@wastedcode/memex 0.1.0

package/dist/cli/commands/status.js

@@ -0,0 +1,66 @@
+import { Command } from 'commander';
+import { MemexClient } from '../client.js';
+export const statusCommand = new Command('status')
+    .description('Check job status for a wiki')
+    .argument('<wikiId>', 'Target wiki')
+    .argument('[jobId]', 'Specific job ID (omit to list recent jobs)')
+    .action(async (wikiId, jobId) => {
+    const client = new MemexClient();
+    if (jobId) {
+        // Show single job
+        const resp = await client.getJob(wikiId, parseInt(jobId, 10));
+        if (!resp.ok) {
+            console.error(`Error: ${resp.error}`);
+            process.exit(1);
+        }
+        const job = resp.data;
+        console.log(`Job #${job.id}`);
+        console.log(`  Type:      ${job.type}`);
+        console.log(`  Status:    ${job.status}`);
+        console.log(`  Created:   ${job.created_at}`);
+        if (job.started_at)
+            console.log(`  Started:   ${job.started_at}`);
+        if (job.completed_at)
+            console.log(`  Completed: ${job.completed_at}`);
+        if (job.result) {
+            try {
+                const parsed = JSON.parse(job.result);
+                if (parsed.output) {
+                    console.log(`\nOutput:\n${parsed.output}`);
+                }
+                if (parsed.error) {
+                    console.log(`\nError:\n${parsed.error}`);
+                }
+                if (parsed.duration_ms) {
+                    console.log(`\nDuration: ${parsed.duration_ms}ms`);
+                }
+            }
+            catch {
+                console.log(`\nResult: ${job.result}`);
+            }
+        }
+    }
+    else {
+        // List recent jobs
+        const resp = await client.listJobs(wikiId);
+        if (!resp.ok) {
+            console.error(`Error: ${resp.error}`);
+            process.exit(1);
+        }
+        const jobs = (resp.data ?? []);
+        if (jobs.length === 0) {
+            console.log(`No jobs for wiki '${wikiId}'.`);
+            return;
+        }
+        const header = padRow('ID', 'TYPE', 'STATUS', 'CREATED');
+        console.log(header);
+        console.log('-'.repeat(header.length));
+        for (const job of jobs) {
+            console.log(padRow(String(job.id), job.type, job.status, job.created_at));
+        }
+    }
+});
+function padRow(id, type, status, created) {
+    return `${id.padEnd(8)} ${type.padEnd(10)} ${status.padEnd(12)} ${created}`;
+}
+//# sourceMappingURL=status.js.map

