@rubytech/create-realagent 1.0.709 → 1.0.712

package/dist/index.js

@@ -125,7 +125,15 @@ function shell(command, args, options) {
     const cmd = options?.sudo ? "sudo" : command;
     const cmdArgs = options?.sudo ? [command, ...args] : args;
     const start = Date.now();
-    logFile(`> ${cmd} ${cmdArgs.join(" ")}${options?.cwd ? ` [cwd: ${options.cwd}]` : ""}`);
+    // Redaction (Task 744): callers handling secrets pass redact: true so the
+    // wrapper records the command name only, not the secret-bearing args. The
+    // child process still receives the real args via spawnSync below; only the
+    // install log line is sanitised. The grep-able audit shape stays:
+    //   > sudo neo4j-admin dbms set-initial-password [REDACTED]
+    const loggedArgs = options?.redact
+        ? `${cmdArgs.slice(0, options?.sudo ? 4 : 3).join(" ")} [REDACTED]`
+        : cmdArgs.join(" ");
+    logFile(`> ${cmd} ${loggedArgs}${options?.cwd ? ` [cwd: ${options.cwd}]` : ""}`);
     const result = spawnSync(cmd, cmdArgs, {
         stdio: "inherit",
         timeout: options?.timeout ?? 300_000,
@@ -690,7 +698,7 @@ function resetNeo4jAuth(port = DEFAULT_NEO4J_PORT, dataDir = "/var/lib/neo4j") {
     }
     else {
         console.log("  [privileged] neo4j-admin dbms");
-        shell("neo4j-admin", ["dbms", "set-initial-password", "--", password], { sudo: true });
+        shell("neo4j-admin", ["dbms", "set-initial-password", "--", password], { sudo: true, redact: true });
     }
     console.log("  [privileged] systemctl start");
     shell("systemctl", ["start", serviceName], { sudo: true });
@@ -707,6 +715,29 @@ function resetNeo4jAuth(port = DEFAULT_NEO4J_PORT, dataDir = "/var/lib/neo4j") {
     }
     return password;
 }
+/**
+ * Task 744 — scrub plaintext neo4j passwords from pre-fix install-*.log files.
+ * Calls platform/scripts/redact-install-logs.sh against the installer's LOG_DIR.
+ * The script is idempotent; re-running on clean logs is a no-op. Failures here
+ * are non-fatal — credential redaction is best-effort cleanup, not a blocker
+ * for installation.
+ */
+function redactInstallLogs() {
+    const script = resolve(INSTALL_DIR, "platform/scripts/redact-install-logs.sh");
+    if (!existsSync(script)) {
+        logFile("[redact-install-logs] script not found at " + script + " — skipping");
+        return;
+    }
+    const r = spawnSync("bash", [script, "--dir", LOG_DIR], {
+        stdio: "pipe",
+        encoding: "utf-8",
+        timeout: 30_000,
+    });
+    if (r.stdout)
+        logFile(r.stdout.trim());
+    if (r.status !== 0 && r.stderr)
+        logFile("[redact-install-logs] WARN " + r.stderr.trim());
+}
 /** Check Neo4j has a working password. Called AFTER deploy so config is in place. */
 function ensureNeo4jPassword() {
     const passwordFile = join(INSTALL_DIR, "platform/config/.neo4j-password");
@@ -794,7 +825,7 @@ function installNeo4j() {
     mkdirSync(configDir, { recursive: true });
     writeFileSync(join(configDir, ".neo4j-password"), password, { mode: 0o600 });
     console.log("  [privileged] neo4j-admin dbms");
-    shell("neo4j-admin", ["dbms", "set-initial-password", "--", password], { sudo: true });
+    shell("neo4j-admin", ["dbms", "set-initial-password", "--", password], { sudo: true, redact: true });
     console.log("  [privileged] systemctl enable");
     shell("systemctl", ["enable", "neo4j"], { sudo: true });
     console.log("  [privileged] systemctl start");
@@ -2148,6 +2179,10 @@ try {
     installCloudflared();
     installWhisperCpp();
     deployPayload(); // Must happen before ensureNeo4jPassword — restores config backup
+    // Task 744: scrub plaintext neo4j passwords from any pre-fix install-*.log.
+    // Idempotent — re-running on already-redacted logs is a no-op. Runs after
+    // payload deploy so the bundled redact-install-logs.sh is on disk.
+    redactInstallLogs();
     ensureNeo4jPassword(); // Now config/.neo4j-password is available if it existed before
     provisionRemoteSessionSecret(); // Task 653: shared HMAC key readable by maxy-edge + maxy-ui
     buildPlatform();

