=18.0.0"
107
- },
108
- "peerDependenciesMeta": {
109
- "react": {
110
- "optional": true
111
- },
112
- "ai": {
113
- "optional": true
114
- }
115
- },
116
- "dependencies": {
117
- "@hono/node-server": "^1.19.14",
118
- "@modelcontextprotocol/sdk": "^1.29.0",
119
- "@noble/ciphers": "^2.2.0",
120
- "hono": "^4.12.25",
121
- "tree-sitter-wasms": "^0.1.13",
122
- "web-tree-sitter": "^0.22.6",
123
- "yaml": "^2.9.0",
124
- "zod": "^4.4.3"
125
- },
126
- "//optionalDependencies": "PRD-025 D-2: the embedding RUNTIME (@huggingface/transformers + its ONNX native runtime, ~600 MB with the nomic-embed-text-v1.5 model acquired at first-run) ships as an OPTIONAL dependency, NOT in the `files` allowlist. This keeps the published @legioncodeinc/honeycomb tarball LEAN (the model is downloaded + cached on the daemon's first warmup, not packed — AC-7) and keeps `npm i` fast for everyone; a `--no-optional` / slimmed / offline install simply runs recall on the BM25/ILIKE lexical fallback (no quality cliff — D-4). The embed daemon dynamic-imports this only at warmup, so the bundle + CI never require it.",
127
- "optionalDependencies": {
128
- "@huggingface/transformers": "^3.8.1"
129
- },
130
- "//overrides": "Dependabot transitive-devDependency remediation. All are DEV-only and never ship (the `files` allowlist packs built bundles, not node_modules), so consumer risk is nil — these clear the dev/CI tree. tmp ^0.2.6 fixes GHSA-ph9p-34f9-6g65 (HIGH path traversal) + GHSA-52f5-9888-hmc6 (symlink write), reached only via @stryker-mutator/core -> @inquirer/prompts -> external-editor -> tmp (which calls only tmpNameSync, stable across the 0.0.33->0.2.x major). esbuild ^0.28.1 fixes GHSA-g7r4-m6w7-qqqr (Windows dev-server file read) in vitest's nested copy; the direct dep is already 0.28.1. @babel/core ^7.29.6 fixes GHSA-4x5r-pxfx-6jf8 (sourceMappingURL file read) under @stryker-mutator/instrumenter. ajv ^8.20.0 fixes GHSA-2g4f-4pwh-qvx6 ($data ReDoS) under @stryker-mutator/core's schema validator — a same-major bump (8.17.1 -> 8.20.x), preferred over npm audit's suggested breaking @stryker-mutator/core 9.x major. Validated by npm run mutation (exercises tmp+babel+ajv schema load) + npm run ci/build (exercises esbuild).",
131
- "overrides": {
132
- "tmp": "^0.2.6",
133
- "esbuild": "^0.28.1",
134
- "@babel/core": "^7.29.6",
135
- "ajv": "^8.20.0"
136
- }
137
- }
1
+ {
2
+ "name": "@legioncodeinc/honeycomb",
3
+ "version": "0.1.4",
4
+ "//go-public": "Go-public switches are flipped: scoped name, public+provenance publishConfig live, `private` removed. CI auth is npm Trusted Publishing (OIDC); there is NO NPM_TOKEN. The go-live procedure is RELEASING.md 'Cut the release': the first publish is a one-time manual 2FA bootstrap that creates the package, after which every CI publish from release.yaml is tokenless OIDC.",
5
+ "publishConfig": {
6
+ "access": "public",
7
+ "provenance": true
8
+ },
9
+ "description": "Honeycomb monorepo foundation: a long-lived daemon plus thin clients for six coding harnesses, the unified honeycomb CLI, the MCP server, and the embed daemon.",
10
+ "license": "AGPL-3.0-or-later",
11
+ "type": "module",
12
+ "//build-order": "Fixed dependency direction enforced by import direction under one tsc pass: (1) core = src/shared + src/daemon-client, (2) connector-base = src/daemon, (3) plugins/native = embeddings, (4) connectors = harnesses/* + mcp + src/cli, (5) assembled distribution = esbuild per-target bundles (PRD-001b). tsc compiles the whole graph in one pass; dependents never import upward, so the single tsc invocation respects this order. PRD-001b appends '&& node esbuild.config.mjs' to the build script; that seam is intentional.",
