npm - @stackmemoryai/stackmemory - Versions diffs - 0.5.57 → 0.5.59 - Mend

@stackmemoryai/stackmemory 0.5.57 → 0.5.59

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (611) hide show

package/bin/codex-smd +6 -0
package/dist/cli/codex-sm-danger.js +21 -0
package/dist/cli/codex-sm-danger.js.map +7 -0
package/dist/cli/commands/handoff.js +33 -3
package/dist/cli/commands/handoff.js.map +2 -2
package/dist/cli/commands/search.js +20 -3
package/dist/cli/commands/search.js.map +2 -2
package/dist/core/database/sqlite-adapter.js +13 -3
package/dist/core/database/sqlite-adapter.js.map +2 -2
package/dist/core/errors/error-utils.js +208 -0
package/dist/core/errors/error-utils.js.map +7 -0
package/dist/core/errors/index.js +13 -4
package/dist/core/errors/index.js.map +2 -2
package/dist/core/merge/unified-merge-resolver.js +303 -0
package/dist/core/merge/unified-merge-resolver.js.map +7 -0
package/dist/core/monitoring/logger.js +61 -9
package/dist/core/monitoring/logger.js.map +2 -2
package/dist/core/security/index.js +35 -0
package/dist/core/security/index.js.map +7 -0
package/dist/core/security/input-sanitizer.js +321 -0
package/dist/core/security/input-sanitizer.js.map +7 -0
package/dist/core/session/enhanced-handoff.js +136 -2
package/dist/core/session/enhanced-handoff.js.map +3 -3
package/dist/integrations/linear/client.js +5 -1
package/dist/integrations/linear/client.js.map +2 -2
package/dist/integrations/mcp/remote-server.js +27 -36
package/dist/integrations/mcp/remote-server.js.map +2 -2
package/dist/integrations/mcp/server.js +44 -29
package/dist/integrations/mcp/server.js.map +3 -3
package/dist/scripts/benchmark-performance.js +48 -0
package/dist/scripts/benchmark-performance.js.map +7 -0
package/dist/scripts/check-redis.js +42 -0
package/dist/scripts/check-redis.js.map +7 -0
package/dist/scripts/initialize.js +116 -0
package/dist/scripts/initialize.js.map +7 -0
package/dist/scripts/list-linear-tasks.js +124 -0
package/dist/scripts/list-linear-tasks.js.map +7 -0
package/dist/scripts/measure-handoff-impact.js +340 -0
package/dist/scripts/measure-handoff-impact.js.map +7 -0
package/dist/scripts/query-chromadb.js +160 -0
package/dist/scripts/query-chromadb.js.map +7 -0
package/dist/scripts/show-linear-summary.js +119 -0
package/dist/scripts/show-linear-summary.js.map +7 -0
package/dist/scripts/simple-swarm-demo.js +90 -0
package/dist/scripts/simple-swarm-demo.js.map +7 -0
package/dist/scripts/status.js +155 -0
package/dist/scripts/status.js.map +7 -0
package/dist/scripts/test-chromadb-sync.js +192 -0
package/dist/scripts/test-chromadb-sync.js.map +7 -0
package/dist/scripts/test-ralph-iteration-fix.js +86 -0
package/dist/scripts/test-ralph-iteration-fix.js.map +7 -0
package/dist/scripts/test-ralph-iterations.js +121 -0
package/dist/scripts/test-ralph-iterations.js.map +7 -0
package/dist/scripts/test-redis-storage.js +389 -0
package/dist/scripts/test-redis-storage.js.map +7 -0
package/dist/scripts/test-simple-ralph-state-sync.js +115 -0
package/dist/scripts/test-simple-ralph-state-sync.js.map +7 -0
package/dist/scripts/test-swarm-fixes.js +125 -0
package/dist/scripts/test-swarm-fixes.js.map +7 -0
package/dist/scripts/test-swarm-tui.js +23 -0
package/dist/scripts/test-swarm-tui.js.map +7 -0
package/dist/scripts/test-tui-shortcuts.js +52 -0
package/dist/scripts/test-tui-shortcuts.js.map +7 -0
package/dist/scripts/validate-tui-shortcuts.js +60 -0
package/dist/scripts/validate-tui-shortcuts.js.map +7 -0
package/dist/src/agents/core/agent-task-manager.js +527 -0
package/dist/src/agents/core/agent-task-manager.js.map +7 -0
package/dist/src/agents/verifiers/base-verifier.js +133 -0
package/dist/src/agents/verifiers/base-verifier.js.map +7 -0
package/dist/src/agents/verifiers/formatter-verifier.js +130 -0
package/dist/src/agents/verifiers/formatter-verifier.js.map +7 -0
package/dist/src/agents/verifiers/llm-judge.js +252 -0
package/dist/src/agents/verifiers/llm-judge.js.map +7 -0
package/dist/src/cli/auto-detect.js +321 -0
package/dist/src/cli/auto-detect.js.map +7 -0
package/dist/src/cli/claude-sm-danger.js +21 -0
package/dist/src/cli/claude-sm-danger.js.map +7 -0
package/dist/src/cli/claude-sm.js +1156 -0
package/dist/src/cli/claude-sm.js.map +7 -0
package/dist/src/cli/codex-sm-danger.js +21 -0
package/dist/src/cli/codex-sm-danger.js.map +7 -0
package/dist/src/cli/codex-sm.js +349 -0
package/dist/src/cli/codex-sm.js.map +7 -0
package/dist/src/cli/commands/api.js +232 -0
package/dist/src/cli/commands/api.js.map +7 -0
package/dist/src/cli/commands/auto-background.js +180 -0
package/dist/src/cli/commands/auto-background.js.map +7 -0
package/dist/src/cli/commands/cleanup-processes.js +68 -0
package/dist/src/cli/commands/cleanup-processes.js.map +7 -0
package/dist/src/cli/commands/clear.js +202 -0
package/dist/src/cli/commands/clear.js.map +7 -0
package/dist/src/cli/commands/config.js +445 -0
package/dist/src/cli/commands/config.js.map +7 -0
package/dist/src/cli/commands/context-rehydrate.js +751 -0
package/dist/src/cli/commands/context-rehydrate.js.map +7 -0
package/dist/src/cli/commands/context.js +343 -0
package/dist/src/cli/commands/context.js.map +7 -0
package/dist/src/cli/commands/daemon.js +392 -0
package/dist/src/cli/commands/daemon.js.map +7 -0
package/dist/src/cli/commands/dashboard.js +210 -0
package/dist/src/cli/commands/dashboard.js.map +7 -0
package/dist/src/cli/commands/db.js +147 -0
package/dist/src/cli/commands/db.js.map +7 -0
package/dist/src/cli/commands/decision.js +266 -0
package/dist/src/cli/commands/decision.js.map +7 -0
package/dist/src/cli/commands/discovery.js +279 -0
package/dist/src/cli/commands/discovery.js.map +7 -0
package/dist/src/cli/commands/handoff.js +624 -0
package/dist/src/cli/commands/handoff.js.map +7 -0
package/dist/src/cli/commands/hooks.js +298 -0
package/dist/src/cli/commands/hooks.js.map +7 -0
package/dist/src/cli/commands/linear.js +529 -0
package/dist/src/cli/commands/linear.js.map +7 -0
package/dist/src/cli/commands/log.js +169 -0
package/dist/src/cli/commands/log.js.map +7 -0
package/dist/src/cli/commands/login.js +172 -0
package/dist/src/cli/commands/login.js.map +7 -0
package/dist/src/cli/commands/migrate.js +240 -0
package/dist/src/cli/commands/migrate.js.map +7 -0
package/dist/src/cli/commands/model.js +533 -0
package/dist/src/cli/commands/model.js.map +7 -0
package/dist/src/cli/commands/onboard.js +536 -0
package/dist/src/cli/commands/onboard.js.map +7 -0
package/dist/src/cli/commands/projects.js +199 -0
package/dist/src/cli/commands/projects.js.map +7 -0
package/dist/src/cli/commands/ralph.js +909 -0
package/dist/src/cli/commands/ralph.js.map +7 -0
package/dist/src/cli/commands/retrieval.js +248 -0
package/dist/src/cli/commands/retrieval.js.map +7 -0
package/dist/src/cli/commands/search.js +173 -0
package/dist/src/cli/commands/search.js.map +7 -0
package/dist/src/cli/commands/service.js +749 -0
package/dist/src/cli/commands/service.js.map +7 -0
package/dist/src/cli/commands/session.js +200 -0
package/dist/src/cli/commands/session.js.map +7 -0
package/dist/src/cli/commands/settings.js +306 -0
package/dist/src/cli/commands/settings.js.map +7 -0
package/dist/src/cli/commands/setup.js +701 -0
package/dist/src/cli/commands/setup.js.map +7 -0
package/dist/src/cli/commands/shell.js +249 -0
package/dist/src/cli/commands/shell.js.map +7 -0
package/dist/src/cli/commands/signup.js +50 -0
package/dist/src/cli/commands/signup.js.map +7 -0
package/dist/src/cli/commands/skills.js +470 -0
package/dist/src/cli/commands/skills.js.map +7 -0
package/dist/src/cli/commands/sms-notify.js +795 -0
package/dist/src/cli/commands/sms-notify.js.map +7 -0
package/dist/src/cli/commands/storage-tier.js +183 -0
package/dist/src/cli/commands/storage-tier.js.map +7 -0
package/dist/src/cli/commands/sweep.js +249 -0
package/dist/src/cli/commands/sweep.js.map +7 -0
package/dist/src/cli/commands/tasks.js +213 -0
package/dist/src/cli/commands/tasks.js.map +7 -0
package/dist/src/cli/commands/worktree.js +319 -0
package/dist/src/cli/commands/worktree.js.map +7 -0
package/dist/src/cli/index.js +594 -0
package/dist/src/cli/index.js.map +7 -0
package/dist/src/cli/opencode-sm.js +448 -0
package/dist/src/cli/opencode-sm.js.map +7 -0
package/dist/src/cli/utils/viewer.js +96 -0
package/dist/src/cli/utils/viewer.js.map +7 -0
package/dist/src/core/config/config-manager.js +398 -0
package/dist/src/core/config/config-manager.js.map +7 -0
package/dist/src/core/config/feature-flags.js +76 -0
package/dist/src/core/config/feature-flags.js.map +7 -0
package/dist/src/core/config/storage-config.js +115 -0
