@phren/cli 0.0.28 → 0.0.33

package/mcp/dist/{finding-lifecycle.js → finding/lifecycle.js}

@@ -1,11 +1,11 @@
 import * as fs from "fs";
 import * as path from "path";
-import { PhrenError, phrenErr, phrenOk } from "./phren-core.js";
+import { PhrenError, phrenErr, phrenOk } from "../phren-core.js";
 // Phren lifecycle comment prefix. No backward compat.
 const LIFECYCLE_PREFIX = "phren";
-import { withFileLock } from "./shared-governance.js";
-import { isValidProjectName, safeProjectPath } from "./utils.js";
-import { isArchiveEnd, isArchiveStart, parseCreatedDate as parseCreatedDateMeta, parseStatusField, parseStatus, parseSupersession, parseContradiction, parseFindingId as parseFindingIdMeta, stripLifecycleMetadata, stripRelationMetadata, normalizeFindingText, } from "./content-metadata.js";
+import { withFileLock } from "../shared/governance.js";
+import { isValidProjectName, safeProjectPath } from "../utils.js";
+import { isArchiveEnd, isArchiveStart, parseCreatedDate as parseCreatedDateMeta, parseStatusField, parseStatus, parseSupersession, parseContradiction, parseFindingId as parseFindingIdMeta, stripLifecycleMetadata, stripRelationMetadata, normalizeFindingText, } from "../content/metadata.js";
 export const FINDING_TYPE_DECAY = {
     'pattern': { maxAgeDays: 365, decayMultiplier: 1.0 }, // Slow decay, long-lived
     'decision': { maxAgeDays: Infinity, decayMultiplier: 1.0 }, // Never decays
@@ -219,7 +219,9 @@ export function supersedeFinding(phrenPath, project, findingText, supersededBy)
         const today = new Date().toISOString().slice(0, 10);
         lines[matched.data.index] = applyLifecycle(lines[matched.data.index], { status: "superseded", status_updated: today, status_reason: "superseded_by", status_ref: ref }, today, { supersededBy: ref });
         const normalized = lines.join("\n").replace(/\n{3,}/g, "\n\n").trimEnd() + "\n";
-        fs.writeFileSync(findingsPath, normalized);
+        const tmpPath = findingsPath + ".tmp." + process.pid;
+        fs.writeFileSync(tmpPath, normalized);
+        fs.renameSync(tmpPath, findingsPath);
         return phrenOk({ finding: matched.data.text, superseded_by: ref, status: "superseded" });
     });
 }
@@ -239,7 +241,9 @@ export function retractFinding(phrenPath, project, findingText, reason) {
         const today = new Date().toISOString().slice(0, 10);
         lines[matched.data.index] = applyLifecycle(lines[matched.data.index], { status: "retracted", status_updated: today, status_reason: reasonText }, today);
         const normalized = lines.join("\n").replace(/\n{3,}/g, "\n\n").trimEnd() + "\n";
-        fs.writeFileSync(findingsPath, normalized);
+        const tmpPath = findingsPath + ".tmp." + process.pid;
+        fs.writeFileSync(tmpPath, normalized);
+        fs.renameSync(tmpPath, findingsPath);
         return phrenOk({ finding: matched.data.text, reason: reasonText, status: "retracted" });
     });
 }
@@ -289,7 +293,9 @@ export function resolveFindingContradiction(phrenPath, project, findingA, findin
             statusB = "retracted";
         }
         const normalized = lines.join("\n").replace(/\n{3,}/g, "\n\n").trimEnd() + "\n";
-        fs.writeFileSync(findingsPath, normalized);
+        const tmpPath = findingsPath + ".tmp." + process.pid;
+        fs.writeFileSync(tmpPath, normalized);
+        fs.renameSync(tmpPath, findingsPath);
         return phrenOk({
             resolution,
             finding_a: { text: matchedA.data.text, status: statusA },

