@openparachute/vault 0.5.3-rc.3 → 0.6.0

package/src/vault-name.ts

@@ -7,34 +7,82 @@
  * rejected up front.
  *
  * Rule: lowercase alphanumeric + hyphens or underscores, 2–32 chars, with
- * `list` reserved. Used by the `init` prompt, the `--vault-name` flag, and
- * the `PARACHUTE_VAULT_NAME` env var at server first-boot. `cmdCreate`
- * keeps its own (slightly more permissive, legacy) regex for backward
- * compat — tightening it would reject names existing users may already
- * have minted.
+ * `list` / `new` / `assets` / `admin` reserved. Used by the `init` prompt,
+ * the `--vault-name` flag, the `PARACHUTE_VAULT_NAME` env var at server
+ * first-boot, and (since the 2026-06-09 hub-module-boundary migration B2)
+ * `cmdCreate` — every name-minting edge shares this one validator.
  */
 
 const VAULT_NAME_RE = /^[a-z0-9_-]+$/;
 const VAULT_NAME_MIN_LEN = 2;
 const VAULT_NAME_MAX_LEN = 32;
 
-const RESERVED_NAMES = new Set([
-  // Collides with the `/vaults/list` discovery endpoint historically; the
-  // routes have since moved under `/vault/<name>/`, but `cmdCreate` still
-  // rejects "list" and consistency is cheap.
+/**
+ * THE reserved vault-name set — kept in lockstep with hub's
+ * `RESERVED_VAULT_NAMES` (parachute-hub/src/vault-name.ts, B2h of the
+ * 2026-06-09 hub-module-boundary migration). A vault under any of these
+ * names would have its URL surface captured by a reserved route:
+ *
+ *   - `list`   — legacy `/vaults/list` discovery-endpoint collision; the
+ *     routes have since moved under `/vault/<name>/`, but consistency with
+ *     the historical reservation is cheap.
+ *   - `new`    — collides with `/vault/new`, the hub SPA's create route.
+ *   - `assets` — collides with `/vault/assets/*`, the hub SPA's bundle.
+ *   - `admin`  — collides with `/vault/admin`, the daemon-level mount for
+ *     vault's own multi-vault admin surface (B3). Both the hub's route and
+ *     this daemon's own routing dispatch `/vault/admin/*` before the
+ *     per-vault branch, so a vault named `admin` would be fully shadowed.
+ */
+export const RESERVED_VAULT_NAMES: ReadonlySet<string> = new Set([
   "list",
+  "new",
+  "assets",
+  "admin",
 ]);
 
+/**
+ * The subset of reserved names whose data plane is SHADOWED by reserved
+ * routes when a vault squats them (created before the reservation landed).
+ * `list` is reserved for historical consistency only — `/vault/list/*`
+ * still routes per-vault — so it's excluded here.
+ */
+const SHADOWED_RESERVED_NAMES = ["admin", "new", "assets"] as const;
+
+/**
+ * Build boot-time warnings for vaults squatting a shadowed reserved name.
+ * Pure (takes the vault list, returns warning strings) so server boot can
+ * `console.warn` each and tests can pin the copy without booting a server.
+ *
+ * Recovery procedure is spelled out because no rename command exists:
+ * export → create under a new name → import → remove the squatter.
+ */
+export function reservedNameSquatWarnings(vaults: readonly string[]): string[] {
+  const warnings: string[] = [];
+  for (const reserved of SHADOWED_RESERVED_NAMES) {
+    if (!vaults.includes(reserved)) continue;
+    warnings.push(
+      `[reserved-name] vault "${reserved}" exists but "${reserved}" is a reserved name — ` +
+        `its data plane (/vault/${reserved}/*) is shadowed by reserved hub/daemon routes, so its ` +
+        `MCP, REST, and admin surfaces are unreachable. Recover by renaming it (no rename ` +
+        `command exists): parachute-vault export <dir> --vault ${reserved} → ` +
+        `parachute-vault create <newname> → parachute-vault import <dir> --vault <newname> → ` +
+        `parachute-vault remove ${reserved} --yes`,
+    );
+  }
+  return warnings;
+}
+
 export type VaultNameValidation =
   | { ok: true; name: string }
   | { ok: false; error: string };
 