package/dist/src/core/config/storage-config.js.map +7 -0
package/dist/src/core/config/types.js +144 -0
package/dist/src/core/config/types.js.map +7 -0
package/dist/src/core/context/auto-context.js +80 -0
package/dist/src/core/context/auto-context.js.map +7 -0
package/dist/src/core/context/dual-stack-manager.js +870 -0
package/dist/src/core/context/dual-stack-manager.js.map +7 -0
package/dist/src/core/context/enhanced-rehydration.js +994 -0
package/dist/src/core/context/enhanced-rehydration.js.map +7 -0
package/dist/src/core/context/frame-database.js +479 -0
package/dist/src/core/context/frame-database.js.map +7 -0
package/dist/src/core/context/frame-digest.js +250 -0
package/dist/src/core/context/frame-digest.js.map +7 -0
package/dist/src/core/context/frame-handoff-manager.js +778 -0
package/dist/src/core/context/frame-handoff-manager.js.map +7 -0
package/dist/src/core/context/frame-lifecycle-hooks.js +119 -0
package/dist/src/core/context/frame-lifecycle-hooks.js.map +7 -0
package/dist/src/core/context/frame-recovery.js +302 -0
package/dist/src/core/context/frame-recovery.js.map +7 -0
package/dist/src/core/context/frame-stack.js +314 -0
package/dist/src/core/context/frame-stack.js.map +7 -0
package/dist/src/core/context/frame-types.js +5 -0
package/dist/src/core/context/frame-types.js.map +7 -0
package/dist/src/core/context/index.js +25 -0
package/dist/src/core/context/index.js.map +7 -0
package/dist/src/core/context/permission-manager.js +185 -0
package/dist/src/core/context/permission-manager.js.map +7 -0
package/dist/src/core/context/recursive-context-manager.js +592 -0
package/dist/src/core/context/recursive-context-manager.js.map +7 -0
package/dist/src/core/context/refactored-frame-manager.js +754 -0
package/dist/src/core/context/refactored-frame-manager.js.map +7 -0
package/dist/src/core/context/shared-context-layer.js +621 -0
package/dist/src/core/context/shared-context-layer.js.map +7 -0
package/dist/src/core/context/stack-merge-resolver.js +749 -0
package/dist/src/core/context/stack-merge-resolver.js.map +7 -0
package/dist/src/core/context/validation.js +130 -0
package/dist/src/core/context/validation.js.map +7 -0
package/dist/src/core/database/batch-operations.js +384 -0
package/dist/src/core/database/batch-operations.js.map +7 -0
package/dist/src/core/database/connection-pool.js +330 -0
package/dist/src/core/database/connection-pool.js.map +7 -0
package/dist/src/core/database/database-adapter.js +60 -0
package/dist/src/core/database/database-adapter.js.map +7 -0
package/dist/src/core/database/migration-manager.js +614 -0
package/dist/src/core/database/migration-manager.js.map +7 -0
package/dist/src/core/database/query-cache.js +298 -0
package/dist/src/core/database/query-cache.js.map +7 -0
package/dist/src/core/database/query-router.js +430 -0
package/dist/src/core/database/query-router.js.map +7 -0
package/dist/src/core/database/sqlite-adapter.js +738 -0
package/dist/src/core/database/sqlite-adapter.js.map +7 -0
package/dist/src/core/digest/enhanced-hybrid-digest.js +277 -0
package/dist/src/core/digest/enhanced-hybrid-digest.js.map +7 -0
package/dist/src/core/digest/frame-digest-integration.js +176 -0
package/dist/src/core/digest/frame-digest-integration.js.map +7 -0
package/dist/src/core/digest/hybrid-digest-generator.js +553 -0
package/dist/src/core/digest/hybrid-digest-generator.js.map +7 -0
package/dist/src/core/digest/index.js +9 -0
package/dist/src/core/digest/index.js.map +7 -0
package/dist/src/core/digest/types.js +25 -0
package/dist/src/core/digest/types.js.map +7 -0
package/dist/src/core/errors/error-utils.js +208 -0
package/dist/src/core/errors/error-utils.js.map +7 -0
package/dist/src/core/errors/index.js +521 -0
package/dist/src/core/errors/index.js.map +7 -0
package/dist/src/core/errors/recovery.js +269 -0
package/dist/src/core/errors/recovery.js.map +7 -0
package/dist/src/core/execution/parallel-executor.js +258 -0
package/dist/src/core/execution/parallel-executor.js.map +7 -0
package/dist/src/core/frame/workflow-templates.js +319 -0
package/dist/src/core/frame/workflow-templates.js.map +7 -0
package/dist/src/core/merge/conflict-detector.js +431 -0
package/dist/src/core/merge/conflict-detector.js.map +7 -0
package/dist/src/core/merge/index.js +9 -0
package/dist/src/core/merge/index.js.map +7 -0
package/dist/src/core/merge/resolution-engine.js +558 -0
package/dist/src/core/merge/resolution-engine.js.map +7 -0
package/dist/src/core/merge/stack-diff.js +532 -0
package/dist/src/core/merge/stack-diff.js.map +7 -0
package/dist/src/core/merge/types.js +5 -0
package/dist/src/core/merge/types.js.map +7 -0
package/dist/src/core/merge/unified-merge-resolver.js +303 -0
package/dist/src/core/merge/unified-merge-resolver.js.map +7 -0
package/dist/src/core/models/fallback-monitor.js +232 -0
package/dist/src/core/models/fallback-monitor.js.map +7 -0
package/dist/src/core/models/model-router.js +340 -0
package/dist/src/core/models/model-router.js.map +7 -0
package/dist/src/core/monitoring/error-handler.js +49 -0
package/dist/src/core/monitoring/error-handler.js.map +7 -0
package/dist/src/core/monitoring/logger.js +202 -0
package/dist/src/core/monitoring/logger.js.map +7 -0
package/dist/src/core/monitoring/metrics.js +172 -0
package/dist/src/core/monitoring/metrics.js.map +7 -0
package/dist/src/core/monitoring/progress-tracker.js +189 -0
package/dist/src/core/monitoring/progress-tracker.js.map +7 -0
package/dist/src/core/monitoring/session-monitor.js +300 -0
package/dist/src/core/monitoring/session-monitor.js.map +7 -0
package/dist/src/core/performance/context-cache.js +273 -0
package/dist/src/core/performance/context-cache.js.map +7 -0
package/dist/src/core/performance/index.js +11 -0
package/dist/src/core/performance/index.js.map +7 -0
package/dist/src/core/performance/lazy-context-loader.js +327 -0
package/dist/src/core/performance/lazy-context-loader.js.map +7 -0
package/dist/src/core/performance/monitor.js +221 -0
package/dist/src/core/performance/monitor.js.map +7 -0
package/dist/src/core/performance/optimized-frame-context.js +345 -0
package/dist/src/core/performance/optimized-frame-context.js.map +7 -0
package/dist/src/core/performance/performance-benchmark.js +277 -0
package/dist/src/core/performance/performance-benchmark.js.map +7 -0
package/dist/src/core/performance/performance-profiler.js +370 -0
package/dist/src/core/performance/performance-profiler.js.map +7 -0
package/dist/src/core/performance/streaming-jsonl-parser.js +195 -0
package/dist/src/core/performance/streaming-jsonl-parser.js.map +7 -0
package/dist/src/core/persistence/postgres-adapter.js +349 -0
package/dist/src/core/persistence/postgres-adapter.js.map +7 -0
package/dist/src/core/projects/project-isolation.js +201 -0
package/dist/src/core/projects/project-isolation.js.map +7 -0
package/dist/src/core/projects/project-manager.js +697 -0
package/dist/src/core/projects/project-manager.js.map +7 -0
package/dist/src/core/query/query-parser.js +370 -0
package/dist/src/core/query/query-parser.js.map +7 -0
package/dist/src/core/query/query-templates.js +321 -0
package/dist/src/core/query/query-templates.js.map +7 -0
package/dist/src/core/retrieval/context-retriever.js +479 -0
package/dist/src/core/retrieval/context-retriever.js.map +7 -0
package/dist/src/core/retrieval/index.js +8 -0
package/dist/src/core/retrieval/index.js.map +7 -0
package/dist/src/core/retrieval/llm-context-retrieval.js +613 -0
package/dist/src/core/retrieval/llm-context-retrieval.js.map +7 -0
package/dist/src/core/retrieval/llm-provider.js +151 -0
package/dist/src/core/retrieval/llm-provider.js.map +7 -0
package/dist/src/core/retrieval/retrieval-audit.js +236 -0
package/dist/src/core/retrieval/retrieval-audit.js.map +7 -0
package/dist/src/core/retrieval/summary-generator.js +589 -0
package/dist/src/core/retrieval/summary-generator.js.map +7 -0
package/dist/src/core/retrieval/types.js +21 -0
package/dist/src/core/retrieval/types.js.map +7 -0
package/dist/src/core/security/index.js +35 -0
package/dist/src/core/security/index.js.map +7 -0
package/dist/src/core/security/input-sanitizer.js +321 -0
package/dist/src/core/security/input-sanitizer.js.map +7 -0
package/dist/src/core/session/clear-survival.js +465 -0
package/dist/src/core/session/clear-survival.js.map +7 -0
package/dist/src/core/session/enhanced-handoff.js +792 -0
package/dist/src/core/session/enhanced-handoff.js.map +7 -0
package/dist/src/core/session/handoff-generator.js +343 -0
package/dist/src/core/session/handoff-generator.js.map +7 -0
package/dist/src/core/session/index.js +15 -0