13
+ "bin": {
14
+ "honeycomb": "bundle/cli.js"
15
+ },
16
+ "//exports": "PRD-019e: @legioncodeinc/honeycomb subpath exports. The core entry (.) is the fetch-only, browser-safe HoneycombClient (`@legioncodeinc/honeycomb`); the three framework helpers ship as separate entry points (`@legioncodeinc/honeycomb/react`, `/vercel`, `/openai`) reusing the core's token/actor model. react + ai are peerDependencies (never bundled into core).",
17
+ "exports": {
18
+ ".": "./sdk/index.js",
19
+ "./react": "./sdk/react.js",
20
+ "./vercel": "./sdk/vercel.js",
21
+ "./openai": "./sdk/openai.js"
22
+ },
23
+ "files": [
24
+ "bundle",
25
+ "sdk",
26
+ "daemon",
27
+ "assets/styles.css",
28
+ "assets/tokens",
29
+ "assets/logos/honeycomb-memory-cluster.svg",
30
+ "assets/logos/fonts",
31
+ "harnesses/claude-code/bundle",
32
+ "harnesses/claude-code/.claude-plugin",
33
+ "harnesses/claude-code/hooks",
34
+ "harnesses/codex/bundle",
35
+ "harnesses/codex/package.json",
36
+ "harnesses/cursor/bundle",
37
+ "harnesses/hermes/bundle",
38
+ "harnesses/pi/bundle",
39
+ "harnesses/openclaw/dist",
40
+ "harnesses/openclaw/openclaw.plugin.json",
41
+ "harnesses/openclaw/package.json",
42
+ "mcp/bundle",
43
+ "embeddings/embed-daemon.js",
44
+ ".claude-plugin",
45
+ "scripts/ensure-tree-sitter.mjs",
46
+ "scripts/ensure-embed-deps.mjs",
47
+ "README.md"
48
+ ],
49
+ "scripts": {
50
+ "prebuild": "node scripts/sync-versions.mjs",
51
+ "version": "node scripts/sync-versions.mjs && git add .claude-plugin/plugin.json harnesses/claude-code/.claude-plugin/plugin.json harnesses/openclaw/openclaw.plugin.json harnesses/openclaw/package.json harnesses/codex/package.json .claude-plugin/marketplace.json",
52
+ "build": "tsc && node esbuild.config.mjs",
53
+ "bundle": "node esbuild.config.mjs",
54
+ "typecheck": "tsc --noEmit",
55
+ "lint": "biome check .",
56
+ "format": "biome format --write .",
57
+ "dup": "jscpd src harnesses mcp embeddings",
58
+ "test": "vitest run",
59
+ "test:watch": "vitest",
60
+ "test:integration": "vitest run --config vitest.integration.config.ts",
61
+ "smoke:golden-path": "node scripts/golden-path-smoke.mjs",
62
+ "smoke:login": "node scripts/login-smoke.mjs",
63
+ "smoke:data-api": "node scripts/dogfood-acceptance-smoke.mjs",
64
+ "eval:recall": "node scripts/eval-recall.mjs",
65
+ "eval:prime": "node scripts/eval-prime.mjs",
66
+ "bench:hybrid": "node scripts/bench-hybrid.mjs",
67
+ "deeplake:stress": "node scripts/deeplake-stress.mjs",
68
+ "audit:openclaw": "node scripts/audit-openclaw-bundle.mjs",
69
+ "audit:sql": "node scripts/audit-sql-safety.mjs",
70
+ "mutation": "npm run mutation:sql && npm run mutation:prune && npm run mutation:normalize && npm run mutation:state",
71
+ "mutation:sql": "stryker run stryker/sql.json",
72
+ "mutation:prune": "stryker run stryker/prune.json",
73
+ "mutation:normalize": "stryker run stryker/normalize.json",
74
+ "mutation:state": "stryker run stryker/state.json",
75
+ "pack:check": "node scripts/pack-check.mjs",
76
+ "rebuild:native": "node scripts/ensure-tree-sitter.mjs",
77
+ "ensure:embed-deps": "node scripts/ensure-embed-deps.mjs",
78
+ "ci": "npm run typecheck && npm run dup && npm run test && npm run audit:sql",
79
+ "postinstall": "node scripts/ensure-tree-sitter.mjs && node scripts/ensure-embed-deps.mjs",
80