package/dist/cli/commands/status.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"status.js","sourceRoot":"","sources":["../../../src/cli/commands/status.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAG3C,MAAM,CAAC,MAAM,aAAa,GAAG,IAAI,OAAO,CAAC,QAAQ,CAAC;KAC/C,WAAW,CAAC,6BAA6B,CAAC;KAC1C,QAAQ,CAAC,UAAU,EAAE,aAAa,CAAC;KACnC,QAAQ,CAAC,SAAS,EAAE,4CAA4C,CAAC;KACjE,MAAM,CAAC,KAAK,EAAE,MAAc,EAAE,KAAc,EAAE,EAAE;IAC/C,MAAM,MAAM,GAAG,IAAI,WAAW,EAAE,CAAC;IAEjC,IAAI,KAAK,EAAE,CAAC;QACV,kBAAkB;QAClB,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,EAAE,QAAQ,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,CAAC;QAC9D,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC;YACb,OAAO,CAAC,KAAK,CAAC,UAAU,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC;YACtC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,MAAM,GAAG,GAAG,IAAI,CAAC,IAAgB,CAAC;QAClC,OAAO,CAAC,GAAG,CAAC,QAAQ,GAAG,CAAC,EAAE,EAAE,CAAC,CAAC;QAC9B,OAAO,CAAC,GAAG,CAAC,gBAAgB,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;QACxC,OAAO,CAAC,GAAG,CAAC,gBAAgB,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;QAC1C,OAAO,CAAC,GAAG,CAAC,gBAAgB,GAAG,CAAC,UAAU,EAAE,CAAC,CAAC;QAC9C,IAAI,GAAG,CAAC,UAAU;YAAE,OAAO,CAAC,GAAG,CAAC,gBAAgB,GAAG,CAAC,UAAU,EAAE,CAAC,CAAC;QAClE,IAAI,GAAG,CAAC,YAAY;YAAE,OAAO,CAAC,GAAG,CAAC,gBAAgB,GAAG,CAAC,YAAY,EAAE,CAAC,CAAC;QAEtE,IAAI,GAAG,CAAC,MAAM,EAAE,CAAC;YACf,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;gBACtC,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;oBAClB,OAAO,CAAC,GAAG,CAAC,cAAc,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;gBAC7C,CAAC;gBACD,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;oBACjB,OAAO,CAAC,GAAG,CAAC,aAAa,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC;gBAC3C,CAAC;gBACD,IAAI,MAAM,CAAC,WAAW,EAAE,CAAC;oBACvB,OAAO,CAAC,GAAG,CAAC,eAAe,MAAM,CAAC,WAAW,IAAI,CAAC,CAAC;gBACrD,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,CAAC,GAAG,CAAC,aAAa,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;YACzC,CAAC;QACH,CAAC;IACH,CAAC;SAAM,CAAC;QACN,mBAAmB;QACnB,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QAC3C,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC;YACb,OAAO,CAAC,KAAK,CAAC,UAAU,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC;YACtC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,MAAM,IAAI,GAAG,CAAC,IAAI,CAAC,IAAI,IAAI,EAAE,CAAe,CAAC;QAC7C,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACtB,OAAO,CAAC,GAAG,CAAC,qBAAqB,MAAM,IAAI,CAAC,CAAC;YAC7C,OAAO;QACT,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAC;QACzD,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACpB,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC;QAEvC,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;YACvB,OAAO,CAAC,GAAG,CAAC,MAAM,CAChB,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,EACd,GAAG,CAAC,IAAI,EACR,GAAG,CAAC,MAAM,EACV,GAAG,CAAC,UAAU,CACf,CAAC,CAAC;QACL,CAAC;IACH,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,SAAS,MAAM,CAAC,EAAU,EAAE,IAAY,EAAE,MAAc,EAAE,OAAe;IACvE,OAAO,GAAG,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,OAAO,EAAE,CAAC;AAC9E,CAAC"}

package/dist/daemon/auth.d.ts

@@ -0,0 +1,31 @@
+export declare class AuthManager {
+    private wikisDir;
+    private globalApiKey?;
+    constructor(wikisDir?: string, globalApiKey?: string | undefined);
+    /**
+     * Resolve credentials for a wiki, returning environment variables
+     * to set on the claude child process.
+     *
+     * Priority:
+     *   1. Per-wiki API key file (.claude/api-key)
+     *   2. Per-wiki OAuth credentials (.claude/.credentials.json exists)
+     *   3. Global ANTHROPIC_API_KEY from daemon environment
+     */
+    resolveCredentials(wikiId: string): Record<string, string>;
+    /**
+     * Store an API key for a wiki.
+     */
+    setApiKey(wikiId: string, key: string): void;
+    /**
+     * Get the CLAUDE_CONFIG_DIR path for a wiki.
+     */
+    configDir(wikiId: string): string;
+    /**
+     * Store OAuth credentials for a wiki by copying .credentials.json content.
+     */
+    setCredentials(wikiId: string, credentialsJson: string): void;
+    /**
+     * Check if a wiki has valid credentials (any method).
+     */
+    hasCredentials(wikiId: string): boolean;
+}