package/dist/src/core/session/index.js.map +7 -0
package/dist/src/core/session/session-manager.js +347 -0
package/dist/src/core/session/session-manager.js.map +7 -0
package/dist/src/core/skills/index.js +7 -0
package/dist/src/core/skills/index.js.map +7 -0
package/dist/src/core/skills/skill-storage.js +764 -0
package/dist/src/core/skills/skill-storage.js.map +7 -0
package/dist/src/core/skills/types.js +193 -0
package/dist/src/core/skills/types.js.map +7 -0
package/dist/src/core/storage/chromadb-adapter.js +354 -0
package/dist/src/core/storage/chromadb-adapter.js.map +7 -0
package/dist/src/core/storage/infinite-storage.js +510 -0
package/dist/src/core/storage/infinite-storage.js.map +7 -0
package/dist/src/core/storage/remote-storage.js +489 -0
package/dist/src/core/storage/remote-storage.js.map +7 -0
package/dist/src/core/storage/two-tier-storage.js +766 -0
package/dist/src/core/storage/two-tier-storage.js.map +7 -0
package/dist/src/core/trace/cli-trace-wrapper.js +132 -0
package/dist/src/core/trace/cli-trace-wrapper.js.map +7 -0
package/dist/src/core/trace/db-trace-wrapper.js +247 -0
package/dist/src/core/trace/db-trace-wrapper.js.map +7 -0
package/dist/src/core/trace/debug-trace.js +417 -0
package/dist/src/core/trace/debug-trace.js.map +7 -0
package/dist/src/core/trace/index.js +109 -0
package/dist/src/core/trace/index.js.map +7 -0
package/dist/src/core/trace/linear-api-wrapper.js +178 -0
package/dist/src/core/trace/linear-api-wrapper.js.map +7 -0
package/dist/src/core/trace/trace-detector.js +528 -0
package/dist/src/core/trace/trace-detector.js.map +7 -0
package/dist/src/core/trace/trace-store.js +345 -0
package/dist/src/core/trace/trace-store.js.map +7 -0
package/dist/src/core/trace/types.js +77 -0
package/dist/src/core/trace/types.js.map +7 -0
package/dist/src/core/types.js +5 -0
package/dist/src/core/types.js.map +7 -0
package/dist/src/core/utils/async-mutex.js +114 -0
package/dist/src/core/utils/async-mutex.js.map +7 -0
package/dist/src/core/utils/compression.js +83 -0
package/dist/src/core/utils/compression.js.map +7 -0
package/dist/src/core/utils/update-checker.js +218 -0
package/dist/src/core/utils/update-checker.js.map +7 -0
package/dist/src/core/worktree/worktree-manager.js +465 -0
package/dist/src/core/worktree/worktree-manager.js.map +7 -0
package/dist/src/daemon/daemon-config.js +149 -0
package/dist/src/daemon/daemon-config.js.map +7 -0
package/dist/src/daemon/services/context-service.js +122 -0
package/dist/src/daemon/services/context-service.js.map +7 -0
package/dist/src/daemon/services/linear-service.js +136 -0
package/dist/src/daemon/services/linear-service.js.map +7 -0
package/dist/src/daemon/session-daemon.js +312 -0
package/dist/src/daemon/session-daemon.js.map +7 -0
package/dist/src/daemon/unified-daemon.js +276 -0
package/dist/src/daemon/unified-daemon.js.map +7 -0
package/dist/src/features/analytics/api/analytics-api.js +287 -0
package/dist/src/features/analytics/api/analytics-api.js.map +7 -0
package/dist/src/features/analytics/core/analytics-service.js +282 -0
package/dist/src/features/analytics/core/analytics-service.js.map +7 -0
package/dist/src/features/analytics/index.js +18 -0
package/dist/src/features/analytics/index.js.map +7 -0
package/dist/src/features/analytics/queries/metrics-queries.js +277 -0
package/dist/src/features/analytics/queries/metrics-queries.js.map +7 -0
package/dist/src/features/analytics/types/metrics.js +5 -0
package/dist/src/features/analytics/types/metrics.js.map +7 -0
package/dist/src/features/browser/browser-mcp.js +492 -0
package/dist/src/features/browser/browser-mcp.js.map +7 -0
package/dist/src/features/sweep/index.js +20 -0
package/dist/src/features/sweep/index.js.map +7 -0
package/dist/src/features/sweep/prediction-client.js +155 -0
package/dist/src/features/sweep/prediction-client.js.map +7 -0
package/dist/src/features/sweep/prompt-builder.js +85 -0
package/dist/src/features/sweep/prompt-builder.js.map +7 -0
package/dist/src/features/sweep/pty-wrapper.js +171 -0
package/dist/src/features/sweep/pty-wrapper.js.map +7 -0
package/dist/src/features/sweep/state-watcher.js +87 -0
package/dist/src/features/sweep/state-watcher.js.map +7 -0
package/dist/src/features/sweep/status-bar.js +88 -0
package/dist/src/features/sweep/status-bar.js.map +7 -0
package/dist/src/features/sweep/sweep-server-manager.js +226 -0
package/dist/src/features/sweep/sweep-server-manager.js.map +7 -0
package/dist/src/features/sweep/tab-interceptor.js +38 -0
package/dist/src/features/sweep/tab-interceptor.js.map +7 -0
package/dist/src/features/sweep/types.js +18 -0
package/dist/src/features/sweep/types.js.map +7 -0
package/dist/src/features/tasks/linear-task-manager.js +487 -0
package/dist/src/features/tasks/linear-task-manager.js.map +7 -0
package/dist/src/features/tasks/task-aware-context.js +410 -0
package/dist/src/features/tasks/task-aware-context.js.map +7 -0
package/dist/src/features/tui/simple-monitor.js +116 -0
package/dist/src/features/tui/simple-monitor.js.map +7 -0
package/dist/src/features/tui/swarm-monitor.js +648 -0
package/dist/src/features/tui/swarm-monitor.js.map +7 -0
package/dist/src/features/web/client/stores/task-store.js +26 -0
package/dist/src/features/web/client/stores/task-store.js.map +7 -0
package/dist/src/features/web/server/index.js +194 -0
package/dist/src/features/web/server/index.js.map +7 -0
package/dist/src/hooks/auto-background.js +151 -0
package/dist/src/hooks/auto-background.js.map +7 -0
package/dist/src/hooks/claude-code-whatsapp-hook.js +197 -0
package/dist/src/hooks/claude-code-whatsapp-hook.js.map +7 -0
package/dist/src/hooks/config.js +150 -0
package/dist/src/hooks/config.js.map +7 -0
package/dist/src/hooks/daemon.js +364 -0
package/dist/src/hooks/daemon.js.map +7 -0
package/dist/src/hooks/events.js +58 -0
package/dist/src/hooks/events.js.map +7 -0
package/dist/src/hooks/index.js +12 -0
package/dist/src/hooks/index.js.map +7 -0
package/dist/src/hooks/linear-task-picker.js +186 -0
package/dist/src/hooks/linear-task-picker.js.map +7 -0
package/dist/src/hooks/schemas.js +197 -0
package/dist/src/hooks/schemas.js.map +7 -0
package/dist/src/hooks/secure-fs.js +49 -0
package/dist/src/hooks/secure-fs.js.map +7 -0
package/dist/src/hooks/security-logger.js +155 -0
package/dist/src/hooks/security-logger.js.map +7 -0
package/dist/src/hooks/session-summary.js +222 -0
package/dist/src/hooks/session-summary.js.map +7 -0
package/dist/src/hooks/sms-action-runner.js +371 -0
package/dist/src/hooks/sms-action-runner.js.map +7 -0
package/dist/src/hooks/sms-notify.js +506 -0
package/dist/src/hooks/sms-notify.js.map +7 -0
package/dist/src/hooks/sms-watcher.js +93 -0
package/dist/src/hooks/sms-watcher.js.map +7 -0
package/dist/src/hooks/sms-webhook.js +555 -0
package/dist/src/hooks/sms-webhook.js.map +7 -0
package/dist/src/hooks/whatsapp-commands.js +479 -0
package/dist/src/hooks/whatsapp-commands.js.map +7 -0
package/dist/src/hooks/whatsapp-scheduler.js +317 -0
package/dist/src/hooks/whatsapp-scheduler.js.map +7 -0
package/dist/src/hooks/whatsapp-sync.js +409 -0
package/dist/src/hooks/whatsapp-sync.js.map +7 -0
package/dist/src/index.js +25 -0
package/dist/src/index.js.map +7 -0
package/dist/src/integrations/anthropic/client.js +263 -0
package/dist/src/integrations/anthropic/client.js.map +7 -0
package/dist/src/integrations/claude-code/agent-bridge.js +768 -0
package/dist/src/integrations/claude-code/agent-bridge.js.map +7 -0
package/dist/src/integrations/claude-code/enhanced-pre-clear-hooks.js +459 -0
package/dist/src/integrations/claude-code/enhanced-pre-clear-hooks.js.map +7 -0
package/dist/src/integrations/claude-code/lifecycle-hooks.js +254 -0
package/dist/src/integrations/claude-code/lifecycle-hooks.js.map +7 -0
package/dist/src/integrations/claude-code/post-task-hooks.js +545 -0
package/dist/src/integrations/claude-code/post-task-hooks.js.map +7 -0
package/dist/src/integrations/claude-code/subagent-client-stub.js +20 -0
package/dist/src/integrations/claude-code/subagent-client-stub.js.map +7 -0
package/dist/src/integrations/claude-code/subagent-client.js +511 -0
package/dist/src/integrations/claude-code/subagent-client.js.map +7 -0
package/dist/src/integrations/claude-code/task-coordinator.js +360 -0
package/dist/src/integrations/claude-code/task-coordinator.js.map +7 -0
package/dist/src/integrations/linear/auth.js +337 -0
package/dist/src/integrations/linear/auth.js.map +7 -0
package/dist/src/integrations/linear/auto-sync.js +258 -0
package/dist/src/integrations/linear/auto-sync.js.map +7 -0
