@varveai/adit-core 0.2.1

package/dist/security/content-redaction.js

@@ -0,0 +1,365 @@
+/**
+ * Content-aware secret redaction.
+ *
+ * Scans text content for secrets using two complementary techniques:
+ * 1. Shannon entropy scoring — flags high-entropy strings that look like
+ *    randomly generated secrets (API keys, tokens, passwords).
+ * 2. Pattern matching — regex-based detection of known secret formats
+ *    (AWS keys, GitHub tokens, JWTs, private keys, etc.).
+ *
+ * Inspired by gitleaks/trufflehog approaches. Designed to run on transcript
+ * data (prompts, responses, tool I/O) before writing to the database.
+ */
+/**
+ * Built-in secret patterns based on common formats.
+ * Covers major cloud providers, VCS platforms, payment processors,
+ * communication tools, and generic credential formats.
+ */
+export const builtinPatterns = [
+    // AWS
+    { name: "aws-access-key", pattern: /\bAKIA[0-9A-Z]{16}\b/ },
+    { name: "aws-secret-key", pattern: /\b[A-Za-z0-9/+=]{40}\b(?=.*aws|.*secret)/i },
+    // GitHub
+    { name: "github-pat-fine", pattern: /\bgithub_pat_[A-Za-z0-9_]{22,82}\b/ },
+    { name: "github-pat", pattern: /\bghp_[A-Za-z0-9]{36,}\b/ },
+    { name: "github-oauth", pattern: /\bgho_[A-Za-z0-9]{36,}\b/ },
+    { name: "github-app-token", pattern: /\bghu_[A-Za-z0-9]{36,}\b/ },
+    { name: "github-refresh-token", pattern: /\bghr_[A-Za-z0-9]{36,}\b/ },
+    // GitLab
+    { name: "gitlab-pat", pattern: /\bglpat-[A-Za-z0-9\-_]{20,}\b/ },
+    { name: "gitlab-pipeline-token", pattern: /\bglptt-[A-Za-z0-9\-_]{20,}\b/ },
+    { name: "gitlab-runner-token", pattern: /\bGR1348941[A-Za-z0-9\-_]{20,}\b/ },
+    // GCP / Google
+    { name: "gcp-api-key", pattern: /\bAIza[0-9A-Za-z\-_]{35}\b/ },
+    { name: "gcp-service-account", pattern: /"type"\s*:\s*"service_account"/ },
+    // Azure
+    { name: "azure-storage-key", pattern: /\b[A-Za-z0-9+/]{86}==\b/ },
+    // Stripe
+    { name: "stripe-secret-key", pattern: /\bsk_live_[A-Za-z0-9]{24,}\b/ },
+    { name: "stripe-publishable", pattern: /\bpk_live_[A-Za-z0-9]{24,}\b/ },
+    { name: "stripe-restricted", pattern: /\brk_live_[A-Za-z0-9]{24,}\b/ },
+    // Slack
+    { name: "slack-token", pattern: /\bxox[baprs]-[A-Za-z0-9\-]{10,}\b/ },
+    { name: "slack-webhook", pattern: /https:\/\/hooks\.slack\.com\/services\/T[A-Z0-9]+\/B[A-Z0-9]+\/[A-Za-z0-9]+/ },
+    // Discord
+    { name: "discord-token", pattern: /\b[MN][A-Za-z0-9]{23,}\.[A-Za-z0-9\-_]{6}\.[A-Za-z0-9\-_]{27,}\b/ },
+    { name: "discord-webhook", pattern: /https:\/\/discord(?:app)?\.com\/api\/webhooks\/\d+\/[A-Za-z0-9\-_]+/ },
+    // Twilio
+    { name: "twilio-api-key", pattern: /\bSK[0-9a-fA-F]{32}\b/ },
+    // SendGrid
+    { name: "sendgrid-api-key", pattern: /\bSG\.[A-Za-z0-9\-_]{22,}\.[A-Za-z0-9\-_]{22,}\b/ },
+    // npm
+    { name: "npm-token", pattern: /\bnpm_[A-Za-z0-9]{36,}\b/ },
+    // PyPI
+    { name: "pypi-token", pattern: /\bpypi-[A-Za-z0-9\-_]{16,}\b/ },
+    // Heroku
+    { name: "heroku-api-key", pattern: /\b[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}\b/ },
+    // Private keys
+    { name: "private-key-rsa", pattern: /-----BEGIN RSA PRIVATE KEY-----/ },
+    { name: "private-key-dsa", pattern: /-----BEGIN DSA PRIVATE KEY-----/ },
+    { name: "private-key-ec", pattern: /-----BEGIN EC PRIVATE KEY-----/ },
+    { name: "private-key-openssh", pattern: /-----BEGIN OPENSSH PRIVATE KEY-----/ },
+    { name: "private-key-pgp", pattern: /-----BEGIN PGP PRIVATE KEY BLOCK-----/ },
+    { name: "private-key-generic", pattern: /-----BEGIN PRIVATE KEY-----/ },
+    // Generic credential patterns
+    { name: "bearer-token", pattern: /\bBearer\s+[A-Za-z0-9\-_\.]{20,}\b/ },
+    { name: "basic-auth", pattern: /\bBasic\s+[A-Za-z0-9+/=]{20,}\b/ },
+    { name: "jwt", pattern: /\beyJ[A-Za-z0-9\-_]+\.eyJ[A-Za-z0-9\-_]+\.[A-Za-z0-9\-_]+\b/ },
+    // Database connection strings
+    { name: "postgres-uri", pattern: /postgres(?:ql)?:\/\/[^\s'"]+:[^\s'"]+@[^\s'"]+/ },
+    { name: "mysql-uri", pattern: /mysql:\/\/[^\s'"]+:[^\s'"]+@[^\s'"]+/ },
+    { name: "mongodb-uri", pattern: /mongodb(?:\+srv)?:\/\/[^\s'"]+:[^\s'"]+@[^\s'"]+/ },
+    { name: "redis-uri", pattern: /redis(?:s)?:\/\/[^\s'"]+:[^\s'"]+@[^\s'"]+/ },
+    // Generic password/secret in assignments
+    { name: "password-assignment", pattern: /(?:password|passwd|pwd)\s*[:=]\s*["'][^"']{8,}["']/i },
+    { name: "secret-assignment", pattern: /(?:secret|api_?key|access_?key|auth_?token)\s*[:=]\s*["'][^"']{8,}["']/i },
+];
+/**
+ * Default field names to skip when scanning structured data.
+ * These commonly contain high-entropy but non-secret data.
+ */
+export const defaultSkipFields = [
+    "id",
+    "ids",
+    "signature",
+    "hash",
+    "sha",
+    "checksum",
+    "digest",
+    "uuid",
+    "ulid",
+];
+/**
+ * Compute Shannon entropy for a string.
+ *
+ * Shannon entropy measures the randomness/information density of a string.
+ * Random strings (like API keys) typically have entropy > 4.5 bits per character,
+ * while natural language text is usually below 4.0.
+ *
+ * @param s - The string to analyze
+ * @returns Entropy in bits per character (0 to log2(charset_size))
+ */
+export function shannonEntropy(s) {
+    if (s.length === 0)
+        return 0;
+    const freq = new Map();
+    for (const ch of s) {
+        freq.set(ch, (freq.get(ch) ?? 0) + 1);
+    }
+    let entropy = 0;
+    const len = s.length;
+    for (const count of freq.values()) {
+        const p = count / len;
+        if (p > 0) {
+            entropy -= p * Math.log2(p);
+        }
+    }
+    return entropy;
+}
+/**
+ * Extract candidate tokens from text that might be secrets.
+ *
+ * Tokens are contiguous sequences of non-whitespace characters that
+ * meet minimum length requirements. We split on whitespace and common
+ * delimiters to isolate individual tokens.
+ */
+function extractTokens(text, minLength, maxLength) {
+    const results = [];
+    // Match contiguous non-whitespace tokens
+    const tokenRegex = /\S+/g;
+    let match;
+    while ((match = tokenRegex.exec(text)) !== null) {
+        const raw = match[0];
+        const offset = match.index;
+        // Strip common surrounding quotes/brackets
+        let token = raw;
+        let tokenOffset = offset;
+        if (/^["'`({[]/.test(token)) {
+            token = token.slice(1);
+            tokenOffset += 1;
+        }
+        if (/["'`)};\],.]$/.test(token)) {
+            token = token.slice(0, -1);
+        }
+        if (token.length >= minLength && token.length <= maxLength) {
+            results.push({ token, offset: tokenOffset });
+        }
+    }
+    return results;
+}
+/**
+ * Scan text for secrets using entropy-based detection.
+ *
+ * Extracts tokens and checks each for high Shannon entropy,
+ * which indicates randomly generated strings like API keys.
+ */
+function scanEntropy(text, threshold, minTokenLength, maxTokenLength) {
+    const detections = [];
+    const tokens = extractTokens(text, minTokenLength, maxTokenLength);
+    for (const { token, offset } of tokens) {
+        // Skip tokens that look like file paths, URLs, or common code patterns
+        if (looksLikeNonSecret(token))
+            continue;
+        const entropy = shannonEntropy(token);
+        if (entropy >= threshold) {
+            detections.push({
+                method: "entropy",
