@openparachute/vault 0.6.0-rc.1 → 0.6.0

package/core/src/triggers-store.ts

@@ -0,0 +1,165 @@
+/**
+ * Persisted runtime triggers — per-vault CRUD over the `triggers` table
+ * (schema v21).
+ *
+ * Complements the static `config.yaml` trigger system: config.yaml triggers
+ * are loaded at boot and fire globally (all vaults); rows in this table live
+ * in a single vault's SQLite DB and are re-registered at boot scoped to that
+ * vault (they fire ONLY for events on the vault they were stored under).
+ *
+ * The structured columns (`events`, `when`, `action`) are JSON-encoded on
+ * write and parsed on read. `name` is the primary key, so `upsertTrigger`
+ * is a true upsert (insert-or-replace by name). The shape here is kept
+ * structurally compatible with `src/config.ts`'s `TriggerConfig` /
+ * `TriggerWhen` / `TriggerAction` without importing from `src/` — core stays
+ * dependency-free of the server layer.
+ *
+ * `action.auth.bearer`, when present, becomes an `Authorization: Bearer`
+ * header on the webhook POST (the JWT webhook-auth path that retires the
+ * old `?secret=` query param). It is stored verbatim in the JSON column.
+ */
+
+import type { Database } from "bun:sqlite";
+
+/** Predicate shape — mirrors src/config.ts:TriggerWhen. */
+export interface StoredTriggerWhen {
+  tags?: string[];
+  has_content?: boolean;
+  missing_metadata?: string[];
+  has_metadata?: string[];
+}
+
+/** Webhook auth — only the bearer-JWT path for now. */
+export interface StoredTriggerAuth {
+  bearer?: string;
+}
+
+/** Action shape — mirrors src/config.ts:TriggerAction plus `auth`. */
+export interface StoredTriggerAction {
+  webhook: string;
+  timeout?: number;
+  send?: "json" | "attachment" | "content";
+  auth?: StoredTriggerAuth;
+  // Forward-compat: include_context and any other action fields round-trip
+  // through the JSON column verbatim even though core doesn't interpret them.
+  [key: string]: unknown;
+}
+
+/** A persisted trigger row, decoded. */
+export interface StoredTrigger {
+  name: string;
+  events: Array<"created" | "updated">;
+  when: StoredTriggerWhen;
+  action: StoredTriggerAction;
+  created_at: string;
+  updated_at: string;
+}
+
+/** The writable subset callers pass to upsert. */
+export interface TriggerInput {
+  name: string;
+  events?: Array<"created" | "updated">;
+  when: StoredTriggerWhen;
+  action: StoredTriggerAction;
+}
+
+interface TriggerRow {
+  name: string;
+  events: string;
+  when: string;
+  action: string;
+  created_at: string;
+  updated_at: string;
+}
+
+function decodeRow(row: TriggerRow): StoredTrigger {
+  return {
+    name: row.name,
+    events: safeParse(row.events, ["created", "updated"]) as Array<"created" | "updated">,
+    when: safeParse(row.when, {}) as StoredTriggerWhen,
+    action: safeParse(row.action, { webhook: "" }) as StoredTriggerAction,
+    created_at: row.created_at,
+    updated_at: row.updated_at,
+  };
+}
+
+function safeParse(json: string, fallback: unknown): unknown {
+  try {
+    return JSON.parse(json);
+  } catch {
+    return fallback;
+  }
+}
+
+/**
+ * Insert or replace a trigger by name. Preserves `created_at` on update
+ * (re-fetches the existing row's timestamp) and stamps a fresh `updated_at`.
+ * Returns the stored shape.
+ */
+export function upsertTrigger(db: Database, input: TriggerInput): StoredTrigger {
+  const now = new Date().toISOString();
+  const existing = db
+    .prepare("SELECT created_at FROM triggers WHERE name = ?")
+    .get(input.name) as { created_at: string } | null;
+  const createdAt = existing?.created_at ?? now;
+  const events = input.events ?? ["created", "updated"];
+
+  db.prepare(
+    `INSERT INTO triggers (name, events, "when", action, created_at, updated_at)
+     VALUES (?, ?, ?, ?, ?, ?)
+     ON CONFLICT(name) DO UPDATE SET
+       events = excluded.events,
+       "when" = excluded."when",
+       action = excluded.action,
+       updated_at = excluded.updated_at`,
+  ).run(
+    input.name,
+    JSON.stringify(events),
+    JSON.stringify(input.when),
+    JSON.stringify(input.action),
+    createdAt,
+    now,
+  );
+
+  return {
+    name: input.name,
+    events,
+    when: input.when,
+    action: input.action,
+    created_at: createdAt,
+    updated_at: now,
+  };
+}
+
+/** List all persisted triggers for this vault, ordered by name. */
+export function listTriggers(db: Database): StoredTrigger[] {
+  const rows = db
+    .prepare(
+      `SELECT name, events, "when", action, created_at, updated_at
+       FROM triggers ORDER BY name`,
+    )
+    .all() as TriggerRow[];
+  return rows.map(decodeRow);
+}
+
+/** Fetch a single trigger by name, or null. */
+export function getTrigger(db: Database, name: string): StoredTrigger | null {
+  const row = db
+    .prepare(
+      `SELECT name, events, "when", action, created_at, updated_at
+       FROM triggers WHERE name = ?`,
+    )
+    .get(name) as TriggerRow | null;
+  return row ? decodeRow(row) : null;
+}
+
+/** Delete a trigger by name. Returns true if a row was removed. */
+export function deleteTrigger(db: Database, name: string): boolean {
+  const res = db.prepare("DELETE FROM triggers WHERE name = ?").run(name);
+  return res.changes > 0;
+}
+
+/** Load all persisted triggers (boot path). Alias of listTriggers for clarity. */
+export function loadAllTriggers(db: Database): StoredTrigger[] {
+  return listTriggers(db);
+}

