@toolbaux/guardian 0.1.22 → 0.2.0

package/dist/commands/context.js

@@ -5,21 +5,90 @@ import { loadArchitectureDiff, loadHeatmap } from "../extract/compress.js";
 import { renderContextBlock } from "../extract/context-block.js";
 import { resolveMachineInputDir } from "../output-layout.js";
 import { DEFAULT_SPECS_DIR } from "../config.js";
+import { SqliteSpecsStore, DB_FILENAME } from "../db/sqlite-specs-store.js";
+/** Open a SqliteSpecsStore if guardian.db exists, return null otherwise. */
+async function tryOpenStore(specsDir) {
+    const dbPath = path.join(specsDir, DB_FILENAME);
+    try {
+        await fs.stat(dbPath);
+        const store = new SqliteSpecsStore(specsDir);
+        await store.init();
+        return store;
+    }
+    catch {
+        return null;
+    }
+}
+/** Reconstruct the SI report shape renderContextBlock needs from module_metrics rows. */
+function siFromMetrics(rows) {
+    return rows.map(r => ({
+        feature: r.module,
+        structure: { nodes: r.nodes, edges: r.edges },
+        metrics: { depth: 0, fanout_avg: 0, fanout_max: 0, density: 0, has_cycles: false },
+        scores: { depth_score: 0, fanout_score: 0, density_score: 0, cycle_score: 0, query_score: 0 },
+        confidence: { value: r.confidence, level: r.confidence_level },
+        ambiguity: { level: "LOW" },
+        classification: {
+            depth_level: r.depth_level,
+            propagation: r.propagation,
+            compressible: r.compressible,
+        },
+        recommendation: {
+            primary: { pattern: r.pattern, confidence: r.confidence },
+            fallback: { pattern: "", condition: "" },
+            avoid: [],
+        },
+        guardrails: { enforce_if_confidence_above: 0.7 },
+        override: { allowed: true, requires_reason: true },
+    }));
+}
 export async function runContext(options) {
     const inputDir = await resolveMachineInputDir(options.input || DEFAULT_SPECS_DIR);
-    const { architecture, ux } = await loadSnapshots(inputDir);
+    // inputDir resolves to .specs/machine/; DB lives one level up at .specs/guardian.db
+    const specsDir = path.dirname(inputDir);
+    const store = await tryOpenStore(specsDir);
+    let architecture;
+    let ux;
+    let si;
+    try {
+        // ── Load snapshots: DB first, file fallback ─────────────────────────────
+        if (store) {
+            const archEntry = await store.readSpec("architecture.snapshot");
+            const uxEntry = await store.readSpec("ux.snapshot");
+            if (archEntry && uxEntry) {
+                architecture = yaml.load(archEntry.content);
+                ux = yaml.load(uxEntry.content);
+            }
+            else {
+                ({ architecture, ux } = await loadSnapshotsFromFiles(inputDir));
+            }
+        }
+        else {
+            ({ architecture, ux } = await loadSnapshotsFromFiles(inputDir));
+        }
+        // ── Load SI reports: module_metrics table first, file fallback ──────────
+        if (store) {
+            const rows = store.readModuleMetrics();
+            if (rows.length > 0) {
+                si = siFromMetrics(rows);
+            }
+        }
+        if (!si) {
+            try {
+                const siRaw = await fs.readFile(path.join(inputDir, "structural-intelligence.json"), "utf8");
+                si = JSON.parse(siRaw);
+            }
+            catch { /* not available */ }
+        }
+    }
+    finally {
+        if (store)
+            await store.close();
+    }
     const [diff, heatmap] = await Promise.all([
         loadArchitectureDiff(inputDir),
         loadHeatmap(inputDir)
     ]);
-    // Load structural intelligence if available
-    let si;
-    try {
-        const siPath = path.join(inputDir, "structural-intelligence.json");
-        const siRaw = await fs.readFile(siPath, "utf8");
-        si = JSON.parse(siRaw);
-    }
-    catch { /* not available */ }
     const content = renderContextBlock(architecture, ux, {
         focusQuery: options.focus,
         maxLines: normalizeMaxLines(options.maxLines),
@@ -38,16 +107,18 @@ export async function runContext(options) {
     await fs.writeFile(outputPath, next, "utf8");
     console.log(`Wrote ${outputPath}`);
 }
-async function loadSnapshots(inputDir) {
+async function loadSnapshotsFromFiles(inputDir) {
     const architecturePath = path.join(inputDir, "architecture.snapshot.yaml");
     const uxPath = path.join(inputDir, "ux.snapshot.yaml");
-    let architectureRaw;
-    let uxRaw;
     try {
-        [architectureRaw, uxRaw] = await Promise.all([
+        const [architectureRaw, uxRaw] = await Promise.all([
             fs.readFile(architecturePath, "utf8"),
             fs.readFile(uxPath, "utf8")
         ]);
+        return {
+            architecture: yaml.load(architectureRaw),
+            ux: yaml.load(uxRaw)
+        };
     }
     catch (error) {
         if (error.code === "ENOENT") {
@@ -55,10 +126,6 @@ async function loadSnapshots(inputDir) {
         }
         throw error;
     }
-    return {
-        architecture: yaml.load(architectureRaw),
-        ux: yaml.load(uxRaw)
-    };
 }
 async function readIfExists(filePath) {
     try {
@@ -75,37 +142,28 @@ function stripExistingSpecGuardBlocks(content) {
         .replace(/<!-- guardian:auto-context -->[\s\S]*?<!-- \/guardian:auto-context -->/g, "<!-- guardian:auto-context -->\n<!-- /guardian:auto-context -->")
         .replace(/\n{3,}/g, "\n\n");
 }
-/**
- * Inject context into a file that has <!-- guardian:auto-context --> markers.
- * Replaces content between the markers instead of appending.
- */
 function injectIntoAutoContext(existing, contextBlock) {
     const marker = "<!-- guardian:auto-context -->";
     const endMarker = "<!-- /guardian:auto-context -->";
     if (!existing.includes(marker)) {
-        // No auto-context markers — fall back to append behavior
         const cleaned = stripExistingSpecGuardBlocks(existing).trim();
         return cleaned.length > 0 ? `${cleaned}\n\n${contextBlock}\n` : `${contextBlock}\n`;
     }
-    // Replace content between markers
     const startIdx = existing.indexOf(marker);
     const endIdx = existing.indexOf(endMarker);
-    if (startIdx === -1 || endIdx === -1) {
+    if (startIdx === -1 || endIdx === -1)
         return existing;
-    }
     const before = existing.slice(0, startIdx + marker.length);
     const after = existing.slice(endIdx);
     return `${before}\n${contextBlock}\n${after}`;
 }
 function normalizeMaxLines(value) {
-    if (typeof value === "number" && Number.isFinite(value)) {
+    if (typeof value === "number" && Number.isFinite(value))
         return value;
-    }
     if (typeof value === "string" && value.trim().length > 0) {
         const parsed = Number.parseInt(value, 10);
-        if (Number.isFinite(parsed) && parsed > 0) {
+        if (Number.isFinite(parsed) && parsed > 0)
             return parsed;
-        }
     }
     return undefined;
 }