+                offset,
+                length: token.length,
+            });
+        }
+    }
+    return detections;
+}
+/**
+ * Check if a token looks like a non-secret high-entropy string.
+ * Helps reduce false positives from file paths, import statements, etc.
+ */
+function looksLikeNonSecret(token) {
+    // File paths
+    if (token.startsWith("/") || token.startsWith("./") || token.startsWith("../"))
+        return true;
+    if (token.includes("/src/") || token.includes("/node_modules/"))
+        return true;
+    // URLs without credentials
+    if (/^https?:\/\/[^:@]*$/.test(token))
+        return true;
+    // Package names and imports
+    if (token.startsWith("@") && token.includes("/"))
+        return true;
+    // Common code patterns (hex colors, version numbers, etc.)
+    if (/^#[0-9a-fA-F]{3,8}$/.test(token))
+        return true;
+    if (/^\d+\.\d+\.\d+/.test(token))
+        return true;
+    // Base64-encoded image data markers
+    if (token.startsWith("data:image/"))
+        return true;
+    return false;
+}
+/**
+ * Scan text for secrets using pattern matching.
+ */
+function scanPatterns(text, patterns) {
+    const detections = [];
+    for (const { name, pattern } of patterns) {
+        // Create a global version of the pattern for scanning
+        const globalPattern = new RegExp(pattern.source, pattern.flags.includes("g") ? pattern.flags : pattern.flags + "g");
+        let match;
+        while ((match = globalPattern.exec(text)) !== null) {
+            detections.push({
+                method: "pattern",
+                patternName: name,
+                offset: match.index,
+                length: match[0].length,
+            });
+        }
+    }
+    return detections;
+}
+/**
+ * Merge overlapping detection ranges and sort by offset.
+ * When both entropy and pattern detection flag the same region,
+ * we keep the pattern-based detection (more specific).
+ */
+function mergeDetections(detections) {
+    if (detections.length <= 1)
+        return detections;
+    // Sort by offset
+    const sorted = [...detections].sort((a, b) => a.offset - b.offset);
+    const merged = [sorted[0]];
+    for (let i = 1; i < sorted.length; i++) {
+        const prev = merged[merged.length - 1];
+        const curr = sorted[i];
+        // Check overlap
+        if (curr.offset <= prev.offset + prev.length) {
+            // Overlapping — keep the one that covers more or prefer pattern-based
+            if (curr.method === "pattern" && prev.method === "entropy") {
+                // Replace entropy detection with pattern detection
+                merged[merged.length - 1] = {
+                    method: curr.method,
+                    patternName: curr.patternName,
+                    offset: Math.min(prev.offset, curr.offset),
+                    length: Math.max(prev.offset + prev.length, curr.offset + curr.length) - Math.min(prev.offset, curr.offset),
+                };
+            }
+            else {
+                // Extend the previous detection
+                const newEnd = Math.max(prev.offset + prev.length, curr.offset + curr.length);
+                merged[merged.length - 1] = {
+                    ...prev,
+                    length: newEnd - prev.offset,
+                };
+            }
+        }
+        else {
+            merged.push(curr);
+        }
+    }
+    return merged;
+}
+/**
+ * Redact secrets from a text string.
+ *
+ * Combines entropy-based and pattern-based scanning to detect
+ * and replace secrets with a configurable placeholder.
+ *
+ * @param text - The text to scan and redact
+ * @param config - Optional configuration overrides
+ * @returns The redacted text and detection details
+ */
+export function redactContent(text, config = {}) {
+    const { entropyThreshold = 4.5, minTokenLength = 8, maxTokenLength = 256, replacement = "[REDACTED]", customPatterns = [], } = config;
+    if (!text || text.length === 0) {
+        return { redacted: text, secretsFound: 0, detections: [] };
+    }
+    // Run both detection methods
+    const entropyDetections = scanEntropy(text, entropyThreshold, minTokenLength, maxTokenLength);
+    const allPatterns = [...builtinPatterns, ...customPatterns];
+    const patternDetections = scanPatterns(text, allPatterns);
+    // Merge and deduplicate
+    const allDetections = mergeDetections([...entropyDetections, ...patternDetections]);
+    if (allDetections.length === 0) {
+        return { redacted: text, secretsFound: 0, detections: [] };
+    }
+    // Apply replacements from end to start to preserve offsets
+    let redacted = text;
+    for (let i = allDetections.length - 1; i >= 0; i--) {
+        const det = allDetections[i];
+        redacted =
+            redacted.substring(0, det.offset) +
+                replacement +
+                redacted.substring(det.offset + det.length);
+    }
+    return {
+        redacted,
+        secretsFound: allDetections.length,
+        detections: allDetections,
+    };
+}
+/**
+ * Check if a field name should be skipped during structured data scanning.
+ *
+ * Fields like "id", "signature", "hash" etc. often contain high-entropy
+ * strings that are not secrets.
+ */
+export function shouldSkipField(fieldName, skipFields) {
+    const fields = skipFields ?? defaultSkipFields;
+    const lower = fieldName.toLowerCase();
+    for (const skip of fields) {
+        const skipLower = skip.toLowerCase();
+        if (lower === skipLower)
+            return true;
+        if (lower.endsWith(skipLower))
+            return true;
+    }
+    // Skip fields whose values are image/base64 data
+    if (lower === "type" || lower === "content_type")
+        return true;
+    return false;
+}
+/**
+ * Recursively redact secrets from a structured object.
+ *
+ * Walks through all string values in the object tree and applies
+ * content-aware redaction. Skips fields that commonly contain
+ * non-secret high-entropy data (IDs, signatures, hashes).
+ *
+ * @param obj - The object to scan
+ * @param config - Optional redaction configuration
+ * @returns A new object with secrets redacted
+ */
+export function redactObject(obj, config = {}) {
+    if (obj === null || obj === undefined)
+        return obj;
+    if (typeof obj === "string") {
+        return redactContent(obj, config).redacted;
+    }
+    if (Array.isArray(obj)) {
+        return obj.map((item) => redactObject(item, config));
+    }
+    if (typeof obj === "object") {
+        const result = {};
+        const skipFields = config.skipFields ?? defaultSkipFields;
+        for (const [key, value] of Object.entries(obj)) {
+            if (shouldSkipField(key, skipFields)) {
+                result[key] = value;
+            }
+            else if (typeof value === "string") {
+                // Check if this is an image/base64 value
+                if (typeof value === "string" && (value.startsWith("data:image/") || value.startsWith("base64,"))) {
+                    result[key] = value;
+                }
+                else {
+                    result[key] = redactContent(value, config).redacted;
+                }
+            }
+            else {
+                result[key] = redactObject(value, config);
+            }
+        }
+        return result;
+    }
+    return obj;
+}
+//# sourceMappingURL=content-redaction.js.map