package/core/src/types.ts

@@ -1,10 +1,13 @@
-import type { TagFieldSchema, TagRelationship, TagRecord } from "./tag-schemas.js";
+import type { Database } from "bun:sqlite";
+import type { TagFieldSchema, TagRelationship, TagRelationshipMap, TagRecord } from "./tag-schemas.js";
 import type { PrunedField } from "./indexed-fields.js";
+import type { TagExpandMode } from "./tag-hierarchy.js";
 
 // ---- Re-exports ----
 
-export type { TagFieldSchema, TagRelationship, TagRecord } from "./tag-schemas.js";
+export type { TagFieldSchema, TagRelationship, TagRelationshipMap, TagRecord } from "./tag-schemas.js";
 export type { PrunedField } from "./indexed-fields.js";
+export type { TagExpandMode } from "./tag-hierarchy.js";
 
 // ---- Note ----
 
@@ -25,6 +28,14 @@ export interface Note {
   updatedAt?: string;
   tags?: string[];
   links?: Link[];
+  /**
+   * Opt-in link degree (raw row count, both directions by default). Present
+   * only when the caller requests it via `include_link_count` (REST/MCP).
+   * Surfaced the same way `links`/`attachments` are — an extra key injected
+   * onto the response after the base shape. See `getLinkCounts` in links.ts
+   * for the exact degree semantics (self-loop = 2 under `both`).
+   */
+  linkCount?: number;
 }
 
 // ---- Link ----
@@ -59,6 +70,16 @@ export interface VaultStats {
   tagCount: number;
   attachmentCount: number;
   linkCount: number;
+  /**
+   * Total bytes of all note content, computed as the sum of the UTF-8 byte
+   * length of every note's `content`. The SQL uses `LENGTH(CAST(content AS
+   * BLOB))` deliberately: SQLite's bare `LENGTH(text)` returns the number of
+   * *characters*, not bytes, so a note full of multibyte UTF-8 (emoji, CJK,
+   * accents) would undercount its true on-disk/on-wire footprint. Casting to
+   * BLOB forces `LENGTH` to count raw bytes. This is the logical content size,
+   * not the physical DB-file size (see `usage.ts:dbBytes` for the latter).
+   */
+  contentBytes: number;
 }
 