package/dist/commands/discrepancy.js

@@ -22,7 +22,7 @@ export async function runDiscrepancy(options) {
     // Load codebase intelligence
     const intelPath = path.join(layout.machineDir, "codebase-intelligence.json");
     const intel = await loadCodebaseIntelligence(intelPath).catch(() => {
-        throw new Error(`Could not load codebase-intelligence.json from ${intelPath}. Run \`guardian intel --specs ${options.specs}\` first.`);
+        throw new Error(`Could not load codebase-intelligence.json from ${intelPath}. Run \`guardian extract --output ${options.specs}\` first.`);
     });
     const baselinePath = path.join(layout.machineDir, "product-document.baseline.json");
     const featureSpecsDir = options.featureSpecs ? path.resolve(options.featureSpecs) : null;

package/dist/commands/doc-generate.js

@@ -46,7 +46,7 @@ export async function runDocGenerate(options) {
     process.stdout.write("Loading codebase intelligence... ");
     const intel = await loadCodebaseIntelligence(intelPath).catch(() => {
         console.log("failed");
-        throw new Error(`Could not load ${intelPath}. Run \`guardian intel --specs ${options.specs}\` first.`);
+        throw new Error(`Could not load ${intelPath}. Run \`guardian extract --output ${options.specs}\` first.`);
     });
     console.log(`${intel.meta.counts.endpoints} endpoints, ${intel.meta.counts.models} models, ` +
         `${intel.meta.counts.enums} enums, ${intel.meta.counts.tasks} tasks`);