package/dist/src/integrations/linear/client.js +634 -0
package/dist/src/integrations/linear/client.js.map +7 -0
package/dist/src/integrations/linear/config.js +130 -0
package/dist/src/integrations/linear/config.js.map +7 -0
package/dist/src/integrations/linear/migration.js +361 -0
package/dist/src/integrations/linear/migration.js.map +7 -0
package/dist/src/integrations/linear/oauth-server.js +454 -0
package/dist/src/integrations/linear/oauth-server.js.map +7 -0
package/dist/src/integrations/linear/rest-client.js +213 -0
package/dist/src/integrations/linear/rest-client.js.map +7 -0
package/dist/src/integrations/linear/sync-manager.js +236 -0
package/dist/src/integrations/linear/sync-manager.js.map +7 -0
package/dist/src/integrations/linear/sync-service.js +231 -0
package/dist/src/integrations/linear/sync-service.js.map +7 -0
package/dist/src/integrations/linear/sync.js +782 -0
package/dist/src/integrations/linear/sync.js.map +7 -0
package/dist/src/integrations/linear/types.js +5 -0
package/dist/src/integrations/linear/types.js.map +7 -0
package/dist/src/integrations/linear/unified-sync.js +589 -0
package/dist/src/integrations/linear/unified-sync.js.map +7 -0
package/dist/src/integrations/linear/webhook-handler.js +219 -0
package/dist/src/integrations/linear/webhook-handler.js.map +7 -0
package/dist/src/integrations/linear/webhook-server.js +218 -0
package/dist/src/integrations/linear/webhook-server.js.map +7 -0
package/dist/src/integrations/linear/webhook.js +291 -0
package/dist/src/integrations/linear/webhook.js.map +7 -0
package/dist/src/integrations/mcp/handlers/code-execution-handlers.js +266 -0
package/dist/src/integrations/mcp/handlers/code-execution-handlers.js.map +7 -0
package/dist/src/integrations/mcp/handlers/context-handlers.js +257 -0
package/dist/src/integrations/mcp/handlers/context-handlers.js.map +7 -0
package/dist/src/integrations/mcp/handlers/discovery-handlers.js +497 -0
package/dist/src/integrations/mcp/handlers/discovery-handlers.js.map +7 -0
package/dist/src/integrations/mcp/handlers/index.js +166 -0
package/dist/src/integrations/mcp/handlers/index.js.map +7 -0
package/dist/src/integrations/mcp/handlers/linear-handlers.js +247 -0
package/dist/src/integrations/mcp/handlers/linear-handlers.js.map +7 -0
package/dist/src/integrations/mcp/handlers/skill-handlers.js +529 -0
package/dist/src/integrations/mcp/handlers/skill-handlers.js.map +7 -0
package/dist/src/integrations/mcp/handlers/task-handlers.js +239 -0
package/dist/src/integrations/mcp/handlers/task-handlers.js.map +7 -0
package/dist/src/integrations/mcp/handlers/trace-handlers.js +308 -0
package/dist/src/integrations/mcp/handlers/trace-handlers.js.map +7 -0
package/dist/src/integrations/mcp/index.js +23 -0
package/dist/src/integrations/mcp/index.js.map +7 -0
package/dist/src/integrations/mcp/middleware/tool-scoring.js +356 -0
package/dist/src/integrations/mcp/middleware/tool-scoring.js.map +7 -0
package/dist/src/integrations/mcp/refactored-server.js +374 -0
package/dist/src/integrations/mcp/refactored-server.js.map +7 -0
package/dist/src/integrations/mcp/remote-server.js +682 -0
package/dist/src/integrations/mcp/remote-server.js.map +7 -0
package/dist/src/integrations/mcp/schemas.js +147 -0
package/dist/src/integrations/mcp/schemas.js.map +7 -0
package/dist/src/integrations/mcp/server.js +1975 -0
package/dist/src/integrations/mcp/server.js.map +7 -0
package/dist/src/integrations/mcp/tool-definitions-code.js +125 -0
package/dist/src/integrations/mcp/tool-definitions-code.js.map +7 -0
package/dist/src/integrations/mcp/tool-definitions.js +702 -0
package/dist/src/integrations/mcp/tool-definitions.js.map +7 -0
package/dist/src/integrations/ralph/bridge/ralph-stackmemory-bridge.js +860 -0
package/dist/src/integrations/ralph/bridge/ralph-stackmemory-bridge.js.map +7 -0
package/dist/src/integrations/ralph/context/context-budget-manager.js +301 -0
package/dist/src/integrations/ralph/context/context-budget-manager.js.map +7 -0
package/dist/src/integrations/ralph/context/stackmemory-context-loader.js +360 -0
package/dist/src/integrations/ralph/context/stackmemory-context-loader.js.map +7 -0
package/dist/src/integrations/ralph/coordination/enhanced-coordination.js +410 -0
package/dist/src/integrations/ralph/coordination/enhanced-coordination.js.map +7 -0
package/dist/src/integrations/ralph/index.js +18 -0
package/dist/src/integrations/ralph/index.js.map +7 -0
package/dist/src/integrations/ralph/learning/pattern-learner.js +401 -0
package/dist/src/integrations/ralph/learning/pattern-learner.js.map +7 -0
package/dist/src/integrations/ralph/lifecycle/iteration-lifecycle.js +448 -0
package/dist/src/integrations/ralph/lifecycle/iteration-lifecycle.js.map +7 -0
package/dist/src/integrations/ralph/monitoring/swarm-dashboard.js +294 -0
package/dist/src/integrations/ralph/monitoring/swarm-dashboard.js.map +7 -0
package/dist/src/integrations/ralph/monitoring/swarm-registry.js +108 -0
package/dist/src/integrations/ralph/monitoring/swarm-registry.js.map +7 -0
package/dist/src/integrations/ralph/orchestration/multi-loop-orchestrator.js +463 -0
package/dist/src/integrations/ralph/orchestration/multi-loop-orchestrator.js.map +7 -0
package/dist/src/integrations/ralph/patterns/compounding-engineering-pattern.js +400 -0
package/dist/src/integrations/ralph/patterns/compounding-engineering-pattern.js.map +7 -0
package/dist/src/integrations/ralph/patterns/extended-coherence-sessions.js +473 -0
package/dist/src/integrations/ralph/patterns/extended-coherence-sessions.js.map +7 -0
package/dist/src/integrations/ralph/patterns/oracle-worker-pattern.js +388 -0
package/dist/src/integrations/ralph/patterns/oracle-worker-pattern.js.map +7 -0
package/dist/src/integrations/ralph/performance/performance-optimizer.js +358 -0
package/dist/src/integrations/ralph/performance/performance-optimizer.js.map +7 -0
package/dist/src/integrations/ralph/recovery/crash-recovery.js +462 -0
package/dist/src/integrations/ralph/recovery/crash-recovery.js.map +7 -0
package/dist/src/integrations/ralph/state/state-reconciler.js +404 -0
package/dist/src/integrations/ralph/state/state-reconciler.js.map +7 -0
package/dist/src/integrations/ralph/swarm/git-workflow-manager.js +428 -0
package/dist/src/integrations/ralph/swarm/git-workflow-manager.js.map +7 -0
package/dist/src/integrations/ralph/swarm/swarm-coordinator.js +996 -0
package/dist/src/integrations/ralph/swarm/swarm-coordinator.js.map +7 -0
package/dist/src/integrations/ralph/types.js +5 -0
package/dist/src/integrations/ralph/types.js.map +7 -0
package/dist/src/integrations/ralph/visualization/ralph-debugger.js +585 -0
package/dist/src/integrations/ralph/visualization/ralph-debugger.js.map +7 -0
package/dist/src/mcp/stackmemory-mcp-server.js +554 -0
package/dist/src/mcp/stackmemory-mcp-server.js.map +7 -0
package/dist/src/middleware/exponential-rate-limiter.js +289 -0
package/dist/src/middleware/exponential-rate-limiter.js.map +7 -0
package/dist/src/models/user.model.js +358 -0
package/dist/src/models/user.model.js.map +7 -0
package/dist/src/servers/production/auth-middleware.js +528 -0
package/dist/src/servers/production/auth-middleware.js.map +7 -0
package/dist/src/services/config-service.js +65 -0
package/dist/src/services/config-service.js.map +7 -0
package/dist/src/services/context-service.js +194 -0
package/dist/src/services/context-service.js.map +7 -0
package/dist/src/skills/api-discovery.js +354 -0
package/dist/src/skills/api-discovery.js.map +7 -0
package/dist/src/skills/api-skill.js +475 -0
package/dist/src/skills/api-skill.js.map +7 -0
package/dist/src/skills/claude-skills.js +1061 -0
package/dist/src/skills/claude-skills.js.map +7 -0
package/dist/src/skills/dashboard-launcher.js +216 -0
package/dist/src/skills/dashboard-launcher.js.map +7 -0
package/dist/src/skills/recursive-agent-orchestrator.js +575 -0
package/dist/src/skills/recursive-agent-orchestrator.js.map +7 -0
package/dist/src/skills/repo-ingestion-skill.js +609 -0
package/dist/src/skills/repo-ingestion-skill.js.map +7 -0
package/dist/src/skills/unified-rlm-orchestrator.js +404 -0
package/dist/src/skills/unified-rlm-orchestrator.js.map +7 -0
package/dist/src/types/task.js +5 -0
package/dist/src/types/task.js.map +7 -0
package/dist/src/utils/env.js +50 -0
package/dist/src/utils/env.js.map +7 -0
package/dist/src/utils/formatting.js +62 -0
package/dist/src/utils/formatting.js.map +7 -0
package/dist/src/utils/process-cleanup.js +136 -0
package/dist/src/utils/process-cleanup.js.map +7 -0
package/package.json +4 -3
package/scripts/create-cleanup-issues.js +302 -0