 // ---- Query Options ----
@@ -66,6 +87,18 @@ export interface VaultStats {
 export interface QueryOpts {
   tags?: string[];
   tagMatch?: "all" | "any"; // "all" = must have ALL tags (default), "any" = must have ANY tag
+  /**
+   * Tag-expansion axis (vault tag `expand` axis — design
+   * `design/2026-06-09-tag-expand-axis.md`). Selects how each `tags` entry
+   * expands:
+   * - `"subtypes"` (DEFAULT): tag ∪ `parent_names` descendants. Today's
+   *   semantic is-a behavior, unchanged. `_default` universal magic fires here.
+   * - `"namespace"`: tag ∪ lexically name-prefixed `tag/*` (the filing axis).
+   * - `"both"`: union of subtypes + namespace.
+   * - `"exact"`: the literal tag only, no expansion.
+   * Absent → `"subtypes"` → byte-identical to pre-axis behavior.
+   */
+  expand?: TagExpandMode;
   excludeTags?: string[];
   // Presence filters. `true` → has at least one; `false` → has none.
   // When `tags` is also set, `hasTags` is ignored (the tag filter already constrains the set).
@@ -115,6 +148,12 @@ export interface QueryOpts {
   // declared `indexed: true`; errors loudly otherwise. Direction is taken
   // from `sort` (default "asc") and `created_at` is appended as a stable
   // tiebreaker.
+  //
+  // The pseudo-field `link_count` is special-cased (no indexed-field
+  // declaration needed): it sorts by link DEGREE — the both-directions
+  // raw row count — using the same directional-sum definition as the
+  // `linkCount` response field, so the sort key equals the field value for
+  // every note (self-loops included). See `queryNotes`/`getLinkCounts`.
   orderBy?: string;
   limit?: number;
   offset?: number;
@@ -153,6 +192,8 @@ export interface NoteSummary {
   createdAt: string;
   updatedAt?: string;
   tags?: string[];
+  /** Opt-in link degree (see `Note.linkCount`). */
+  linkCount?: number;
 }
 
 /**
@@ -169,6 +210,8 @@ export interface NoteIndex {
   metadata?: Record<string, unknown>;
   byteSize: number;
   preview: string;
+  /** Opt-in link degree (see `Note.linkCount`). */
+  linkCount?: number;
 }
 
 /** Link with hydrated note summaries. */
@@ -180,6 +223,15 @@ export interface HydratedLink extends Link {
 // ---- Store Interface ----
 
 export interface Store {
+  /**
+   * The underlying `bun:sqlite` handle. Exposed (read-only) so callers that
+   * need to run a raw query the Store interface doesn't surface — e.g. the
+   * token-table reverse-lookups in routes.ts and MCP tool generation in
+   * mcp.ts — can reach it without an `(store as any).db` cast. The concrete
+   * `Store` class declares this as `public readonly db: Database`. See vault#242.
+   */
+  readonly db: Database;
+
   // Notes
   createNote(content: string, opts?: { id?: string; path?: string; tags?: string[]; metadata?: Record<string, unknown>; created_at?: string; extension?: string }): Promise<Note>;
   getNote(id: string): Promise<Note | null>;
@@ -218,7 +270,7 @@ export interface Store {
    * agent loop can persist a single watermark and keep polling.
    */
   queryNotesPaged(opts: QueryOpts): Promise<QueryNotesPage>;
-  searchNotes(query: string, opts?: { tags?: string[]; limit?: number }): Promise<Note[]>;
+  searchNotes(query: string, opts?: { tags?: string[]; limit?: number; expand?: TagExpandMode }): Promise<Note[]>;
 
