@totalreclaw/totalreclaw 1.0.0 → 1.0.2

package/crypto.ts

@@ -1,351 +0,0 @@
-/**
- * TotalReclaw Plugin - Crypto Operations
- *
- * All cryptographic primitives used by the OpenClaw plugin. These must
- * produce byte-for-byte identical output to the TotalReclaw client library
- * (`client/src/crypto/`) so that memories written by one can be read by
- * the other.
- *
- * Key derivation chain:
- *   master_password + salt
- *     -> Argon2id(t=3, m=65536, p=4, dkLen=32) -> masterKey
- *     -> HKDF-SHA256(masterKey, salt, "totalreclaw-auth-key-v1",       32) -> authKey
- *     -> HKDF-SHA256(masterKey, salt, "totalreclaw-encryption-key-v1", 32) -> encryptionKey
- *     -> HKDF-SHA256(masterKey, salt, "openmemory-dedup-v1",          32) -> dedupKey
- *
- * Encryption: AES-256-GCM (12-byte IV, 16-byte tag)
- * Blind indices: SHA-256 of lowercase tokens
- * Content fingerprint: HMAC-SHA256(dedupKey, normalizeText(plaintext))
- */
-
-import { argon2id } from '@noble/hashes/argon2.js';
-import { hkdf } from '@noble/hashes/hkdf.js';
-import { sha256 } from '@noble/hashes/sha2.js';
-import { hmac } from '@noble/hashes/hmac.js';
-import { mnemonicToSeedSync, validateMnemonic } from '@scure/bip39';
-import { wordlist } from '@scure/bip39/wordlists/english.js';
-import { stemmer } from 'porter-stemmer';
-import crypto from 'node:crypto';
-
-// ---------------------------------------------------------------------------
-// Key Derivation
-// ---------------------------------------------------------------------------
-
-/** HKDF context strings -- must match client/src/crypto/kdf.ts exactly. */
-const AUTH_KEY_INFO = 'totalreclaw-auth-key-v1';
-const ENCRYPTION_KEY_INFO = 'totalreclaw-encryption-key-v1';
-const DEDUP_KEY_INFO = 'openmemory-dedup-v1';
-
-/** Argon2id parameters -- OWASP recommendations, matching client defaults. */
-const ARGON2_TIME_COST = 3;
-const ARGON2_MEMORY_COST = 65536; // 64 MB in KiB
-const ARGON2_PARALLELISM = 4;
-const ARGON2_DK_LEN = 32;
-
-/** AES-256-GCM constants. */
-const IV_LENGTH = 12;
-const TAG_LENGTH = 16;
-const KEY_LENGTH = 32;
-
-/**
- * Check if the input looks like a BIP-39 mnemonic (12 or 24 words from the BIP-39 English wordlist).
- */
-function isBip39Mnemonic(input: string): boolean {
-  const words = input.trim().split(/\s+/);
-  if (words.length !== 12 && words.length !== 24) return false;
-  return validateMnemonic(input.trim(), wordlist);
-}
-
-/**
- * Derive encryption keys from a BIP-39 mnemonic.
- * Uses the 512-bit BIP-39 seed as HKDF input (NOT the derived private key)
- * for proper key separation from the Ethereum signing key.
- */
-function deriveKeysFromMnemonic(
-  mnemonic: string,
-): { authKey: Buffer; encryptionKey: Buffer; dedupKey: Buffer; salt: Buffer } {
-  // BIP-39: mnemonic -> 512-bit seed via PBKDF2(mnemonic, "mnemonic", 2048 rounds)
-  const seed = mnemonicToSeedSync(mnemonic.trim());
-
-  // Use first 32 bytes of seed as deterministic salt for HKDF
-  // (BIP-39 mnemonics are self-salting via PBKDF2, no random salt needed)
-  const salt = Buffer.from(seed.slice(0, 32));
-
-  // HKDF-SHA256 from the full 512-bit seed, using distinct info strings
-  const enc = (s: string) => Buffer.from(s, 'utf8');
-  const seedBuf = Buffer.from(seed);
-
-  const authKey = Buffer.from(
-    hkdf(sha256, seedBuf, salt, enc(AUTH_KEY_INFO), 32),
-  );
-  const encryptionKey = Buffer.from(
-    hkdf(sha256, seedBuf, salt, enc(ENCRYPTION_KEY_INFO), 32),
-  );
-  const dedupKey = Buffer.from(
-    hkdf(sha256, seedBuf, salt, enc(DEDUP_KEY_INFO), 32),
-  );
-
-  return { authKey, encryptionKey, dedupKey, salt };
-}
-
-/**
- * Derive auth, encryption, and dedup keys from a master password.