+ "prepack": "npm run build",
81
+ "smoke:daemon-bundle": "node scripts/smoke-daemon-bundle.mjs"
82
+ },
83
+ "devDependencies": {
84
+ "@biomejs/biome": "^2.5.0",
85
+ "@stryker-mutator/core": "^8.7.1",
86
+ "@stryker-mutator/vitest-runner": "^8.7.1",
87
+ "@types/node": "^22.0.0",
88
+ "@types/react": "^18.3.31",
89
+ "@types/react-dom": "^18.3.7",
90
+ "@vitest/coverage-v8": "^3.2.6",
91
+ "esbuild": "^0.28.1",
92
+ "fast-check": "^4.8.0",
93
+ "jscpd": "^4.0.5",
94
+ "jsdom": "^25.0.1",
95
+ "react": "18.3.1",
96
+ "react-dom": "18.3.1",
97
+ "typescript": "^5.7.0",
98
+ "vitest": "^3.2.6"
99
+ },
100
+ "engines": {
101
+ "node": ">=22.5.0"
102
+ },
103
+ "//peerDependencies": "PRD-019e: react powers @legioncodeinc/honeycomb/react; ai powers @legioncodeinc/honeycomb/vercel. Both are OPTIONAL peers (peerDependenciesMeta) so the core entry stays dependency-free for Node/Bun/browser. The core client (.) pulls in NEITHER.",
104
+ "peerDependencies": {
105
+ "ai": ">=3.0.0",
106
+ "react": ">=18.0.0"
107
+ },
108
+ "peerDependenciesMeta": {
109
+ "react": {
110
+ "optional": true
111
+ },
112
+ "ai": {
113
+ "optional": true
114
+ }
115
+ },
116
+ "dependencies": {
117
+ "@hono/node-server": "^1.19.14",
118
+ "@modelcontextprotocol/sdk": "^1.29.0",
119
+ "@noble/ciphers": "^2.2.0",
120
+ "hono": "^4.12.25",
121
+ "tree-sitter-wasms": "^0.1.13",
122
+ "web-tree-sitter": "^0.22.6",
123
+ "yaml": "^2.9.0",
124
+ "zod": "^4.4.3"
125
+ },
126
+ "//optionalDependencies": "PRD-025 D-2: the embedding RUNTIME (@huggingface/transformers + its ONNX native runtime, ~600 MB with the nomic-embed-text-v1.5 model acquired at first-run) ships as an OPTIONAL dependency, NOT in the `files` allowlist. This keeps the published @legioncodeinc/honeycomb tarball LEAN (the model is downloaded + cached on the daemon's first warmup, not packed — AC-7) and keeps `npm i` fast for everyone; a `--no-optional` / slimmed / offline install simply runs recall on the BM25/ILIKE lexical fallback (no quality cliff — D-4). The embed daemon dynamic-imports this only at warmup, so the bundle + CI never require it.",
127
+ "optionalDependencies": {
128
+ "@huggingface/transformers": "^3.8.1"
129
+ },
130
+ "//overrides": "Dependabot transitive-devDependency remediation. All are DEV-only and never ship (the `files` allowlist packs built bundles, not node_modules), so consumer risk is nil — these clear the dev/CI tree. tmp ^0.2.6 fixes GHSA-ph9p-34f9-6g65 (HIGH path traversal) + GHSA-52f5-9888-hmc6 (symlink write), reached only via @stryker-mutator/core -> @inquirer/prompts -> external-editor -> tmp (which calls only tmpNameSync, stable across the 0.0.33->0.2.x major). esbuild ^0.28.1 fixes GHSA-g7r4-m6w7-qqqr (Windows dev-server file read) in vitest's nested copy; the direct dep is already 0.28.1. @babel/core ^7.29.6 fixes GHSA-4x5r-pxfx-6jf8 (sourceMappingURL file read) under @stryker-mutator/instrumenter. ajv ^8.20.0 fixes GHSA-2g4f-4pwh-qvx6 ($data ReDoS) under @stryker-mutator/core's schema validator — a same-major bump (8.17.1 -> 8.20.x), preferred over npm audit's suggested breaking @stryker-mutator/core 9.x major. Validated by npm run mutation (exercises tmp+babel+ajv schema load) + npm run ci/build (exercises esbuild).",
131
+ "overrides": {
132
+ "tmp": "^0.2.6",
133
+ "esbuild": "^0.28.1",
134
+ "@babel/core": "^7.29.6",
135
+ "ajv": "^8.20.0"
136
+ },
137
+ "repository": {
138
+ "type": "git",
139
+ "url": "git+https://github.com/legioncodeinc/honeycomb.git"
140
+ }
141
+ }