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@rubytech/create-realagent",
-  "version": "1.0.709",
+  "version": "1.0.712",
   "description": "Install Real Agent — Built for agents. By agents.",
   "bin": {
     "create-realagent": "./dist/index.js"
@@ -10,7 +10,7 @@
     "build": "tsc",
     "bundle": "node scripts/bundle.js",
     "test": "npm run build && node --test 'dist/__tests__/*.test.js'",
-    "prepublishOnly": "node ../../platform/ui/scripts/check-route-wiring.mjs && node ../../platform/ui/scripts/check-edge-admin-routes.mjs && npm run build && node --test 'dist/__tests__/*.test.js' && chmod +x dist/index.js && npm run bundle && node ../../platform/ui/scripts/check-bundle-node-imports.mjs --dir=./payload/server/public/assets"
+    "prepublishOnly": "bash ../../platform/scripts/verify-skill-tool-surface.sh && node ../../platform/ui/scripts/check-route-wiring.mjs && node ../../platform/ui/scripts/check-edge-admin-routes.mjs && npm run build && node --test 'dist/__tests__/*.test.js' && chmod +x dist/index.js && npm run bundle && node ../../platform/ui/scripts/check-bundle-node-imports.mjs --dir=./payload/server/public/assets"
   },
   "files": [
     "dist",

package/payload/platform/lib/mcp-spawn-tee/dist/index.d.ts

@@ -0,0 +1,53 @@
+#!/usr/bin/env node
+/**
+ * MCP spawn-tee — parent-side stderr capture wrapper (Task 743).
+ *
+ * Claude Code's `--mcp-config` accepts `{command, args, env}` descriptors and
+ * spawns each MCP server itself; the platform never holds a ChildProcess
+ * handle. The in-process `mcp-stderr-tee` patches `process.stderr.write` from
+ * inside the MCP server, but its writes go through `createWriteStream` —
+ * async, buffered. A synchronous module-load throw (e.g. schema-loader's
+ * line-168 width check on memory) calls `process.exit(1)` before the buffer
+ * flushes, so the per-server log file is empty and the platform's
+ * `[mcp-init-error] tail="(no stderr file)"` probe is operationally useless.
+ * That class shipped as the chronic memory-MCP silent-fail loop fixed by
+ * Task 743 (and hit graph in Task 560 — solved there with per-plugin
+ * `appendFileSync` discipline that this wrapper now generalises).
+ *
+ * The wrapper sits between Claude Code and the real MCP server: it spawns
+ * the real entry with `stdio: ['inherit', 'inherit', 'pipe']`, then
+ * synchronously appends every child stderr chunk to
+ * `${LOG_DIR}/mcp-${name}-stderr-<date>.log`. Synchronous writes survive
+ * `process.exit` because the kernel queues the syscall before the call
+ * returns. The chunk is also written to the wrapper's own stderr so
+ * Claude Code's existing stderr consumer is unchanged — the mechanism is
+ * additive, not interceptive.
+ *
+ *   Claude Code CLI
+ *        │ spawns
+ *        ▼
+ *   wrapper (this file) — argv[2] = real entry, env.MCP_SPAWN_TEE_NAME = name
+ *        │ spawns child with stdio:['inherit','inherit','pipe']
+ *        ▼
+ *   child = node <real-entry>
+ *        │
+ *        ├──▶ stdin/stdout: inherited from wrapper (Claude Code pipe)
+ *        └──▶ stderr → wrapper.on('data', chunk =>)
+ *               ├──▶ appendFileSync(${LOG_DIR}/mcp-${name}-stderr-<date>.log)
+ *               └──▶ process.stderr.write(chunk)  → Claude Code consumer
+ *
+ * The wrapper catches:
+ *   - MODULE_NOT_FOUND on the entry script itself (success criterion #3:
+ *     `mv plugins/memory/mcp/dist plugins/memory/mcp/dist-broken && reboot`
+ *     leaves the cause on disk).
+ *   - Synchronous throws during module load before the in-process tee runs.
+ *   - Any stderr a normally-running plugin emits (steady-state telemetry
+ *     remains visible too — the in-process tee handles per-line stream-log
+ *     prefixing; this wrapper handles the raw per-server file).
+ *
+ * SIGTERM/SIGINT propagation: forwarded to the child so a Claude Code
+ * shutdown does not orphan the MCP server. Child exit code is propagated
+ * verbatim so upstream (Claude Code) sees the real outcome.
+ */
+export {};
+//# sourceMappingURL=index.d.ts.map

package/payload/platform/lib/mcp-spawn-tee/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AACA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiDG"}