package/dist/security/content-redaction.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"content-redaction.js","sourceRoot":"","sources":["../../src/security/content-redaction.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AA8CH;;;;GAIG;AACH,MAAM,CAAC,MAAM,eAAe,GAAoB;IAC9C,MAAM;IACN,EAAE,IAAI,EAAE,gBAAgB,EAAE,OAAO,EAAE,sBAAsB,EAAE;IAC3D,EAAE,IAAI,EAAE,gBAAgB,EAAE,OAAO,EAAE,2CAA2C,EAAE;IAEhF,SAAS;IACT,EAAE,IAAI,EAAE,iBAAiB,EAAE,OAAO,EAAE,oCAAoC,EAAE;IAC1E,EAAE,IAAI,EAAE,YAAY,EAAE,OAAO,EAAE,0BAA0B,EAAE;IAC3D,EAAE,IAAI,EAAE,cAAc,EAAE,OAAO,EAAE,0BAA0B,EAAE;IAC7D,EAAE,IAAI,EAAE,kBAAkB,EAAE,OAAO,EAAE,0BAA0B,EAAE;IACjE,EAAE,IAAI,EAAE,sBAAsB,EAAE,OAAO,EAAE,0BAA0B,EAAE;IAErE,SAAS;IACT,EAAE,IAAI,EAAE,YAAY,EAAE,OAAO,EAAE,+BAA+B,EAAE;IAChE,EAAE,IAAI,EAAE,uBAAuB,EAAE,OAAO,EAAE,+BAA+B,EAAE;IAC3E,EAAE,IAAI,EAAE,qBAAqB,EAAE,OAAO,EAAE,kCAAkC,EAAE;IAE5E,eAAe;IACf,EAAE,IAAI,EAAE,aAAa,EAAE,OAAO,EAAE,4BAA4B,EAAE;IAC9D,EAAE,IAAI,EAAE,qBAAqB,EAAE,OAAO,EAAE,gCAAgC,EAAE;IAE1E,QAAQ;IACR,EAAE,IAAI,EAAE,mBAAmB,EAAE,OAAO,EAAE,yBAAyB,EAAE;IAEjE,SAAS;IACT,EAAE,IAAI,EAAE,mBAAmB,EAAE,OAAO,EAAE,8BAA8B,EAAE;IACtE,EAAE,IAAI,EAAE,oBAAoB,EAAE,OAAO,EAAE,8BAA8B,EAAE;IACvE,EAAE,IAAI,EAAE,mBAAmB,EAAE,OAAO,EAAE,8BAA8B,EAAE;IAEtE,QAAQ;IACR,EAAE,IAAI,EAAE,aAAa,EAAE,OAAO,EAAE,mCAAmC,EAAE;IACrE,EAAE,IAAI,EAAE,eAAe,EAAE,OAAO,EAAE,6EAA6E,EAAE;IAEjH,UAAU;IACV,EAAE,IAAI,EAAE,eAAe,EAAE,OAAO,EAAE,kEAAkE,EAAE;IACtG,EAAE,IAAI,EAAE,iBAAiB,EAAE,OAAO,EAAE,qEAAqE,EAAE;IAE3G,SAAS;IACT,EAAE,IAAI,EAAE,gBAAgB,EAAE,OAAO,EAAE,uBAAuB,EAAE;IAE5D,WAAW;IACX,EAAE,IAAI,EAAE,kBAAkB,EAAE,OAAO,EAAE,kDAAkD,EAAE;IAEzF,MAAM;IACN,EAAE,IAAI,EAAE,WAAW,EAAE,OAAO,EAAE,0BAA0B,EAAE;IAE1D,OAAO;IACP,EAAE,IAAI,EAAE,YAAY,EAAE,OAAO,EAAE,8BAA8B,EAAE;IAE/D,SAAS;IACT,EAAE,IAAI,EAAE,gBAAgB,EAAE,OAAO,EAAE,iFAAiF,EAAE;IAEtH,eAAe;IACf,EAAE,IAAI,EAAE,iBAAiB,EAAE,OAAO,EAAE,iCAAiC,EAAE;IACvE,EAAE,IAAI,EAAE,iBAAiB,EAAE,OAAO,EAAE,iCAAiC,EAAE;IACvE,EAAE,IAAI,EAAE,gBAAgB,EAAE,OAAO,EAAE,gCAAgC,EAAE;IACrE,EAAE,IAAI,EAAE,qBAAqB,EAAE,OAAO,EAAE,qCAAqC,EAAE;IAC/E,EAAE,IAAI,EAAE,iBAAiB,EAAE,OAAO,EAAE,uCAAuC,EAAE;IAC7E,EAAE,IAAI,EAAE,qBAAqB,EAAE,OAAO,EAAE,6BAA6B,EAAE;IAEvE,8BAA8B;IAC9B,EAAE,IAAI,EAAE,cAAc,EAAE,OAAO,EAAE,oCAAoC,EAAE;IACvE,EAAE,IAAI,EAAE,YAAY,EAAE,OAAO,EAAE,iCAAiC,EAAE;IAClE,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE,6DAA6D,EAAE;IAEvF,8BAA8B;IAC9B,EAAE,IAAI,EAAE,cAAc,EAAE,OAAO,EAAE,gDAAgD,EAAE;IACnF,EAAE,IAAI,EAAE,WAAW,EAAE,OAAO,EAAE,sCAAsC,EAAE;IACtE,EAAE,IAAI,EAAE,aAAa,EAAE,OAAO,EAAE,kDAAkD,EAAE;IACpF,EAAE,IAAI,EAAE,WAAW,EAAE,OAAO,EAAE,4CAA4C,EAAE;IAE5E,yCAAyC;IACzC,EAAE,IAAI,EAAE,qBAAqB,EAAE,OAAO,EAAE,qDAAqD,EAAE;IAC/F,EAAE,IAAI,EAAE,mBAAmB,EAAE,OAAO,EAAE,yEAAyE,EAAE;CAClH,CAAC;AAEF;;;GAGG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAAG;IAC/B,IAAI;IACJ,KAAK;IACL,WAAW;IACX,MAAM;IACN,KAAK;IACL,UAAU;IACV,QAAQ;IACR,MAAM;IACN,MAAM;CACP,CAAC;AAEF;;;;;;;;;GASG;AACH,MAAM,UAAU,cAAc,CAAC,CAAS;IACtC,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,CAAC,CAAC;IAE7B,MAAM,IAAI,GAAG,IAAI,GAAG,EAAkB,CAAC;IACvC,KAAK,MAAM,EAAE,IAAI,CAAC,EAAE,CAAC;QACnB,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IACxC,CAAC;IAED,IAAI,OAAO,GAAG,CAAC,CAAC;IAChB,MAAM,GAAG,GAAG,CAAC,CAAC,MAAM,CAAC;IACrB,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,MAAM,EAAE,EAAE,CAAC;QAClC,MAAM,CAAC,GAAG,KAAK,GAAG,GAAG,CAAC;QACtB,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;YACV,OAAO,IAAI,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAC9B,CAAC;IACH,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;;;;GAMG;AACH,SAAS,aAAa,CACpB,IAAY,EACZ,SAAiB,EACjB,SAAiB;IAEjB,MAAM,OAAO,GAA6C,EAAE,CAAC;IAC7D,yCAAyC;IACzC,MAAM,UAAU,GAAG,MAAM,CAAC;IAC1B,IAAI,KAA6B,CAAC;IAClC,OAAO,CAAC,KAAK,GAAG,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QAChD,MAAM,GAAG,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACrB,MAAM,MAAM,GAAG,KAAK,CAAC,KAAK,CAAC;QAE3B,2CAA2C;QAC3C,IAAI,KAAK,GAAG,GAAG,CAAC;QAChB,IAAI,WAAW,GAAG,MAAM,CAAC;QACzB,IAAI,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;YAC5B,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YACvB,WAAW,IAAI,CAAC,CAAC;QACnB,CAAC;QACD,IAAI,eAAe,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;YAChC,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QAC7B,CAAC;QAED,IAAI,KAAK,CAAC,MAAM,IAAI,SAAS,IAAI,KAAK,CAAC,MAAM,IAAI,SAAS,EAAE,CAAC;YAC3D,OAAO,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC,CAAC;QAC/C,CAAC;IACH,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;;;GAKG;AACH,SAAS,WAAW,CAClB,IAAY,EACZ,SAAiB,EACjB,cAAsB,EACtB,cAAsB;IAEtB,MAAM,UAAU,GAAsB,EAAE,CAAC;IACzC,MAAM,MAAM,GAAG,aAAa,CAAC,IAAI,EAAE,cAAc,EAAE,cAAc,CAAC,CAAC;IAEnE,KAAK,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,IAAI,MAAM,EAAE,CAAC;QACvC,uEAAuE;QACvE,IAAI,kBAAkB,CAAC,KAAK,CAAC;YAAE,SAAS;QAExC,MAAM,OAAO,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC;QACtC,IAAI,OAAO,IAAI,SAAS,EAAE,CAAC;YACzB,UAAU,CAAC,IAAI,CAAC;gBACd,MAAM,EAAE,SAAS;gBACjB,MAAM;gBACN,MAAM,EAAE,KAAK,CAAC,MAAM;aACrB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,UAAU,CAAC;AACpB,CAAC;AAED;;;GAGG;AACH,SAAS,kBAAkB,CAAC,KAAa;IACvC,aAAa;IACb,IAAI,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC,UAAU,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAC5F,IAAI,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,gBAAgB,CAAC;QAAE,OAAO,IAAI,CAAC;IAE7E,2BAA2B;IAC3B,IAAI,qBAAqB,CAAC,IAAI,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAEnD,4BAA4B;IAC5B,IAAI,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IAE9D,2DAA2D;IAC3D,IAAI,qBAAqB,CAAC,IAAI,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACnD,IAAI,gBAAgB,CAAC,IAAI,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAE9C,oCAAoC;IACpC,IAAI,KAAK,CAAC,UAAU,CAAC,aAAa,CAAC;QAAE,OAAO,IAAI,CAAC;IAEjD,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,SAAS,YAAY,CACnB,IAAY,EACZ,QAAyB;IAEzB,MAAM,UAAU,GAAsB,EAAE,CAAC;IAEzC,KAAK,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,QAAQ,EAAE,CAAC;QACzC,sDAAsD;QACtD,MAAM,aAAa,GAAG,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,GAAG,GAAG,CAAC,CAAC;QACpH,IAAI,KAA6B,CAAC;QAClC,OAAO,CAAC,KAAK,GAAG,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YACnD,UAAU,CAAC,IAAI,CAAC;gBACd,MAAM,EAAE,SAAS;gBACjB,WAAW,EAAE,IAAI;gBACjB,MAAM,EAAE,KAAK,CAAC,KAAK;gBACnB,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM;aACxB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,UAAU,CAAC;AACpB,CAAC;AAED;;;;GAIG;AACH,SAAS,eAAe,CAAC,UAA6B;IACpD,IAAI,UAAU,CAAC,MAAM,IAAI,CAAC;QAAE,OAAO,UAAU,CAAC;IAE9C,iBAAiB;IACjB,MAAM,MAAM,GAAG,CAAC,GAAG,UAAU,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC;IACnE,MAAM,MAAM,GAAsB,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;IAE9C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACvC,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QACvC,MAAM,IAAI,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;QAEvB,gBAAgB;QAChB,IAAI,IAAI,CAAC,MAAM,IAAI,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC;YAC7C,sEAAsE;YACtE,IAAI,IAAI,CAAC,MAAM,KAAK,SAAS,IAAI,IAAI,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;gBAC3D,mDAAmD;gBACnD,MAAM,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,GAAG;oBAC1B,MAAM,EAAE,IAAI,CAAC,MAAM;oBACnB,WAAW,EAAE,IAAI,CAAC,WAAW;oBAC7B,MAAM,EAAE,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC;oBAC1C,MAAM,EAAE,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC;iBAC5G,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,gCAAgC;gBAChC,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC;gBAC9E,MAAM,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,GAAG;oBAC1B,GAAG,IAAI;oBACP,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC,MAAM;iBAC7B,CAAC;YACJ,CAAC;QACH,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACpB,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,aAAa,CAC3B,IAAY,EACZ,SAA0B,EAAE;IAE5B,MAAM,EACJ,gBAAgB,GAAG,GAAG,EACtB,cAAc,GAAG,CAAC,EAClB,cAAc,GAAG,GAAG,EACpB,WAAW,GAAG,YAAY,EAC1B,cAAc,GAAG,EAAE,GACpB,GAAG,MAAM,CAAC;IAEX,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC/B,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;IAC7D,CAAC;IAED,6BAA6B;IAC7B,MAAM,iBAAiB,GAAG,WAAW,CAAC,IAAI,EAAE,gBAAgB,EAAE,cAAc,EAAE,cAAc,CAAC,CAAC;IAC9F,MAAM,WAAW,GAAG,CAAC,GAAG,eAAe,EAAE,GAAG,cAAc,CAAC,CAAC;IAC5D,MAAM,iBAAiB,GAAG,YAAY,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC;IAE1D,wBAAwB;IACxB,MAAM,aAAa,GAAG,eAAe,CAAC,CAAC,GAAG,iBAAiB,EAAE,GAAG,iBAAiB,CAAC,CAAC,CAAC;IAEpF,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC/B,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;IAC7D,CAAC;IAED,2DAA2D;IAC3D,IAAI,QAAQ,GAAG,IAAI,CAAC;IACpB,KAAK,IAAI,CAAC,GAAG,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;QACnD,MAAM,GAAG,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC;QAC7B,QAAQ;YACN,QAAQ,CAAC,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC,MAAM,CAAC;gBACjC,WAAW;gBACX,QAAQ,CAAC,SAAS,CAAC,GAAG,CAAC,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC;IAChD,CAAC;IAED,OAAO;QACL,QAAQ;QACR,YAAY,EAAE,aAAa,CAAC,MAAM;QAClC,UAAU,EAAE,aAAa;KAC1B,CAAC;AACJ,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,eAAe,CAC7B,SAAiB,EACjB,UAAqB;IAErB,MAAM,MAAM,GAAG,UAAU,IAAI,iBAAiB,CAAC;IAC/C,MAAM,KAAK,GAAG,SAAS,CAAC,WAAW,EAAE,CAAC;IAEtC,KAAK,MAAM,IAAI,IAAI,MAAM,EAAE,CAAC;QAC1B,MAAM,SAAS,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;QACrC,IAAI,KAAK,KAAK,SAAS;YAAE,OAAO,IAAI,CAAC;QACrC,IAAI,KAAK,CAAC,QAAQ,CAAC,SAAS,CAAC;YAAE,OAAO,IAAI,CAAC;IAC7C,CAAC;IAED,iDAAiD;IACjD,IAAI,KAAK,KAAK,MAAM,IAAI,KAAK,KAAK,cAAc;QAAE,OAAO,IAAI,CAAC;IAE9D,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,UAAU,YAAY,CAC1B,GAAY,EACZ,SAA0B,EAAE;IAE5B,IAAI,GAAG,KAAK,IAAI,IAAI,GAAG,KAAK,SAAS;QAAE,OAAO,GAAG,CAAC;IAElD,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;QAC5B,OAAO,aAAa,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC,QAAQ,CAAC;IAC7C,CAAC;IAED,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QACvB,OAAO,GAAG,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,YAAY,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,CAAC;IACvD,CAAC;IAED,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;QAC5B,MAAM,MAAM,GAA4B,EAAE,CAAC;QAC3C,MAAM,UAAU,GAAG,MAAM,CAAC,UAAU,IAAI,iBAAiB,CAAC;QAE1D,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAA8B,CAAC,EAAE,CAAC;YAC1E,IAAI,eAAe,CAAC,GAAG,EAAE,UAAU,CAAC,EAAE,CAAC;gBACrC,MAAM,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;YACtB,CAAC;iBAAM,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;gBACrC,yCAAyC;gBACzC,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,aAAa,CAAC,IAAI,KAAK,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC;oBAClG,MAAM,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;gBACtB,CAAC;qBAAM,CAAC;oBACN,MAAM,CAAC,GAAG,CAAC,GAAG,aAAa,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC,QAAQ,CAAC;gBACtD,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,MAAM,CAAC,GAAG,CAAC,GAAG,YAAY,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;YAC5C,CAAC;QACH,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,OAAO,GAAG,CAAC;AACb,CAAC"}