 /**
  * Validate a vault name. Accepts lowercase alphanumeric + hyphens or
- * underscores, 2–32 chars. Trims surrounding whitespace before checking.
- * `cmdCreate` keeps its own (legacy-permissive) regex; this validator is
- * the strict gate used by the env var, the `--vault-name` flag, and
- * hub's first-boot wizard.
+ * underscores, 2–32 chars, none of `RESERVED_VAULT_NAMES`. Trims
+ * surrounding whitespace before checking. The one gate used by the env
+ * var, the `--vault-name` flag, hub's first-boot wizard, AND `cmdCreate`
+ * (consolidated 2026-06-09 — cmdCreate previously carried its own inline
+ * charset + `"list"` check that had drifted from this set).
  */
 export function validateVaultName(raw: string): VaultNameValidation {
   const name = raw.trim();
@@ -54,7 +102,7 @@ export function validateVaultName(raw: string): VaultNameValidation {
         "vault names must be lowercase alphanumeric with hyphens or underscores. Try again.",
     };
   }
-  if (RESERVED_NAMES.has(name)) {
+  if (RESERVED_VAULT_NAMES.has(name)) {
     return { ok: false, error: `"${name}" is a reserved vault name.` };
   }
   return { ok: true, name };

package/src/vault-remove.test.ts

@@ -0,0 +1,187 @@
+/**
+ * Integration tests for `parachute-vault remove <name> --yes` — the cmdRemove
+ * hygiene from the 2026-06-09 hub-module-boundary migration (B1's CLI-side
+ * improvements):
+ *
+ *   1. services.json refresh — remove re-runs `selfRegister` (the same
+ *      refresh cmdCreate does, #208) so the deleted vault's `/vault/<name>`
+ *      path drops out of the parachute-vault row immediately instead of
+ *      going stale until the next server boot.
+ *   2. last-vault marker — removing the LAST vault writes
+ *      `auto_create: false` into the global config so the server boot's
+ *      auto-create-default does NOT silently resurrect a fresh `default`
+ *      (with fresh credentials). Fresh installs (no config.yaml at all)
+ *      still auto-create — the Docker first-run path is preserved.
+ *
+ * Spawns the CLI in a temp PARACHUTE_HOME (never the operator's real
+ * ~/.parachute). In-process `readGlobalConfig` reads resolve PARACHUTE_HOME
+ * per call, so pointing the env var at the temp home inside a test is safe.
+ */
+
+import { describe, test, expect, beforeEach, afterEach } from "bun:test";
+import { resolve } from "path";
+import { mkdtempSync, rmSync, existsSync, readFileSync } from "fs";
+import { tmpdir } from "os";
+import { join } from "path";
+import { bootAutoCreateAllowed, readGlobalConfig } from "./config.ts";
+import type { GlobalConfig } from "./config.ts";
+
+const CLI = resolve(import.meta.dir, "cli.ts");
+
+function runCli(
+  args: string[],
+  env: Record<string, string>,
+): { exitCode: number; stdout: string; stderr: string } {
+  // Hermetic: don't inherit the dev/CI box's PARACHUTE_HUB_ORIGIN (same
+  // posture as vault-create.test.ts — a leaked origin flips guidance copy).
+  const baseEnv: Record<string, string | undefined> = { ...process.env };
+  delete baseEnv.PARACHUTE_HUB_ORIGIN;
+  const proc = Bun.spawnSync({
+    cmd: ["bun", CLI, ...args],
+    stdout: "pipe",
+    stderr: "pipe",
+    env: { ...baseEnv, ...env },
+  });
+  return {
+    exitCode: proc.exitCode ?? -1,
+    stdout: new TextDecoder().decode(proc.stdout),
+    stderr: new TextDecoder().decode(proc.stderr),
+  };
+}
+
+/** Read the global config from the test home via the real parser. The
+ *  config path resolves `process.env.PARACHUTE_HOME` per call, so a scoped
+ *  override + restore is all it takes — no module re-import dance. */
+function readGlobalConfigFrom(home: string): GlobalConfig {
+  const prior = process.env.PARACHUTE_HOME;
+  process.env.PARACHUTE_HOME = home;
+  try {
+    return readGlobalConfig();
+  } finally {
+    if (prior === undefined) delete process.env.PARACHUTE_HOME;
+    else process.env.PARACHUTE_HOME = prior;
+  }
+}
+
+function readServices(home: string): { name: string; paths: string[] }[] {
+  const raw = readFileSync(join(home, "services.json"), "utf-8");
+  return JSON.parse(raw).services;
+}
+
+let home: string;
+
+beforeEach(() => {
+  home = mkdtempSync(join(tmpdir(), "vault-remove-test-"));
+});
+
+afterEach(() => {
+  rmSync(home, { recursive: true, force: true });
+});
+
+describe("vault remove — services.json refresh", () => {
+  test("removing a vault drops its /vault/<name> path immediately", () => {
+    runCli(["create", "alpha", "--json"], { PARACHUTE_HOME: home });
+    runCli(["create", "beta", "--json"], { PARACHUTE_HOME: home });
+    expect(readServices(home).find((s) => s.name === "parachute-vault")!.paths).toEqual([