package/payload/platform/lib/mcp-spawn-tee/dist/index.js

@@ -0,0 +1,132 @@
+#!/usr/bin/env node
+"use strict";
+/**
+ * MCP spawn-tee — parent-side stderr capture wrapper (Task 743).
+ *
+ * Claude Code's `--mcp-config` accepts `{command, args, env}` descriptors and
+ * spawns each MCP server itself; the platform never holds a ChildProcess
+ * handle. The in-process `mcp-stderr-tee` patches `process.stderr.write` from
+ * inside the MCP server, but its writes go through `createWriteStream` —
+ * async, buffered. A synchronous module-load throw (e.g. schema-loader's
+ * line-168 width check on memory) calls `process.exit(1)` before the buffer
+ * flushes, so the per-server log file is empty and the platform's
+ * `[mcp-init-error] tail="(no stderr file)"` probe is operationally useless.
+ * That class shipped as the chronic memory-MCP silent-fail loop fixed by
+ * Task 743 (and hit graph in Task 560 — solved there with per-plugin
+ * `appendFileSync` discipline that this wrapper now generalises).
+ *
+ * The wrapper sits between Claude Code and the real MCP server: it spawns
+ * the real entry with `stdio: ['inherit', 'inherit', 'pipe']`, then
+ * synchronously appends every child stderr chunk to
+ * `${LOG_DIR}/mcp-${name}-stderr-<date>.log`. Synchronous writes survive
+ * `process.exit` because the kernel queues the syscall before the call
+ * returns. The chunk is also written to the wrapper's own stderr so
+ * Claude Code's existing stderr consumer is unchanged — the mechanism is
+ * additive, not interceptive.
+ *
+ *   Claude Code CLI
+ *        │ spawns
+ *        ▼
+ *   wrapper (this file) — argv[2] = real entry, env.MCP_SPAWN_TEE_NAME = name
+ *        │ spawns child with stdio:['inherit','inherit','pipe']
+ *        ▼
+ *   child = node <real-entry>
+ *        │
+ *        ├──▶ stdin/stdout: inherited from wrapper (Claude Code pipe)
+ *        └──▶ stderr → wrapper.on('data', chunk =>)
+ *               ├──▶ appendFileSync(${LOG_DIR}/mcp-${name}-stderr-<date>.log)
+ *               └──▶ process.stderr.write(chunk)  → Claude Code consumer
+ *
+ * The wrapper catches:
+ *   - MODULE_NOT_FOUND on the entry script itself (success criterion #3:
+ *     `mv plugins/memory/mcp/dist plugins/memory/mcp/dist-broken && reboot`
+ *     leaves the cause on disk).
+ *   - Synchronous throws during module load before the in-process tee runs.
+ *   - Any stderr a normally-running plugin emits (steady-state telemetry
+ *     remains visible too — the in-process tee handles per-line stream-log
+ *     prefixing; this wrapper handles the raw per-server file).
+ *
+ * SIGTERM/SIGINT propagation: forwarded to the child so a Claude Code
+ * shutdown does not orphan the MCP server. Child exit code is propagated
+ * verbatim so upstream (Claude Code) sees the real outcome.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+const node_child_process_1 = require("node:child_process");
+const node_fs_1 = require("node:fs");
+const node_path_1 = require("node:path");
+const SERVER_NAME = process.env.MCP_SPAWN_TEE_NAME ?? "unknown";
+const LOG_DIR = process.env.LOG_DIR;
+const ENTRY = process.argv[2];
+// Sync-emit: appendFileSync to per-server log + stderr passthrough. Used for
+// wrapper-internal diagnostics (attach line, errors) and for forwarding child
+// stderr chunks. Each destination wrapped independently — an unwritable log
+// must not mask the primary output.
+function syncEmitLine(line) {
+    if (LOG_DIR) {
+        try {
+            (0, node_fs_1.mkdirSync)(LOG_DIR, { recursive: true });
+            const date = new Date().toISOString().slice(0, 10);
+            (0, node_fs_1.appendFileSync)((0, node_path_1.resolve)(LOG_DIR, `mcp-${SERVER_NAME}-stderr-${date}.log`), line);
+        }
+        catch {
+            /* unwritable destination — preserve primary failure */
+        }
+    }
+    try {
+        process.stderr.write(line);
+    }
+    catch {
+        /* stderr closed — nothing else to do */
+    }
+}
+if (!ENTRY) {
+    syncEmitLine(`[mcp-spawn-tee-error] server=${SERVER_NAME} reason="no entry given (argv[2] missing)"\n`);
+    process.exit(2);
+}
+const child = (0, node_child_process_1.spawn)(process.execPath, [ENTRY], {
+    stdio: ["inherit", "inherit", "pipe"],
+    env: process.env,
+});
+syncEmitLine(`[mcp-spawn-tee-attached] server=${SERVER_NAME} pid=${child.pid ?? -1} entry=${ENTRY}\n`);
+child.on("error", (err) => {
+    const msg = err instanceof Error ? err.message : String(err);
+    syncEmitLine(`[mcp-spawn-tee-error] server=${SERVER_NAME} reason=${JSON.stringify(`spawn error: ${msg}`)}\n`);
+    process.exit(127);
+});
+if (child.stderr) {
+    child.stderr.on("data", (chunk) => {
+        if (LOG_DIR) {
+            try {
+                const date = new Date().toISOString().slice(0, 10);
+                (0, node_fs_1.appendFileSync)((0, node_path_1.resolve)(LOG_DIR, `mcp-${SERVER_NAME}-stderr-${date}.log`), chunk);
+            }
+            catch {
+                /* unwritable destination — preserve passthrough */
+            }
+        }
+        try {
+            process.stderr.write(chunk);
+        }
+        catch {
+            /* stderr closed — nothing else to do */
+        }
+    });
+}
+// Forward SIGTERM/SIGINT so Claude Code shutdown doesn't orphan the child.
+const forward = (signal) => {
+    if (!child.killed)
+        child.kill(signal);
+};
+process.on("SIGTERM", () => forward("SIGTERM"));
+process.on("SIGINT", () => forward("SIGINT"));
+child.on("exit", (code, signal) => {
+    if (signal) {
+        syncEmitLine(`[mcp-spawn-tee-exit] server=${SERVER_NAME} pid=${child.pid ?? -1} signal=${signal}\n`);
+        process.exit(128 + (code ?? 0));
+    }
+    if (code !== 0) {
+        syncEmitLine(`[mcp-spawn-tee-exit] server=${SERVER_NAME} pid=${child.pid ?? -1} code=${code}\n`);
+    }
+    process.exit(code ?? 0);
+});
+//# sourceMappingURL=index.js.map