package/dist/daemon/auth.js

@@ -0,0 +1,84 @@
+import { existsSync, readFileSync, writeFileSync, mkdirSync } from 'node:fs';
+import { join } from 'node:path';
+import { WIKIS_DIR } from '../lib/constants.js';
+import { NoCredentialsError } from '../lib/errors.js';
+export class AuthManager {
+    wikisDir;
+    globalApiKey;
+    constructor(wikisDir = WIKIS_DIR, globalApiKey) {
+        this.wikisDir = wikisDir;
+        this.globalApiKey = globalApiKey;
+    }
+    /**
+     * Resolve credentials for a wiki, returning environment variables
+     * to set on the claude child process.
+     *
+     * Priority:
+     *   1. Per-wiki API key file (.claude/api-key)
+     *   2. Per-wiki OAuth credentials (.claude/.credentials.json exists)
+     *   3. Global ANTHROPIC_API_KEY from daemon environment
+     */
+    resolveCredentials(wikiId) {
+        const claudeDir = this.configDir(wikiId);
+        // 1. Per-wiki API key
+        const apiKeyPath = join(claudeDir, 'api-key');
+        if (existsSync(apiKeyPath)) {
+            const key = readFileSync(apiKeyPath, 'utf-8').trim();
+            if (key) {
+                return {
+                    ANTHROPIC_API_KEY: key,
+                    CLAUDE_CONFIG_DIR: claudeDir,
+                };
+            }
+        }
+        // 2. Per-wiki OAuth credentials
+        const credsPath = join(claudeDir, '.credentials.json');
+        if (existsSync(credsPath)) {
+            return {
+                CLAUDE_CONFIG_DIR: claudeDir,
+            };
+        }
+        // 3. Global API key
+        if (this.globalApiKey) {
+            return {
+                ANTHROPIC_API_KEY: this.globalApiKey,
+                CLAUDE_CONFIG_DIR: claudeDir,
+            };
+        }
+        throw new NoCredentialsError(wikiId);
+    }
+    /**
+     * Store an API key for a wiki.
+     */
+    setApiKey(wikiId, key) {
+        const claudeDir = this.configDir(wikiId);
+        mkdirSync(claudeDir, { recursive: true, mode: 0o700 });
+        const apiKeyPath = join(claudeDir, 'api-key');
+        writeFileSync(apiKeyPath, key.trim(), { mode: 0o600 });
+    }
+    /**
+     * Get the CLAUDE_CONFIG_DIR path for a wiki.
+     */
+    configDir(wikiId) {
+        return join(this.wikisDir, wikiId, '.claude');
+    }
+    /**
+     * Store OAuth credentials for a wiki by copying .credentials.json content.
+     */
+    setCredentials(wikiId, credentialsJson) {
+        const claudeDir = this.configDir(wikiId);
+        mkdirSync(claudeDir, { recursive: true, mode: 0o700 });
+        const credsPath = join(claudeDir, '.credentials.json');
+        writeFileSync(credsPath, credentialsJson, { mode: 0o600 });
+    }
+    /**
+     * Check if a wiki has valid credentials (any method).
+     */
+    hasCredentials(wikiId) {
+        const claudeDir = this.configDir(wikiId);
+        const apiKeyPath = join(claudeDir, 'api-key');
+        const credsPath = join(claudeDir, '.credentials.json');
+        return existsSync(apiKeyPath) || existsSync(credsPath) || !!this.globalApiKey;
+    }
+}
+//# sourceMappingURL=auth.js.map

package/dist/daemon/auth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.js","sourceRoot":"","sources":["../../src/daemon/auth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,aAAa,EAAE,SAAS,EAAE,MAAM,SAAS,CAAC;AAC7E,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,SAAS,EAAE,MAAM,qBAAqB,CAAC;AAChD,OAAO,EAAE,kBAAkB,EAAE,MAAM,kBAAkB,CAAC;AAEtD,MAAM,OAAO,WAAW;IAEZ;IACA;IAFV,YACU,WAAmB,SAAS,EAC5B,YAAqB;QADrB,aAAQ,GAAR,QAAQ,CAAoB;QAC5B,iBAAY,GAAZ,YAAY,CAAS;IAC5B,CAAC;IAEJ;;;;;;;;OAQG;IACH,kBAAkB,CAAC,MAAc;QAC/B,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;QAEzC,sBAAsB;QACtB,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;QAC9C,IAAI,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YAC3B,MAAM,GAAG,GAAG,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC;YACrD,IAAI,GAAG,EAAE,CAAC;gBACR,OAAO;oBACL,iBAAiB,EAAE,GAAG;oBACtB,iBAAiB,EAAE,SAAS;iBAC7B,CAAC;YACJ,CAAC;QACH,CAAC;QAED,gCAAgC;QAChC,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,EAAE,mBAAmB,CAAC,CAAC;QACvD,IAAI,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YAC1B,OAAO;gBACL,iBAAiB,EAAE,SAAS;aAC7B,CAAC;QACJ,CAAC;QAED,oBAAoB;QACpB,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YACtB,OAAO;gBACL,iBAAiB,EAAE,IAAI,CAAC,YAAY;gBACpC,iBAAiB,EAAE,SAAS;aAC7B,CAAC;QACJ,CAAC;QAED,MAAM,IAAI,kBAAkB,CAAC,MAAM,CAAC,CAAC;IACvC,CAAC;IAED;;OAEG;IACH,SAAS,CAAC,MAAc,EAAE,GAAW;QACnC,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;QACzC,SAAS,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QACvD,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;QAC9C,aAAa,CAAC,UAAU,EAAE,GAAG,CAAC,IAAI,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IACzD,CAAC;IAED;;OAEG;IACH,SAAS,CAAC,MAAc;QACtB,OAAO,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,MAAM,EAAE,SAAS,CAAC,CAAC;IAChD,CAAC;IAED;;OAEG;IACH,cAAc,CAAC,MAAc,EAAE,eAAuB;QACpD,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;QACzC,SAAS,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QACvD,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,EAAE,mBAAmB,CAAC,CAAC;QACvD,aAAa,CAAC,SAAS,EAAE,eAAe,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IAC7D,CAAC;IAED;;OAEG;IACH,cAAc,CAAC,MAAc;QAC3B,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;QACzC,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;QAC9C,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,EAAE,mBAAmB,CAAC,CAAC;QACvD,OAAO,UAAU,CAAC,UAAU,CAAC,IAAI,UAAU,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC;IAChF,CAAC;CACF"}