+      "/vault/alpha",
+      "/vault/beta",
+    ]);
+
+    const { exitCode, stdout } = runCli(["remove", "beta", "--yes"], {
+      PARACHUTE_HOME: home,
+    });
+    expect(exitCode).toBe(0);
+    expect(stdout).toContain('Vault "beta" removed.');
+
+    // The stale-until-next-boot path is gone NOW — the hub's well-known
+    // fan-out stops advertising the deleted vault without a restart.
+    const vault = readServices(home).find((s) => s.name === "parachute-vault");
+    expect(vault).toBeDefined();
+    expect(vault!.paths).toEqual(["/vault/alpha"]);
+    // The vault data itself is gone too.
+    expect(existsSync(join(home, "vault", "data", "beta"))).toBe(false);
+  });
+
+  test("removing the DEFAULT vault promotes the survivor and reorders paths", () => {
+    runCli(["create", "alpha", "--json"], { PARACHUTE_HOME: home }); // default
+    runCli(["create", "beta", "--json"], { PARACHUTE_HOME: home });
+
+    const { exitCode, stdout } = runCli(["remove", "alpha", "--yes"], {
+      PARACHUTE_HOME: home,
+    });
+    expect(exitCode).toBe(0);
+    expect(stdout).toContain('Default vault is now "beta".');
+
+    const config = readGlobalConfigFrom(home);
+    expect(config.default_vault).toBe("beta");
+    // selfRegister ran AFTER the default promotion, so paths[0] is the new
+    // default (the hub reads paths[0] as the canonical mount).
+    const vault = readServices(home).find((s) => s.name === "parachute-vault");
+    expect(vault!.paths).toEqual(["/vault/beta"]);
+  });
+});
+
+describe("vault remove — last-vault auto_create marker", () => {
+  test("removing the last vault writes auto_create: false + boot honors it", () => {
+    runCli(["create", "solo", "--json"], { PARACHUTE_HOME: home });
+
+    const { exitCode, stdout } = runCli(["remove", "solo", "--yes"], {
+      PARACHUTE_HOME: home,
+    });
+    expect(exitCode).toBe(0);
+    expect(stdout).toContain("auto_create: false");
+
+    // The marker is in the YAML and the real parser reads it back.
+    const yaml = readFileSync(join(home, "vault", "config.yaml"), "utf-8");
+    expect(yaml).toMatch(/^auto_create: false$/m);
+    const config = readGlobalConfigFrom(home);
+    expect(config.auto_create).toBe(false);
+
+    // The boot gate (server.ts auto-create branch) honors the marker — no
+    // resurrection of a freshly-credentialed "default".
+    expect(bootAutoCreateAllowed(config)).toBe(false);
+
+    // services.json was still refreshed: with zero vaults the row falls back
+    // to the manifest's canonical paths — the SAME row a subsequent boot's
+    // selfRegister writes, so CLI-remove and boot agree on the zero-vault
+    // registration shape (and the hub still sees the module as installed).
+    const vault = readServices(home).find((s) => s.name === "parachute-vault");
+    expect(vault).toBeDefined();
+    expect(vault!.paths).toEqual(["/vault/default"]);
+  });
+
+  test("removing a NON-last vault does not write the marker", () => {
+    runCli(["create", "alpha", "--json"], { PARACHUTE_HOME: home });
+    runCli(["create", "beta", "--json"], { PARACHUTE_HOME: home });
+    runCli(["remove", "beta", "--yes"], { PARACHUTE_HOME: home });
+
+    const yaml = readFileSync(join(home, "vault", "config.yaml"), "utf-8");
+    expect(yaml).not.toContain("auto_create");
+    const config = readGlobalConfigFrom(home);
+    expect(config.auto_create).toBeUndefined();
+    expect(bootAutoCreateAllowed(config)).toBe(true);
+  });
+
+  test("fresh install (no config.yaml at all) still allows boot auto-create", () => {
+    // Docker first-run: PARACHUTE_HOME exists but no vault/config.yaml has
+    // ever been written. readGlobalConfig returns defaults — no marker —
+    // and the boot auto-create proceeds.
+    expect(existsSync(join(home, "vault", "config.yaml"))).toBe(false);
+    const config = readGlobalConfigFrom(home);
+    expect(config.auto_create).toBeUndefined();
+    expect(bootAutoCreateAllowed(config)).toBe(true);
+  });
+
+  test("remove without --yes is a dry-run: no marker, no services change", () => {
+    runCli(["create", "solo", "--json"], { PARACHUTE_HOME: home });
+    const before = readServices(home).find((s) => s.name === "parachute-vault")!.paths;
+
+    const { exitCode, stdout } = runCli(["remove", "solo"], { PARACHUTE_HOME: home });
+    expect(exitCode).toBe(0);
+    expect(stdout).toContain("To confirm");
+
+    expect(existsSync(join(home, "vault", "data", "solo"))).toBe(true);
+    expect(readGlobalConfigFrom(home).auto_create).toBeUndefined();
+    expect(readServices(home).find((s) => s.name === "parachute-vault")!.paths).toEqual(before);
+  });
+});