package/mcp/dist/governance/audit.js

@@ -0,0 +1,30 @@
+import * as fs from "fs";
+import * as path from "path";
+import { debugLog } from "../shared.js";
+import { errorMessage } from "../utils.js";
+const MAX_LOG_LINES = 1000;
+export function recordRetrieval(phrenPath, file, section) {
+    const dir = path.join(phrenPath, ".runtime");
+    let logPath;
+    try {
+        fs.mkdirSync(dir, { recursive: true });
+        logPath = path.join(dir, "retrieval-log.jsonl");
+        const entry = { file, section, retrievedAt: new Date().toISOString() };
+        fs.appendFileSync(logPath, JSON.stringify(entry) + "\n");
+    }
+    catch (err) {
+        debugLog(`recordRetrieval write failed: ${errorMessage(err)}`);
+        return;
+    }
+    try {
+        const stat = fs.statSync(logPath);
+        if (stat.size > 500_000) {
+            const content = fs.readFileSync(logPath, "utf8");
+            const lines = content.split("\n").filter(Boolean);
+            fs.writeFileSync(logPath, lines.slice(-MAX_LOG_LINES).join("\n") + "\n");
+        }
+    }
+    catch (err) {
+        debugLog(`recordRetrieval rotation failed: ${errorMessage(err)}`);
+    }
+}

package/mcp/dist/{governance-locks.js → governance/locks.js}

@@ -1,7 +1,8 @@
 import * as fs from "fs";
 import * as path from "path";
-import { debugLog } from "./shared.js";
-import { errorMessage } from "./utils.js";
+import { debugLog } from "../shared.js";
+import { errorMessage } from "../utils.js";
+import { logger } from "../logger.js";
 // Acquire the file lock, returning true on success or throwing on timeout.
 function acquireFileLock(lockPath) {
     const maxWait = Number.parseInt(process.env.PHREN_FILE_LOCK_MAX_WAIT_MS || "5000", 10) || 5000;
@@ -19,8 +20,7 @@ function acquireFileLock(lockPath) {
             break;
         }
         catch (err) {
-            if ((process.env.PHREN_DEBUG))
-                process.stderr.write(`[phren] acquireFileLock lockWrite: ${errorMessage(err)}\n`);
+            logger.debug("acquireFileLock", `lockWrite: ${errorMessage(err)}`);
             try {
                 const stat = fs.statSync(lockPath);
                 if (Date.now() - stat.mtimeMs > staleThreshold) {
@@ -40,7 +40,14 @@ function acquireFileLock(lockPath) {
                                 }
                             }
                             else {
-                                ownerDead = true;
+                                try {
+                                    const result = require('child_process').spawnSync('tasklist', ['/FI', `PID eq ${lockPid}`, '/NH'], { encoding: 'utf8', timeout: 2000 });
+                                    if (result.stdout && result.stdout.includes(String(lockPid)))
+                                        ownerDead = false;
+                                }
+                                catch {
+                                    ownerDead = true;
+                                }
                             }
                         }
                     }
@@ -54,8 +61,7 @@ function acquireFileLock(lockPath) {
                 }
             }
             catch (statErr) {
-                if ((process.env.PHREN_DEBUG))
-                    process.stderr.write(`[phren] acquireFileLock staleStat: ${statErr instanceof Error ? statErr.message : String(statErr)}\n`);
+                logger.debug("acquireFileLock", `staleStat: ${statErr instanceof Error ? statErr.message : String(statErr)}`);
                 sleep(pollInterval);
                 waited += pollInterval;
                 continue;
@@ -75,8 +81,7 @@ function releaseFileLock(lockPath) {
         fs.unlinkSync(lockPath);
     }
     catch (err) {
-        if ((process.env.PHREN_DEBUG))
-            process.stderr.write(`[phren] releaseFileLock: ${errorMessage(err)}\n`);
+        logger.debug("releaseFileLock", `${errorMessage(err)}`);
     }
 }
 // Q10: withFileLock now accepts both sync and async callbacks.