package/dist/daemon/db.d.ts

@@ -0,0 +1,36 @@
+import type { Wiki, WikiConfig, QueueJob, JobType, JobStatus, JobResult, AuditEntry } from '../lib/types.js';
+export declare class Database {
+    private db;
+    constructor(dbPath: string);
+    initialize(): void;
+    close(): void;
+    createWiki(id: string, name: string, ownerUid: number): Wiki;
+    getWiki(id: string): Wiki | undefined;
+    listWikis(ownerUid?: number): Wiki[];
+    chownWiki(id: string, newOwnerUid: number): Wiki;
+    updateWiki(id: string, config: WikiConfig): Wiki;
+    deleteWiki(id: string): void;
+    createJob(wikiId: string, type: JobType, payload: object): QueueJob;
+    getJob(jobId: number): QueueJob | undefined;
+    listJobs(wikiId: string, opts?: {
+        status?: JobStatus;
+        limit?: number;
+    }): QueueJob[];
+    /**
+     * Atomically claim the next pending job for a wiki.
+     * Sets status to 'running' and records started_at.
+     */
+    claimNextJob(wikiId: string): QueueJob | undefined;
+    completeJob(jobId: number, result: JobResult): void;
+    failJob(jobId: number, error: string): void;
+    getPendingJobCount(wikiId: string): number;
+    /**
+     * On daemon startup: reset jobs that were 'running' when the process died.
+     * They get re-queued as 'pending'.
+     */
+    resetStaleJobs(): number;
+    /** Get wiki IDs that have pending jobs (for startup drain). */
+    wikisWithPendingJobs(): string[];
+    logAudit(wikiId: string, action: string, detail?: string): void;
+    getAuditLog(wikiId: string, limit?: number): AuditEntry[];
+}