package/dist/commands/doc-html.js

@@ -23,7 +23,7 @@ export async function runDocHtml(options) {
     process.stdout.write("Loading codebase intelligence... ");
     const intel = await loadCodebaseIntelligence(intelPath).catch(() => {
         console.log("failed");
-        throw new Error(`Could not load ${intelPath}. Run \`guardian intel --specs ${options.specs}\` first.`);
+        throw new Error(`Could not load ${intelPath}. Run \`guardian extract --output ${options.specs}\` first.`);
     });
     console.log(`${intel.meta.counts.endpoints} endpoints, ${intel.meta.counts.models} models`);
     // ── Feature arcs (optional) ───────────────────────────────────────────────

package/dist/commands/extract.js

@@ -5,13 +5,16 @@ import { runIntel } from "./intel.js";
 import { runGenerate } from "./generate.js";
 import { runContext } from "./context.js";
 export async function runExtract(options) {
+    // Default to sqlite so every extract builds guardian.db automatically.
+    // Pass --backend file to opt out (e.g. CI environments that don't need search).
+    const backend = options.backend ?? "sqlite";
     const { architecturePath, uxPath } = await extractProject(options);
     console.log(`Wrote ${architecturePath}`);
     console.log(`Wrote ${uxPath}`);
     // Auto-build codebase intelligence after every extract
     const specsDir = path.resolve(options.output);
     try {
-        await runIntel({ specs: specsDir });
+        await runIntel({ specs: specsDir, backend });
     }
     catch {
         // Non-fatal — intel build failure should not break extract

package/dist/commands/feature-context.js

@@ -26,7 +26,7 @@ export async function runFeatureContext(options) {
     // Load codebase intelligence
     const intelPath = path.join(layout.machineDir, "codebase-intelligence.json");
     const intel = await loadCodebaseIntelligence(intelPath).catch(() => {
-        throw new Error(`Could not load codebase-intelligence.json from ${intelPath}. Run \`guardian intel --specs ${options.specs}\` first.`);
+        throw new Error(`Could not load codebase-intelligence.json from ${intelPath}. Run \`guardian extract --output ${options.specs}\` first.`);
     });
     // Build filtered context
     const context = buildFeatureContext(spec, intel);