package/mcp/dist/{governance-policy.js → governance/policy.js}

@@ -1,14 +1,27 @@
 import * as crypto from "crypto";
 import * as fs from "fs";
 import * as path from "path";
-import { appendAuditLog, debugLog, getProjectDirs, isRecord, runtimeHealthFile, withDefaults, phrenErr, PhrenError, phrenOk, resolveFindingsPath } from "./shared.js";
-import { withFileLock, isFiniteNumber, hasValidSchemaVersion } from "./shared-governance.js";
-import { errorMessage, isValidProjectName, safeProjectPath } from "./utils.js";
-import { readProjectConfig } from "./project-config.js";
-import { getActiveProfileDefaults } from "./profile-store.js";
-import { runCustomHooks } from "./hooks.js";
-import { METADATA_REGEX, isCitationLine, isArchiveStart as isArchiveStartMeta, isArchiveEnd as isArchiveEndMeta, stripLifecycleMetadata as stripLifecycleMetadataMeta, } from "./content-metadata.js";
+import { appendAuditLog, debugLog, getProjectDirs, isRecord, runtimeHealthFile, withDefaults, phrenErr, PhrenError, phrenOk, resolveFindingsPath } from "../shared.js";
+import { withFileLock, isFiniteNumber, hasValidSchemaVersion } from "../shared/governance.js";
+import { errorMessage, isValidProjectName, safeProjectPath } from "../utils.js";
+import { readProjectConfig } from "../project-config.js";
+import { getActiveProfileDefaults } from "../profile-store.js";
+import { runCustomHooks } from "../hooks.js";
+import { METADATA_REGEX, isCitationLine, isArchiveStart as isArchiveStartMeta, isArchiveEnd as isArchiveEndMeta, stripLifecycleMetadata as stripLifecycleMetadataMeta, } from "../content/metadata.js";
+/** @internal Exported for tests. */
 export const MAX_QUEUE_ENTRY_LENGTH = 500;
+export function buildSyncStatus(opts) {
+    return {
+        ...(opts.pullAt !== undefined ? { lastPullAt: opts.pullAt } : {}),
+        ...(opts.pullStatus !== undefined ? { lastPullStatus: opts.pullStatus } : {}),
+        ...(opts.pullDetail !== undefined ? { lastPullDetail: opts.pullDetail } : {}),
+        ...(opts.successfulPullAt !== undefined ? { lastSuccessfulPullAt: opts.successfulPullAt } : {}),
+        lastPushAt: opts.now,
+        lastPushStatus: opts.pushStatus,
+        ...(opts.pushDetail !== undefined ? { lastPushDetail: opts.pushDetail } : {}),
+        ...(opts.unsyncedCommits !== undefined ? { unsyncedCommits: opts.unsyncedCommits } : {}),
+    };
+}
 export const GOVERNANCE_SCHEMA_VERSION = 1;
 const DEFAULT_POLICY = {
     schemaVersion: GOVERNANCE_SCHEMA_VERSION,
@@ -641,7 +654,7 @@ export function pruneDeadMemories(phrenPath, project, dryRun) {
         const file = resolveFindingsPath(dir);
         if (!file)
             continue;
-        // Q23: wrap read-modify-write in per-file lock to prevent races with concurrent finding writers
+        // Q23: see docs/decisions/Q23-per-file-lock-concurrent-writers.md
         withFileLock(file, () => {
             const lines = fs.readFileSync(file, "utf8").split("\n");
             let currentDate = null;
@@ -723,13 +736,11 @@ export function consolidateProjectFindings(phrenPath, project, dryRun) {
     const file = resolveFindingsPath(path.join(phrenPath, project));
     if (!file)
         return phrenErr(`No FINDINGS.md found for "${project}".`, PhrenError.FILE_NOT_FOUND);
-    // Q23: wrap entire read-modify-write in per-file lock to prevent races with concurrent finding writers
+    // Q23: see docs/decisions/Q23-per-file-lock-concurrent-writers.md
     const result = withFileLock(file, () => {
         const raw = fs.readFileSync(file, "utf8");
         const lines = raw.split("\n");
-        // Q12: Separate the file into "active" lines and verbatim archive/details blocks.
-        // Archive blocks (<!-- phren:archive:start/end --> and <details>...</details>) are
-        // collected verbatim and appended unchanged after the consolidated active section.
+        // Q12: see docs/decisions/Q12-active-vs-archive-separation.md
         const archiveBlocks = [];
         const activeLines = [];
         let inArchive = false;