package/dist/daemon/db.js

@@ -0,0 +1,181 @@
+import BetterSqlite3 from 'better-sqlite3';
+export class Database {
+    db;
+    constructor(dbPath) {
+        this.db = new BetterSqlite3(dbPath);
+        this.db.pragma('journal_mode = WAL');
+        this.db.pragma('foreign_keys = ON');
+    }
+    // ── Schema ───────────────────────────────────────────────────────────────
+    initialize() {
+        this.db.exec(`
+      CREATE TABLE IF NOT EXISTS wikis (
+        id TEXT PRIMARY KEY,
+        name TEXT NOT NULL,
+        owner_uid INTEGER NOT NULL,
+        default_model TEXT NOT NULL DEFAULT 'sonnet',
+        created_at TEXT NOT NULL DEFAULT (datetime('now'))
+      );
+
+      CREATE TABLE IF NOT EXISTS queue_jobs (
+        id INTEGER PRIMARY KEY AUTOINCREMENT,
+        wiki_id TEXT NOT NULL REFERENCES wikis(id) ON DELETE CASCADE,
+        type TEXT NOT NULL,
+        payload TEXT NOT NULL,
+        status TEXT NOT NULL DEFAULT 'pending',
+        retry_count INTEGER NOT NULL DEFAULT 0,
+        created_at TEXT NOT NULL DEFAULT (datetime('now')),
+        started_at TEXT,
+        completed_at TEXT,
+        result TEXT
+      );
+
+      CREATE TABLE IF NOT EXISTS audit_log (
+        id INTEGER PRIMARY KEY AUTOINCREMENT,
+        wiki_id TEXT NOT NULL REFERENCES wikis(id) ON DELETE CASCADE,
+        action TEXT NOT NULL,
+        detail TEXT,
+        created_at TEXT NOT NULL DEFAULT (datetime('now'))
+      );
+
+      CREATE INDEX IF NOT EXISTS idx_queue_wiki_status
+        ON queue_jobs(wiki_id, status);
+      CREATE INDEX IF NOT EXISTS idx_audit_wiki
+        ON audit_log(wiki_id);
+      CREATE INDEX IF NOT EXISTS idx_audit_created
+        ON audit_log(created_at);
+    `);
+    }
+    close() {
+        this.db.close();
+    }
+    // ── Wikis ───────────────────────────────────────────────────────────────
+    createWiki(id, name, ownerUid) {
+        const stmt = this.db.prepare(`
+      INSERT INTO wikis (id, name, owner_uid) VALUES (?, ?, ?)
+      RETURNING *
+    `);
+        return stmt.get(id, name, ownerUid);
+    }
+    getWiki(id) {
+        return this.db.prepare('SELECT * FROM wikis WHERE id = ?').get(id);
+    }
+    listWikis(ownerUid) {
+        if (ownerUid !== undefined) {
+            return this.db.prepare('SELECT * FROM wikis WHERE owner_uid = ? ORDER BY created_at').all(ownerUid);
+        }
+        return this.db.prepare('SELECT * FROM wikis ORDER BY created_at').all();
+    }
+    chownWiki(id, newOwnerUid) {
+        const stmt = this.db.prepare('UPDATE wikis SET owner_uid = ? WHERE id = ? RETURNING *');
+        return stmt.get(newOwnerUid, id);
+    }
+    updateWiki(id, config) {
+        const sets = [];
+        const values = [];
+        if (config.name !== undefined) {
+            sets.push('name = ?');
+            values.push(config.name);
+        }
+        if (config.default_model !== undefined) {
+            sets.push('default_model = ?');
+            values.push(config.default_model);
+        }
+        if (sets.length === 0) {
+            return this.getWiki(id);
+        }
+        values.push(id);
+        const stmt = this.db.prepare(`UPDATE wikis SET ${sets.join(', ')} WHERE id = ? RETURNING *`);
+        return stmt.get(...values);
+    }
+    deleteWiki(id) {
