@vellumai/assistant 0.7.0 → 0.7.2

package/src/runtime/migrations/vbundle-validator.ts

@@ -5,7 +5,6 @@
  * - manifest.json: metadata with schema_version, checksums, and bundle info
  * - workspace/: the entire workspace directory tree (new format), OR
  *   data/db/assistant.db + config/settings.json (old format)
- * - trust/trust.json: trust rules (optional)
  *
  * Validation steps:
  * 1. Archive structure: valid gzip tar with required entries
@@ -14,32 +13,181 @@
  * 4. Per-file content integrity: SHA-256 of each file matches manifest checksums
  */
 
-import { createHash } from "node:crypto";
+import { createHash, randomUUID } from "node:crypto";
+import { posix } from "node:path";
 import { gunzipSync } from "node:zlib";
 
 import { z } from "zod";
 
 // ---------------------------------------------------------------------------
-// Manifest schema
+// Manifest schema (v1)
 // ---------------------------------------------------------------------------
 
 const ManifestFileEntry = z.object({
+  path: z.string().min(1),
+  sha256: z.string().regex(/^[0-9a-f]{64}$/),
+  size_bytes: z.number().int().nonnegative(),
+  link_target: z.string().min(1).optional(),
+});
+
+const AssistantInfo = z.object({
+  id: z.string().min(1),
+  name: z.string().min(1),
+  runtime_version: z.string().min(1),
+});
+
+const Origin = z.object({
+  mode: z.enum(["managed", "self-hosted-remote", "self-hosted-local"]),
+  platform_version: z.string().optional(),
+  hostname: z.string().optional(),
+});
+
+const Compatibility = z.object({
+  min_runtime_version: z.string().min(1),
+  max_runtime_version: z.string().nullable(),
+});
+
+const ExportOptions = z.object({
+  include_logs: z.boolean(),
+  include_browser_state: z.boolean(),
+  include_memory_vectors: z.boolean(),
+});
+
+export const ManifestSchema = z
+  .object({
+    schema_version: z.literal(1),
+    bundle_id: z.string().uuid(),
+    created_at: z.string().datetime({ offset: true }),
+    assistant: AssistantInfo,
+    origin: Origin,
+    compatibility: Compatibility,
+    contents: z.array(ManifestFileEntry),
+    checksum: z.string().regex(/^[0-9a-f]{64}$/),
+    secrets_redacted: z.boolean(),
+    export_options: ExportOptions,
+  })
+  .refine((m) => m.origin.mode !== "managed" || m.secrets_redacted === true, {
+    message: "secrets_redacted must be true when origin.mode is 'managed'",
+    path: ["secrets_redacted"],
+  })
+  .refine(
+    (m) =>
+      m.contents.some(
+        (f) =>
+          f.path === "data/db/assistant.db" ||
+          f.path === "workspace/data/db/assistant.db",
+      ),
+    {
+      message:
+        "contents must include an entry for data/db/assistant.db (legacy format) or workspace/data/db/assistant.db (current format)",
+      path: ["contents"],
+    },
+  );
+
+export type ManifestFileEntryType = z.infer<typeof ManifestFileEntry>;
+export type ManifestType = z.infer<typeof ManifestSchema>;
+
+// ---------------------------------------------------------------------------
+// Legacy manifest schema (pre-v1, six-field shape)
+// ---------------------------------------------------------------------------
+//
+// Older runtime versions wrote a six-field manifest with `schema_version: "1.0"`,
+// `files`, `size` (per-entry), and a self-referencing `manifest_sha256` field.
+// Existing on-disk artifacts produced by those versions — backup snapshots,
+// cross-version migration bundles — must keep validating after upgrade,
+// per AGENTS.md "no silent breaks of persisted state".
+//
+// We accept legacy bundles via a fallback parse + translator so the rest of
+// the validation pipeline (per-file hash + size verification) only ever sees
+// the v1 shape.
+
+const LegacyManifestFileEntry = z.object({
   path: z.string(),
   sha256: z.string(),
   size: z.number().int().nonnegative(),
 });
 
-export const ManifestSchema = z.object({
+export const LegacyManifestSchema = z.object({
   schema_version: z.string(),
   created_at: z.string(),
   source: z.string().optional(),
   description: z.string().optional(),
-  files: z.array(ManifestFileEntry),
+  files: z.array(LegacyManifestFileEntry),
   manifest_sha256: z.string(),
 });
 