package/dist/commands/generate.js

@@ -1,26 +1,99 @@
 import fs from "node:fs/promises";
 import path from "node:path";
+import yaml from "js-yaml";
 import { buildSnapshots } from "../extract/index.js";
 import { renderContextBlock } from "../extract/context-block.js";
 import { getOutputLayout } from "../output-layout.js";
 import { DEFAULT_SPECS_DIR } from "../config.js";
 import { analyzeDepth } from "../extract/analyzers/depth.js";
+import { SqliteSpecsStore, DB_FILENAME } from "../db/sqlite-specs-store.js";
 export async function runGenerate(options) {
     if (!options.aiContext) {
         throw new Error("`guardian generate` currently supports `--ai-context` only.");
     }
     const outputRoot = path.resolve(options.output ?? DEFAULT_SPECS_DIR);
     const layout = getOutputLayout(outputRoot);
-    const { architecture, ux } = await buildSnapshots({
-        projectRoot: options.projectRoot,
-        backendRoot: options.backendRoot,
-        frontendRoot: options.frontendRoot,
-        output: outputRoot,
-        includeFileGraph: true,
-        configPath: options.configPath
-    });
-    // Load persisted Structural Intelligence reports emitted by `guardian extract`
-    const siReports = await loadStructuralIntelligenceReports(layout.machineDir);
+    // ── Load snapshots: DB first, full re-extraction as fallback ──────────────
+    // When guardian.db exists (built by extract), load snapshots from the specs
+    // table instead of re-analysing the whole codebase. This is ~10× faster.
+    let architecture;
+    let ux;
+    let siReports;
+    const dbPath = path.join(outputRoot, DB_FILENAME);
+    let store = null;
+    try {
+        await fs.stat(dbPath);
+        store = new SqliteSpecsStore(outputRoot);
+        await store.init();
+    }
+    catch {
+        store = null;
+    }
+    try {
+        if (store) {
+            const archEntry = await store.readSpec("architecture.snapshot");
+            const uxEntry = await store.readSpec("ux.snapshot");
+            if (archEntry && uxEntry) {
+                console.log("[guardian] Loading snapshots from guardian.db");
+                architecture = yaml.load(archEntry.content);
+                ux = yaml.load(uxEntry.content);
+            }
+            else {
+                console.log("[guardian] Snapshots not in DB — extracting from codebase");
+                ({ architecture, ux } = await buildSnapshots({
+                    projectRoot: options.projectRoot,
+                    backendRoot: options.backendRoot,
+                    frontendRoot: options.frontendRoot,
+                    output: outputRoot,
+                    includeFileGraph: true,
+                    configPath: options.configPath
+                }));
+            }
+            // SI from module_metrics, fall back to file
+            const metricRows = store.readModuleMetrics();
+            if (metricRows.length > 0) {
+                siReports = metricRows.map(r => ({
+                    feature: r.module,
+                    structure: { nodes: r.nodes, edges: r.edges },
+                    metrics: { depth: 0, fanout_avg: 0, fanout_max: 0, density: 0, has_cycles: false },
+                    scores: { depth_score: 0, fanout_score: 0, density_score: 0, cycle_score: 0, query_score: 0 },
+                    confidence: { value: r.confidence, level: r.confidence_level },
+                    ambiguity: { level: "LOW" },
+                    classification: {
+                        depth_level: r.depth_level,
+                        propagation: r.propagation,
+                        compressible: r.compressible,
+                    },
+                    recommendation: {
+                        primary: { pattern: r.pattern, confidence: r.confidence },
+                        fallback: { pattern: "", condition: "" },
+                        avoid: [],
+                    },
+                    guardrails: { enforce_if_confidence_above: 0.7 },
+                    override: { allowed: true, requires_reason: true },
+                }));
+            }
+            else {
+                siReports = await loadStructuralIntelligenceReports(layout.machineDir);
+            }
+        }
+        else {
+            console.log("[guardian] No guardian.db found — extracting from codebase");
+            ({ architecture, ux } = await buildSnapshots({
+                projectRoot: options.projectRoot,
+                backendRoot: options.backendRoot,
+                frontendRoot: options.frontendRoot,
+                output: outputRoot,
+                includeFileGraph: true,
+                configPath: options.configPath
+            }));
+            siReports = await loadStructuralIntelligenceReports(layout.machineDir);
+        }
+    }
+    finally {
+        if (store)
+            await store.close();
+    }
     // If a --focus query is provided, prepend a real-time SI report for that query
     if (options.focus) {
         try {

package/dist/commands/init.js

@@ -13,32 +13,62 @@
  */
 import fs from "node:fs/promises";
 import path from "node:path";
+import { randomUUID } from "node:crypto";
 import { DEFAULT_SPECS_DIR } from "../config.js";
 const DEFAULT_CONFIG = {
     docs: {
         mode: "full",
     },
 };
+/**
+ * Hook script written to .claude/hooks/mcp-first.sh
+ *
+ * Blocks Read/Glob/Grep until a guardian MCP tool has been called in the
+ * current session. Session state lives in /tmp/guardian-used-<SESSION_ID>
+ * and is set by the PostToolUse hook (guardian-used.sh) below.
+ */
 const CLAUDE_CODE_HOOK_SCRIPT = `#!/bin/bash
-# Guardian MCP-first hook — ensures AI tools use Guardian MCP before reading source files.
-# Installed by: guardian init
+# Guardian MCP-first hook — blocks Read/Glob/Grep until guardian tools are used.
+# Installed by: guardian init  (v3 — session-scoped flag, no time drift)
 
 INPUT=$(cat)
-TOOL_NAME=$(echo "$INPUT" | jq -r '.tool_name // empty')
+SESSION_ID=$(echo "$INPUT" | jq -r '.session_id // "default"')
+FLAG="/tmp/guardian-used-\${SESSION_ID}"
 
-cat >&2 <<BLOCK
-BLOCKED: Use Guardian MCP tools before reading source files.
+# If guardian was called in this session, allow all file operations.
+if [ -f "$FLAG" ]; then
+  exit 0
+fi
+
+cat >&2 <<'BLOCK'
+BLOCKED: Use Guardian MCP tools before exploring source files.
 