+        this.db.prepare('DELETE FROM wikis WHERE id = ?').run(id);
+    }
+    // ── Jobs ─────────────────────────────────────────────────────────────────
+    createJob(wikiId, type, payload) {
+        const stmt = this.db.prepare(`
+      INSERT INTO queue_jobs (wiki_id, type, payload)
+      VALUES (?, ?, ?)
+      RETURNING *
+    `);
+        return stmt.get(wikiId, type, JSON.stringify(payload));
+    }
+    getJob(jobId) {
+        return this.db.prepare('SELECT * FROM queue_jobs WHERE id = ?').get(jobId);
+    }
+    listJobs(wikiId, opts) {
+        let sql = 'SELECT * FROM queue_jobs WHERE wiki_id = ?';
+        const params = [wikiId];
+        if (opts?.status) {
+            sql += ' AND status = ?';
+            params.push(opts.status);
+        }
+        sql += ' ORDER BY id DESC';
+        if (opts?.limit) {
+            sql += ' LIMIT ?';
+            params.push(opts.limit);
+        }
+        return this.db.prepare(sql).all(...params);
+    }
+    /**
+     * Atomically claim the next pending job for a wiki.
+     * Sets status to 'running' and records started_at.
+     */
+    claimNextJob(wikiId) {
+        const stmt = this.db.prepare(`
+      UPDATE queue_jobs
+      SET status = 'running', started_at = datetime('now')
+      WHERE id = (
+        SELECT id FROM queue_jobs
+        WHERE wiki_id = ? AND status = 'pending'
+        ORDER BY id ASC
+        LIMIT 1
+      )
+      RETURNING *
+    `);
+        return stmt.get(wikiId);
+    }
+    completeJob(jobId, result) {
+        this.db.prepare(`
+      UPDATE queue_jobs
+      SET status = 'completed', completed_at = datetime('now'), result = ?
+      WHERE id = ?
+    `).run(JSON.stringify(result), jobId);
+    }
+    failJob(jobId, error) {
+        this.db.prepare(`
+      UPDATE queue_jobs
+      SET status = 'failed', completed_at = datetime('now'), result = ?
+      WHERE id = ?
+    `).run(JSON.stringify({ success: false, error }), jobId);
+    }
+    getPendingJobCount(wikiId) {
+        const row = this.db.prepare("SELECT COUNT(*) as count FROM queue_jobs WHERE wiki_id = ? AND status IN ('pending', 'running')").get(wikiId);
+        return row.count;
+    }
+    /**
+     * On daemon startup: reset jobs that were 'running' when the process died.
+     * They get re-queued as 'pending'.
+     */
+    resetStaleJobs() {
+        const info = this.db.prepare(`
+      UPDATE queue_jobs
+      SET status = 'pending', retry_count = retry_count + 1
+      WHERE status = 'running'
+    `).run();
+        return info.changes;
+    }
+    /** Get wiki IDs that have pending jobs (for startup drain). */
+    wikisWithPendingJobs() {
+        const rows = this.db.prepare("SELECT DISTINCT wiki_id FROM queue_jobs WHERE status = 'pending'").all();
+        return rows.map(r => r.wiki_id);
+    }
+    // ── Audit ────────────────────────────────────────────────────────────────
+    logAudit(wikiId, action, detail) {
+        this.db.prepare('INSERT INTO audit_log (wiki_id, action, detail) VALUES (?, ?, ?)').run(wikiId, action, detail ?? null);
+    }
+    getAuditLog(wikiId, limit = 50) {
+        return this.db.prepare('SELECT * FROM audit_log WHERE wiki_id = ? ORDER BY id DESC LIMIT ?').all(wikiId, limit);
+    }
+}
+//# sourceMappingURL=db.js.map