package/src/vault-store.ts

@@ -7,6 +7,7 @@
 
 import { SqliteStore } from "../core/src/store.ts";
 import { defaultHookRegistry } from "../core/src/hooks.ts";
+import type { Store } from "../core/src/types.ts";
 import { openVaultDb } from "./db.ts";
 
 export { SqliteStore as BunStore };
@@ -33,9 +34,15 @@ export function getVaultStore(name: string): SqliteStore {
   return store;
 }
 
-/** Look up the vault name for a previously-opened store. */
-export function getVaultNameForStore(store: SqliteStore): string | undefined {
-  return storeToVault.get(store);
+/**
+ * Look up the vault name for a previously-opened store. Accepts the `Store`
+ * interface (not just the concrete `SqliteStore`) so hook handlers — which
+ * receive `Store` from the dispatcher — can resolve the vault. The WeakMap is
+ * keyed on the concrete instance the dispatcher passes through unchanged, so
+ * the lookup still hits.
+ */
+export function getVaultNameForStore(store: Store): string | undefined {
+  return storeToVault.get(store as SqliteStore);
 }
 
 /**

package/src/vault.test.ts

@@ -1692,6 +1692,56 @@ describe("HTTP /notes", async () => {
     expect(body).toHaveLength(1);
   });
 