-Use these MCP tools first:
-  - guardian_orient  — get codebase overview
-  - guardian_search  — find features by keyword
-  - guardian_context — deep dive into a specific area
+Call one of these first:
+  guardian_search("your query")  — find files/symbols/endpoints by keyword
+  guardian_grep("pattern")       — semantic grep (replaces Grep tool)
+  guardian_glob("src/auth/**")   — semantic file discovery (replaces Glob tool)
+  guardian_orient()              — get codebase overview
 
-Then you can read individual files as needed.
+File reads are unblocked automatically for the rest of this session.
 BLOCK
 
 exit 2
 `;
+/**
+ * Hook script written to .claude/hooks/guardian-used.sh
+ *
+ * Called by PostToolUse after any guardian_* tool. Sets the session flag
+ * that mcp-first.sh checks, unblocking subsequent Read/Glob/Grep calls.
+ */
+const GUARDIAN_USED_SCRIPT = `#!/bin/bash
+# Guardian PostToolUse hook — marks guardian as used for this session.
+# Installed by: guardian init
+
+INPUT=$(cat)
+SESSION_ID=$(echo "$INPUT" | jq -r '.session_id // "default"')
+touch "/tmp/guardian-used-\${SESSION_ID}"
+exit 0
+`;
 const HOOK_SCRIPT = `#!/bin/sh
 # guardian pre-commit hook — keeps architecture context fresh
 # Installed by: guardian init
@@ -80,6 +110,22 @@ export async function runInit(options) {
     else {
         console.log("  · guardian.config.json already exists");
     }
+    // 2b. Ensure project_id is present in guardian.config.json
+    try {
+        const raw = await fs.readFile(configPath, "utf8");
+        const cfg = JSON.parse(raw);
+        if (!cfg.project_id) {
+            cfg.project_id = randomUUID();
+            await fs.writeFile(configPath, JSON.stringify(cfg, null, 2) + "\n", "utf8");
+            console.log("  ✓ Added project_id to guardian.config.json");
+        }
+        else {
+            console.log("  · guardian.config.json already has project_id");
+        }
+    }
+    catch {
+        // Non-fatal — config may not be valid JSON yet
+    }
     // 3. Install pre-commit hook
     if (!options.skipHook) {
         const gitDir = path.join(root, ".git");
@@ -162,6 +208,7 @@ export async function runInit(options) {
             frontendRoot: options.frontendRoot,
             output: specsDir,
             includeFileGraph: true,
+            backend: options.backend,
         });
         const { runGenerate } = await import("./generate.js");
         await runGenerate({
@@ -212,18 +259,13 @@ async function setupClaudeCodeHooks(root, specsDir) {
             try {
                 mcpConfig = JSON.parse(await fs.readFile(mcpJsonPath, "utf8"));
             }
-            catch {
-                // Corrupted — overwrite
-            }
+            catch { /* corrupted — overwrite */ }
         }
         if (!mcpConfig.mcpServers)
             mcpConfig.mcpServers = {};
         const servers = mcpConfig.mcpServers;
         if (!servers.guardian) {
-            servers.guardian = {
-                command: "guardian",
-                args: ["mcp-serve", "--specs", specsDir],
-            };
+            servers.guardian = { command: "guardian", args: ["mcp-serve", "--specs", specsDir] };
             await fs.writeFile(mcpJsonPath, JSON.stringify(mcpConfig, null, 2) + "\n", "utf8");
             console.log("  ✓ Created .mcp.json (MCP server config)");
         }
@@ -237,58 +279,49 @@ async function setupClaudeCodeHooks(root, specsDir) {
     const claudeDir = path.join(root, ".claude");
     const hooksDir = path.join(claudeDir, "hooks");
     const settingsPath = path.join(claudeDir, "settings.json");
-    const hookScriptPath = path.join(hooksDir, "mcp-first.sh");
+    const mcpFirstPath = path.join(hooksDir, "mcp-first.sh");