package/mcp/dist/{governance-rbac.js → governance/rbac.js}

@@ -18,9 +18,9 @@
  */
 import * as fs from "fs";
 import * as path from "path";
-import { debugLog } from "./shared.js";
-import { errorMessage } from "./utils.js";
-import { readProjectConfig } from "./project-config.js";
+import { debugLog } from "../shared.js";
+import { errorMessage } from "../utils.js";
+import { readProjectConfig } from "../project-config.js";
 function configDir(phrenPath) {
     return path.join(phrenPath, ".config");
 }
@@ -104,7 +104,7 @@ function rolePermits(role, action) {
  *
  * Returns `{ allowed: true }` when permitted, `{ allowed: false, reason }` when denied.
  */
-export function checkPermission(phrenPath, action, project) {
+function checkPermission(phrenPath, action, project) {
     const actor = (process.env.PHREN_ACTOR ?? "").trim() || null;
     const globalAc = readGlobalAccessControl(phrenPath);
     const projectAccess = project

package/mcp/dist/{governance-scores.js → governance/scores.js}

@@ -1,9 +1,11 @@
 import * as crypto from "crypto";
 import * as fs from "fs";
 import * as path from "path";
-import { appendAuditLog, debugLog, isRecord, memoryScoresFile, memoryUsageLogFile, runtimeFile } from "./shared.js";
-import { withFileLock, isFiniteNumber, hasValidSchemaVersion } from "./shared-governance.js";
-import { errorMessage } from "./utils.js";
+import { appendAuditLog, debugLog, isRecord, memoryScoresFile, memoryUsageLogFile, runtimeFile } from "../shared.js";
+import { withFileLock, isFiniteNumber, hasValidSchemaVersion } from "../shared/governance.js";
+import { errorMessage } from "../utils.js";
+import { logger } from "../logger.js";
+const MAX_LOG_LINES = 1000;
 const GOVERNANCE_SCHEMA_VERSION = 1;
 const DEFAULT_MEMORY_SCORES_FILE = {
     schemaVersion: GOVERNANCE_SCHEMA_VERSION,
@@ -114,8 +116,7 @@ function readScoreJournal(phrenPath) {
                 return JSON.parse(line);
             }
             catch (err) {
-                if ((process.env.PHREN_DEBUG))
-                    process.stderr.write(`[phren] readScoreJournal parseLine: ${errorMessage(err)}\n`);
+                logger.debug("scores", `readScoreJournal parseLine: ${errorMessage(err)}`);
                 return null;
             }
         })
@@ -147,8 +148,7 @@ function claimScoreJournal(phrenPath) {
                 return JSON.parse(line);
             }
             catch (err) {
-                if ((process.env.PHREN_DEBUG))
-                    process.stderr.write(`[phren] claimScoreJournal parseLine: ${errorMessage(err)}\n`);
+                logger.debug("scores", `claimScoreJournal parseLine: ${errorMessage(err)}`);
                 return null;
             }
         })
@@ -163,8 +163,7 @@ function claimScoreJournal(phrenPath) {
             fs.unlinkSync(claimedFile);
         }
         catch (err) {
-            if ((process.env.PHREN_DEBUG))
-                process.stderr.write(`[phren] claimScoreJournal unlinkClaim: ${errorMessage(err)}\n`);
+            logger.debug("scores", `claimScoreJournal unlinkClaim: ${errorMessage(err)}`);
         }
     }
 }
@@ -257,7 +256,7 @@ export function recordInjection(phrenPath, key, sessionId) {
         if (stat.size > 1_000_000) {
             const content = fs.readFileSync(logFile, "utf8");
             const lines = content.split("\n");
-            fs.writeFileSync(logFile, lines.slice(-500).join("\n"));
+            fs.writeFileSync(logFile, lines.slice(-MAX_LOG_LINES).join("\n"));
         }
     }
     catch (err) {
@@ -276,7 +275,7 @@ export function recordFeedback(phrenPath, key, feedback, sessionId) {
     appendAuditLog(phrenPath, "memory_feedback", `key=${key} feedback=${feedback}`);
     // When feedback is "helpful", mark correlated query entries for future boost
     if (feedback === "helpful" && sessionId) {
-        import("./query-correlation.js").then(({ markCorrelationsHelpful: markHelpful }) => {
+        import("../query-correlation.js").then(({ markCorrelationsHelpful: markHelpful }) => {
             const colonIdx = key.indexOf(":");
             const docKey = colonIdx >= 0 ? key.slice(0, colonIdx) : key;
             markHelpful(phrenPath, sessionId, docKey);