-export type ManifestFileEntryType = z.infer<typeof ManifestFileEntry>;
-export type ManifestType = z.infer<typeof ManifestSchema>;
+export type LegacyManifestType = z.infer<typeof LegacyManifestSchema>;
+
+/**
+ * Recompute the legacy `manifest_sha256` field — strips the field entirely
+ * (rather than emptying it) before canonicalizing, matching the pre-v1
+ * producer behavior. Required so legacy bundles whose checksum was computed
+ * the old way still verify after upgrade.
+ */
+export function computeLegacyManifestSha256(manifest: unknown): string {
+  const copy = { ...(manifest as Record<string, unknown>) };
+  delete copy.manifest_sha256;
+  return sha256Hex(canonicalizeJson(copy));
+}
+
+/**
+ * Coerce a legacy ISO-ish `created_at` into the v1 datetime regex shape.
+ * Pre-v1 producers always wrote `new Date().toISOString()`, which already
+ * has the `Z` suffix the v1 regex requires; this helper is defensive against
+ * any historical producer that omitted the offset/`Z`.
+ */
+function coerceLegacyCreatedAt(raw: string): string {
+  // If the string already parses as a Date, keep it as the canonical ISO form.
+  const parsed = new Date(raw);
+  if (!Number.isNaN(parsed.getTime())) {
+    // `toISOString()` always emits the `...Z` form the v1 regex accepts.
+    return parsed.toISOString();
+  }
+  return raw;
+}
+
+/**
+ * Translate a parsed legacy manifest into a v1 `ManifestType` so the rest of
+ * the validator pipeline can operate on a uniform shape.
+ *
+ * Legacy bundles never carried assistant identity, origin, compatibility, or
+ * export-option signals; we substitute conservative placeholders that satisfy
+ * the v1 schema's `.refine()` rules without misrepresenting the source bundle.
+ */
+export function translateLegacyManifest(
+  legacy: LegacyManifestType,
+): ManifestType {
+  return {
+    schema_version: 1,
+    bundle_id: randomUUID(),
+    created_at: coerceLegacyCreatedAt(legacy.created_at),
+    assistant: {
+      id: "self",
+      name: "Assistant",
+      runtime_version: "0.0.0-legacy",
+    },
+    // Legacy bundles came from the local self-hosted exporter; the
+    // conservative default is "self-hosted-local" so the v1 managed/secrets
+    // refine never trips on a translated legacy bundle.
+    origin: { mode: "self-hosted-local" },
+    compatibility: {
+      min_runtime_version: "0.0.0-legacy",
+      max_runtime_version: null,
+    },
+    contents: legacy.files.map((f) => ({
+      path: f.path,
+      sha256: f.sha256,
+      size_bytes: f.size,
+    })),
+    checksum: legacy.manifest_sha256,
+    secrets_redacted: false,
+    export_options: {
+      include_logs: false,
+      include_browser_state: false,
+      include_memory_vectors: false,
+    },
+  };
+}
 
 // ---------------------------------------------------------------------------
 // Validation result types
@@ -55,6 +203,9 @@ export interface VBundleTarEntry {
   name: string;
   data: Uint8Array;
   size: number;
+  /** Set when the tar entry is typeflag-2 (symlink); carries the link target
+   *  decoded from the ustar linkname field. */
+  linkname?: string;
 }
 
 export interface VBundleValidationResult {
@@ -74,6 +225,9 @@ interface TarEntry {
   name: string;
   data: Uint8Array;
   size: number;
+  /** Set when the tar entry is typeflag-2 (symlink); carries the link target
+   *  decoded from the ustar linkname field. */
+  linkname?: string;
 }
 
 /**
@@ -136,6 +290,25 @@ function parseTar(buffer: Uint8Array): TarEntry[] {
       continue;
     }
 