package/dist/sync/index.d.ts

@@ -0,0 +1,3 @@
+export { generateId, generateIdAt, extractTimestamp } from "./ulid.js";
+export { type VectorClock, createClock, tick, merge, compare, serialize, deserialize, } from "./vclock.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/sync/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/sync/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,gBAAgB,EAAE,MAAM,WAAW,CAAC;AACvE,OAAO,EACL,KAAK,WAAW,EAChB,WAAW,EACX,IAAI,EACJ,KAAK,EACL,OAAO,EACP,SAAS,EACT,WAAW,GACZ,MAAM,aAAa,CAAC"}

package/dist/sync/index.js

@@ -0,0 +1,3 @@
+export { generateId, generateIdAt, extractTimestamp } from "./ulid.js";
+export { createClock, tick, merge, compare, serialize, deserialize, } from "./vclock.js";
+//# sourceMappingURL=index.js.map

package/dist/sync/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/sync/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,gBAAgB,EAAE,MAAM,WAAW,CAAC;AACvE,OAAO,EAEL,WAAW,EACX,IAAI,EACJ,KAAK,EACL,OAAO,EACP,SAAS,EACT,WAAW,GACZ,MAAM,aAAa,CAAC"}

package/dist/sync/ulid.d.ts

@@ -0,0 +1,15 @@
+/**
+ * ULID generation for globally unique, time-sortable identifiers.
+ *
+ * ULIDs are used as primary keys across all tables because:
+ * 1. They are time-sortable (first 48 bits = timestamp)
+ * 2. They are globally unique without coordination
+ * 3. They sort lexicographically = natural merge ordering for cloud sync
+ */
+/** Generate a new ULID (monotonic within same millisecond) */
+export declare function generateId(): string;
+/** Generate a ULID with a specific timestamp (for testing or import) */
+export declare function generateIdAt(timestamp: number): string;
+/** Extract the timestamp from a ULID */
+export declare function extractTimestamp(id: string): number;
+//# sourceMappingURL=ulid.d.ts.map

package/dist/sync/ulid.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ulid.d.ts","sourceRoot":"","sources":["../../src/sync/ulid.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAOH,8DAA8D;AAC9D,wBAAgB,UAAU,IAAI,MAAM,CAEnC;AAED,wEAAwE;AACxE,wBAAgB,YAAY,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM,CAEtD;AAED,wCAAwC;AACxC,wBAAgB,gBAAgB,CAAC,EAAE,EAAE,MAAM,GAAG,MAAM,CAWnD"}

package/dist/sync/ulid.js

@@ -0,0 +1,34 @@
+/**
+ * ULID generation for globally unique, time-sortable identifiers.
+ *
+ * ULIDs are used as primary keys across all tables because:
+ * 1. They are time-sortable (first 48 bits = timestamp)
+ * 2. They are globally unique without coordination
+ * 3. They sort lexicographically = natural merge ordering for cloud sync
+ */
+import { ulid, monotonicFactory } from "ulid";
+/** Monotonic factory ensures ULIDs created in the same ms are still ordered */
+const monotonic = monotonicFactory();
+/** Generate a new ULID (monotonic within same millisecond) */
+export function generateId() {
+    return monotonic();
+}
+/** Generate a ULID with a specific timestamp (for testing or import) */
+export function generateIdAt(timestamp) {
+    return ulid(timestamp);
+}
+/** Extract the timestamp from a ULID */
+export function extractTimestamp(id) {
+    // ULID encodes time in first 10 chars (Crockford Base32)
+    const ENCODING = "0123456789ABCDEFGHJKMNPQRSTVWXYZ";
+    let time = 0;
+    const chars = id.substring(0, 10).toUpperCase();
+    for (const char of chars) {
+        const idx = ENCODING.indexOf(char);
+        if (idx === -1)
+            throw new Error(`Invalid ULID character: ${char}`);
+        time = time * 32 + idx;
+    }
+    return time;
+}
+//# sourceMappingURL=ulid.js.map