package/payload/platform/lib/mcp-spawn-tee/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;AACA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiDG;;AAEH,2DAA2C;AAC3C,qCAAoD;AACpD,yCAAoC;AAEpC,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,kBAAkB,IAAI,SAAS,CAAC;AAChE,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC;AACpC,MAAM,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAE9B,6EAA6E;AAC7E,8EAA8E;AAC9E,4EAA4E;AAC5E,oCAAoC;AACpC,SAAS,YAAY,CAAC,IAAY;IAChC,IAAI,OAAO,EAAE,CAAC;QACZ,IAAI,CAAC;YACH,IAAA,mBAAS,EAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YACxC,MAAM,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YACnD,IAAA,wBAAc,EAAC,IAAA,mBAAO,EAAC,OAAO,EAAE,OAAO,WAAW,WAAW,IAAI,MAAM,CAAC,EAAE,IAAI,CAAC,CAAC;QAClF,CAAC;QAAC,MAAM,CAAC;YACP,uDAAuD;QACzD,CAAC;IACH,CAAC;IACD,IAAI,CAAC;QACH,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC7B,CAAC;IAAC,MAAM,CAAC;QACP,wCAAwC;IAC1C,CAAC;AACH,CAAC;AAED,IAAI,CAAC,KAAK,EAAE,CAAC;IACX,YAAY,CAAC,gCAAgC,WAAW,8CAA8C,CAAC,CAAC;IACxG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC;AAED,MAAM,KAAK,GAAG,IAAA,0BAAK,EAAC,OAAO,CAAC,QAAQ,EAAE,CAAC,KAAK,CAAC,EAAE;IAC7C,KAAK,EAAE,CAAC,SAAS,EAAE,SAAS,EAAE,MAAM,CAAC;IACrC,GAAG,EAAE,OAAO,CAAC,GAAG;CACjB,CAAC,CAAC;AAEH,YAAY,CAAC,mCAAmC,WAAW,QAAQ,KAAK,CAAC,GAAG,IAAI,CAAC,CAAC,UAAU,KAAK,IAAI,CAAC,CAAC;AAEvG,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;IACxB,MAAM,GAAG,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAC7D,YAAY,CAAC,gCAAgC,WAAW,WAAW,IAAI,CAAC,SAAS,CAAC,gBAAgB,GAAG,EAAE,CAAC,IAAI,CAAC,CAAC;IAC9G,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AACpB,CAAC,CAAC,CAAC;AAEH,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;IACjB,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;QACxC,IAAI,OAAO,EAAE,CAAC;YACZ,IAAI,CAAC;gBACH,MAAM,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;gBACnD,IAAA,wBAAc,EAAC,IAAA,mBAAO,EAAC,OAAO,EAAE,OAAO,WAAW,WAAW,IAAI,MAAM,CAAC,EAAE,KAAK,CAAC,CAAC;YACnF,CAAC;YAAC,MAAM,CAAC;gBACP,mDAAmD;YACrD,CAAC;QACH,CAAC;QACD,IAAI,CAAC;YACH,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QAC9B,CAAC;QAAC,MAAM,CAAC;YACP,wCAAwC;QAC1C,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC;AAED,2EAA2E;AAC3E,MAAM,OAAO,GAAG,CAAC,MAAsB,EAAE,EAAE;IACzC,IAAI,CAAC,KAAK,CAAC,MAAM;QAAE,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;AACxC,CAAC,CAAC;AACF,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC;AAChD,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC;AAE9C,KAAK,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE;IAChC,IAAI,MAAM,EAAE,CAAC;QACX,YAAY,CAAC,+BAA+B,WAAW,QAAQ,KAAK,CAAC,GAAG,IAAI,CAAC,CAAC,WAAW,MAAM,IAAI,CAAC,CAAC;QACrG,OAAO,CAAC,IAAI,CAAC,GAAG,GAAG,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC;IAClC,CAAC;IACD,IAAI,IAAI,KAAK,CAAC,EAAE,CAAC;QACf,YAAY,CAAC,+BAA+B,WAAW,QAAQ,KAAK,CAAC,GAAG,IAAI,CAAC,CAAC,SAAS,IAAI,IAAI,CAAC,CAAC;IACnG,CAAC;IACD,OAAO,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC;AAC1B,CAAC,CAAC,CAAC"}