package/mcp/dist/hooks.js

@@ -9,6 +9,8 @@ import { EXEC_TIMEOUT_QUICK_MS, PhrenError, debugLog, runtimeFile, homePath, ins
 import { errorMessage } from "./utils.js";
 import { hookConfigPath } from "./provider-adapters.js";
 import { PACKAGE_SPEC } from "./package-metadata.js";
+import { logger } from "./logger.js";
+import { withFileLock } from "./shared/governance.js";
 export function commandExists(cmd) {
     try {
         const whichCmd = process.platform === "win32" ? "where.exe" : "which";
@@ -67,10 +69,6 @@ function phrenPackageSpec() {
 export function shellEscape(s) {
     return "'" + s.replace(/'/g, "'\\''") + "'";
 }
-/** @deprecated Use shellEscape instead */
-function shellSingleQuote(value) {
-    return shellEscape(value);
-}
 function buildPackageLifecycleCommands() {
     const packageSpec = phrenPackageSpec();
     return {
@@ -84,10 +82,10 @@ export function buildLifecycleCommands(phrenPath) {
     const entry = resolveCliEntryScript();
     const isWindows = process.platform === "win32";
     const escapedPhren = phrenPath.replace(/\\/g, "\\\\").replace(/"/g, '\\"');
-    const quotedPhren = shellSingleQuote(phrenPath);
+    const quotedPhren = shellEscape(phrenPath);
     if (entry) {
         const escapedEntry = entry.replace(/\\/g, "\\\\").replace(/"/g, '\\"');
-        const quotedEntry = shellSingleQuote(entry);
+        const quotedEntry = shellEscape(entry);
         if (isWindows) {
             return {
                 sessionStart: `set "PHREN_PATH=${escapedPhren}" && node "${escapedEntry}" hook-session-start`,
@@ -126,7 +124,7 @@ function withHookToolEnv(command, tool) {
     if (process.platform === "win32") {
         return `set "PHREN_HOOK_TOOL=${tool}" && ${command}`;
     }
-    return `PHREN_HOOK_TOOL=${shellSingleQuote(tool)} ${command}`;
+    return `PHREN_HOOK_TOOL=${shellEscape(tool)} ${command}`;
 }
 function withHookToolLifecycleCommands(lifecycle, tool) {
     return {
@@ -153,10 +151,10 @@ function installSessionWrapper(tool, phrenPath) {
     const content = `#!/bin/sh
 set -u
 
-REAL_BIN=${shellSingleQuote(realBinary)}
-DEFAULT_PHREN_PATH=${shellSingleQuote(phrenPath)}
+REAL_BIN=${shellEscape(realBinary)}
+DEFAULT_PHREN_PATH=${shellEscape(phrenPath)}
 PHREN_PATH="\${PHREN_PATH:-$DEFAULT_PHREN_PATH}"
-ENTRY_SCRIPT=${shellSingleQuote(entry || "")}
+ENTRY_SCRIPT=${shellEscape(entry || "")}
 export PHREN_HOOK_TOOL="${tool}"
 