+    const guardianUsedPath = path.join(hooksDir, "guardian-used.sh");
     await fs.mkdir(hooksDir, { recursive: true });
-    // Write the hook script
-    if (!(await fileExists(hookScriptPath))) {
-        await fs.writeFile(hookScriptPath, CLAUDE_CODE_HOOK_SCRIPT, "utf8");
-        await fs.chmod(hookScriptPath, 0o755);
-        console.log("  ✓ Created Claude Code MCP-first hook (.claude/hooks/mcp-first.sh)");
-    }
-    else {
-        console.log("  · Claude Code hook already exists");
-    }
+    // Always overwrite hook scripts so they stay in sync with this version of guardian.
+    await fs.writeFile(mcpFirstPath, CLAUDE_CODE_HOOK_SCRIPT, "utf8");
+    await fs.chmod(mcpFirstPath, 0o755);
+    console.log("  ✓ Wrote .claude/hooks/mcp-first.sh (PreToolUse — blocks until guardian called)");
+    await fs.writeFile(guardianUsedPath, GUARDIAN_USED_SCRIPT, "utf8");
+    await fs.chmod(guardianUsedPath, 0o755);
+    console.log("  ✓ Wrote .claude/hooks/guardian-used.sh (PostToolUse — sets session flag)");
     // Write or merge .claude/settings.json
     let settings = {};
     if (await fileExists(settingsPath)) {
         try {
             settings = JSON.parse(await fs.readFile(settingsPath, "utf8"));
         }
-        catch {
-            // Corrupted file — overwrite
-        }
+        catch { /* corrupted — overwrite */ }
     }
-    // Add MCP server config
+    // MCP server registration
     if (!settings.mcpServers)
         settings.mcpServers = {};
-    const mcpServers = settings.mcpServers;
-    if (!mcpServers.guardian) {
-        mcpServers.guardian = {
-            command: "guardian",
-            args: ["mcp-serve", "--specs", specsDir],
-        };
-    }
-    // Add PreToolUse hook
-    const hookEntry = {
-        matcher: "Read|Glob|Grep",
-        hooks: [
+    settings.mcpServers.guardian = {
+        command: "guardian",
+        args: ["mcp-serve", "--specs", specsDir],
+    };
+    // Hooks — always overwrite to keep in sync with installed scripts.
+    settings.hooks = {
+        // PreToolUse: block Read/Glob/Grep until a guardian tool has been called.
+        // The script itself handles the session-flag check — no "if" filter needed here.
+        PreToolUse: [
+            {
+                matcher: "Read|Glob|Grep",
+                hooks: [{ type: "command", command: ".claude/hooks/mcp-first.sh" }],
+            },
+        ],
+        // PostToolUse: set the session flag after any guardian MCP tool call.
+        PostToolUse: [
             {
-                type: "command",
-                if: "Read(//*/src/*)|Glob(*src*)|Grep(*src*)",
-                command: '"$CLAUDE_PROJECT_DIR"/.claude/hooks/mcp-first.sh',
+                matcher: "mcp__guardian__guardian_search|mcp__guardian__guardian_orient|mcp__guardian__guardian_context|mcp__guardian__guardian_impact|mcp__guardian__guardian_grep|mcp__guardian__guardian_glob",
+                hooks: [{ type: "command", command: ".claude/hooks/guardian-used.sh" }],
             },
         ],
     };
-    if (!settings.hooks)
-        settings.hooks = {};
-    const hooks = settings.hooks;
-    if (!hooks.PreToolUse) {
-        hooks.PreToolUse = [hookEntry];
-        console.log("  ✓ Configured Claude Code PreToolUse hook in .claude/settings.json");
-    }
-    else {
-        console.log("  · Claude Code PreToolUse hook already configured");
-    }
     await fs.writeFile(settingsPath, JSON.stringify(settings, null, 2) + "\n", "utf8");
-    console.log("  ✓ Updated .claude/settings.json (MCP server + hooks)");
+    console.log("  ✓ Updated .claude/settings.json (MCP server + PreToolUse + PostToolUse hooks)");
 }