   // Tags
   tagNote(noteId: string, tags: string[]): Promise<void>;
@@ -230,6 +282,18 @@ export interface Store {
    * compute the effective allowlisted tag-set at auth time.
    */
   expandTagsWithDescendants(tags: string[]): Promise<Set<string>>;
+  /**
+   * Mode-aware tag expansion (vault tag `expand` axis). Expands each input tag
+   * along the selected axis and returns the union:
+   * - `"subtypes"` (default): `{tag} ∪ parent_names-descendants` — identical to
+   *   `expandTagsWithDescendants` (which is a thin shim over this).
+   * - `"namespace"`: `{tag} ∪ lexically name-prefixed tag/*`.
+   * - `"both"`: union of the two.
+   * - `"exact"`: `{tag}` only.
+   * Always includes each input tag. Used by the live-query matcher to lower the
+   * IDENTICAL expansion the snapshot query engine uses for the same `expand`.
+   */
+  expandTags(tags: string[], mode?: TagExpandMode): Promise<Set<string>>;
   listTags(): Promise<{ name: string; count: number }[]>;
   deleteTag(name: string): Promise<{ deleted: boolean; notes_untagged: number }>;
   renameTag(
@@ -313,7 +377,7 @@ export interface Store {
     patch: {
       description?: string | null;
       fields?: Record<string, TagFieldSchema> | null;
-      relationships?: Record<string, TagRelationship> | null;
+      relationships?: TagRelationshipMap | null;
       parent_names?: string[] | null;
     },
   ): Promise<TagRecord>;

package/core/src/vault-projection.ts

@@ -305,5 +305,25 @@ export function projectionToMarkdown(args: {
   lines.push("");
   lines.push("If schema or tags change during this session, call `vault-info` to refresh the full projection. Call `list-tags { include_schema: true }` for tag-only details.");
 
+  // Scripting pointer block: the connect-time brief used to dead-end on
+  // querying — an agent had no path to "how do I script/automate against this
+  // vault." Point at the guide rather than inlining it, to keep this brief
+  // lean (token-budget note above). Uses the concrete vault name so the mint
+  // command is copy-paste ready.
+  lines.push("");
+  lines.push("## Scripting & automation (beyond this session)");
+  lines.push("");
+  lines.push(
+    "This vault is also a plain HTTP API — reach for it when the user wants a script, cron job, or CI step rather than an interactive session:",
+  );
+  lines.push(
+    `- Mint a scoped credential: \`parachute auth mint-token --scope vault:${vaultName}:read --ephemeral\` (\`--ephemeral\` = short-lived, ideal for scripts; use \`:write\` to create/edit).`,
+  );
+  lines.push(`- Call the REST API at \`<hub-origin>/vault/${vaultName}/api/...\`.`);
+  lines.push(
+    "- Full guide — copy-paste bash/Python/JS examples, plus how to design tags vs paths vs schemas: https://parachute.computer/scripting/",
+  );
+  lines.push("- For a prompt on a schedule with no code, see Parachute Runner.");
+
   return lines.join("\n");
 }

package/core/src/wikilinks.ts

@@ -137,7 +137,7 @@ export function resolveWikilink(db: Database, target: string): string | null {
     const extPart = extMatch[2]!.toLowerCase();
     const explicit = db.prepare(
       "SELECT id FROM notes WHERE path = ? COLLATE NOCASE AND LOWER(extension) = ?",
-    ).get(pathPart, extPart) as { id: string } | undefined;
+    ).get(pathPart, extPart) as { id: string } | null;
     if (explicit) return explicit.id;
     // No match for explicit (path, ext) — fall through to the looser
     // rules so a literal note named `Recipe.v2` (where `v2` isn't an
@@ -199,7 +199,7 @@ export function resolveWikilinkDetailed(db: Database, target: string): WikilinkR
     const extPart = extMatch[2]!.toLowerCase();
     const explicit = db.prepare(
       "SELECT id, path FROM notes WHERE path = ? COLLATE NOCASE AND LOWER(extension) = ?",
-    ).get(pathPart, extPart) as { id: string; path: string } | undefined;
+    ).get(pathPart, extPart) as { id: string; path: string } | null;
     if (explicit) {
       return { resolved: true, note_id: explicit.id, path: explicit.path, candidates: [] };
     }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@openparachute/vault",
-  "version": "0.6.0-rc.1",
+  "version": "0.6.0",
   "description": "Agent-native knowledge graph. Notes, tags, links over MCP.",
   "module": "src/cli.ts",
   "type": "module",
@@ -22,12 +22,11 @@
     "test:core": "cd core && node --experimental-vm-modules node_modules/vitest/dist/cli.js run",
     "typecheck": "tsc --noEmit",
     "build:spa": "cd web/ui && bun install --frozen-lockfile && bun run build",
-    "postinstall": "if [ -d web/ui ]; then bun run build:spa; fi",
     "prepack": "bun run build:spa"
   },
   "dependencies": {
     "@modelcontextprotocol/sdk": "^1.12.1",
-    "@openparachute/scope-guard": "^0.4.0-rc.2",
+    "@openparachute/scope-guard": "^0.4.1-rc.1",
     "jose": "^6.2.2",
     "otpauth": "^9.5.0",
     "qrcode-terminal": "^0.12.0"