package/payload/platform/lib/mcp-spawn-tee/src/index.ts

@@ -0,0 +1,134 @@
+#!/usr/bin/env node
+/**
+ * MCP spawn-tee — parent-side stderr capture wrapper (Task 743).
+ *
+ * Claude Code's `--mcp-config` accepts `{command, args, env}` descriptors and
+ * spawns each MCP server itself; the platform never holds a ChildProcess
+ * handle. The in-process `mcp-stderr-tee` patches `process.stderr.write` from
+ * inside the MCP server, but its writes go through `createWriteStream` —
+ * async, buffered. A synchronous module-load throw (e.g. schema-loader's
+ * line-168 width check on memory) calls `process.exit(1)` before the buffer
+ * flushes, so the per-server log file is empty and the platform's
+ * `[mcp-init-error] tail="(no stderr file)"` probe is operationally useless.
+ * That class shipped as the chronic memory-MCP silent-fail loop fixed by
+ * Task 743 (and hit graph in Task 560 — solved there with per-plugin
+ * `appendFileSync` discipline that this wrapper now generalises).
+ *
+ * The wrapper sits between Claude Code and the real MCP server: it spawns
+ * the real entry with `stdio: ['inherit', 'inherit', 'pipe']`, then
+ * synchronously appends every child stderr chunk to
+ * `${LOG_DIR}/mcp-${name}-stderr-<date>.log`. Synchronous writes survive
+ * `process.exit` because the kernel queues the syscall before the call
+ * returns. The chunk is also written to the wrapper's own stderr so
+ * Claude Code's existing stderr consumer is unchanged — the mechanism is
+ * additive, not interceptive.
+ *
+ *   Claude Code CLI
+ *        │ spawns
+ *        ▼
+ *   wrapper (this file) — argv[2] = real entry, env.MCP_SPAWN_TEE_NAME = name
+ *        │ spawns child with stdio:['inherit','inherit','pipe']
+ *        ▼
+ *   child = node <real-entry>
+ *        │
+ *        ├──▶ stdin/stdout: inherited from wrapper (Claude Code pipe)
+ *        └──▶ stderr → wrapper.on('data', chunk =>)
+ *               ├──▶ appendFileSync(${LOG_DIR}/mcp-${name}-stderr-<date>.log)
+ *               └──▶ process.stderr.write(chunk)  → Claude Code consumer
+ *
+ * The wrapper catches:
+ *   - MODULE_NOT_FOUND on the entry script itself (success criterion #3:
+ *     `mv plugins/memory/mcp/dist plugins/memory/mcp/dist-broken && reboot`
+ *     leaves the cause on disk).
+ *   - Synchronous throws during module load before the in-process tee runs.
+ *   - Any stderr a normally-running plugin emits (steady-state telemetry
+ *     remains visible too — the in-process tee handles per-line stream-log
+ *     prefixing; this wrapper handles the raw per-server file).
+ *
+ * SIGTERM/SIGINT propagation: forwarded to the child so a Claude Code
+ * shutdown does not orphan the MCP server. Child exit code is propagated
+ * verbatim so upstream (Claude Code) sees the real outcome.
+ */
+
+import { spawn } from "node:child_process";
+import { appendFileSync, mkdirSync } from "node:fs";
+import { resolve } from "node:path";
+
+const SERVER_NAME = process.env.MCP_SPAWN_TEE_NAME ?? "unknown";
+const LOG_DIR = process.env.LOG_DIR;
+const ENTRY = process.argv[2];
+
+// Sync-emit: appendFileSync to per-server log + stderr passthrough. Used for
+// wrapper-internal diagnostics (attach line, errors) and for forwarding child
+// stderr chunks. Each destination wrapped independently — an unwritable log
+// must not mask the primary output.
+function syncEmitLine(line: string): void {
+  if (LOG_DIR) {
+    try {
+      mkdirSync(LOG_DIR, { recursive: true });
+      const date = new Date().toISOString().slice(0, 10);
+      appendFileSync(resolve(LOG_DIR, `mcp-${SERVER_NAME}-stderr-${date}.log`), line);
+    } catch {
+      /* unwritable destination — preserve primary failure */
+    }
+  }
+  try {
+    process.stderr.write(line);
+  } catch {
+    /* stderr closed — nothing else to do */
+  }
+}
+
+if (!ENTRY) {
+  syncEmitLine(`[mcp-spawn-tee-error] server=${SERVER_NAME} reason="no entry given (argv[2] missing)"\n`);
+  process.exit(2);
+}
+
+const child = spawn(process.execPath, [ENTRY], {
+  stdio: ["inherit", "inherit", "pipe"],
+  env: process.env,
+});
+
+syncEmitLine(`[mcp-spawn-tee-attached] server=${SERVER_NAME} pid=${child.pid ?? -1} entry=${ENTRY}\n`);
+
+child.on("error", (err) => {
+  const msg = err instanceof Error ? err.message : String(err);
+  syncEmitLine(`[mcp-spawn-tee-error] server=${SERVER_NAME} reason=${JSON.stringify(`spawn error: ${msg}`)}\n`);
+  process.exit(127);
+});
+
+if (child.stderr) {
+  child.stderr.on("data", (chunk: Buffer) => {
+    if (LOG_DIR) {
+      try {
+        const date = new Date().toISOString().slice(0, 10);
+        appendFileSync(resolve(LOG_DIR, `mcp-${SERVER_NAME}-stderr-${date}.log`), chunk);
+      } catch {
+        /* unwritable destination — preserve passthrough */
+      }
+    }
+    try {
+      process.stderr.write(chunk);
+    } catch {
+      /* stderr closed — nothing else to do */
+    }
+  });
+}
+
+// Forward SIGTERM/SIGINT so Claude Code shutdown doesn't orphan the child.
+const forward = (signal: NodeJS.Signals) => {
+  if (!child.killed) child.kill(signal);
+};
+process.on("SIGTERM", () => forward("SIGTERM"));
+process.on("SIGINT", () => forward("SIGINT"));
+
+child.on("exit", (code, signal) => {
+  if (signal) {
+    syncEmitLine(`[mcp-spawn-tee-exit] server=${SERVER_NAME} pid=${child.pid ?? -1} signal=${signal}\n`);
+    process.exit(128 + (code ?? 0));
+  }
+  if (code !== 0) {
+    syncEmitLine(`[mcp-spawn-tee-exit] server=${SERVER_NAME} pid=${child.pid ?? -1} code=${code}\n`);
+  }
+  process.exit(code ?? 0);
+});