- *
- * If the password is a valid BIP-39 mnemonic (12 or 24 words), keys are
- * derived from the 512-bit BIP-39 seed via HKDF. Otherwise, the legacy
- * Argon2id path is used.
- *
- * For the Argon2id path: if no salt is provided a fresh 32-byte random salt
- * is generated. Pass an existing salt when restoring a previously-registered
- * account so that the derived keys match the original registration.
- *
- * @returns Object containing authKey, encryptionKey, dedupKey, and salt (all Buffers).
- */
-export function deriveKeys(
-  password: string,
-  existingSalt?: Buffer,
-): { authKey: Buffer; encryptionKey: Buffer; dedupKey: Buffer; salt: Buffer } {
-  // Auto-detect BIP-39 mnemonic vs arbitrary password
-  if (isBip39Mnemonic(password)) {
-    // BIP-39 path: mnemonic is self-salting, existingSalt is ignored for derivation
-    // but we still return the deterministic salt for server registration
-    return deriveKeysFromMnemonic(password);
-  }
-
-  // Legacy path: arbitrary password via Argon2id
-  const salt = existingSalt ?? crypto.randomBytes(32);
-
-  // Step 1 -- Argon2id to derive a 32-byte master key.
-  // @noble/hashes argon2id accepts Uint8Array for both password and salt.
-  const masterKey = argon2id(
-    Buffer.from(password, 'utf8'),
-    salt,
-    { t: ARGON2_TIME_COST, m: ARGON2_MEMORY_COST, p: ARGON2_PARALLELISM, dkLen: ARGON2_DK_LEN },
-  );
-
-  // Step 2 -- HKDF-SHA256 for each sub-key using distinct info strings.
-  // @noble/hashes v2 requires Uint8Array for info param.
-  const enc = (s: string) => Buffer.from(s, 'utf8');
-  const authKey = Buffer.from(
-    hkdf(sha256, masterKey, salt, enc(AUTH_KEY_INFO), 32),
-  );
-  const encryptionKey = Buffer.from(
-    hkdf(sha256, masterKey, salt, enc(ENCRYPTION_KEY_INFO), 32),
-  );
-  const dedupKey = Buffer.from(
-    hkdf(sha256, masterKey, salt, enc(DEDUP_KEY_INFO), 32),
-  );
-
-  return { authKey, encryptionKey, dedupKey, salt: Buffer.from(salt) };
-}
-
-// ---------------------------------------------------------------------------
-// LSH Seed Derivation
-// ---------------------------------------------------------------------------
-
-/**
- * HKDF context string for LSH seed derivation.
- *
- * The LSH hasher needs a deterministic seed so that the same master key
- * always generates the same random hyperplane matrices. We derive this seed
- * from the master key using HKDF with a unique info string.
- *
- * For the BIP-39 path the HKDF input is the 512-bit BIP-39 seed; for the
- * Argon2id path it is the 32-byte master key.
- */
-const LSH_SEED_INFO = 'openmemory-lsh-seed-v1';
-
-/**
- * Derive a 32-byte seed for the LSH hasher from the master key derivation
- * chain.
- *
- * Call this once during initialization and pass the result to `new LSHHasher(seed, dims)`.
- *
- * For the BIP-39 path we use the full 512-bit BIP-39 seed as IKM; for the
- * Argon2id path we use the 32-byte Argon2id-derived master key. In both
- * cases the salt from `deriveKeys()` is reused for domain separation.
- */
-export function deriveLshSeed(
-  password: string,
-  salt: Buffer,
-): Uint8Array {
-  if (isBip39Mnemonic(password)) {
-    const seed = mnemonicToSeedSync(password.trim());
-    return new Uint8Array(
-      hkdf(sha256, Buffer.from(seed), salt, Buffer.from(LSH_SEED_INFO, 'utf8'), 32),
-    );
-  }
-
-  // Argon2id path: re-derive the master key, then HKDF with LSH info string.
-  const masterKey = argon2id(
-    Buffer.from(password, 'utf8'),
-    salt,
-    { t: ARGON2_TIME_COST, m: ARGON2_MEMORY_COST, p: ARGON2_PARALLELISM, dkLen: ARGON2_DK_LEN },
-  );
-
-  return new Uint8Array(
-    hkdf(sha256, masterKey, salt, Buffer.from(LSH_SEED_INFO, 'utf8'), 32),
-  );
-}
-
-// ---------------------------------------------------------------------------
-// Auth Key Hash
-// ---------------------------------------------------------------------------
-
-/**
- * Compute the SHA-256 hash of the auth key.