package/dist/daemon/db.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"db.js","sourceRoot":"","sources":["../../src/daemon/db.ts"],"names":[],"mappings":"AAAA,OAAO,aAAa,MAAM,gBAAgB,CAAC;AAK3C,MAAM,OAAO,QAAQ;IACX,EAAE,CAAyB;IAEnC,YAAY,MAAc;QACxB,IAAI,CAAC,EAAE,GAAG,IAAI,aAAa,CAAC,MAAM,CAAC,CAAC;QACpC,IAAI,CAAC,EAAE,CAAC,MAAM,CAAC,oBAAoB,CAAC,CAAC;QACrC,IAAI,CAAC,EAAE,CAAC,MAAM,CAAC,mBAAmB,CAAC,CAAC;IACtC,CAAC;IAED,4EAA4E;IAE5E,UAAU;QACR,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;KAoCZ,CAAC,CAAC;IAEL,CAAC;IAED,KAAK;QACH,IAAI,CAAC,EAAE,CAAC,KAAK,EAAE,CAAC;IAClB,CAAC;IAED,2EAA2E;IAE3E,UAAU,CAAC,EAAU,EAAE,IAAY,EAAE,QAAgB;QACnD,MAAM,IAAI,GAAG,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC;;;KAG5B,CAAC,CAAC;QACH,OAAO,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,IAAI,EAAE,QAAQ,CAAS,CAAC;IAC9C,CAAC;IAED,OAAO,CAAC,EAAU;QAChB,OAAO,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC,kCAAkC,CAAC,CAAC,GAAG,CAAC,EAAE,CAAqB,CAAC;IACzF,CAAC;IAED,SAAS,CAAC,QAAiB;QACzB,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;YAC3B,OAAO,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC,6DAA6D,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAW,CAAC;QAChH,CAAC;QACD,OAAO,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC,yCAAyC,CAAC,CAAC,GAAG,EAAY,CAAC;IACpF,CAAC;IAED,SAAS,CAAC,EAAU,EAAE,WAAmB;QACvC,MAAM,IAAI,GAAG,IAAI,CAAC,EAAE,CAAC,OAAO,CAC1B,yDAAyD,CAC1D,CAAC;QACF,OAAO,IAAI,CAAC,GAAG,CAAC,WAAW,EAAE,EAAE,CAAS,CAAC;IAC3C,CAAC;IAED,UAAU,CAAC,EAAU,EAAE,MAAkB;QACvC,MAAM,IAAI,GAAa,EAAE,CAAC;QAC1B,MAAM,MAAM,GAAc,EAAE,CAAC;QAE7B,IAAI,MAAM,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YAC9B,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YACtB,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAC3B,CAAC;QACD,IAAI,MAAM,CAAC,aAAa,KAAK,SAAS,EAAE,CAAC;YACvC,IAAI,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;YAC/B,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;QACpC,CAAC;QAED,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACtB,OAAO,IAAI,CAAC,OAAO,CAAC,EAAE,CAAS,CAAC;QAClC,CAAC;QAED,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAChB,MAAM,IAAI,GAAG,IAAI,CAAC,EAAE,CAAC,OAAO,CAC1B,oBAAoB,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,2BAA2B,CAC/D,CAAC;QACF,OAAO,IAAI,CAAC,GAAG,CAAC,GAAG,MAAM,CAAS,CAAC;IACrC,CAAC;IAED,UAAU,CAAC,EAAU;QACnB,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC,gCAAgC,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAC5D,CAAC;IAED,4EAA4E;IAE5E,SAAS,CAAC,MAAc,EAAE,IAAa,EAAE,OAAe;QACtD,MAAM,IAAI,GAAG,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC;;;;KAI5B,CAAC,CAAC;QACH,OAAO,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAa,CAAC;IACrE,CAAC;IAED,MAAM,CAAC,KAAa;QAClB,OAAO,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC,uCAAuC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAyB,CAAC;IACrG,CAAC;IAED,QAAQ,CAAC,MAAc,EAAE,IAA6C;QACpE,IAAI,GAAG,GAAG,4CAA4C,CAAC;QACvD,MAAM,MAAM,GAAc,CAAC,MAAM,CAAC,CAAC;QAEnC,IAAI,IAAI,EAAE,MAAM,EAAE,CAAC;YACjB,GAAG,IAAI,iBAAiB,CAAC;YACzB,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC3B,CAAC;QAED,GAAG,IAAI,mBAAmB,CAAC;QAE3B,IAAI,IAAI,EAAE,KAAK,EAAE,CAAC;YAChB,GAAG,IAAI,UAAU,CAAC;YAClB,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC1B,CAAC;QAED,OAAO,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,GAAG,MAAM,CAAe,CAAC;IAC3D,CAAC;IAED;;;OAGG;IACH,YAAY,CAAC,MAAc;QACzB,MAAM,IAAI,GAAG,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC;;;;;;;;;;KAU5B,CAAC,CAAC;QACH,OAAO,IAAI,CAAC,GAAG,CAAC,MAAM,CAAyB,CAAC;IAClD,CAAC;IAED,WAAW,CAAC,KAAa,EAAE,MAAiB;QAC1C,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC;;;;KAIf,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,KAAK,CAAC,CAAC;IACxC,CAAC;IAED,OAAO,CAAC,KAAa,EAAE,KAAa;QAClC,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC;;;;KAIf,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,CAAC,CAAC;IAC3D,CAAC;IAED,kBAAkB,CAAC,MAAc;QAC/B,MAAM,GAAG,GAAG,IAAI,CAAC,EAAE,CAAC,OAAO,CACzB,iGAAiG,CAClG,CAAC,GAAG,CAAC,MAAM,CAAsB,CAAC;QACnC,OAAO,GAAG,CAAC,KAAK,CAAC;IACnB,CAAC;IAED;;;OAGG;IACH,cAAc;QACZ,MAAM,IAAI,GAAG,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC;;;;KAI5B,CAAC,CAAC,GAAG,EAAE,CAAC;QACT,OAAO,IAAI,CAAC,OAAO,CAAC;IACtB,CAAC;IAED,+DAA+D;IAC/D,oBAAoB;QAClB,MAAM,IAAI,GAAG,IAAI,CAAC,EAAE,CAAC,OAAO,CAC1B,kEAAkE,CACnE,CAAC,GAAG,EAA2B,CAAC;QACjC,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;IAClC,CAAC;IAED,4EAA4E;IAE5E,QAAQ,CAAC,MAAc,EAAE,MAAc,EAAE,MAAe;QACtD,IAAI,CAAC,EAAE,CAAC,OAAO,CACb,kEAAkE,CACnE,CAAC,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,IAAI,IAAI,CAAC,CAAC;IACxC,CAAC;IAED,WAAW,CAAC,MAAc,EAAE,QAAgB,EAAE;QAC5C,OAAO,IAAI,CAAC,EAAE,CAAC,OAAO,CACpB,oEAAoE,CACrE,CAAC,GAAG,CAAC,MAAM,EAAE,KAAK,CAAiB,CAAC;IACvC,CAAC;CACF"}