+  // ---- search path honors the `expand` axis (vault tag `expand` axis) ----
+  //
+  // Corpus: all three notes share the FTS term "fox". Tags separate the two
+  // axes — `person` is a declared subtype of `entity` (parent_names) but NOT
+  // name-prefixed; `entity/archived` is name-prefixed but NOT a subtype. So
+  // search(tag=entity) returns DIFFERENT sets per `expand` mode, proving the
+  // search branch threads it (regression for the "validated then dropped" bug).
+  async function seedSearchAxisCorpus() {
+    await store.upsertTagRecord("entity", { description: "entity root" });
+    await store.upsertTagRecord("person", { parent_names: ["entity"] });
+    await store.upsertTagRecord("entity/archived", {});
+    await store.createNote("fox literal", { tags: ["entity"], path: "s-entity" });
+    await store.createNote("fox subtype", { tags: ["person"], path: "s-person" });
+    await store.createNote("fox filed", { tags: ["entity/archived"], path: "s-archived" });
+  }
+
+  test("GET /notes?search=fox&tag=entity — absent expand ≡ subtypes (descendants, no namespaced sibling)", async () => {
+    await seedSearchAxisCorpus();
+    const absent = await (await handleNotes(mkReq("GET", "/notes?search=fox&tag=entity&include_content=true"), store, "")).json() as any[];
+    const sub = await (await handleNotes(mkReq("GET", "/notes?search=fox&tag=entity&expand=subtypes&include_content=true"), store, "")).json() as any[];
+    const absentSet = new Set(absent.map((n) => n.content));
+    expect(new Set(sub.map((n) => n.content))).toEqual(absentSet);
+    // entity (literal) + person (subtype); NOT entity/archived.
+    expect(absentSet).toEqual(new Set(["fox literal", "fox subtype"]));
+  });
+
+  test("GET /notes?search=fox&tag=entity&expand=namespace — lexical tag/* only, NOT subtype sibling", async () => {
+    await seedSearchAxisCorpus();
+    const res = await handleNotes(mkReq("GET", "/notes?search=fox&tag=entity&expand=namespace&include_content=true"), store, "");
+    const body = await res.json() as any[];
+    // entity (literal) + entity/archived (name-prefixed); NOT person (subtype).
+    expect(new Set(body.map((n) => n.content))).toEqual(new Set(["fox literal", "fox filed"]));
+  });
+
+  test("GET /notes?search=fox&tag=entity&expand=exact — literal tag only", async () => {
+    await seedSearchAxisCorpus();
+    const res = await handleNotes(mkReq("GET", "/notes?search=fox&tag=entity&expand=exact&include_content=true"), store, "");
+    const body = await res.json() as any[];
+    expect(body.map((n) => n.content)).toEqual(["fox literal"]);
+  });
+
+  test("GET /notes?search=...&expand=bogus → 400 INVALID_QUERY (search branch validates too)", async () => {
+    await store.createNote("fox here");
+    const res = await handleNotes(mkReq("GET", "/notes?search=fox&expand=bogus"), store, "");
+    expect(res.status).toBe(400);
+    const body = await res.json() as any;
+    expect(body.code).toBe("INVALID_QUERY");
+    expect(body.error).toContain("expand");
+  });
+
   test("GET /notes?has_tags=false returns only untagged notes", async () => {
     await store.createNote("tagged", { tags: ["x"], path: "t" });
     await store.createNote("plain", { path: "p" });
@@ -6065,3 +6115,147 @@ describe("handleVault: audio_retention", async () => {
   });
 });
 