- *
- * The server stores SHA256(authKey) during registration and uses it to look
- * up users on every request. The hex string returned here is what the plugin
- * sends to `/v1/register` as `auth_key_hash`.
- */
-export function computeAuthKeyHash(authKey: Buffer): string {
-  return Buffer.from(sha256(authKey)).toString('hex');
-}
-
-// ---------------------------------------------------------------------------
-// AES-256-GCM Encrypt / Decrypt
-// ---------------------------------------------------------------------------
-
-/**
- * Encrypt a UTF-8 plaintext string with AES-256-GCM.
- *
- * Wire format (base64-encoded):
- *   [iv: 12 bytes][tag: 16 bytes][ciphertext: variable]
- *
- * This matches `serializeEncryptedData` in `client/src/crypto/aes.ts`.
- */
-export function encrypt(plaintext: string, encryptionKey: Buffer): string {
-  if (encryptionKey.length !== KEY_LENGTH) {
-    throw new Error(`Invalid key length: expected ${KEY_LENGTH}, got ${encryptionKey.length}`);
-  }
-
-  const iv = crypto.randomBytes(IV_LENGTH);
-  const cipher = crypto.createCipheriv('aes-256-gcm', encryptionKey, iv, {
-    authTagLength: TAG_LENGTH,
-  });
-
-  const ciphertext = Buffer.concat([cipher.update(plaintext, 'utf8'), cipher.final()]);
-  const tag = cipher.getAuthTag();
-
-  // Combine: iv || tag || ciphertext  (same order as client library)
-  const combined = Buffer.concat([iv, tag, ciphertext]);
-  return combined.toString('base64');
-}
-
-/**
- * Decrypt a base64-encoded AES-256-GCM blob back to a UTF-8 string.
- *
- * Expects the wire format produced by `encrypt()` above.
- */
-export function decrypt(encryptedBase64: string, encryptionKey: Buffer): string {
-  if (encryptionKey.length !== KEY_LENGTH) {
-    throw new Error(`Invalid key length: expected ${KEY_LENGTH}, got ${encryptionKey.length}`);
-  }
-
-  const combined = Buffer.from(encryptedBase64, 'base64');
-
-  if (combined.length < IV_LENGTH + TAG_LENGTH) {
-    throw new Error('Encrypted data too short');
-  }
-
-  const iv = combined.subarray(0, IV_LENGTH);
-  const tag = combined.subarray(IV_LENGTH, IV_LENGTH + TAG_LENGTH);
-  const ciphertext = combined.subarray(IV_LENGTH + TAG_LENGTH);
-
-  const decipher = crypto.createDecipheriv('aes-256-gcm', encryptionKey, iv, {
-    authTagLength: TAG_LENGTH,
-  });
-  decipher.setAuthTag(tag);
-
-  const plaintext = Buffer.concat([decipher.update(ciphertext), decipher.final()]);
-  return plaintext.toString('utf8');
-}
-
-// ---------------------------------------------------------------------------
-// Blind Indices
-// ---------------------------------------------------------------------------
-
-/**
- * Generate blind indices (SHA-256 hashes of tokens) for a text string.
- *
- * Tokenization rules (must match `client/src/crypto/blind.ts#tokenize`):
- *   1. Lowercase
- *   2. Remove punctuation (keep Unicode letters, numbers, whitespace)
- *   3. Split on whitespace
- *   4. Filter tokens shorter than 2 characters
- *
- * Each surviving token is SHA-256 hashed and returned as a hex string.
- * The returned array is deduplicated.
- */
-export function generateBlindIndices(text: string): string[] {
-  const tokens = text
-    .toLowerCase()
-    .replace(/[^\p{L}\p{N}\s]/gu, ' ') // Remove punctuation, keep letters/numbers
-    .split(/\s+/)
-    .filter((t) => t.length >= 2);
-
-  const seen = new Set<string>();
-  const indices: string[] = [];
-
-  for (const token of tokens) {
-    // Exact word hash (unchanged behavior).
-    const hash = Buffer.from(sha256(Buffer.from(token, 'utf8'))).toString('hex');
-    if (!seen.has(hash)) {
-      seen.add(hash);
-      indices.push(hash);
-    }
-
-    // Stemmed word hash. The stem is prefixed with "stem:" before hashing
-    // to avoid collisions between a word that happens to equal another
-    // word's stem (e.g., the word "commun" vs the stem of "community").