+    // Symlink (type '2') — empty body regardless of declared size; the link
+    // target lives in the ustar linkname field (157..256). We preserve the
+    // tar-declared `size` here (rather than forcing it to 0) so the
+    // downstream `archiveEntry.size !== 0` check can surface
+    // `FILE_SIZE_MISMATCH` on malformed symlink headers. The body itself is
+    // always an empty buffer — symlinks have no data body even if the
+    // header lies about it.
+    if (typeFlag === "2") {
+      const linkname = decodeNullTerminated(header, 157, 100);
+      entries.push({
+        name: normalizePath(name),
+        data: new Uint8Array(0),
+        size,
+        linkname,
+      });
+      offset = dataStart + dataBlocks * BLOCK_SIZE;
+      continue;
+    }
+
     // Regular file or hard link
     if (typeFlag === "0" || typeFlag === "\0" || typeFlag === "") {
       entries.push({ name: normalizePath(name), data, size });
@@ -190,14 +363,16 @@ export function canonicalizeJson(obj: unknown): string {
 }
 
 /**
- * Recompute the `manifest_sha256` field for a manifest object. Strips the
- * `manifest_sha256` property, canonicalizes the remaining JSON, and returns
- * the SHA-256 hex digest. Centralized here so the streaming validator and
- * the in-memory validator agree on the exact canonicalization.
+ * Recompute the `checksum` field for a manifest object.
+ *
+ * The v1 schema spec says the checksum is computed over the canonicalized
+ * manifest with the `checksum` field set to the empty string (not absent),
+ * so we replace it before canonicalizing — both producers and validators
+ * must agree on this exact wire shape. Centralized here so the streaming
+ * validator and the in-memory validator agree on the exact canonicalization.
  */
-export function computeManifestSha256(manifest: unknown): string {
-  const copy = { ...(manifest as Record<string, unknown>) };
-  delete copy.manifest_sha256;
+export function computeManifestChecksum(manifest: unknown): string {
+  const copy = { ...(manifest as Record<string, unknown>), checksum: "" };
   return sha256Hex(canonicalizeJson(copy));
 }
 
@@ -218,7 +393,7 @@ const MAX_DECOMPRESSED_SIZE = 2 * 1024 * 1024 * 1024;
  * Performs four validation passes:
  * 1. Archive structure (gzip decompression, tar parsing, required entries)
  * 2. Manifest schema (Zod validation of manifest.json)
- * 3. Manifest checksum (SHA-256 of canonicalized JSON without manifest_sha256)
+ * 3. Manifest checksum (SHA-256 of canonicalized JSON with the `checksum` field set to empty string)
  * 4. Per-file content integrity (SHA-256 of each file vs manifest declaration)
  */
 export function validateVBundle(data: Uint8Array): VBundleValidationResult {
@@ -293,39 +468,64 @@ export function validateVBundle(data: Uint8Array): VBundleValidationResult {
     return { is_valid: false, errors };
   }
 
+  // Try the v1 schema first. If that fails, fall back to the legacy six-field
+  // shape so existing on-disk bundles (backup snapshots, cross-version
+  // migrations) keep validating after upgrade. AGENTS.md prohibits silent
+  // breaks of persisted state.
   const parseResult = ManifestSchema.safeParse(manifestRaw);
-  if (!parseResult.success) {
-    for (const issue of parseResult.error.issues) {
+  let manifest: ManifestType;
+
+  if (parseResult.success) {
+    manifest = parseResult.data;
+
+    // Step 5 (v1): Verify manifest checksum — SHA-256 of canonicalized JSON
+    // with the `checksum` field replaced by an empty string.
+    const computedChecksum = computeManifestChecksum(manifestRaw);
+    if (computedChecksum !== manifest.checksum) {
       errors.push({
-        code: "MANIFEST_SCHEMA_ERROR",
-        message: `Manifest validation error at ${issue.path.join(".")}: ${
-          issue.message
-        }`,
-        path: `manifest.json/${issue.path.join(".")}`,
+        code: "MANIFEST_CHECKSUM_MISMATCH",
+        message: `Manifest checksum mismatch: expected ${manifest.checksum}, computed ${computedChecksum}`,
+        path: "manifest.json",
       });
     }
-    return { is_valid: false, errors };
-  }
-
-  const manifest = parseResult.data;
+  } else {
+    const legacyParse = LegacyManifestSchema.safeParse(manifestRaw);
+    if (!legacyParse.success) {
+      // Truly malformed — surface the v1 error for the clearer error trail.
+      for (const issue of parseResult.error.issues) {
+        errors.push({
+          code: "MANIFEST_SCHEMA_ERROR",
+          message: `Manifest validation error at ${issue.path.join(".")}: ${
+            issue.message
+          }`,
+          path: `manifest.json/${issue.path.join(".")}`,
+        });
+      }
+      return { is_valid: false, errors };
+    }
 