package/dist/sync/ulid.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ulid.js","sourceRoot":"","sources":["../../src/sync/ulid.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,IAAI,EAAE,gBAAgB,EAAE,MAAM,MAAM,CAAC;AAE9C,+EAA+E;AAC/E,MAAM,SAAS,GAAG,gBAAgB,EAAE,CAAC;AAErC,8DAA8D;AAC9D,MAAM,UAAU,UAAU;IACxB,OAAO,SAAS,EAAE,CAAC;AACrB,CAAC;AAED,wEAAwE;AACxE,MAAM,UAAU,YAAY,CAAC,SAAiB;IAC5C,OAAO,IAAI,CAAC,SAAS,CAAC,CAAC;AACzB,CAAC;AAED,wCAAwC;AACxC,MAAM,UAAU,gBAAgB,CAAC,EAAU;IACzC,yDAAyD;IACzD,MAAM,QAAQ,GAAG,kCAAkC,CAAC;IACpD,IAAI,IAAI,GAAG,CAAC,CAAC;IACb,MAAM,KAAK,GAAG,EAAE,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;IAChD,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,GAAG,GAAG,QAAQ,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QACnC,IAAI,GAAG,KAAK,CAAC,CAAC;YAAE,MAAM,IAAI,KAAK,CAAC,2BAA2B,IAAI,EAAE,CAAC,CAAC;QACnE,IAAI,GAAG,IAAI,GAAG,EAAE,GAAG,GAAG,CAAC;IACzB,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC"}

package/dist/sync/vclock.d.ts

@@ -0,0 +1,33 @@
+/**
+ * Vector clock implementation for conflict detection.
+ *
+ * Each client maintains its own counter. When syncing to cloud:
+ * - If clock A dominates clock B → A is newer, no conflict
+ * - If neither dominates → concurrent edits, needs merge
+ *
+ * For ADIT's append-only events, conflicts are rare (two clients
+ * can't create the same ULID). Vector clocks primarily help with
+ * mutable records like sessions and plans.
+ */
+export interface VectorClock {
+    [clientId: string]: number;
+}
+/** Create a new vector clock with initial tick for this client */
+export declare function createClock(clientId: string): VectorClock;
+/** Increment this client's counter */
+export declare function tick(clock: VectorClock, clientId: string): VectorClock;
+/** Merge two clocks (take max of each client's counter) */
+export declare function merge(a: VectorClock, b: VectorClock): VectorClock;
+/**
+ * Compare two vector clocks.
+ * Returns:
+ *  -1 if a < b (a happened before b)
+ *   0 if concurrent (neither dominates)
+ *   1 if a > b (a happened after b)
+ */
+export declare function compare(a: VectorClock, b: VectorClock): -1 | 0 | 1;
+/** Serialize a vector clock to JSON string */
+export declare function serialize(clock: VectorClock): string;
+/** Deserialize a JSON string to vector clock */
+export declare function deserialize(json: string): VectorClock;
+//# sourceMappingURL=vclock.d.ts.map

package/dist/sync/vclock.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"vclock.d.ts","sourceRoot":"","sources":["../../src/sync/vclock.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,MAAM,WAAW,WAAW;IAC1B,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,CAAC;CAC5B;AAED,kEAAkE;AAClE,wBAAgB,WAAW,CAAC,QAAQ,EAAE,MAAM,GAAG,WAAW,CAEzD;AAED,sCAAsC;AACtC,wBAAgB,IAAI,CAAC,KAAK,EAAE,WAAW,EAAE,QAAQ,EAAE,MAAM,GAAG,WAAW,CAKtE;AAED,2DAA2D;AAC3D,wBAAgB,KAAK,CAAC,CAAC,EAAE,WAAW,EAAE,CAAC,EAAE,WAAW,GAAG,WAAW,CAMjE;AAED;;;;;;GAMG;AACH,wBAAgB,OAAO,CAAC,CAAC,EAAE,WAAW,EAAE,CAAC,EAAE,WAAW,GAAG,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAiBlE;AAED,8CAA8C;AAC9C,wBAAgB,SAAS,CAAC,KAAK,EAAE,WAAW,GAAG,MAAM,CAEpD;AAED,gDAAgD;AAChD,wBAAgB,WAAW,CAAC,IAAI,EAAE,MAAM,GAAG,WAAW,CAMrD"}

package/dist/sync/vclock.js

@@ -0,0 +1,69 @@
+/**
+ * Vector clock implementation for conflict detection.
+ *
+ * Each client maintains its own counter. When syncing to cloud:
+ * - If clock A dominates clock B → A is newer, no conflict
+ * - If neither dominates → concurrent edits, needs merge
+ *
+ * For ADIT's append-only events, conflicts are rare (two clients
+ * can't create the same ULID). Vector clocks primarily help with
+ * mutable records like sessions and plans.
+ */
+/** Create a new vector clock with initial tick for this client */
+export function createClock(clientId) {
+    return { [clientId]: 1 };
+}
+/** Increment this client's counter */
+export function tick(clock, clientId) {
+    return {
+        ...clock,
+        [clientId]: (clock[clientId] ?? 0) + 1,
+    };
+}
+/** Merge two clocks (take max of each client's counter) */
+export function merge(a, b) {
+    const result = { ...a };
+    for (const [client, count] of Object.entries(b)) {
+        result[client] = Math.max(result[client] ?? 0, count);
+    }
+    return result;
+}
+/**
+ * Compare two vector clocks.
+ * Returns:
+ *  -1 if a < b (a happened before b)
+ *   0 if concurrent (neither dominates)
+ *   1 if a > b (a happened after b)
+ */
+export function compare(a, b) {
+    const allClients = new Set([...Object.keys(a), ...Object.keys(b)]);
+    let aGreater = false;
+    let bGreater = false;
+    for (const client of allClients) {
+        const aVal = a[client] ?? 0;
+        const bVal = b[client] ?? 0;
+        if (aVal > bVal)
+            aGreater = true;
+        if (bVal > aVal)
+            bGreater = true;
+    }
+    if (aGreater && !bGreater)
+        return 1;
+    if (bGreater && !aGreater)
+        return -1;
+    return 0; // concurrent or equal
+}
+/** Serialize a vector clock to JSON string */
+export function serialize(clock) {
+    return JSON.stringify(clock);
+}
+/** Deserialize a JSON string to vector clock */
+export function deserialize(json) {
+    try {
+        return JSON.parse(json);
+    }
+    catch {
+        return {};
+    }
+}
+//# sourceMappingURL=vclock.js.map