package/src/admin-spa.test.ts

@@ -12,7 +12,12 @@ import { describe, test, expect, beforeAll, afterAll } from "bun:test";
 import { mkdirSync, readFileSync, rmSync, writeFileSync } from "fs";
 import { join } from "path";
 import { tmpdir } from "os";
-import { isAdminSpaPath, serveAdminSpa } from "./admin-spa.ts";
+import {
+  isAdminSpaPath,
+  isDaemonAdminSpaPath,
+  serveAdminSpa,
+  serveDaemonAdminSpa,
+} from "./admin-spa.ts";
 
 const fixtureDir = join(tmpdir(), `vault-admin-spa-test-${Date.now()}-${Math.random().toString(36).slice(2)}`);
 
@@ -130,15 +135,76 @@ describe("serveAdminSpa", () => {
   });
 });
 
+describe("isDaemonAdminSpaPath", () => {
+  test("matches /vault/admin and true subpaths", () => {
+    expect(isDaemonAdminSpaPath("/vault/admin")).toBe(true);
+    expect(isDaemonAdminSpaPath("/vault/admin/")).toBe(true);
+    expect(isDaemonAdminSpaPath("/vault/admin/assets/index.js")).toBe(true);
+    // The doubled path the per-vault regex would mis-read as vault "admin".
+    expect(isDaemonAdminSpaPath("/vault/admin/admin")).toBe(true);
+  });
+
+  test("does not match vaults whose name merely starts with 'admin'", () => {
+    expect(isDaemonAdminSpaPath("/vault/adminx")).toBe(false);
+    expect(isDaemonAdminSpaPath("/vault/admin2/admin")).toBe(false);
+    expect(isDaemonAdminSpaPath("/vault/admin-foo")).toBe(false);
+  });
+
+  test("does not match per-vault mounts or unrelated paths", () => {
+    expect(isDaemonAdminSpaPath("/vault/work/admin")).toBe(false);
+    expect(isDaemonAdminSpaPath("/admin")).toBe(false);
+    expect(isDaemonAdminSpaPath("/vaults")).toBe(false);
+  });
+});
+
+describe("serveDaemonAdminSpa (the /vault/admin multi-vault mount)", () => {
+  test("bare /vault/admin redirects to trailing-slash form (301)", async () => {
+    // Same load-bearing canonicalization as the per-vault mount: Vite's
+    // relative asset URLs (./assets/...) resolve against the document's
+    // DIRECTORY, so /vault/admin (bare) would resolve assets to
+    // /vault/assets/... and 404 them.
+    const res = await serveDaemonAdminSpa(fixtureDir, "/vault/admin");
+    expect(res.status).toBe(301);
+    expect(res.headers.get("Location")).toBe("/vault/admin/");
+  });
+
+  test("/vault/admin/ returns the SPA index", async () => {
+    const res = await serveDaemonAdminSpa(fixtureDir, "/vault/admin/");
+    expect(res.status).toBe(200);
+    expect(res.headers.get("content-type")).toContain("text/html");
+    expect(await res.text()).toContain("shell");
+  });
+
+  test("daemon-mount asset path strips cleanly", async () => {
+    const res = await serveDaemonAdminSpa(fixtureDir, "/vault/admin/assets/index-abc.js");
+    expect(res.status).toBe(200);
+    expect(res.headers.get("content-type")).toContain("application/javascript");
+  });
+
+  test("/vault/admin/admin serves the shell (client route, not a per-vault boot)", async () => {
+    const res = await serveDaemonAdminSpa(fixtureDir, "/vault/admin/admin");
+    expect(res.status).toBe(200);
+    expect(res.headers.get("content-type")).toContain("text/html");
+    expect(await res.text()).toContain("shell");
+  });
+
+  test("path traversal (..) cannot escape dist dir on the daemon mount", async () => {
+    const res = await serveDaemonAdminSpa(fixtureDir, "/vault/admin/../../etc/passwd");
+    expect(res.status).toBe(200);
+    expect(await res.text()).toContain("shell");
+  });
+});
+
 describe("hub <-> vault managementUrl contract", () => {
   // Browsers drop the URL fragment when following a 301 (RFC 7231 SHOULD
   // preserve, but Chrome/Firefox/Safari are inconsistent in practice). The
   // hub-issued JWT travels in `#token=...`, so a redirected click loses the
-  // token and the SPA boots unauthenticated. Hub's resolveManagementUrl joins
-  // the per-vault module URL with module.json's `managementUrl` verbatim — if
-  // it ends with "/" the canonical click target is `/vault/<name>/admin/`
-  // (no redirect, fragment preserved). Without the trailing slash hub emits
-  // `/vault/<name>/admin`, the server 301s, and the fragment is gone.
+  // token and the SPA boots unauthenticated. Under the B4 URL-resolution
+  // semantics (hub#637) a RELATIVE managementUrl is mount-joined per
+  // instance (`/vault/<name>` + "/" + "admin/") — if it ends with "/" the
+  // canonical click target is `/vault/<name>/admin/` (no redirect, fragment
+  // preserved). Without the trailing slash hub emits `/vault/<name>/admin`,
+  // the server 301s, and the fragment is gone.
   test("module.json managementUrl ends with '/' so hub emits the no-redirect form", () => {
     const moduleJson = JSON.parse(
       readFileSync(join(import.meta.dir, "..", ".parachute", "module.json"), "utf8"),
@@ -146,16 +212,40 @@ describe("hub <-> vault managementUrl contract", () => {
     expect(moduleJson.managementUrl).toMatch(/\/$/);
   });
 