package/payload/platform/lib/mcp-spawn-tee/tsconfig.json

@@ -0,0 +1,8 @@
+{
+  "extends": "../../tsconfig.base.json",
+  "compilerOptions": {
+    "outDir": "dist",
+    "rootDir": "src"
+  },
+  "include": ["src"]
+}

package/payload/platform/package.json

@@ -6,8 +6,8 @@
     "plugins/*/mcp"
   ],
   "scripts": {
-    "build": "tsc -p lib/models/tsconfig.json && tsc -p lib/anthropic-key/tsconfig.json && tsc -p lib/oauth-llm/tsconfig.json && tsc -p lib/mcp-stderr-tee/tsconfig.json && tsc -p lib/graph-mcp/tsconfig.json && tsc -p lib/graph-trash/tsconfig.json && tsc -p lib/graph-search/tsconfig.json && tsc -p lib/graph-write/tsconfig.json && tsc -p lib/screening-patterns/tsconfig.json && tsc -p lib/device-url/tsconfig.json && NODE_OPTIONS='--max-old-space-size=8192' tsc -b plugins/*/mcp/tsconfig.json",
-    "build:lib": "tsc -p lib/models/tsconfig.json && tsc -p lib/anthropic-key/tsconfig.json && tsc -p lib/oauth-llm/tsconfig.json && tsc -p lib/mcp-stderr-tee/tsconfig.json && tsc -p lib/graph-mcp/tsconfig.json && tsc -p lib/graph-trash/tsconfig.json && tsc -p lib/graph-search/tsconfig.json && tsc -p lib/graph-write/tsconfig.json && tsc -p lib/screening-patterns/tsconfig.json && tsc -p lib/device-url/tsconfig.json",
+    "build": "tsc -p lib/models/tsconfig.json && tsc -p lib/anthropic-key/tsconfig.json && tsc -p lib/oauth-llm/tsconfig.json && tsc -p lib/mcp-stderr-tee/tsconfig.json && tsc -p lib/mcp-spawn-tee/tsconfig.json && tsc -p lib/graph-mcp/tsconfig.json && tsc -p lib/graph-trash/tsconfig.json && tsc -p lib/graph-search/tsconfig.json && tsc -p lib/graph-write/tsconfig.json && tsc -p lib/screening-patterns/tsconfig.json && tsc -p lib/device-url/tsconfig.json && NODE_OPTIONS='--max-old-space-size=8192' tsc -b plugins/*/mcp/tsconfig.json",
+    "build:lib": "tsc -p lib/models/tsconfig.json && tsc -p lib/anthropic-key/tsconfig.json && tsc -p lib/oauth-llm/tsconfig.json && tsc -p lib/mcp-stderr-tee/tsconfig.json && tsc -p lib/mcp-spawn-tee/tsconfig.json && tsc -p lib/graph-mcp/tsconfig.json && tsc -p lib/graph-trash/tsconfig.json && tsc -p lib/graph-search/tsconfig.json && tsc -p lib/graph-write/tsconfig.json && tsc -p lib/screening-patterns/tsconfig.json && tsc -p lib/device-url/tsconfig.json",
     "build:memory": "tsc -p plugins/memory/mcp/tsconfig.json",
     "build:contacts": "tsc -p plugins/contacts/mcp/tsconfig.json",
     "build:telegram": "tsc -p plugins/telegram/mcp/tsconfig.json",

package/payload/platform/plugins/docs/references/plugins-guide.md

@@ -115,10 +115,18 @@ After this, every `console.error("[your-tool] ...")` from any tool in the plugin
 
 **Main-subprocess stderr (Task 535).** The same teeing pattern applies to the main Claude Code subprocess's stderr — every line lands in the per-conversation stream log as `[subproc-stderr] …`, with lifecycle markers `[subproc-stderr-tee-attached] pid=…` and `[subproc-stderr-tee-detached] pid=… bytes=N lines=N`. A `bytes=0 lines=0` detach means the tee was attached but the subprocess emitted nothing on stderr — which is the normal state today, because the Claude Code CLI is a bundled Bun runtime binary that does not honour Node's `NODE_DEBUG` env var. The platform records this explicitly with one line per spawn: `[subproc-debug-unavailable] reason=bundled-bun-binary-ignores-node-debug pid=… cli=claude`. A reader who finds a `[spawn]` without these markers should treat that as a regression of the tee infrastructure, not as silence.
 
-## Failure-path observability contract (Task 560)
+## Failure-path observability contract (Task 560 + Task 743)
 
-The `initStderrTee` wrapper writes to the per-conversation stream log and per-server raw file via `createWriteStream` — async, buffered. Any diagnostic `console.error(…)` followed by an immediate `process.exit(…)` is lost: the event loop never drains the WriteStream before the process terminates. Plugins that call `process.exit()` during module load (rare — `graph-mcp` is the only in-tree example today; it spawns a child at boot to proxy upstream stdio) MUST use `fs.appendFileSync` at every exit path to guarantee the cause lands in both log destinations before exit. Lines should follow the `[mcp:<name>] [<plugin-prefix>] <cause>` format so existing `grep '[mcp:<name>]'` investigator paths work. Each destination must be wrapped in its own try/catch — an unwritable log must not mask the primary failure.
+The `initStderrTee` wrapper writes to the per-conversation stream log and per-server raw file via `createWriteStream` — async, buffered. Any diagnostic `console.error(…)` followed by an immediate `process.exit(…)` is lost: the event loop never drains the WriteStream before the process terminates. Same race for any synchronous module-load throw: Node's uncaught-exception handler writes the stack to raw fd 2 and exits before the patched async stream flushes. The platform's `[mcp-init-error] tail="(no stderr file)"` line — operationally useless — is the public symptom of this race.
 