package/dist/sync/vclock.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"vclock.js","sourceRoot":"","sources":["../../src/sync/vclock.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAMH,kEAAkE;AAClE,MAAM,UAAU,WAAW,CAAC,QAAgB;IAC1C,OAAO,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,EAAE,CAAC;AAC3B,CAAC;AAED,sCAAsC;AACtC,MAAM,UAAU,IAAI,CAAC,KAAkB,EAAE,QAAgB;IACvD,OAAO;QACL,GAAG,KAAK;QACR,CAAC,QAAQ,CAAC,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC;KACvC,CAAC;AACJ,CAAC;AAED,2DAA2D;AAC3D,MAAM,UAAU,KAAK,CAAC,CAAc,EAAE,CAAc;IAClD,MAAM,MAAM,GAAgB,EAAE,GAAG,CAAC,EAAE,CAAC;IACrC,KAAK,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC;QAChD,MAAM,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,CAAC,CAAC;IACxD,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,OAAO,CAAC,CAAc,EAAE,CAAc;IACpD,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAEnE,IAAI,QAAQ,GAAG,KAAK,CAAC;IACrB,IAAI,QAAQ,GAAG,KAAK,CAAC;IAErB,KAAK,MAAM,MAAM,IAAI,UAAU,EAAE,CAAC;QAChC,MAAM,IAAI,GAAG,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAC5B,MAAM,IAAI,GAAG,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAE5B,IAAI,IAAI,GAAG,IAAI;YAAE,QAAQ,GAAG,IAAI,CAAC;QACjC,IAAI,IAAI,GAAG,IAAI;YAAE,QAAQ,GAAG,IAAI,CAAC;IACnC,CAAC;IAED,IAAI,QAAQ,IAAI,CAAC,QAAQ;QAAE,OAAO,CAAC,CAAC;IACpC,IAAI,QAAQ,IAAI,CAAC,QAAQ;QAAE,OAAO,CAAC,CAAC,CAAC;IACrC,OAAO,CAAC,CAAC,CAAC,sBAAsB;AAClC,CAAC;AAED,8CAA8C;AAC9C,MAAM,UAAU,SAAS,CAAC,KAAkB;IAC1C,OAAO,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;AAC/B,CAAC;AAED,gDAAgD;AAChD,MAAM,UAAU,WAAW,CAAC,IAAY;IACtC,IAAI,CAAC;QACH,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC1B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC"}

package/dist/types/environment.d.ts

@@ -0,0 +1,53 @@
+/**
+ * Environment snapshot types.
+ *
+ * Captures the execution context at a point in time —
+ * not just code, but the world around it.
+ */
+export interface EnvSnapshot {
+    /** ULID */
+    id: string;
+    sessionId: string;
+    gitBranch: string;
+    gitHeadSha: string;
+    /** JSON array of modified file paths */
+    modifiedFiles: string | null;
+    /** Hash of the dependency lockfile */
+    depLockHash: string | null;
+    /** Which lockfile (package-lock.json, pnpm-lock.yaml, etc.) */
+    depLockPath: string | null;
+    /** Selected safe environment variables */
+    envVarsJson: string | null;
+    nodeVersion: string | null;
+    pythonVersion: string | null;
+    osInfo: string | null;
+    /** JSON: {inDocker: bool, image?: string} */
+    containerInfo: string | null;
+    /** JSON: {rust?, go?, java?, ruby?, ...} */
+    runtimeVersionsJson: string | null;
+    /** JSON: {shell, version} */
+    shellInfo: string | null;
+    /** JSON: {arch, cpuModel, totalMem, freeMem, diskFree?} */
+    systemResourcesJson: string | null;
+    /** JSON: {name, version, globalVersion?} */
+    packageManagerJson: string | null;
+    capturedAt: string;
+    /** Vector clock */
+    vclockJson: string;
+    /** Soft delete */
+    deletedAt: string | null;
+}
+/** Structured diff between two environment snapshots */
+export interface EnvDiff {
+    changes: EnvChange[];
+    severity: "none" | "info" | "warning" | "breaking";
+}
+/** A single field-level change in the environment */
+export interface EnvChange {
+    field: string;
+    category: "git" | "dependency" | "runtime" | "system";
+    oldValue: string | null;
+    newValue: string | null;
+    severity: "info" | "warning" | "breaking";
+}
+//# sourceMappingURL=environment.d.ts.map

package/dist/types/environment.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"environment.d.ts","sourceRoot":"","sources":["../../src/types/environment.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,MAAM,WAAW,WAAW;IAC1B,WAAW;IACX,EAAE,EAAE,MAAM,CAAC;IACX,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,wCAAwC;IACxC,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,sCAAsC;IACtC,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,+DAA+D;IAC/D,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,0CAA0C;IAC1C,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,6CAA6C;IAC7C,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,4CAA4C;IAC5C,mBAAmB,EAAE,MAAM,GAAG,IAAI,CAAC;IACnC,6BAA6B;IAC7B,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,2DAA2D;IAC3D,mBAAmB,EAAE,MAAM,GAAG,IAAI,CAAC;IACnC,4CAA4C;IAC5C,kBAAkB,EAAE,MAAM,GAAG,IAAI,CAAC;IAClC,UAAU,EAAE,MAAM,CAAC;IACnB,mBAAmB;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,kBAAkB;IAClB,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;CAC1B;AAED,wDAAwD;AACxD,MAAM,WAAW,OAAO;IACtB,OAAO,EAAE,SAAS,EAAE,CAAC;IACrB,QAAQ,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,GAAG,UAAU,CAAC;CACpD;AAED,qDAAqD;AACrD,MAAM,WAAW,SAAS;IACxB,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,KAAK,GAAG,YAAY,GAAG,SAAS,GAAG,QAAQ,CAAC;IACtD,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,QAAQ,EAAE,MAAM,GAAG,SAAS,GAAG,UAAU,CAAC;CAC3C"}

package/dist/types/environment.js

@@ -0,0 +1,8 @@
+/**
+ * Environment snapshot types.
+ *
+ * Captures the execution context at a point in time —
+ * not just code, but the world around it.
+ */
+export {};
+//# sourceMappingURL=environment.js.map

package/dist/types/environment.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"environment.js","sourceRoot":"","sources":["../../src/types/environment.ts"],"names":[],"mappings":"AAAA;;;;;GAKG"}