-  test("the canonical hub-emitted URL serves the SPA shell directly (no 301)", async () => {
-    // Mirror hub's resolveManagementUrl shape: per-vault module URL +
-    // managementUrl. With managementUrl="/admin/" the result is
+  test("managementUrl + uiUrl are RELATIVE (per-instance); configUiUrl is origin-absolute (daemon-level)", () => {
+    // B4 semantics (2026-06-09 hub-module-boundary): relative = mount-joined
+    // per instance; leading "/" = origin-absolute verbatim. The per-instance
+    // surfaces (manage tile, instance UI) stay per-vault; the module-level
+    // config UI points at the daemon-level multi-vault home. A leading "/"
+    // on managementUrl/uiUrl here would flip every instance tile to the
+    // module home; a relative configUiUrl would wrongly mount-join.
+    const moduleJson = JSON.parse(
+      readFileSync(join(import.meta.dir, "..", ".parachute", "module.json"), "utf8"),
+    );
+    expect(moduleJson.managementUrl).toBe("admin/");
+    expect(moduleJson.uiUrl).toBe("admin/");
+    expect(moduleJson.configUiUrl).toBe("/vault/admin/");
+  });
+
+  test("the canonical hub-emitted per-instance URL serves the SPA shell directly (no 301)", async () => {
+    // Mirror hub's per-instance join under B4: mount + "/" + relative
+    // managementUrl. With managementUrl="admin/" the result is
     // /vault/<name>/admin/ — which serveAdminSpa returns as 200, not 301.
     const moduleJson = JSON.parse(
       readFileSync(join(import.meta.dir, "..", ".parachute", "module.json"), "utf8"),
     );
-    const canonical = `/vault/work${moduleJson.managementUrl}`;
+    const canonical = `/vault/work/${moduleJson.managementUrl}`;
     const res = await serveAdminSpa(fixtureDir, canonical);
     expect(res.status).toBe(200);
     expect(res.headers.get("Location")).toBeNull();
   });
+
+  test("the canonical configUiUrl serves the daemon-level shell directly (no 301)", async () => {
+    const moduleJson = JSON.parse(
+      readFileSync(join(import.meta.dir, "..", ".parachute", "module.json"), "utf8"),
+    );
+    const res = await serveDaemonAdminSpa(fixtureDir, moduleJson.configUiUrl);
+    expect(res.status).toBe(200);
+    expect(res.headers.get("Location")).toBeNull();
+  });
 });

package/src/admin-spa.ts

@@ -28,6 +28,18 @@ import { fileURLToPath } from "node:url";
  */
 const ADMIN_SPA_MOUNT_RE = /^\/vault\/([^/]+)\/admin(?=\/|$)/;
 