package/scripts/demos/browser-test.ts +39 -0
package/scripts/demos/ralph-integration-demo.ts +244 -0
package/scripts/demos/trace-demo.ts +214 -0
package/scripts/demos/trace-detector.demo.ts +171 -0
package/scripts/demos/trace-test.ts +67 -0
package/scripts/initialize.ts +16 -7
package/scripts/install.sh +14 -62
package/scripts/status.ts +111 -46
package/scripts/test-claude-config.sh +123 -0
package/scripts/validate-claude-config.sh +155 -0

package/dist/core/security/input-sanitizer.js ADDED Viewed

@@ -0,0 +1,321 @@
+import { fileURLToPath as __fileURLToPath } from 'url';
+import { dirname as __pathDirname } from 'path';
+const __filename = __fileURLToPath(import.meta.url);
+const __dirname = __pathDirname(__filename);
+import { z } from "zod";
+import { resolve as pathResolve, relative as pathRelative } from "path";
+import { ValidationError, ErrorCode } from "../errors/index.js";
+const SENSITIVE_PATTERNS = [
+  /\b(api[_-]?key|apikey)\s*[:=]\s*['"]?[\w-]+['"]?/gi,
+  /\b(secret|password|token|credential|auth)\s*[:=]\s*['"]?[\w-]+['"]?/gi,
+  /\b(lin_api_[\w]+)/gi,
+  // Linear API keys
+  /\b(lin_oauth_[\w]+)/gi,
+  // Linear OAuth tokens
+  /\b(sk-[\w]+)/gi,
+  // OpenAI-style API keys
+  /\b(npm_[\w]+)/gi,
+  // NPM tokens
+  /\b(ghp_[\w]+)/gi,
+  // GitHub personal access tokens
+  /\b(ghs_[\w]+)/gi,
+  // GitHub secret tokens
+  /Bearer\s+[\w.-]+/gi,
+  /Basic\s+[\w=]+/gi,
+  /postgres(ql)?:\/\/[^@\s]+:[^@\s]+@/gi
+  // Database URLs with credentials
+];
+function redactSensitiveData(input) {
+  let result = input;
+  for (const pattern of SENSITIVE_PATTERNS) {
+    pattern.lastIndex = 0;
+    result = result.replace(pattern, "[REDACTED]");
+  }
+  return result;
+}
+function containsSensitiveData(input) {
+  return SENSITIVE_PATTERNS.some((pattern) => {
+    pattern.lastIndex = 0;
+    return pattern.test(input);
+  });
+}
+function sanitizeForSqlLike(input) {
+  if (!input) return "";
+  return input.replace(/\\/g, "\\\\").replace(/%/g, "\\%").replace(/_/g, "\\_").replace(/'/g, "''");
+}
+function sanitizeIdentifier(input) {
+  if (!input) {
+    throw new ValidationError(
+      "Identifier cannot be empty",
+      ErrorCode.VALIDATION_FAILED
+    );
+  }
+  const sanitized = input.replace(/[^a-zA-Z0-9_]/g, "");
+  if (sanitized !== input) {
+    throw new ValidationError(
+      `Invalid identifier: ${input}. Only alphanumeric characters and underscores are allowed.`,
+      ErrorCode.VALIDATION_FAILED,
+      { input, sanitized }
+    );
+  }
+  const sqlKeywords = [
+    "DROP",
+    "DELETE",
+    "INSERT",
+    "UPDATE",
+    "SELECT",
+    "UNION",
+    "ALTER",
+    "CREATE",
+    "TRUNCATE",
+    "EXEC",
+    "EXECUTE"
+  ];
+  if (sqlKeywords.includes(sanitized.toUpperCase())) {
+    throw new ValidationError(
+      `Invalid identifier: ${input}. SQL keywords are not allowed.`,
+      ErrorCode.VALIDATION_FAILED,
+      { input }
+    );
+  }
+  return sanitized;
+}
+const ALLOWED_TABLES = [
+  "frames",
+  "events",
+  "anchors",
+  "contexts",
+  "task_cache",
+  "schema_version",
+  "attention_log",
+  "traces"
+];
+function validateTableName(tableName) {
+  const sanitized = sanitizeIdentifier(tableName);
+  if (!ALLOWED_TABLES.includes(sanitized)) {
+    throw new ValidationError(
+      `Invalid table name: ${tableName}. Allowed tables: ${ALLOWED_TABLES.join(", ")}`,
+      ErrorCode.VALIDATION_FAILED,
+      { tableName, allowed: ALLOWED_TABLES }
+    );
+  }
+  return sanitized;
+}
+function sanitizeFilePath(input, baseDir) {
+  if (!input) {
+    throw new ValidationError(
+      "File path cannot be empty",
+      ErrorCode.VALIDATION_FAILED
+    );
+  }
+  if (input.includes("\0")) {
+    throw new ValidationError(
+      "File path contains invalid characters",
+      ErrorCode.VALIDATION_FAILED,
+      { reason: "null_byte" }
+    );
+  }
+  if (input.includes("..")) {
+    throw new ValidationError(
+      "Path traversal not allowed",
+      ErrorCode.VALIDATION_FAILED,
+      { path: input }
+    );
+  }
+  if (baseDir) {
+    const resolvedPath = pathResolve(baseDir, input);
+    const relativePath = pathRelative(baseDir, resolvedPath);
+    if (relativePath.startsWith("..") || pathResolve(relativePath) === resolvedPath) {
+      if (relativePath.startsWith("..")) {
+        throw new ValidationError(
+          "Path escapes base directory",
+          ErrorCode.VALIDATION_FAILED,
+          { path: input, baseDir }
+        );
+      }
+    }
+    return resolvedPath;
+  }
+  return input;
+}
+const SENSITIVE_FIELD_NAMES = [
+  "password",
+  "token",
+  "apikey",
+  "api_key",
+  "secret",
+  "credential",
+  "authorization",
+  "auth",
+  "accesstoken",
+  "access_token",
+  "refreshtoken",
+  "refresh_token"
+];
+function isSensitiveFieldName(key) {
+  const lowerKey = key.toLowerCase();
+  return SENSITIVE_FIELD_NAMES.some((sf) => lowerKey.includes(sf));
+}
+function sanitizeForLogging(obj) {
+  if (obj === null || obj === void 0) {
+    return obj;
+  }
+  if (typeof obj === "string") {
+    return redactSensitiveData(obj);
+  }
+  if (Array.isArray(obj)) {
+    return obj.map(sanitizeForLogging);
+  }
+  if (typeof obj === "object") {
+    const sanitized = {};
+    for (const [key, value] of Object.entries(obj)) {
+      if (isSensitiveFieldName(key)) {
+        sanitized[key] = "[REDACTED]";
+      } else {
+        sanitized[key] = sanitizeForLogging(value);
+      }
+    }
+    return sanitized;
+  }
+  return obj;
+}
+const InputSchemas = {
+  // Frame-related
+  frameId: z.string().uuid("Invalid frame ID format"),
+  frameName: z.string().min(1, "Frame name is required").max(500, "Frame name too long").refine(
+    (val) => !containsSensitiveData(val),
+    "Frame name may contain sensitive data"
+  ),
+  frameType: z.enum([
+    "task",
+    "subtask",
+    "tool_scope",
+    "review",
+    "write",
+    "debug"
+  ]),
+  // Query-related
+  searchQuery: z.string().min(1, "Search query is required").max(1e3, "Search query too long").transform((val) => sanitizeForSqlLike(val)),
+  limit: z.number().int().min(1).max(1e3).default(50),
+  offset: z.number().int().min(0).default(0),
+  // Task-related
+  taskTitle: z.string().min(1, "Task title is required").max(500, "Task title too long"),
+  taskDescription: z.string().max(1e4, "Description too long").optional(),
+  taskPriority: z.enum(["low", "medium", "high", "urgent", "critical"]),
+  taskStatus: z.enum([
+    "pending",
+    "in_progress",
+    "completed",
+    "blocked",
+    "cancelled"
+  ]),
+  // Anchor-related
+  anchorType: z.enum([
+    "FACT",
+    "DECISION",
+    "CONSTRAINT",
+    "INTERFACE_CONTRACT",
+    "TODO",
+    "RISK"
+  ]),
+  anchorText: z.string().min(1, "Anchor text is required").max(1e4, "Anchor text too long"),
+  priority: z.number().int().min(0).max(10).default(5),
+  // File path
+  filePath: z.string().min(1, "File path is required").max(4096, "File path too long").refine((val) => !val.includes("\0"), "Invalid characters in path").refine((val) => !val.includes(".."), "Path traversal not allowed"),
+  // Project ID
+  projectId: z.string().min(1, "Project ID is required").max(100, "Project ID too long").regex(
+    /^[a-zA-Z0-9_-]+$/,
+    "Project ID can only contain letters, numbers, hyphens, and underscores"
+  ),
+  // Session ID
+  sessionId: z.string().uuid("Invalid session ID format").optional(),
+  // Date/time
+  timestamp: z.number().int().positive(),
+  dateString: z.string().datetime(),
+  // Generic content (with sensitive data check)
+  safeContent: z.string().max(1e5, "Content too large").refine(
+    (val) => !containsSensitiveData(val),
+    "Content may contain sensitive data that should not be stored"
+  ),
+  // Email
+  email: z.string().email("Invalid email format").max(254, "Email too long").transform((val) => val.toLowerCase()),
+  // URL
+  url: z.string().url("Invalid URL format").max(2048, "URL too long")
+};
+function validateInput(schema, input, context) {
+  const result = schema.safeParse(input);
+  if (!result.success) {
+    const errors = result.error.errors.map((e) => ({
+      path: e.path.join("."),
+      message: e.message
+    }));
+    throw new ValidationError(
+      `Invalid input for ${context}: ${errors.map((e) => e.message).join(", ")}`,
+      ErrorCode.VALIDATION_FAILED,
+      { context, errors }
+    );
+  }
+  return result.data;
+}
+function createAggregateSchema(allowedFields) {
+  return z.object({
+    groupBy: z.array(z.string()).refine(
+      (fields) => fields.every((f) => allowedFields.includes(f)),