-  // Step 5: Verify manifest checksum
-  // The manifest_sha256 field is the SHA-256 of the canonicalized JSON
-  // with the manifest_sha256 field itself excluded.
-  const computedManifestSha256 = computeManifestSha256(manifestRaw);
+    // Step 5 (legacy): Verify the legacy `manifest_sha256` using the OLD
+    // canonicalization (strip the field entirely; do NOT replace with "").
+    const legacy = legacyParse.data;
+    const computedLegacyChecksum = computeLegacyManifestSha256(manifestRaw);
+    if (computedLegacyChecksum !== legacy.manifest_sha256) {
+      errors.push({
+        code: "MANIFEST_CHECKSUM_MISMATCH",
+        message: `Manifest checksum mismatch: expected ${legacy.manifest_sha256}, computed ${computedLegacyChecksum}`,
+        path: "manifest.json",
+      });
+      return { is_valid: false, errors };
+    }
 
-  if (computedManifestSha256 !== manifest.manifest_sha256) {
-    errors.push({
-      code: "MANIFEST_CHECKSUM_MISMATCH",
-      message: `Manifest checksum mismatch: expected ${manifest.manifest_sha256}, computed ${computedManifestSha256}`,
-      path: "manifest.json",
-    });
+    // Translate to v1 so the rest of the pipeline (per-file hash + size
+    // verification, refine rules) sees a uniform shape.
+    manifest = translateLegacyManifest(legacy);
   }
 
   // Step 6: Verify per-file content integrity
-  const manifestFilePaths = new Set(manifest.files.map((f) => f.path));
+  const manifestFilePaths = new Set(manifest.contents.map((f) => f.path));
 
-  for (const fileEntry of manifest.files) {
+  for (const fileEntry of manifest.contents) {
     const archiveEntry = entryMap.get(fileEntry.path);
     if (!archiveEntry) {
       errors.push({
@@ -336,11 +536,98 @@ export function validateVBundle(data: Uint8Array): VBundleValidationResult {
       continue;
     }
 