+describe("handleVault: auto_transcribe (per-vault)", async () => {
+  function mkVaultReq(method: string, body?: unknown): Request {
+    const init: RequestInit = { method };
+    if (body !== undefined) {
+      init.body = JSON.stringify(body);
+      init.headers = { "Content-Type": "application/json" };
+    }
+    return new Request(`${BASE}/vault`, init);
+  }
+
+  test("GET reflects the per-vault auto_transcribe.enabled when set", async () => {
+    const cfg = { name: "vaultA", auto_transcribe: { enabled: false } };
+    const res = await handleVault(mkReq("GET", "/vault"), store, cfg as any);
+    expect(res.status).toBe(200);
+    const body = await res.json() as any;
+    // The vault's OWN value wins over global — per-vault → global → true.
+    expect(body.config.auto_transcribe.enabled).toBe(false);
+  });
+
+  test("GET reflects per-vault true override even if global is off", async () => {
+    const cfg = { name: "vaultA", auto_transcribe: { enabled: true } };
+    const res = await handleVault(mkReq("GET", "/vault"), store, cfg as any);
+    const body = await res.json() as any;
+    expect(body.config.auto_transcribe.enabled).toBe(true);
+  });
+
+  test("PATCH writes auto_transcribe to THIS vault's config object (per-vault)", async () => {
+    const cfg: { name: string; auto_transcribe?: { enabled?: boolean } } = { name: "vaultA" };
+    let persisted = 0;
+    const res = await handleVault(
+      mkVaultReq("PATCH", { config: { auto_transcribe: { enabled: true } } }),
+      store,
+      cfg as any,
+      () => { persisted++; },
+    );
+    expect(res.status).toBe(200);
+    const body = await res.json() as any;
+    expect(body.config.auto_transcribe.enabled).toBe(true);
+    // Persisted onto the per-vault config object (writeVaultConfig path),
+    // NOT a server-wide global — this is the field the worker reads per-vault.
+    expect(cfg.auto_transcribe?.enabled).toBe(true);
+    expect(persisted).toBe(1);
+
+    // GET round-trips the persisted per-vault value.
+    const getRes = await handleVault(mkReq("GET", "/vault"), store, cfg as any);
+    const getBody = await getRes.json() as any;
+    expect(getBody.config.auto_transcribe.enabled).toBe(true);
+  });
+
+  test("enabling vault X does NOT affect vault Y (genuinely per-vault)", async () => {
+    const vaultX: { name: string; auto_transcribe?: { enabled?: boolean } } = { name: "vaultX" };
+    const vaultY: { name: string; auto_transcribe?: { enabled?: boolean } } = { name: "vaultY" };
+
+    // Link scribe to X only.
+    await handleVault(
+      mkVaultReq("PATCH", { config: { auto_transcribe: { enabled: true } } }),
+      store,
+      vaultX as any,
+      () => {},
+    );
+
+    expect(vaultX.auto_transcribe?.enabled).toBe(true);
+    // Y is untouched — no global toggle was flipped, so Y still has no
+    // per-vault override (the old global-write behavior would have moved Y too).
+    expect(vaultY.auto_transcribe).toBeUndefined();
+  });
+
+  test("PATCH accepts auto_transcribe.enabled=false", async () => {
+    const cfg: { name: string; auto_transcribe?: { enabled?: boolean } } = {
+      name: "vaultA",
+      auto_transcribe: { enabled: true },
+    };
+    const res = await handleVault(
+      mkVaultReq("PATCH", { config: { auto_transcribe: { enabled: false } } }),
+      store,
+      cfg as any,
+      () => {},
+    );
+    expect(res.status).toBe(200);
+    const body = await res.json() as any;
+    expect(body.config.auto_transcribe.enabled).toBe(false);
+    expect(cfg.auto_transcribe?.enabled).toBe(false);
+  });
+
+  test("PATCH rejects a non-boolean enabled with 400 and does not mutate or persist", async () => {
+    const cfg: { name: string; auto_transcribe?: { enabled?: boolean } } = {
+      name: "vaultA",
+      auto_transcribe: { enabled: true },
+    };
+    let persisted = 0;
+    const res = await handleVault(
+      mkVaultReq("PATCH", { config: { auto_transcribe: { enabled: "yes" } } }),
+      store,
+      cfg as any,
+      () => { persisted++; },
+    );
+    expect(res.status).toBe(400);
+    const body = await res.json() as any;
+    expect(body.error).toBe("invalid_auto_transcribe");
+    // Unchanged — the bad write never landed.
+    expect(cfg.auto_transcribe?.enabled).toBe(true);
+    expect(persisted).toBe(0);
+  });
+
+  test("PATCH rejects auto_transcribe missing enabled with 400", async () => {
+    const cfg = { name: "vaultA" } as { name: string };
+    let persisted = 0;
+    const res = await handleVault(
+      mkVaultReq("PATCH", { config: { auto_transcribe: {} } }),
+      store,
+      cfg as any,
+      () => { persisted++; },
+    );
+    expect(res.status).toBe(400);
+    const body = await res.json() as any;
+    expect(body.error).toBe("invalid_auto_transcribe");
+    expect(persisted).toBe(0);
+  });
+
+  test("auto_transcribe and audio_retention can be set in one PATCH (single persist)", async () => {
+    const cfg: { name: string; audio_retention?: string; auto_transcribe?: { enabled?: boolean } } = {
+      name: "vaultA",
+    };
+    let persisted = 0;
+    const res = await handleVault(
+      mkVaultReq("PATCH", {
+        config: { audio_retention: "until_transcribed", auto_transcribe: { enabled: true } },
+      }),
+      store,
+      cfg as any,
+      () => { persisted++; },
+    );
+    expect(res.status).toBe(200);
+    const body = await res.json() as any;
+    expect(body.config.audio_retention).toBe("until_transcribed");
+    expect(body.config.auto_transcribe.enabled).toBe(true);
+    expect(cfg.audio_retention).toBe("until_transcribed");
+    expect(cfg.auto_transcribe?.enabled).toBe(true);
+    // Both fields persisted in one writeVaultConfig call.
+    expect(persisted).toBe(1);
+  });
+
+});
+