-    const stem = stemmer(token);
-    if (stem.length >= 2 && stem !== token) {
-      const stemHash = Buffer.from(
-        sha256(Buffer.from(`stem:${stem}`, 'utf8'))
-      ).toString('hex');
-      if (!seen.has(stemHash)) {
-        seen.add(stemHash);
-        indices.push(stemHash);
-      }
-    }
-  }
-
-  return indices;
-}
-
-// ---------------------------------------------------------------------------
-// Content Fingerprint (Dedup)
-// ---------------------------------------------------------------------------
-
-/**
- * Normalize text for deterministic fingerprinting.
- *
- * Steps (matching `client/src/crypto/fingerprint.ts#normalizeText`):
- *   1. Unicode NFC normalization
- *   2. Lowercase
- *   3. Collapse whitespace (spaces/tabs/newlines to single space)
- *   4. Trim leading/trailing whitespace
- */
-function normalizeText(text: string): string {
-  return text
-    .normalize('NFC')
-    .toLowerCase()
-    .replace(/\s+/g, ' ')
-    .trim();
-}
-
-/**
- * Compute an HMAC-SHA256 content fingerprint for exact-duplicate detection.
- *
- * The server stores this fingerprint and uses it to reject duplicate writes
- * without ever seeing the plaintext.
- *
- * @returns 64-character hex string.
- */
-export function generateContentFingerprint(plaintext: string, dedupKey: Buffer): string {
-  const normalized = normalizeText(plaintext);
-  return Buffer.from(
-    hmac(sha256, dedupKey, Buffer.from(normalized, 'utf8')),
-  ).toString('hex');
-}

package/embedding.ts

@@ -1,84 +0,0 @@
-/**
- * TotalReclaw Plugin - Local Embedding via @huggingface/transformers
- *
- * Uses the Xenova/bge-small-en-v1.5 ONNX model to generate 384-dimensional
- * text embeddings locally. No API key needed, no data leaves the machine.
- *
- * This preserves the zero-knowledge guarantee: embeddings are generated
- * CLIENT-SIDE before encryption, so no plaintext ever reaches an external API.
- *
- * Model details:
- *   - Quantized (int8) ONNX model: ~33.8MB download on first use
- *   - Cached in ~/.cache/huggingface/ after first download
- *   - Lazy initialization: first call ~2-3s (model load), subsequent ~15ms
- *   - Output: 384-dimensional normalized embedding vector
- *   - For retrieval, queries should be prefixed with an instruction string
- *     (documents/passages should NOT be prefixed)
- *
- * Dependencies: @huggingface/transformers (handles model download, WordPiece
- * tokenization, ONNX inference, mean pooling, and normalization).
- */
-
-// @ts-ignore - @huggingface/transformers types may not be perfect
-import { pipeline, type FeatureExtractionPipeline } from '@huggingface/transformers';
-
-/** ONNX-optimized bge-small-en-v1.5 from HuggingFace Hub. */
-const MODEL_ID = 'Xenova/bge-small-en-v1.5';
-
-/** Fixed output dimensionality for bge-small-en-v1.5. */
-const EMBEDDING_DIM = 384;
-
-/**
- * Query instruction prefix for bge-small-en-v1.5 retrieval tasks.
- *
- * Per the BAAI model card: prepend this to short queries when searching
- * for relevant passages. Do NOT prepend for documents/passages being stored.
- */
-const QUERY_PREFIX = 'Represent this sentence for searching relevant passages: ';
-
-/** Lazily initialized feature extraction pipeline. */
-let extractor: FeatureExtractionPipeline | null = null;
-
-/**
- * Generate a 384-dimensional embedding vector for the given text.
- *
- * On first call, downloads and loads the ONNX model (~33.8MB, cached).
- * Subsequent calls reuse the loaded model and run in ~15ms.
- *
- * For bge-small-en-v1.5, queries should set `isQuery: true` to prepend the
- * retrieval instruction prefix. Documents being stored should use the default
- * (`isQuery: false`) so no prefix is added.
- *
- * @param text - The text to embed.
- * @param options - Optional settings.
- * @param options.isQuery - If true, prepend the BGE query instruction prefix
- *                          for improved retrieval accuracy (default: false).
- * @returns 384-dimensional normalized embedding as a number array.