+    if (fileEntry.link_target !== undefined) {
+      // Symlink branch: typeflag agreement, linkname agreement, sha over the
+      // link target string, size==0 on both sides, and path-traversal rejection.
+      if (archiveEntry.linkname === undefined) {
+        errors.push({
+          code: "SYMLINK_TYPEFLAG_MISMATCH",
+          message: `Manifest declares symlink for ${fileEntry.path} but tar entry is not typeflag-2`,
+          path: fileEntry.path,
+        });
+        continue;
+      }
+
+      if (archiveEntry.linkname !== fileEntry.link_target) {
+        errors.push({
+          code: "LINK_TARGET_MISMATCH",
+          message: `Symlink linkname mismatch for ${fileEntry.path}: manifest declares "${fileEntry.link_target}", tar carries "${archiveEntry.linkname}"`,
+          path: fileEntry.path,
+        });
+        continue;
+      }
+
+      if (archiveEntry.size !== 0) {
+        errors.push({
+          code: "FILE_SIZE_MISMATCH",
+          message: `Size mismatch for ${fileEntry.path}: manifest declares ${fileEntry.size_bytes} bytes, archive has ${archiveEntry.size} bytes`,
+          path: fileEntry.path,
+        });
+      }
+
+      if (fileEntry.size_bytes !== 0) {
+        errors.push({
+          code: "FILE_SIZE_MISMATCH",
+          message: `Size mismatch for ${fileEntry.path}: manifest declares ${fileEntry.size_bytes} bytes, archive has ${archiveEntry.size} bytes`,
+          path: fileEntry.path,
+        });
+      }
+
+      const expected = sha256Hex(fileEntry.link_target);
+      if (expected !== fileEntry.sha256) {
+        errors.push({
+          code: "FILE_CHECKSUM_MISMATCH",
+          message: `Checksum mismatch for ${fileEntry.path}: expected ${fileEntry.sha256}, computed ${expected}`,
+          path: fileEntry.path,
+        });
+      }
+
+      // Absolute POSIX targets are unconstrained by the bundle root — reject
+      // them up front. The `posix.normalize` guard below only catches
+      // `..`-based escapes; an absolute path like `/etc/passwd` survives
+      // normalization unchanged and would otherwise pass.
+      if (fileEntry.link_target.startsWith("/")) {
+        errors.push({
+          code: "SYMLINK_TARGET_ESCAPES_ARCHIVE",
+          message: `Symlink target is absolute, which escapes the archive root for ${fileEntry.path}: target=${fileEntry.link_target}`,
+          path: fileEntry.path,
+        });
+      } else {
+        const normalized = posix.normalize(
+          posix.join(posix.dirname(fileEntry.path), fileEntry.link_target),
+        );
+        // Defense-in-depth: also reject if the joined+normalized path is
+        // absolute, in case `dirname` ever resolves to an absolute root.
+        if (
+          normalized.startsWith("../") ||
+          normalized === ".." ||
+          normalized.startsWith("/")
+        ) {
+          errors.push({
+            code: "SYMLINK_TARGET_ESCAPES_ARCHIVE",
+            message: `Symlink target escapes archive root for ${fileEntry.path}: target=${fileEntry.link_target}, normalized=${normalized}`,
+            path: fileEntry.path,
+          });
+        }
+      }
+      continue;
+    }
+
+    if (archiveEntry.linkname !== undefined) {
+      // Tar carries a typeflag-2 entry but manifest declares a regular file.
+      errors.push({
+        code: "SYMLINK_NOT_DECLARED",
+        message: `Tar entry ${fileEntry.path} is typeflag-2 but manifest does not declare link_target`,
+        path: fileEntry.path,
+      });
+      continue;
+    }
+
     // Verify size
-    if (archiveEntry.size !== fileEntry.size) {
+    if (archiveEntry.size !== fileEntry.size_bytes) {
       errors.push({
         code: "FILE_SIZE_MISMATCH",
-        message: `Size mismatch for ${fileEntry.path}: manifest declares ${fileEntry.size} bytes, archive has ${archiveEntry.size} bytes`,
+        message: `Size mismatch for ${fileEntry.path}: manifest declares ${fileEntry.size_bytes} bytes, archive has ${archiveEntry.size} bytes`,
         path: fileEntry.path,
       });
     }
@@ -364,7 +651,7 @@ export function validateVBundle(data: Uint8Array): VBundleValidationResult {
     if (!manifestFilePaths.has(required)) {
       errors.push({
         code: "REQUIRED_FILE_NOT_IN_MANIFEST",
-        message: `Required file ${required} exists in archive but has no checksum entry in manifest.files`,
+        message: `Required file ${required} exists in archive but has no checksum entry in manifest.contents`,
         path: required,
       });
     }

package/src/runtime/pending-interactions.ts

@@ -3,18 +3,22 @@
  * confirmation, secret, host_bash, host_file, host_cu, host_browser, and
  * host_transfer interactions.
  *
- * When the agent loop emits a confirmation_request, secret_request,
- * host_bash_request, host_file_request, host_cu_request,
- * host_browser_request, or host_transfer_request, the onEvent callback
- * registers the interaction here.
+ * For confirmation_request and secret_request, the onEvent callback in
+ * assistant-event-hub registers the interaction here.
+ *
+ * For host proxy interactions (host_bash, host_file, host_cu, host_browser,
+ * host_transfer), the proxy itself registers with full RPC lifecycle state
+ * (resolve/reject callbacks, timer, abort detach). This eliminates the
+ * per-proxy `private pending` maps — all pending state lives here.
+ *
  * Standalone HTTP endpoints (/v1/confirm, /v1/secret, /v1/trust-rules,
  * /v1/host-bash-result, /v1/host-file-result, /v1/host-cu-result,
  * /v1/host-browser-result) look up the conversation from this tracker to
  * resolve the interaction.
  */
 