-A second observability layer closes the same gap from the platform side: when `claude-agent.ts` observes an `init` event with any MCP server reporting `status:"failed"`, it reads the last 512 bytes of `${LOG_DIR}/mcp-<name>-stderr-<date>.log` and emits `[mcp-init-error] server=<name> tail=<quoted>` into the stream log. Absent file → `tail="(no stderr file)"`; empty file → `tail="(empty)"`. This works for every plugin regardless of whether it adopted the sync-write discipline — the tail of whatever landed in the raw stderr file (from whichever destination made it out of the async buffer) is always captured.
+**Two layers now close the gap, each load-bearing on its own:**
 
-Signal inventory after a failed session: `[init] FAILED MCP servers: <names>` (names), `[mcp-init-error] server=<name> tail=…` (cause for each, from platform), optionally `[mcp:<name>] [<plugin>] …` (cause for each, from plugin's own sync-writes when the plugin is disciplined). Their union gives the investigator two independent sources for the same failure.
+1. **Plugin-side sync-write discipline.** Plugins that call `process.exit()` during module load (rare — `graph-mcp` is the in-tree example; it spawns a child at boot to proxy upstream stdio) use `fs.appendFileSync` at every named exit path to guarantee the cause lands in both log destinations before exit. Lines follow the `[mcp:<name>] [<plugin-prefix>] <cause>` format so existing `grep '[mcp:<name>]'` investigator paths work. Each destination is wrapped in its own try/catch — an unwritable log must not mask the primary failure. This is the discipline propagated from Task 560 to any plugin author who knows their failure paths.
+
+2. **Parent-side `mcp-spawn-tee` wrapper (Task 743).** Every node-based core MCP server is spawned via the `lib/mcp-spawn-tee` wrapper rather than `node <entry>` directly. The wrapper spawns the real entry with `stdio: ['inherit', 'inherit', 'pipe']` and writes child stderr chunks to `${LOG_DIR}/mcp-${name}-stderr-<date>.log` via `appendFileSync` while passing the same chunks through to its own stderr (Claude Code's consumer is unchanged). Synchronous `appendFileSync` survives `process.exit`, so the per-server file captures even (a) module-load throws before `initStderrTee` runs, (b) `MODULE_NOT_FOUND` on the entry script itself, and (c) anything else a plugin author missed. The wrapper writes `[mcp-spawn-tee-attached] server=<name> pid=<n>` on attach and forwards SIGTERM/SIGINT to the child. This is the layer that makes capture independent of plugin discipline. Playwright stays unwrapped because it spawns via `npx`, not `node`.
+
+A third layer closes the same gap from the platform side: when `claude-agent.ts` observes an `init` event with any MCP server reporting `status:"failed"`, it reads the last 512 bytes of `${LOG_DIR}/mcp-<name>-stderr-<date>.log` and emits `[mcp-init-error] server=<name> tail=<quoted>` into the stream log. Absent file → `tail="(no stderr file)"`; empty file → `tail="(empty)"`. With the spawn-tee wrapper now interposing on every core MCP, `tail="(no stderr file)"` post-Task-743 means the wrapper itself is broken — file follow-up.
+
+**Signal inventory after a failed session:** `[init] FAILED MCP servers: <names>` (names), `[mcp-init-error] server=<name> tail=…` (cause for each, from the platform's tail probe), `[mcp-spawn-tee-attached] server=<name> pid=<n>` (proof the wrapper attached), `[mcp-spawn-tee-exit] server=<name> code=<n>|signal=<s>` (proof the wrapper saw the exit), and optionally `[mcp:<name>] [<plugin>] …` from plugin-side sync-writes. Their union gives the investigator three independent sources for the same failure.
+
+**Boot-smoke as publish-time gate (Task 743).** The memory MCP carries `scripts/boot-smoke.sh` that spawns `dist/index.js` with stub env, sleeps 2s, asserts `kill -0 <pid>`, and reports `[boot-smoke] memory ok|FAILED tail=<n-lines>`. Wired to `prepublish` in `plugins/memory/mcp/package.json`. The pattern is propagatable to other plugin MCPs — it's deliberately not generalised yet because each plugin's stub-env requirements differ (memory needs ACCOUNT_ID + PLATFORM_ROOT + NEO4J_URI + SESSION_ID; others differ).

package/payload/platform/plugins/linkedin-import/PLUGIN.md

@@ -4,6 +4,7 @@ description: "Import a LinkedIn Basic Data Export into the Maxy Neo4j graph. Ski
 tools: []
 always: false
 embed: false
+specialist: database-operator
 metadata: {"platform":{"optional":true,"pluginKey":"linkedin-import"}}
 ---
 

package/payload/platform/plugins/linkedin-import/skills/linkedin-import/SKILL.md

@@ -42,7 +42,7 @@ When the owner is an external Person (non-operator archive), the anchor is the c
 