+      `Group by fields must be one of: ${allowedFields.join(", ")}`
+    ),
+    metrics: z.array(
+      z.object({
+        operation: z.enum(["COUNT", "SUM", "AVG", "MIN", "MAX"]),
+        field: z.string().refine(
+          (f) => f === "*" || allowedFields.includes(f),
+          `Field must be one of: ${allowedFields.join(", ")}`
+        ),
+        alias: z.string().regex(/^[a-zA-Z_][a-zA-Z0-9_]*$/).optional()
+      })
+    ),
+    orderBy: z.string().refine(
+      (f) => allowedFields.includes(f),
+      `Order by must be one of: ${allowedFields.join(", ")}`
+    ).optional(),
+    limit: z.number().int().min(1).max(1e3).optional()
+  });
+}
+function validateShellArg(arg) {
+  if (!arg) return "";
+  const dangerousChars = /[;&|`$(){}[\]<>!#*?~\n\r]/;
+  if (dangerousChars.test(arg)) {
+    throw new ValidationError(
+      "Argument contains potentially dangerous shell characters",
+      ErrorCode.VALIDATION_FAILED,
+      { arg: arg.substring(0, 50) }
+    );
+  }
+  return arg;
+}
+function safeJsonParse(input, schema) {
+  try {
+    const parsed = JSON.parse(input);
+    if (schema) {
+      return validateInput(schema, parsed, "JSON parse");
+    }
+    return parsed;
+  } catch {
+    return null;
+  }
+}
+export {
+  InputSchemas,
+  SENSITIVE_PATTERNS,
+  containsSensitiveData,
+  createAggregateSchema,
+  redactSensitiveData,
+  safeJsonParse,
+  sanitizeFilePath,
+  sanitizeForLogging,
+  sanitizeForSqlLike,
+  sanitizeIdentifier,
+  validateInput,
+  validateShellArg,
+  validateTableName
+};
+//# sourceMappingURL=input-sanitizer.js.map

package/dist/core/security/input-sanitizer.js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../src/core/security/input-sanitizer.ts"],
+  "sourcesContent": ["/**\n * Input Sanitizer - Centralized input validation and sanitization\n * Provides security utilities to prevent injection attacks and ensure data integrity\n */\n\nimport { z } from 'zod';\nimport { resolve as pathResolve, relative as pathRelative } from 'path';\nimport { ValidationError, ErrorCode } from '../errors/index.js';\n\n/**\n * Sensitive data patterns that should never be logged\n */\nexport const SENSITIVE_PATTERNS = [\n  /\\b(api[_-]?key|apikey)\\s*[:=]\\s*['\"]?[\\w-]+['\"]?/gi,\n  /\\b(secret|password|token|credential|auth)\\s*[:=]\\s*['\"]?[\\w-]+['\"]?/gi,\n  /\\b(lin_api_[\\w]+)/gi, // Linear API keys\n  /\\b(lin_oauth_[\\w]+)/gi, // Linear OAuth tokens\n  /\\b(sk-[\\w]+)/gi, // OpenAI-style API keys\n  /\\b(npm_[\\w]+)/gi, // NPM tokens\n  /\\b(ghp_[\\w]+)/gi, // GitHub personal access tokens\n  /\\b(ghs_[\\w]+)/gi, // GitHub secret tokens\n  /Bearer\\s+[\\w.-]+/gi,\n  /Basic\\s+[\\w=]+/gi,\n  /postgres(ql)?:\\/\\/[^@\\s]+:[^@\\s]+@/gi, // Database URLs with credentials\n];\n\n/**\n * Redact sensitive information from a string\n */\nexport function redactSensitiveData(input: string): string {\n  let result = input;\n  for (const pattern of SENSITIVE_PATTERNS) {\n    pattern.lastIndex = 0;\n    result = result.replace(pattern, '[REDACTED]');\n  }\n  return result;\n}\n\n/**\n * Check if a string contains potentially sensitive data\n */\nexport function containsSensitiveData(input: string): boolean {\n  return SENSITIVE_PATTERNS.some((pattern) => {\n    pattern.lastIndex = 0; // Reset regex state\n    return pattern.test(input);\n  });\n}\n\n/**\n * Sanitize a string for safe SQL LIKE queries\n * Escapes special characters that could be used for SQL injection\n */\nexport function sanitizeForSqlLike(input: string): string {\n  if (!input) return '';\n  // Escape SQL LIKE special characters\n  return input\n    .replace(/\\\\/g, '\\\\\\\\')\n    .replace(/%/g, '\\\\%')\n    .replace(/_/g, '\\\\_')\n    .replace(/'/g, \"''\");\n}\n\n/**\n * Validate and sanitize table/column names to prevent SQL injection\n * Only allows alphanumeric characters and underscores\n */\nexport function sanitizeIdentifier(input: string): string {\n  if (!input) {\n    throw new ValidationError(\n      'Identifier cannot be empty',\n      ErrorCode.VALIDATION_FAILED\n    );\n  }\n  // Only allow alphanumeric and underscores\n  const sanitized = input.replace(/[^a-zA-Z0-9_]/g, '');\n  if (sanitized !== input) {\n    throw new ValidationError(\n      `Invalid identifier: ${input}. Only alphanumeric characters and underscores are allowed.`,\n      ErrorCode.VALIDATION_FAILED,\n      { input, sanitized }\n    );\n  }\n  // Prevent SQL keywords\n  const sqlKeywords = [\n    'DROP',\n    'DELETE',\n    'INSERT',\n    'UPDATE',\n    'SELECT',\n    'UNION',\n    'ALTER',\n    'CREATE',\n    'TRUNCATE',\n    'EXEC',\n    'EXECUTE',\n  ];\n  if (sqlKeywords.includes(sanitized.toUpperCase())) {\n    throw new ValidationError(\n      `Invalid identifier: ${input}. SQL keywords are not allowed.`,\n      ErrorCode.VALIDATION_FAILED,\n      { input }\n    );\n  }\n  return sanitized;\n}\n\n/**\n * Validate allowed table names\n */\nconst ALLOWED_TABLES = [\n  'frames',\n  'events',\n  'anchors',\n  'contexts',\n  'task_cache',\n  'schema_version',\n  'attention_log',\n  'traces',\n];\n\nexport function validateTableName(tableName: string): string {\n  const sanitized = sanitizeIdentifier(tableName);\n  if (!ALLOWED_TABLES.includes(sanitized)) {\n    throw new ValidationError(\n      `Invalid table name: ${tableName}. Allowed tables: ${ALLOWED_TABLES.join(', ')}`,\n      ErrorCode.VALIDATION_FAILED,\n      { tableName, allowed: ALLOWED_TABLES }\n    );\n  }\n  return sanitized;\n}\n\n/**\n * Validate and sanitize file paths\n * Prevents path traversal attacks\n */\nexport function sanitizeFilePath(input: string, baseDir?: string): string {\n  if (!input) {\n    throw new ValidationError(\n      'File path cannot be empty',\n      ErrorCode.VALIDATION_FAILED\n    );\n  }\n\n  // Check for null bytes\n  if (input.includes('\\0')) {\n    throw new ValidationError(\n      'File path contains invalid characters',\n      ErrorCode.VALIDATION_FAILED,\n      { reason: 'null_byte' }\n    );\n  }\n\n  // Check for path traversal\n  if (input.includes('..')) {\n    throw new ValidationError(\n      'Path traversal not allowed',\n      ErrorCode.VALIDATION_FAILED,\n      { path: input }\n    );\n  }\n\n  // If baseDir provided, ensure path stays within it\n  if (baseDir) {\n    const resolvedPath = pathResolve(baseDir, input);\n    const relativePath = pathRelative(baseDir, resolvedPath);\n    if (\n      relativePath.startsWith('..') ||\n      pathResolve(relativePath) === resolvedPath\n    ) {\n      // Path escapes baseDir\n      if (relativePath.startsWith('..')) {\n        throw new ValidationError(\n          'Path escapes base directory',\n          ErrorCode.VALIDATION_FAILED,\n          { path: input, baseDir }\n        );\n      }\n    }\n    return resolvedPath;\n  }\n\n  return input;\n}\n\n/**\n * Sensitive field names that should be redacted in logs\n */\nconst SENSITIVE_FIELD_NAMES = [\n  'password',\n  'token',\n  'apikey',\n  'api_key',\n  'secret',\n  'credential',\n  'authorization',\n  'auth',\n  'accesstoken',\n  'access_token',\n  'refreshtoken',\n  'refresh_token',\n];\n\n/**\n * Check if a field name is sensitive\n */\nfunction isSensitiveFieldName(key: string): boolean {\n  const lowerKey = key.toLowerCase();\n  return SENSITIVE_FIELD_NAMES.some((sf) => lowerKey.includes(sf));\n}\n\n/**\n * Sanitize an object for logging (redact sensitive fields)\n */\nexport function sanitizeForLogging(obj: unknown): unknown {\n  if (obj === null || obj === undefined) {\n    return obj;\n  }\n\n  if (typeof obj === 'string') {\n    return redactSensitiveData(obj);\n  }\n\n  if (Array.isArray(obj)) {\n    return obj.map(sanitizeForLogging);\n  }\n\n  if (typeof obj === 'object') {\n    const sanitized: Record<string, unknown> = {};\n    for (const [key, value] of Object.entries(obj)) {\n      // Check if this key is sensitive\n      if (isSensitiveFieldName(key)) {\n        sanitized[key] = '[REDACTED]';\n      } else {\n        // Recursively sanitize nested objects\n        sanitized[key] = sanitizeForLogging(value);\n      }\n    }\n    return sanitized;\n  }\n\n  return obj;\n}\n\n/**\n * Zod schemas for common input validation\n */\nexport const InputSchemas = {\n  // Frame-related\n  frameId: z.string().uuid('Invalid frame ID format'),\n  frameName: z\n    .string()\n    .min(1, 'Frame name is required')\n    .max(500, 'Frame name too long')\n    .refine(\n      (val) => !containsSensitiveData(val),\n      'Frame name may contain sensitive data'\n    ),\n  frameType: z.enum([\n    