 if [ ! -x "$REAL_BIN" ]; then
@@ -238,7 +236,14 @@ function cachedReadInstallPrefsJson(phrenPath) {
     if (cached && cached.mtimeMs === mtimeMs) {
         return cached.parsed;
     }
-    const parsed = JSON.parse(fs.readFileSync(prefsPath, "utf8"));
+    let parsed;
+    try {
+        parsed = JSON.parse(fs.readFileSync(prefsPath, "utf8"));
+    }
+    catch {
+        _installPrefsJsonCache.delete(prefsPath);
+        return null;
+    }
     _installPrefsJsonCache.set(prefsPath, { mtimeMs, parsed });
     return parsed;
 }
@@ -274,6 +279,7 @@ export const HOOK_EVENT_VALUES = [
     "post-session-end", "post-consolidate",
 ];
 const VALID_HOOK_EVENTS = new Set(HOOK_EVENT_VALUES);
+const MAX_HOOK_COMMAND_LENGTH = 1000;
 /** Return the target (URL or shell command) for display or matching. */
 export function getHookTarget(h) {
     return "webhook" in h ? h.webhook : h.command;
@@ -282,8 +288,8 @@ export function validateCustomHookCommand(command) {
     const trimmed = command.trim();
     if (!trimmed)
         return "Command cannot be empty.";
-    if (trimmed.length > 1000)
-        return "Command too long (max 1000 characters).";
+    if (trimmed.length > MAX_HOOK_COMMAND_LENGTH)
+        return `Command too long (max ${MAX_HOOK_COMMAND_LENGTH} characters).`;
     if (/[`$(){}&|;<>\n\r#]/.test(trimmed)) {
         return "Command contains disallowed shell characters: ` $ ( ) { } & | ; < > # \\n \\r";
     }
@@ -399,9 +405,7 @@ async function validateAndResolveWebhook(webhook) {
     }
     catch (err) {
         debugLog(`validateAndResolveWebhook lookup failed for ${parsed.hostname}: ${errorMessage(err)}`);
-        // DNS resolution failed; allow the fetch to proceed with the original URL
-        // (fetch will do its own resolution and may fail with a network error)
-        return { resolvedUrl: webhook, host: parsed.host };
+        return { error: `webhook hostname "${parsed.hostname}" could not be resolved: ${errorMessage(err)}` };
     }
 }
 const DEFAULT_CUSTOM_HOOK_TIMEOUT = 5000;
@@ -430,18 +434,24 @@ export function readCustomHooks(phrenPath) {
 function appendHookErrorLog(phrenPath, event, message) {
     const logPath = runtimeFile(phrenPath, "hook-errors.log");
     const line = `[${new Date().toISOString()}] [${event}] ${message}\n`;
-    fs.appendFileSync(logPath, line);
     try {
-        const stat = fs.statSync(logPath);
-        if (stat.size > 200_000) {
-            const content = fs.readFileSync(logPath, "utf-8");
-            const lines = content.split("\n").filter(Boolean);
-            atomicWriteText(logPath, lines.slice(-HOOK_ERROR_LOG_MAX_LINES).join("\n") + "\n");
-        }
+        withFileLock(logPath, () => {
+            fs.appendFileSync(logPath, line);
+            try {
+                const stat = fs.statSync(logPath);
+                if (stat.size > 200_000) {
+                    const content = fs.readFileSync(logPath, "utf-8");
+                    const lines = content.split("\n").filter(Boolean);
+                    atomicWriteText(logPath, lines.slice(-HOOK_ERROR_LOG_MAX_LINES).join("\n") + "\n");
+                }
+            }
+            catch (err) {
+                logger.debug("appendHookErrorLog rotate", errorMessage(err));
+            }
+        });
     }
     catch (err) {
-        if (process.env.PHREN_DEBUG)
-            process.stderr.write(`[phren] appendHookErrorLog rotate: ${errorMessage(err)}\n`);
+        logger.debug("appendHookErrorLog lock", errorMessage(err));
     }
 }
 export function runCustomHooks(phrenPath, event, env = {}) {
@@ -488,8 +498,7 @@ export function runCustomHooks(phrenPath, event, env = {}) {
                     appendHookErrorLog(phrenPath, event, message);
                 }
                 catch (logErr) {
-                    if (process.env.PHREN_DEBUG)
-                        process.stderr.write(`[phren] runCustomHooks webhookErrorLog: ${errorMessage(logErr)}\n`);
+                    logger.debug("runCustomHooks webhookErrorLog", errorMessage(logErr));
                 }
             });
             continue;
@@ -503,12 +512,22 @@ export function runCustomHooks(phrenPath, event, env = {}) {
             continue;
         }
         const shellArgs = isWindows ? ["/c", hook.command] : ["-c", hook.command];
+        // On Windows, cmd /c expands %VAR% in the command string.