 ## Invariants
 
-1. **Schema first.** The LinkedIn additions (`person_linkedin_url` index, `:Credential` constraint) live in [`platform/neo4j/schema.cypher`](../../../../neo4j/schema.cypher) and are applied by `platform/scripts/seed-neo4j.sh` on every install / upgrade. If running against a Neo4j that hasn't been reseeded since shipping, pipe `schema.cypher` into `cypher-shell` once before starting — every statement is `IF NOT EXISTS`.
+1. **Schema first.** The LinkedIn additions (`person_linkedin_url` index, `:Credential` constraint) live in [`platform/neo4j/schema.cypher`](../../../../neo4j/schema.cypher) and are applied by `platform/scripts/seed-neo4j.sh` on every install / upgrade. The skill assumes the schema has been seeded; it does not bootstrap schema itself. If a constraint or index is missing, the operator re-runs `seed-neo4j.sh` from the installer — schema-bootstrap is installer-side, never agent-side.
 2. **Owner confirmed first.** No reference runs until `$ownerUserId` (or `$ownerPersonId`) is persisted and echo-confirmed. The reference set is parameterised — no hard-coded owner.
 3. **Natural edges only.** Every edge written is one the CSV actually expresses. `Connections.csv` encodes "I am connected on LinkedIn to this person" — that becomes `CONNECTED_ON_LINKEDIN`. No synthetic attach-to-owner pattern bolted onto rows that don't describe a relationship to the owner.
 4. **Reuse Maxy labels.** Schema-extension is last resort. The LinkedIn set maps onto existing labels wherever semantics align:
@@ -60,10 +60,31 @@ When the owner is an external Person (non-operator archive), the anchor is the c
 
 ## Execution model
 
-1. Confirm `schema.cypher` is applied (one-liner: `cypher-shell ... < platform/neo4j/schema.cypher`; safe to re-run).
-2. Run the owner-confirmation flow, persist `$ownerUserId` / `$ownerPersonId`.
-3. For each file the operator approves, load its reference, parse the CSV, batch rows (default 500 per tx), execute the reference's Cypher with `$rows` + owner parameter.
-4. After each file emit `[linkedin-import] file=<name> rows=<n> created=<n> matched=<n> ms=<elapsed>`.
+1. Run the owner-confirmation flow, persist `$ownerUserId` / `$ownerPersonId`. The owner identity resolves to a single `ownerNodeId` (elementId of the AdminUser or external Person) used in every write call.
+2. For each file the operator approves, load its reference, parse the CSV into typed `rows[]` matching the reference's row schema.
+3. **Selective-ingest gate.** Before invoking any write tool, check the parsed row count against the reference's `selectiveIngestThreshold`. If the count exceeds the threshold, pause and ask the operator to filter the import along the natural axes named in the reference (for `Connections.csv`: Company, Position, Connected On). Apply the filter to `rows[]` before continuing. Compress on write, never after — a 5,000-row blanket import is a landfill, a 200-row filtered import is signal. See [§Selective-ingest](#selective-ingest-threshold-bulk-archives).
+4. Invoke the deterministic write tool the reference names. For all archive references this is `mcp__memory__memory-archive-write` with `{archiveType, ownerNodeId, rows}` — the Cypher body is fixed server-side per `archiveType`, so the agent supplies parsed rows, never Cypher. The tool batches rows at 500 per transaction internally.
+5. After each file emit `[linkedin-import] file=<name> rows=<n> created=<n> matched=<n> ms=<elapsed>` using the counters returned by the write tool.
+
+**Doctrine:** raw Cypher and `cypher-shell` invocations are forbidden in this skill and its references. Writes route through `mcp__memory__memory-archive-write` (bulk archives) or `mcp__memory__memory-write` / `mcp__memory__memory-update` (single-node enrichments like `profile.md`). If a CSV needs a write shape no current MCP tool supports, file a task to extend `memory-archive-write` with a new `archiveType` handler — never improvise via Bash. See [database-operator's LOUD-FAIL prerogative](../../../../templates/specialists/agents/database-operator.md#prerogatives).
+
+## Selective-ingest threshold (bulk archives)
+
+A LinkedIn export typically contains 3,000–10,000 connections. Writing all of them in one shot defeats compression-on-write — most rows will never be queried, and the noise compounds with every subsequent ingest. The skill compresses by interrogating the operator before bulk writes.
+
+**Threshold:** when a parsed reference's `rows[]` exceeds **100 rows**, pause and ask the operator to filter along the reference's natural axes before invoking the write tool.
+
+For `Connections.csv` the natural filter axes are:
+
+- **Company** — "only people at LargeCorp", "only Female Founders Fund alumni"
+- **Position** — "only Partners", "only Engineering Managers"
+- **Connected On** (date range) — "only my last two years", "since 2024-01-01"
+
+The operator picks one axis or a combination. The agent applies the filter to `rows[]` and writes only the filtered subset.
+
+**Re-importing is idempotent.** Coming back later with a wider filter (`"add anyone at LargeCorp"`, `"include 2022 too"`) hits the same `linkedinUrl` natural key — existing `:Person` nodes are matched and updated; only the new-only delta is created. The operator can grow the slice over time without dedup work.
+
+**Why the threshold lives in the skill, not the server.** Different archive types have different "interesting" thresholds — 100 LinkedIn connections is a lot; 100 LinkedIn skills is small. The MCP tool accepts whatever rows are passed; the conversational gate is the skill's responsibility.
 
 ## File roster