'task',\n    'subtask',\n    'tool_scope',\n    'review',\n    'write',\n    'debug',\n  ]),\n\n  // Query-related\n  searchQuery: z\n    .string()\n    .min(1, 'Search query is required')\n    .max(1000, 'Search query too long')\n    .transform((val) => sanitizeForSqlLike(val)),\n\n  limit: z.number().int().min(1).max(1000).default(50),\n  offset: z.number().int().min(0).default(0),\n\n  // Task-related\n  taskTitle: z\n    .string()\n    .min(1, 'Task title is required')\n    .max(500, 'Task title too long'),\n  taskDescription: z.string().max(10000, 'Description too long').optional(),\n  taskPriority: z.enum(['low', 'medium', 'high', 'urgent', 'critical']),\n  taskStatus: z.enum([\n    'pending',\n    'in_progress',\n    'completed',\n    'blocked',\n    'cancelled',\n  ]),\n\n  // Anchor-related\n  anchorType: z.enum([\n    'FACT',\n    'DECISION',\n    'CONSTRAINT',\n    'INTERFACE_CONTRACT',\n    'TODO',\n    'RISK',\n  ]),\n  anchorText: z\n    .string()\n    .min(1, 'Anchor text is required')\n    .max(10000, 'Anchor text too long'),\n  priority: z.number().int().min(0).max(10).default(5),\n\n  // File path\n  filePath: z\n    .string()\n    .min(1, 'File path is required')\n    .max(4096, 'File path too long')\n    .refine((val) => !val.includes('\\0'), 'Invalid characters in path')\n    .refine((val) => !val.includes('..'), 'Path traversal not allowed'),\n\n  // Project ID\n  projectId: z\n    .string()\n    .min(1, 'Project ID is required')\n    .max(100, 'Project ID too long')\n    .regex(\n      /^[a-zA-Z0-9_-]+$/,\n      'Project ID can only contain letters, numbers, hyphens, and underscores'\n    ),\n\n  // Session ID\n  sessionId: z.string().uuid('Invalid session ID format').optional(),\n\n  // Date/time\n  timestamp: z.number().int().positive(),\n  dateString: z.string().datetime(),\n\n  // Generic content (with sensitive data check)\n  safeContent: z\n    .string()\n    .max(100000, 'Content too large')\n    .refine(\n      (val) => !containsSensitiveData(val),\n      'Content may contain sensitive data that should not be stored'\n    ),\n\n  // Email\n  email: z\n    .string()\n    .email('Invalid email format')\n    .max(254, 'Email too long')\n    .transform((val) => val.toLowerCase()),\n\n  // URL\n  url: z.string().url('Invalid URL format').max(2048, 'URL too long'),\n};\n\n/**\n * Validate input using a Zod schema with detailed error messages\n */\nexport function validateInput<T>(\n  schema: z.ZodSchema<T>,\n  input: unknown,\n  context: string\n): T {\n  const result = schema.safeParse(input);\n\n  if (!result.success) {\n    const errors = result.error.errors.map((e) => ({\n      path: e.path.join('.'),\n      message: e.message,\n    }));\n\n    throw new ValidationError(\n      `Invalid input for ${context}: ${errors.map((e) => e.message).join(', ')}`,\n      ErrorCode.VALIDATION_FAILED,\n      { context, errors }\n    );\n  }\n\n  return result.data;\n}\n\n/**\n * Create a schema for validating aggregate query options\n * Prevents SQL injection through dynamic field names\n */\nexport function createAggregateSchema(allowedFields: string[]) {\n  return z.object({\n    groupBy: z\n      .array(z.string())\n      .refine(\n        (fields) => fields.every((f) => allowedFields.includes(f)),\n        `Group by fields must be one of: ${allowedFields.join(', ')}`\n      ),\n    metrics: z.array(\n      z.object({\n        operation: z.enum(['COUNT', 'SUM', 'AVG', 'MIN', 'MAX']),\n        field: z\n          .string()\n          .refine(\n            (f) => f === '*' || allowedFields.includes(f),\n            `Field must be one of: ${allowedFields.join(', ')}`\n          ),\n        alias: z\n          .string()\n          .regex(/^[a-zA-Z_][a-zA-Z0-9_]*$/)\n          .optional(),\n      })\n    ),\n    orderBy: z\n      .string()\n      .refine(\n        (f) => allowedFields.includes(f),\n        `Order by must be one of: ${allowedFields.join(', ')}`\n      )\n      .optional(),\n    limit: z.number().int().min(1).max(1000).optional(),\n  });\n}\n\n/**\n * Validate command line arguments for shell safety\n * Prevents command injection\n */\nexport function validateShellArg(arg: string): string {\n  if (!arg) return '';\n\n  // Check for shell metacharacters\n  const dangerousChars = /[;&|`$(){}[\\]<>!#*?~\\n\\r]/;\n  if (dangerousChars.test(arg)) {\n    throw new ValidationError(\n      'Argument contains potentially dangerous shell characters',\n      ErrorCode.VALIDATION_FAILED,\n      { arg: arg.substring(0, 50) }\n    );\n  }\n\n  return arg;\n}\n\n/**\n * Safe JSON parse with validation\n */\nexport function safeJsonParse<T>(\n  input: string,\n  schema?: z.ZodSchema<T>\n): T | null {\n  try {\n    const parsed = JSON.parse(input);\n    if (schema) {\n      return validateInput(schema, parsed, 'JSON parse');\n    }\n    return parsed as T;\n  } catch {\n    return null;\n  }\n}\n"],
+  "mappings": ";;;;AAKA,SAAS,SAAS;AAClB,SAAS,WAAW,aAAa,YAAY,oBAAoB;AACjE,SAAS,iBAAiB,iBAAiB;AAKpC,MAAM,qBAAqB;AAAA,EAChC;AAAA,EACA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA;AACF;AAKO,SAAS,oBAAoB,OAAuB;AACzD,MAAI,SAAS;AACb,aAAW,WAAW,oBAAoB;AACxC,YAAQ,YAAY;AACpB,aAAS,OAAO,QAAQ,SAAS,YAAY;AAAA,EAC/C;AACA,SAAO;AACT;AAKO,SAAS,sBAAsB,OAAwB;AAC5D,SAAO,mBAAmB,KAAK,CAAC,YAAY;AAC1C,YAAQ,YAAY;AACpB,WAAO,QAAQ,KAAK,KAAK;AAAA,EAC3B,CAAC;AACH;AAMO,SAAS,mBAAmB,OAAuB;AACxD,MAAI,CAAC,MAAO,QAAO;AAEnB,SAAO,MACJ,QAAQ,OAAO,MAAM,EACrB,QAAQ,MAAM,KAAK,EACnB,QAAQ,MAAM,KAAK,EACnB,QAAQ,MAAM,IAAI;AACvB;AAMO,SAAS,mBAAmB,OAAuB;AACxD,MAAI,CAAC,OAAO;AACV,UAAM,IAAI;AAAA,MACR;AAAA,MACA,UAAU;AAAA,IACZ;AAAA,EACF;AAEA,QAAM,YAAY,MAAM,QAAQ,kBAAkB,EAAE;AACpD,MAAI,cAAc,OAAO;AACvB,UAAM,IAAI;AAAA,MACR,uBAAuB,KAAK;AAAA,MAC5B,UAAU;AAAA,MACV,EAAE,OAAO,UAAU;AAAA,IACrB;AAAA,EACF;AAEA,QAAM,cAAc;AAAA,IAClB;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACA,MAAI,YAAY,SAAS,UAAU,YAAY,CAAC,GAAG;AACjD,UAAM,IAAI;AAAA,MACR,uBAAuB,KAAK;AAAA,MAC5B,UAAU;AAAA,MACV,EAAE,MAAM;AAAA,IACV;AAAA,EACF;AACA,SAAO;AACT;AAKA,MAAM,iBAAiB;AAAA,EACrB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;AAEO,SAAS,kBAAkB,WAA2B;AAC3D,QAAM,YAAY,mBAAmB,SAAS;AAC9C,MAAI,CAAC,eAAe,SAAS,SAAS,GAAG;AACvC,UAAM,IAAI;AAAA,MACR,uBAAuB,SAAS,qBAAqB,eAAe,KAAK,IAAI,CAAC;AAAA,MAC9E,UAAU;AAAA,MACV,EAAE,WAAW,SAAS,eAAe;AAAA,IACvC;AAAA,EACF;AACA,SAAO;AACT;AAMO,SAAS,iBAAiB,OAAe,SAA0B;AACxE,MAAI,CAAC,OAAO;AACV,UAAM,IAAI;AAAA,MACR;AAAA,MACA,UAAU;AAAA,IACZ;AAAA,EACF;AAGA,MAAI,MAAM,SAAS,IAAI,GAAG;AACxB,UAAM,IAAI;AAAA,MACR;AAAA,MACA,UAAU;AAAA,MACV,EAAE,QAAQ,YAAY;AAAA,IACxB;AAAA,EACF;AAGA,MAAI,MAAM,SAAS,IAAI,GAAG;AACxB,UAAM,IAAI;AAAA,MACR;AAAA,MACA,UAAU;AAAA,MACV,EAAE,MAAM,MAAM;AAAA,IAChB;AAAA,EACF;AAGA,MAAI,SAAS;AACX,UAAM,eAAe,YAAY,SAAS,KAAK;AAC/C,UAAM,eAAe,aAAa,SAAS,YAAY;AACvD,QACE,aAAa,WAAW,IAAI,KAC5B,YAAY,YAAY,MAAM,cAC9B;AAEA,UAAI,aAAa,WAAW,IAAI,GAAG;AACjC,cAAM,IAAI;AAAA,UACR;AAAA,UACA,UAAU;AAAA,UACV,EAAE,MAAM,OAAO,QAAQ;AAAA,QACzB;AAAA,MACF;AAAA,IACF;AACA,WAAO;AAAA,EACT;AAEA,SAAO;AACT;AAKA,MAAM,wBAAwB;AAAA,EAC5B;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;AAKA,SAAS,qBAAqB,KAAsB;AAClD,QAAM,WAAW,IAAI,YAAY;AACjC,SAAO,sBAAsB,KAAK,CAAC,OAAO,SAAS,SAAS,EAAE,CAAC;AACjE;AAKO,SAAS,mBAAmB,KAAuB;AACxD,MAAI,QAAQ,QAAQ,QAAQ,QAAW;AACrC,WAAO;AAAA,EACT;AAEA,MAAI,OAAO,QAAQ,UAAU;AAC3B,WAAO,oBAAoB,GAAG;AAAA,EAChC;AAEA,MAAI,MAAM,QAAQ,GAAG,GAAG;AACtB,WAAO,IAAI,IAAI,kBAAkB;AAAA,EACnC;AAEA,MAAI,OAAO,QAAQ,UAAU;AAC3B,UAAM,YAAqC,CAAC;AAC5C,eAAW,CAAC,KAAK,KAAK,KAAK,OAAO,QAAQ,GAAG,GAAG;AAE9C,UAAI,qBAAqB,GAAG,GAAG;AAC7B,kBAAU,GAAG,IAAI;AAAA,MACnB,OAAO;AAEL,kBAAU,GAAG,IAAI,mBAAmB,KAAK;AAAA,MAC3C;AAAA,IACF;AACA,WAAO;AAAA,EACT;AAEA,SAAO;AACT;AAKO,MAAM,eAAe;AAAA;AAAA,EAE1B,SAAS,EAAE,OAAO,EAAE,KAAK,yBAAyB;AAAA,EAClD,WAAW,EACR,OAAO,EACP,IAAI,GAAG,wBAAwB,EAC/B,IAAI,KAAK,qBAAqB,EAC9B;AAAA,IACC,CAAC,QAAQ,CAAC,sBAAsB,GAAG;AAAA,IACnC;AAAA,EACF;AAAA,EACF,WAAW,EAAE,KAAK;AAAA,IAChB;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,CAAC;AAAA;AAAA,EAGD,aAAa,EACV,OAAO,EACP,IAAI,GAAG,0BAA0B,EACjC,IAAI,KAAM,uBAAuB,EACjC,UAAU,CAAC,QAAQ,mBAAmB,GAAG,CAAC;AAAA,EAE7C,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,IAAI,GAAI,EAAE,QAAQ,EAAE;AAAA,EACnD,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,QAAQ,CAAC;AAAA;AAAA,EAGzC,WAAW,EACR,OAAO,EACP,IAAI,GAAG,wBAAwB,EAC/B,IAAI,KAAK,qBAAqB;AAAA,EACjC,iBAAiB,EAAE,OAAO,EAAE,IAAI,KAAO,sBAAsB,EAAE,SAAS;AAAA,EACxE,cAAc,EAAE,KAAK,CAAC,OAAO,UAAU,QAAQ,UAAU,UAAU,CAAC;AAAA,EACpE,YAAY,EAAE,KAAK;AAAA,IACjB;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,CAAC;AAAA;AAAA,EAGD,YAAY,EAAE,KAAK;AAAA,IACjB;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,CAAC;AAAA,EACD,YAAY,EACT,OAAO,EACP,IAAI,GAAG,yBAAyB,EAChC,IAAI,KAAO,sBAAsB;AAAA,EACpC,UAAU,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,IAAI,EAAE,EAAE,QAAQ,CAAC;AAAA;AAAA,EAGnD,UAAU,EACP,OAAO,EACP,IAAI,GAAG,uBAAuB,EAC9B,IAAI,MAAM,oBAAoB,EAC9B,OAAO,CAAC,QAAQ,CAAC,IAAI,SAAS,IAAI,GAAG,4BAA4B,EACjE,OAAO,CAAC,QAAQ,CAAC,IAAI,SAAS,IAAI,GAAG,4BAA4B;AAAA;AAAA,EAGpE,WAAW,EACR,OAAO,EACP,IAAI,GAAG,wBAAwB,EAC/B,IAAI,KAAK,qBAAqB,EAC9B;AAAA,IACC;AAAA,IACA;AAAA,EACF;AAAA;AAAA,EAGF,WAAW,EAAE,OAAO,EAAE,KAAK,2BAA2B,EAAE,SAAS;AAAA;AAAA,EAGjE,WAAW,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS;AAAA,EACrC,YAAY,EAAE,OAAO,EAAE,SAAS;AAAA;AAAA,EAGhC,aAAa,EACV,OAAO,EACP,IAAI,KAAQ,mBAAmB,EAC/B;AAAA,IACC,CAAC,QAAQ,CAAC,sBAAsB,GAAG;AAAA,IACnC;AAAA,EACF;AAAA;AAAA,EAGF,OAAO,EACJ,OAAO,EACP,MAAM,sBAAsB,EAC5B,IAAI,KAAK,gBAAgB,EACzB,UAAU,CAAC,QAAQ,IAAI,YAAY,CAAC;AAAA;AAAA,EAGvC,KAAK,EAAE,OAAO,EAAE,IAAI,oBAAoB,EAAE,IAAI,MAAM,cAAc;AACpE;AAKO,SAAS,cACd,QACA,OACA,SACG;AACH,QAAM,SAAS,OAAO,UAAU,KAAK;AAErC,MAAI,CAAC,OAAO,SAAS;AACnB,UAAM,SAAS,OAAO,MAAM,OAAO,IAAI,CAAC,OAAO;AAAA,MAC7C,MAAM,EAAE,KAAK,KAAK,GAAG;AAAA,MACrB,SAAS,EAAE;AAAA,IACb,EAAE;AAEF,UAAM,IAAI;AAAA,MACR,qBAAqB,OAAO,KAAK,OAAO,IAAI,CAAC,MAAM,EAAE,OAAO,EAAE,KAAK,IAAI,CAAC;AAAA,MACxE,UAAU;AAAA,MACV,EAAE,SAAS,OAAO;AAAA,IACpB;AAAA,EACF;AAEA,SAAO,OAAO;AAChB;AAMO,SAAS,sBAAsB,eAAyB;AAC7D,SAAO,EAAE,OAAO;AAAA,IACd,SAAS,EACN,MAAM,EAAE,OAAO,CAAC,EAChB;AAAA,MACC,CAAC,WAAW,OAAO,MAAM,CAAC,MAAM,cAAc,SAAS,CAAC,CAAC;AAAA,MACzD,mCAAmC,cAAc,KAAK,IAAI,CAAC;AAAA,IAC7D;AAAA,IACF,SAAS,EAAE;AAAA,MACT,EAAE,OAAO;AAAA,QACP,WAAW,EAAE,KAAK,CAAC,SAAS,OAAO,OAAO,OAAO,KAAK,CAAC;AAAA,QACvD,OAAO,EACJ,OAAO,EACP;AAAA,UACC,CAAC,MAAM,MAAM,OAAO,cAAc,SAAS,CAAC;AAAA,UAC5C,yBAAyB,cAAc,KAAK,IAAI,CAAC;AAAA,QACnD;AAAA,QACF,OAAO,EACJ,OAAO,EACP,MAAM,0BAA0B,EAChC,SAAS;AAAA,MACd,CAAC;AAAA,IACH;AAAA,IACA,SAAS,EACN,OAAO,EACP;AAAA,MACC,CAAC,MAAM,cAAc,SAAS,CAAC;AAAA,MAC/B,4BAA4B,cAAc,KAAK,IAAI,CAAC;AAAA,IACtD,EACC,SAAS;AAAA,IACZ,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,IAAI,GAAI,EAAE,SAAS;AAAA,EACpD,CAAC;AACH;AAMO,SAAS,iBAAiB,KAAqB;AACpD,MAAI,CAAC,IAAK,QAAO;AAGjB,QAAM,iBAAiB;AACvB,MAAI,eAAe,KAAK,GAAG,GAAG;AAC5B,UAAM,IAAI;AAAA,MACR;AAAA,MACA,UAAU;AAAA,MACV,EAAE,KAAK,IAAI,UAAU,GAAG,EAAE,EAAE;AAAA,IAC9B;AAAA,EACF;AAEA,SAAO;AACT;AAKO,SAAS,cACd,OACA,QACU;AACV,MAAI;AACF,UAAM,SAAS,KAAK,MAAM,KAAK;AAC/B,QAAI,QAAQ;AACV,aAAO,cAAc,QAAQ,QAAQ,YAAY;AAAA,IACnD;AACA,WAAO;AAAA,EACT,QAAQ;AACN,WAAO;AAAA,EACT;AACF;",
+  "names": []
+}

package/dist/core/session/enhanced-handoff.js CHANGED Viewed

@@ -11,7 +11,7 @@ import {
   writeFileSync,
   mkdirSync
 } from "fs";
-import { join, basename } from "path";
+import { basename, join } from "path";
 import { homedir, tmpdir } from "os";
 import { globSync } from "glob";
 let countTokens;
@@ -558,7 +558,7 @@ class EnhancedHandoffGenerator {
     }
   }
   /**
-   * Convert handoff to markdown
+   * Convert handoff to markdown (verbose format)
    */
   toMarkdown(handoff) {
     const lines = [];
@@ -651,6 +651,140 @@ class EnhancedHandoffGenerator {
     lines.push(`*Generated at ${handoff.timestamp}*`);
     return lines.join("\n");
   }
+  /**
+   * Convert handoff to compact format (~50% smaller)
+   * Optimized for minimal context window usage
+   */
+  toCompact(handoff) {
+    const lines = [];
+    lines.push(`# Handoff: ${handoff.project}@${handoff.branch}`);
+    const status = handoff.activeWork.status === "in_progress" ? "WIP" : handoff.activeWork.status;
+    lines.push(`## Work: ${handoff.activeWork.description} [${status}]`);
+    if (handoff.activeWork.keyFiles.length > 0) {
+      const files = handoff.activeWork.keyFiles.slice(0, 5).map((f) => basename(f)).join(", ");
+      const progress = handoff.activeWork.progress ? ` (${handoff.activeWork.progress.replace(" in current session", "")})` : "";
+      lines.push(`Files: ${files}${progress}`);
+    }
+    if (handoff.decisions.length > 0) {
+      lines.push("");
+      lines.push("## Decisions");
+      for (const d of handoff.decisions.slice(0, 7)) {
+        const what = d.what.length > 40 ? d.what.slice(0, 37) + "..." : d.what;
+        const why = d.why ? ` \u2192 ${d.why.slice(0, 50)}` : "";
+        lines.push(`- ${what}${why}`);
+      }
+    }
+    if (handoff.blockers.length > 0) {
+      lines.push("");
+      lines.push("## Blockers");
+      for (const b of handoff.blockers) {
+        const status2 = b.status === "open" ? "!" : "\u2713";
+        const tried = b.attempted.length > 0 ? ` \u2192 ${b.attempted[0]}` : "";
+        lines.push(`${status2} ${b.issue}${tried}`);
+      }
+    }
+    if (handoff.reviewFeedback && handoff.reviewFeedback.length > 0) {
+      lines.push("");
+      lines.push("## Feedback");
+      for (const r of handoff.reviewFeedback.slice(0, 2)) {
+        lines.push(`[${r.source}]`);
+        for (const p of r.keyPoints.slice(0, 3)) {
+          lines.push(`- ${p.slice(0, 60)}`);
+        }
+        for (const a of r.actionItems.slice(0, 2)) {
+          lines.push(`\u2192 ${a.slice(0, 60)}`);
+        }
+      }
+    }
+    if (handoff.nextActions.length > 0) {
+      lines.push("");
+      lines.push("## Next");
+      for (const a of handoff.nextActions.slice(0, 3)) {
+        lines.push(`- ${a.slice(0, 60)}`);
+      }
+    }
+    lines.push("");
+    lines.push(`---`);
+    lines.push(
+      `~${handoff.estimatedTokens} tokens | ${handoff.timestamp.split("T")[0]}`
+    );
+    return lines.join("\n");
+  }
+  /**
+   * Convert handoff to ultra-compact pipe-delimited format (~90% smaller)
+   * Optimized for minimal token usage while preserving critical context
+   * Target: ~100-150 tokens
+   */
+  toUltraCompact(handoff) {
+    const lines = [];
+    const status = handoff.activeWork.status === "in_progress" ? "WIP" : handoff.activeWork.status;
+    const commitCount = handoff.activeWork.progress?.match(/(\d+)/)?.[1] || "0";
+    lines.push(
+      `[H]${handoff.project}@${handoff.branch}|${status}|${commitCount}c`
+    );
+    if (handoff.activeWork.keyFiles.length > 0) {
+      const files = handoff.activeWork.keyFiles.slice(0, 5).map((f) => basename(f).replace(/\.(ts|js|tsx|jsx)$/, "")).join(",");
+      lines.push(`[F]${files}`);
+    }
+    if (handoff.decisions.length > 0) {
+      const decisions = handoff.decisions.slice(0, 5).map((d) => {
+        const what = d.what.slice(0, 25).replace(/\|/g, "/");
+        const why = d.why ? `\u2192${d.why.slice(0, 20)}` : "";
+        return `${what}${why}`;
+      }).join("|");
+      lines.push(`[D]${decisions}`);
+    }
+    if (handoff.blockers.length > 0) {
+      const blockers = handoff.blockers.slice(0, 3).map((b) => {
+        const marker = b.status === "open" ? "!" : "\u2713";
+        const issue = b.issue.slice(0, 20).replace(/\|/g, "/");
+        const tried = b.attempted.length > 0 ? `\u2192${b.attempted[0].slice(0, 15)}` : "";
+        return `${marker}${issue}${tried}`;
+      }).join("|");
+      lines.push(`[B]${blockers}`);
+    }
+    if (handoff.nextActions.length > 0) {
+      const actions = handoff.nextActions.slice(0, 3).map((a) => a.slice(0, 25).replace(/\|/g, "/")).join("|");
+      lines.push(`[N]${actions}`);
+    }
+    const ultraCompactContent = lines.join("\n");
+    const tokens = countTokens(ultraCompactContent);
+    lines.push(`~${tokens}t|${handoff.timestamp.split("T")[0]}`);
+    return lines.join("\n");
+  }
+  /**
+   * Auto-select format based on context budget and content complexity
+   * Returns: 'ultra' | 'compact' | 'verbose'
+   */
+  selectFormat(handoff, contextBudget) {
+    if (contextBudget !== void 0) {
+      if (contextBudget < 500) return "ultra";
+      if (contextBudget < 2e3) return "compact";
+      return "verbose";
+    }
+    const complexity = handoff.decisions.length + handoff.blockers.length + (handoff.reviewFeedback?.length || 0) * 2 + handoff.nextActions.length;
+    if (complexity <= 3 && handoff.activeWork.keyFiles.length <= 3) {
+      return "ultra";
+    }
+    if (complexity > 8 || handoff.reviewFeedback && handoff.reviewFeedback.length > 1) {
+      return "verbose";
+    }
+    return "compact";
+  }
+  /**
+   * Generate handoff in auto-selected format
+   */
+  toAutoFormat(handoff, contextBudget) {
+    const format = this.selectFormat(handoff, contextBudget);
+    switch (format) {
+      case "ultra":
+        return this.toUltraCompact(handoff);
+      case "verbose":
+        return this.toMarkdown(handoff);
+      default:
+        return this.toCompact(handoff);
+    }
+  }
 }
 export {
   EnhancedHandoffGenerator