- */
-export async function generateEmbedding(
-  text: string,
-  options?: { isQuery?: boolean },
-): Promise<number[]> {
-  if (!extractor) {
-    extractor = await pipeline('feature-extraction', MODEL_ID, {
-      // Use quantized (int8) model for smaller download (~33.8MB vs ~67MB)
-      quantized: true,
-    });
-  }
-
-  const input = options?.isQuery ? QUERY_PREFIX + text : text;
-  const output = await extractor(input, { pooling: 'mean', normalize: true });
-  // output.data is a Float32Array; convert to plain number[]
-  return Array.from(output.data as Float32Array);
-}
-
-/**
- * Get the embedding vector dimensionality.
- *
- * Always returns 384 (fixed for bge-small-en-v1.5).
- * This is needed by downstream code (e.g. LSH hasher) to know the vector
- * size without calling the embedding model.
- */
-export function getEmbeddingDims(): number {
-  return EMBEDDING_DIM;
-}

package/extractor.ts

@@ -1,210 +0,0 @@
-/**
- * TotalReclaw Plugin - Fact Extractor
- *
- * Uses LLM calls to extract atomic facts from conversation messages.
- * Matches the extraction prompts described in SKILL.md.
- */
-
-import { chatCompletion, resolveLLMConfig } from './llm-client.js';
-
-// ---------------------------------------------------------------------------
-// Types
-// ---------------------------------------------------------------------------
-
-export interface ExtractedFact {
-  text: string;
-  type: 'fact' | 'preference' | 'decision' | 'episodic' | 'goal';
-  importance: number; // 1-10
-}
-
-interface ContentBlock {
-  type?: string;
-  text?: string;
-  thinking?: string;
-}
-
-interface ConversationMessage {
-  role?: string;
-  content?: string | ContentBlock[];
-  text?: string;
-}
-
-// ---------------------------------------------------------------------------
-// Extraction Prompt
-// ---------------------------------------------------------------------------
-
-const EXTRACTION_SYSTEM_PROMPT = `You are a memory extraction engine. Analyze the conversation and extract atomic facts worth remembering long-term.
-
-Rules:
-1. Each fact must be a single, atomic piece of information
-2. Focus on user-specific information: preferences, decisions, facts about them, their goals
-3. Skip generic knowledge, greetings, and small talk
-4. Skip information that is only relevant to the current conversation
-5. Score importance 1-10 (7+ = worth storing, below 7 = skip)
-6. Only extract facts with importance >= 6
-
-Types:
-- fact: Objective information about the user
-- preference: Likes, dislikes, or preferences
-- decision: Choices the user has made
-- episodic: Events or experiences
-- goal: Objectives or targets
-
-Return a JSON array (no markdown, no code fences):
-[{"text": "...", "type": "...", "importance": N}, ...]
-
-If nothing is worth extracting, return: []`;
-
-// ---------------------------------------------------------------------------
-// Helpers
-// ---------------------------------------------------------------------------
-
-/**
- * Extract text content from a conversation message (handles various formats).
- *
- * OpenClaw AgentMessage objects use content arrays:
- *   { role: "user", content: [{ type: "text", text: "..." }] }
- *   { role: "assistant", content: [{ type: "text", text: "..." }, { type: "toolCall", ... }] }
- *
- * We also handle the simpler { role, content: "string" } format.
- */
-function messageToText(msg: unknown): { role: string; content: string } | null {
-  if (!msg || typeof msg !== 'object') return null;
-
-  const m = msg as ConversationMessage;
-  const role = m.role ?? 'unknown';
-
-  // Only keep user and assistant messages
-  if (role !== 'user' && role !== 'assistant') return null;
-
-  let textContent: string;
-
-  if (typeof m.content === 'string') {
-    // Simple string content
-    textContent = m.content;
-  } else if (Array.isArray(m.content)) {
-    // OpenClaw AgentMessage format: array of content blocks
-    // Extract text from { type: "text", text: "..." } blocks
-    const textParts = (m.content as ContentBlock[])
-      .filter((block) => block.type === 'text' && typeof block.text === 'string')
-      .map((block) => block.text as string);
-    textContent = textParts.join('\n');
-  } else if (typeof m.text === 'string') {
-    // Fallback: { text: "..." } field
-    textContent = m.text;
-  } else {
-    return null;
-  }
-
-  if (textContent.length < 3) return null;
-
-  return { role, content: textContent };
-}
-
-/**
- * Truncate messages to fit within a token budget (rough estimate: 4 chars per token).