+/**
+ * Regex anchoring the DAEMON-LEVEL multi-vault SPA mount at `/vault/admin`
+ * (B3 of the 2026-06-09 hub-module-boundary migration). Deliberately a
+ * SEPARATE regex from the per-vault one — merging them would let
+ * `/vault/admin/admin` boot per-vault mode with name="admin". `admin` is a
+ * reserved vault name (see `vault-name.ts:RESERVED_VAULT_NAMES`), so this
+ * mount can never collide with a real instance; routing dispatches it
+ * BEFORE the per-vault branch so a pre-reservation squatter is shadowed
+ * (and warned about at boot) rather than capturing the mount.
+ */
+const DAEMON_ADMIN_SPA_MOUNT_RE = /^\/vault\/admin(?=\/|$)/;
+
 /**
  * Resolve the default SPA bundle dir. Anchored to this file's location so
  * a `bun src/server.ts` from any cwd still finds `<repo>/web/ui/dist/`.
@@ -92,18 +104,24 @@ function spaContentType(pathname: string): string {
  * even before a token has been minted (so the operator can actually see
  * the empty / auth-required state we render in `VaultDetail.tsx`).
  */
-export async function serveAdminSpa(spaDistDir: string, pathname: string): Promise<Response> {
+export async function serveAdminSpa(
+  spaDistDir: string,
+  pathname: string,
+  mountRe: RegExp = ADMIN_SPA_MOUNT_RE,
+): Promise<Response> {
   if (!existsSync(spaDistDir)) {
     return new Response(
       "vault admin SPA bundle not found — run `bun run build` in web/ui/ to produce dist/",
       { status: 503, headers: { "content-type": "text/plain; charset=utf-8" } },
     );
   }
-  // Strip the mount prefix:
+  // Strip the mount prefix (per-vault by default; the daemon-level mount
+  // passes its own regex via `serveDaemonAdminSpa`):
   //   /vault/foo/admin       → ""
   //   /vault/foo/admin/      → "/"
   //   /vault/foo/admin/x.js  → "/x.js"
-  const sub = pathname.replace(ADMIN_SPA_MOUNT_RE, "");
+  //   /vault/admin/x.js      → "/x.js"   (daemon mount)
+  const sub = pathname.replace(mountRe, "");
 
   // Canonicalize the bare mount → trailing-slash form. Vite emits
   // *relative* asset URLs (`./assets/index-abc.js`) since `<name>` isn't
@@ -155,7 +173,34 @@ export async function serveAdminSpa(spaDistDir: string, pathname: string): Promi
  * Match `/vault/<name>/admin` or `/vault/<name>/admin/...`. Bare
  * `/vault/<name>/admin-foo` and `/vault/<name>` (the metadata endpoint)
  * must NOT trigger this — only the SPA mount root and its true subpaths.
+ *
+ * NOTE: `/vault/admin/admin` also matches this regex (name="admin") — the
+ * router dispatches `isDaemonAdminSpaPath` FIRST so that path never
+ * reaches per-vault mode. Keep that dispatch order; it's pinned in
+ * routing.test.ts.
  */
 export function isAdminSpaPath(pathname: string): boolean {
   return ADMIN_SPA_MOUNT_RE.test(pathname);
 }
+
+/**
+ * Match the daemon-level multi-vault mount: `/vault/admin` or
+ * `/vault/admin/...`. `/vault/adminx` (a real vault that begins with
+ * "admin") must NOT trigger this — only the exact segment.
+ */
+export function isDaemonAdminSpaPath(pathname: string): boolean {
+  return DAEMON_ADMIN_SPA_MOUNT_RE.test(pathname);
+}
+
+/**
+ * Serve the SPA bundle under the daemon-level `/vault/admin` mount. Same
+ * bundle as the per-vault mount — `web/ui/src/lib/mount.ts` detects which
+ * basename it booted under at runtime — with the daemon mount's own
+ * prefix-strip. The bare-mount 301 inside `serveAdminSpa` fires for
+ * `/vault/admin` too: Vite's relative asset URLs resolve against the
+ * document's DIRECTORY, so without the trailing-slash canonicalization
+ * assets would resolve to `/vault/assets/...` and 404.
+ */
+export function serveDaemonAdminSpa(spaDistDir: string, pathname: string): Promise<Response> {
+  return serveAdminSpa(spaDistDir, pathname, DAEMON_ADMIN_SPA_MOUNT_RE);
+}