-import type { Conversation } from "../daemon/conversation.js";
 import type { UserDecision } from "../permissions/types.js";
+import type { ToolExecutionResult } from "../tools/types.js";
 
 export interface ConfirmationDetails {
   toolName: string;
@@ -39,7 +43,6 @@ export interface ConfirmationDetails {
 }
 
 export interface PendingInteraction {
-  conversation: Conversation | null;
   conversationId: string;
   kind:
     | "confirmation"
@@ -48,11 +51,27 @@ export interface PendingInteraction {
     | "host_file"
     | "host_cu"
     | "host_browser"
+    | "host_app_control"
     | "host_transfer"
     | "acp_confirmation";
   confirmationDetails?: ConfirmationDetails;
   /** For ACP permissions: resolves directly without a Conversation object. */
   directResolve?: (decision: UserDecision) => void;
+  /** When set, the host_bash request should be routed to this specific client. */
+  targetClientId?: string;
+
+  // -- RPC lifecycle (populated by host proxies) --
+
+  /** Resolve the caller's Promise with a tool execution result. */
+  rpcResolve?: (result: ToolExecutionResult) => void;
+  /** Reject the caller's Promise with an error. */
+  rpcReject?: (err: Error) => void;
+  /** Proxy-side timeout timer. Cleared on resolve/abort/dispose. */
+  timer?: ReturnType<typeof setTimeout>;
+  /** Detach the abort listener from the caller's signal. No-op when no signal was passed. */
+  detachAbort?: () => void;
+  /** Proxy-specific metadata (e.g. timeoutSec for bash, operation/path for file). */
+  metadata?: Record<string, unknown>;
 }
 
 const pending = new Map<string, PendingInteraction>();
@@ -66,12 +85,15 @@ export function register(
 
 /**
  * Remove and return the pending interaction for the given requestId.
+ * Auto-clears the proxy timer and detaches the abort listener if present.
  * Returns undefined if no interaction is registered.
  */
 export function resolve(requestId: string): PendingInteraction | undefined {
   const interaction = pending.get(requestId);
   if (interaction) {
     pending.delete(requestId);
+    if (interaction.timer != null) clearTimeout(interaction.timer);
+    interaction.detachAbort?.();
   }
   return interaction;
 }
@@ -104,22 +126,24 @@ export function getByConversation(
  * Remove pending confirmation and secret interactions for a given conversation.
  * Used when auto-denying all pending interactions (e.g. new user message).
  *
- * host_bash, host_file, host_cu, host_browser, and host_transfer interactions
- * are intentionally skipped — they represent in-flight tool executions proxied
- * to the client, not confirmations to auto-deny. Removing them would orphan
- * the request: the client would POST to /v1/host-bash-result,
- * /v1/host-file-result, /v1/host-cu-result, /v1/host-browser-result, or
+ * host_bash, host_file, host_cu, host_browser, host_app_control, and
+ * host_transfer interactions are intentionally skipped — they represent
+ * in-flight tool executions proxied to the client, not confirmations to
+ * auto-deny. Removing them would orphan the request: the client would POST to
+ * /v1/host-bash-result, /v1/host-file-result, /v1/host-cu-result,
+ * /v1/host-browser-result, /v1/host-app-control-result, or
  * /v1/host-transfer-result after completing the operation, get a 404, and the
  * proxy timer would fire with a spurious timeout error.
  */
-export function removeByConversation(conversation: Conversation): void {
+export function removeByConversation(conversationId: string): void {
   for (const [requestId, interaction] of pending) {
     if (
-      interaction.conversation === conversation &&
+      interaction.conversationId === conversationId &&
       interaction.kind !== "host_bash" &&
       interaction.kind !== "host_file" &&
       interaction.kind !== "host_cu" &&
       interaction.kind !== "host_browser" &&
+      interaction.kind !== "host_app_control" &&
       interaction.kind !== "host_transfer" &&
       interaction.kind !== "acp_confirmation"
     ) {
@@ -143,6 +167,17 @@ export function getByKind(
   return results;
 }
 
+/**
+ * Return all pending interactions across all conversations.
+ */
+export function getAll(): Array<{ requestId: string } & PendingInteraction> {
+  const results: Array<{ requestId: string } & PendingInteraction> = [];
+  for (const [requestId, interaction] of pending) {
+    results.push({ requestId, ...interaction });
+  }
+  return results;
+}
+
 /** Clear all pending interactions. Useful for testing. */
 export function clear(): void {
   pending.clear();

package/src/runtime/routes/__tests__/acp-routes.test.ts

@@ -41,7 +41,6 @@ mock.module("../../../acp/index.js", () => ({
   getAcpSessionManager: () => ({
     getStatus: () => fakeInMemorySessions,
   }),
-  broadcastToAllClients: null,
 }));
 
 import { getSqlite } from "../../../memory/db-connection.js";