+        // Sanitize env values to prevent shell metacharacter injection.
+        const mergedEnv = { ...process.env, PHREN_PATH: phrenPath, PHREN_HOOK_EVENT: event, ...env };
+        if (isWindows) {
+            for (const [key, val] of Object.entries(mergedEnv)) {
+                if (typeof val === "string") {
+                    mergedEnv[key] = val.replace(/[&|<>^%]/g, "");
+                }
+            }
+        }
         try {
             execFileSync(shellCmd, shellArgs, {
                 cwd: phrenPath,
                 encoding: "utf8",
                 timeout: hook.timeout ?? DEFAULT_CUSTOM_HOOK_TIMEOUT,
-                env: { ...process.env, PHREN_PATH: phrenPath, PHREN_HOOK_EVENT: event, ...env },
+                env: mergedEnv,
                 stdio: ["ignore", "ignore", "pipe"],
             });
         }
@@ -520,8 +539,7 @@ export function runCustomHooks(phrenPath, event, env = {}) {
                 appendHookErrorLog(phrenPath, event, errorMessage(err));
             }
             catch (logErr) {
-                if (process.env.PHREN_DEBUG)
-                    process.stderr.write(`[phren] runCustomHooks hookErrorLog: ${errorMessage(logErr)}\n`);
+                logger.debug("runCustomHooks hookErrorLog", errorMessage(logErr));
             }
         }
     }
@@ -556,7 +574,7 @@ export function configureAllHooks(phrenPath, options = {}) {
             configured.push("Copilot CLI");
         }
         catch (err) {
-            debugLog(`configureAllHooks: copilot failed: ${errorMessage(err)}`);
+            console.warn(`configureAllHooks: copilot hook config failed: ${errorMessage(err)}`);
         }
         if (isToolHookEnabled(phrenPath, "copilot"))
             installSessionWrapper("copilot", phrenPath);
@@ -572,8 +590,7 @@ export function configureAllHooks(phrenPath, options = {}) {
                 existing = JSON.parse(fs.readFileSync(cursorFile, "utf8"));
             }
             catch (err) {
-                if (process.env.PHREN_DEBUG)
-                    process.stderr.write(`[phren] configureAllHooks cursorRead: ${errorMessage(err)}\n`);
+                logger.debug("configureAllHooks cursorRead", errorMessage(err));
             }
             const config = {
                 ...existing,
@@ -589,7 +606,7 @@ export function configureAllHooks(phrenPath, options = {}) {
             configured.push("Cursor");
         }
         catch (err) {
-            debugLog(`configureAllHooks: cursor failed: ${errorMessage(err)}`);
+            console.warn(`configureAllHooks: cursor hook config failed: ${errorMessage(err)}`);
         }
         if (isToolHookEnabled(phrenPath, "cursor"))
             installSessionWrapper("cursor", phrenPath);
@@ -604,8 +621,7 @@ export function configureAllHooks(phrenPath, options = {}) {
                 existing = JSON.parse(fs.readFileSync(codexFile, "utf8"));
             }
             catch (err) {
-                if (process.env.PHREN_DEBUG)
-                    process.stderr.write(`[phren] configureAllHooks codexRead: ${errorMessage(err)}\n`);
+                logger.debug("configureAllHooks codexRead", errorMessage(err));
             }
             const config = {
                 ...existing,
@@ -621,7 +637,7 @@ export function configureAllHooks(phrenPath, options = {}) {
             configured.push("Codex");
         }
         catch (err) {
-            debugLog(`configureAllHooks: codex failed: ${errorMessage(err)}`);
+            console.warn(`configureAllHooks: codex hook config failed: ${errorMessage(err)}`);
         }
         if (isToolHookEnabled(phrenPath, "codex"))
             installSessionWrapper("codex", phrenPath);

package/mcp/dist/index-query.js

@@ -1,5 +1,6 @@
 import * as path from "path";
 import { debugLog } from "./shared.js";
+import { logger } from "./logger.js";
 function describeSqlValue(value) {
     if (value === null)
         return "null";
@@ -78,7 +79,9 @@ export function queryRows(db, sql, params) {
         return results[0].values;
     }
     catch (err) {
-        debugLog(`queryRows failed: ${err instanceof Error ? err.message : "unknown error"}`);
+        const msg = err instanceof Error ? err.message : "unknown error";
+        logger.debug("queryRows", `DB query failed: ${msg}`);
+        debugLog(`queryRows failed: ${msg}`);
         return null;
     }
 }