package/src/auth-hub-jwt.test.ts

@@ -143,6 +143,7 @@ function bearer(token: string): Request {
 let tmpHome: string;
 let prevHome: string | undefined;
 let prevHubOrigin: string | undefined;
+let prevJwksOrigin: string | undefined;
 let fixture: HubFixture;
 let kp: Keypair;
 
@@ -159,7 +160,11 @@ beforeEach(async () => {
   kp = await makeKeypair("k1");
   fixture = startHubFixture([kp]);
   prevHubOrigin = process.env.PARACHUTE_HUB_ORIGIN;
+  prevJwksOrigin = process.env.PARACHUTE_HUB_JWKS_ORIGIN;
   process.env.PARACHUTE_HUB_ORIGIN = fixture.origin;
+  // Post-vault#464 the JWKS fetch origin resolves separately (loopback by
+  // default); point it at the fixture so keys are reachable in-test.
+  process.env.PARACHUTE_HUB_JWKS_ORIGIN = fixture.origin;
   resetJwksCache();
   resetRevocationCache();
 });
@@ -171,6 +176,8 @@ afterEach(() => {
   else process.env.PARACHUTE_HOME = prevHome;
   if (prevHubOrigin === undefined) delete process.env.PARACHUTE_HUB_ORIGIN;
   else process.env.PARACHUTE_HUB_ORIGIN = prevHubOrigin;
+  if (prevJwksOrigin === undefined) delete process.env.PARACHUTE_HUB_JWKS_ORIGIN;
+  else process.env.PARACHUTE_HUB_JWKS_ORIGIN = prevJwksOrigin;
   if (existsSync(tmpHome)) rmSync(tmpHome, { recursive: true, force: true });
 });
 
@@ -668,7 +675,7 @@ describe("authenticateVaultRequest — hub JWT tag-scoping (auth-unification C0)
 
 // ---------------------------------------------------------------------------
 // pvt_* DROP (vault#282 Stage 2 — BREAKING). pvt_* tokens were the only
-// non-JWT, non-YAML credential vault used to mint + validate. At 0.6.0 the
+// non-JWT, non-YAML credential vault used to mint + validate. At 0.5.0 the
 // mint + validation were removed entirely: a pvt_*-prefixed bearer is no
 // longer JWT-shaped (skips authenticateHubJwt) and matches no surviving
 // credential, so it 401s. The hub JWT — the migration target — keeps working.

package/src/auth-status.ts

@@ -8,7 +8,7 @@
  *
  * What gets exposed:
  *   - `initialized` — at least one vault exists
- *   - `auth_modes`  — accepted bearer formats. As of 0.6.0 (vault#282 Stage 2)
+ *   - `auth_modes`  — accepted bearer formats. As of 0.5.0 (vault#282 Stage 2)
  *     vault is a pure hub resource-server: the only first-class user
  *     credential is a hub-issued JWT, so this is `["hub_jwt"]`. (The
  *     server-wide VAULT_AUTH_TOKEN operator bearer + legacy YAML api_keys
@@ -17,7 +17,7 @@
  *   - `vaults`      — list of `{ name, url }` for client-side dispatch
  *   - `hasOwnerPassword`, `hasTotp` — OAuth consent prerequisites
  *   - `hasTokens`   — boolean | null. Probes the vestigial `tokens` table for
- *     any leftover pre-0.6.0 rows (the table is kept inert as the YAML-import
+ *     any leftover pre-0.5.0 rows (the table is kept inert as the YAML-import
  *     landing zone + a future-cosmetic-drop target). `null` ≈ "we couldn't
  *     read all DBs, don't trust this answer"; `true`/`false` are honest yes/no.
  *