- */
-function truncateMessages(messages: Array<{ role: string; content: string }>, maxChars: number): string {
-  const lines: string[] = [];
-  let totalChars = 0;
-
-  for (const msg of messages) {
-    const line = `[${msg.role}]: ${msg.content}`;
-    if (totalChars + line.length > maxChars) break;
-    lines.push(line);
-    totalChars += line.length;
-  }
-
-  return lines.join('\n\n');
-}
-
-/**
- * Parse the LLM response into structured facts.
- */
-function parseFactsResponse(response: string): ExtractedFact[] {
-  // Strip markdown code fences if present
-  let cleaned = response.trim();
-  if (cleaned.startsWith('```')) {
-    cleaned = cleaned.replace(/^```(?:json)?\n?/, '').replace(/\n?```$/, '').trim();
-  }
-
-  try {
-    const parsed = JSON.parse(cleaned);
-    if (!Array.isArray(parsed)) return [];
-
-    return parsed
-      .filter(
-        (f: unknown) =>
-          f &&
-          typeof f === 'object' &&
-          typeof (f as ExtractedFact).text === 'string' &&
-          (f as ExtractedFact).text.length >= 5,
-      )
-      .map((f: unknown) => {
-        const fact = f as Record<string, unknown>;
-        return {
-          text: String(fact.text).slice(0, 512),
-          type: (['fact', 'preference', 'decision', 'episodic', 'goal'].includes(String(fact.type))
-            ? String(fact.type)
-            : 'fact') as ExtractedFact['type'],
-          importance: Math.max(1, Math.min(10, Number(fact.importance) || 5)),
-        };
-      })
-      .filter((f) => f.importance >= 6); // Only keep important facts
-  } catch {
-    return [];
-  }
-}
-
-// ---------------------------------------------------------------------------
-// Main extraction function
-// ---------------------------------------------------------------------------
-
-/**
- * Extract facts from a list of conversation messages using LLM.
- *
- * @param rawMessages - The messages array from the hook event (unknown[])
- * @param mode - 'turn' for agent_end (recent only), 'full' for compaction/reset
- * @returns Array of extracted facts, or empty array on failure.
- */
-export async function extractFacts(
-  rawMessages: unknown[],
-  mode: 'turn' | 'full',
-): Promise<ExtractedFact[]> {
-  const config = resolveLLMConfig();
-  if (!config) return []; // No LLM available
-
-  // Parse messages
-  const parsed = rawMessages
-    .map(messageToText)
-    .filter((m): m is { role: string; content: string } => m !== null);
-
-  if (parsed.length === 0) return [];
-
-  // For 'turn' mode, only look at last 6 messages (3 turns)
-  // For 'full' mode, use all messages but truncate to fit token budget
-  const relevantMessages = mode === 'turn' ? parsed.slice(-6) : parsed;
-
-  // Truncate to ~3000 tokens worth of text
-  const conversationText = truncateMessages(relevantMessages, 12_000);
-
-  if (conversationText.length < 20) return [];
-
-  const userPrompt =
-    mode === 'turn'
-      ? `Extract important facts from these recent conversation turns:\n\n${conversationText}`
-      : `Extract ALL valuable long-term memories from this conversation before it is lost:\n\n${conversationText}`;
-
-  try {
-    const response = await chatCompletion(config, [
-      { role: 'system', content: EXTRACTION_SYSTEM_PROMPT },
-      { role: 'user', content: userPrompt },
-    ]);
-
-    if (!response) return [];
-
-    return parseFactsResponse(response);
-  } catch {
-    return []; // Fail silently -- hooks must never break the agent
-  }
-}

package/generate-mnemonic.ts

@@ -1,14 +0,0 @@
-#!/usr/bin/env npx tsx
-/**
- * Generate a BIP-39 12-word mnemonic for use as TOTALRECLAW_MASTER_PASSWORD.
- *
- * Usage: npx tsx generate-mnemonic.ts
- */
-import { generateMnemonic } from '@scure/bip39';
-import { wordlist } from '@scure/bip39/wordlists/english.js';
-
-const mnemonic = generateMnemonic(wordlist, 128);
-console.log('\n  Your TotalReclaw master mnemonic (12 words):\n');
-console.log(`  ${mnemonic}\n`);
-console.log('  WRITE THIS DOWN. If you lose it, your memories are unrecoverable.');
-console.log('  Set it as TOTALRECLAW_MASTER_PASSWORD in your .env file.\n');