package/dist/commands/intel.js

@@ -2,16 +2,85 @@
  * `guardian intel` — build codebase-intelligence.json from existing snapshots.
  *
  * Reads:  specs-out/machine/architecture.snapshot.yaml + ux.snapshot.yaml
- * Writes: specs-out/machine/codebase-intelligence.json
+ * Writes: specs-out/machine/codebase-intelligence.json  (file backend, default)
+ *         specs-out/guardian.db                          (sqlite backend)
  *
  * Also auto-runs at the end of `guardian extract`.
  */
 import path from "node:path";
 import { writeCodebaseIntelligence } from "../extract/codebase-intel.js";
+import { writeCodebaseIntelligenceViaStore } from "../extract/codebase-intel.js";
 import { getOutputLayout } from "../output-layout.js";
+import { SqliteSpecsStore } from "../db/sqlite-specs-store.js";
+import { populateFTSIndex } from "../db/fts-builder.js";
+import { embedFunctions } from "../db/embeddings.js";
 export async function runIntel(options) {
     const specsDir = path.resolve(options.specs);
     const layout = getOutputLayout(specsDir);
+    if (options.backend === "sqlite") {
+        // ── SQLite path ──
+        // extract always writes snapshots as files, so we read those then write
+        // intel + FTS into guardian.db. This avoids requiring --backend on extract.
+        const store = new SqliteSpecsStore(layout.rootDir);
+        await store.init();
+        try {
+            // Read snapshots from the existing file-based layout
+            const machineDir = layout.machineDir;
+            const [archRaw, uxRaw] = await Promise.all([
+                (await import("node:fs/promises")).readFile((await import("node:path")).join(machineDir, "architecture.snapshot.yaml"), "utf8"),
+                (await import("node:fs/promises")).readFile((await import("node:path")).join(machineDir, "ux.snapshot.yaml"), "utf8"),
+            ]);
+            // Populate snapshots into the store so writeCodebaseIntelligenceViaStore can read them
+            await store.writeSpec("architecture.snapshot", archRaw, "yaml");
+            await store.writeSpec("ux.snapshot", uxRaw, "yaml");
+            // Build intel and write to DB
+            await writeCodebaseIntelligenceViaStore(store);
+            // Build FTS5 index — enrich with all extract output for best recall
+            const intelEntry = await store.readSpec("codebase-intelligence");
+            if (intelEntry) {
+                const intel = JSON.parse(intelEntry.content);
+                const archEntry = await store.readSpec("architecture.snapshot");
+                const arch = archEntry ? (await import("js-yaml")).load(archEntry.content) : undefined;
+                // Also load function-intelligence if present in the machine dir
+                let funcIntel;
+                try {
+                    const fnRaw = await (await import("node:fs/promises")).readFile((await import("node:path")).join(machineDir, "function-intelligence.json"), "utf8");
+                    funcIntel = JSON.parse(fnRaw);
+                }
+                catch { /* not generated yet — skip */ }
+                populateFTSIndex(store, intel, arch, funcIntel);
+                console.log(`Built FTS5 search index (${Object.keys(intel.api_registry ?? {}).length} endpoints indexed)`);
+                // Populate module_metrics from structural-intelligence.json (if present).
+                try {
+                    const siRaw = await (await import("node:fs/promises")).readFile((await import("node:path")).join(machineDir, "structural-intelligence.json"), "utf8");
+                    const siReports = JSON.parse(siRaw);
+                    if (Array.isArray(siReports) && siReports.length > 0) {
+                        store.rebuildModuleMetrics(siReports);
+                        console.log(`Indexed ${siReports.length} module metrics`);
+                    }
+                }
+                catch { /* structural-intelligence.json not generated yet — skip */ }
+                // Embed functions for semantic (vector) search.
+                // Uses local on-device model by default (no API key needed).
+                // If OPENAI_API_KEY is set, uses OpenAI text-embedding-3-small (better quality).
+                if (funcIntel?.functions?.length) {
+                    console.log(`[guardian embed] embedding ${funcIntel.functions.length} functions…`);
+                    try {
+                        await embedFunctions(store, funcIntel.functions, process.env.OPENAI_API_KEY);
+                    }
+                    catch (err) {
+                        console.warn(`[guardian embed] skipped: ${err.message}`);
+                    }
+                }
+            }
+            console.log(`Wrote guardian.db → ${layout.rootDir}`);
+        }
+        finally {
+            await store.close();
+        }
+        return;
+    }
+    // ── File path (default): original behavior, unchanged ──
     const outputPath = options.output
         ? path.resolve(options.output)
         : path.join(layout.machineDir, "codebase-intelligence.json");