package/dist/daemon/namespace.d.ts

@@ -0,0 +1,34 @@
+/**
+ * Per-job mount namespace isolation.
+ *
+ * Instead of persistent namespaces (which require kernel-specific unshare --mount=<file>),
+ * we wrap each job command in `unshare -m -- sh -c '...'`. The namespace lives and dies
+ * with the process. Simpler, more portable, same isolation.
+ */
+export declare class NamespaceManager {
+    private wikisDir;
+    constructor(wikisDir?: string);
+    /**
+     * Verify that we have CAP_SYS_ADMIN by attempting a trivial namespace operation.
+     */
+    checkCapabilities(): void;
+    /**
+     * Ensure the /workspace mount target exists on the host.
+     */
+    ensureDirectories(): void;
+    /**
+     * Verify a wiki's directory exists.
+     */
+    validateWiki(wikiId: string): void;
+    /**
+     * Build the command + args to run a command inside a fresh mount namespace
+     * with the wiki's directory bind-mounted to /workspace.
+     *
+     * Returns [command, ...args] to pass to spawn().
+     * The caller appends their actual command (e.g. claude -p ...) to innerArgs.
+     */
+    wrapCommand(wikiId: string, innerCommand: string[]): {
+        command: string;
+        args: string[];
+    };
+}

package/dist/daemon/namespace.js

@@ -0,0 +1,74 @@
+import { execFileSync } from 'node:child_process';
+import { existsSync, mkdirSync } from 'node:fs';
+import { join } from 'node:path';
+import { CapabilityError } from '../lib/errors.js';
+import { WIKIS_DIR, WORKSPACE_MOUNT } from '../lib/constants.js';
+/**
+ * Per-job mount namespace isolation.
+ *
+ * Instead of persistent namespaces (which require kernel-specific unshare --mount=<file>),
+ * we wrap each job command in `unshare -m -- sh -c '...'`. The namespace lives and dies
+ * with the process. Simpler, more portable, same isolation.
+ */
+export class NamespaceManager {
+    wikisDir;
+    constructor(wikisDir = WIKIS_DIR) {
+        this.wikisDir = wikisDir;
+    }
+    /**
+     * Verify that we have CAP_SYS_ADMIN by attempting a trivial namespace operation.
+     */
+    checkCapabilities() {
+        try {
+            execFileSync('unshare', ['-m', '--', 'true'], { stdio: 'pipe' });
+        }
+        catch {
+            throw new CapabilityError();
+        }
+    }
+    /**
+     * Ensure the /workspace mount target exists on the host.
+     */
+    ensureDirectories() {
+        mkdirSync(WORKSPACE_MOUNT, { recursive: true });
+    }
+    /**
+     * Verify a wiki's directory exists.
+     */
+    validateWiki(wikiId) {
+        const wikiDir = join(this.wikisDir, wikiId);
+        if (!existsSync(wikiDir)) {
+            throw new Error(`Wiki directory does not exist: ${wikiDir}`);
+        }
+    }
+    /**
+     * Build the command + args to run a command inside a fresh mount namespace
+     * with the wiki's directory bind-mounted to /workspace.
+     *
+     * Returns [command, ...args] to pass to spawn().
+     * The caller appends their actual command (e.g. claude -p ...) to innerArgs.
+     */
+    wrapCommand(wikiId, innerCommand) {
+        const wikiDir = join(this.wikisDir, wikiId);
+        // Build a shell script that:
+        // 1. Bind-mounts the wiki dir to /workspace
+        // 2. Remounts nosuid,nodev
+        // 3. cd into /workspace
+        // 4. exec the inner command
+        const script = [
+            `mount --bind ${shellEscape(wikiDir)} ${shellEscape(WORKSPACE_MOUNT)}`,
+            `mount -o remount,nosuid,nodev ${shellEscape(WORKSPACE_MOUNT)}`,
+            `cd ${shellEscape(WORKSPACE_MOUNT)}`,
+            `exec ${innerCommand.map(shellEscape).join(' ')}`,
+        ].join(' && ');
+        return {
+            command: 'unshare',
+            args: ['-m', '--propagation', 'private', '--', 'sh', '-c', script],
+        };
+    }
+}
+function shellEscape(s) {
+    // Wrap in single quotes, escaping any existing single quotes
+    return "'" + s.replace(/'/g, "'\\''") + "'";
+}
+//# sourceMappingURL=namespace.js.map

package/dist/daemon/namespace.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"namespace.js","sourceRoot":"","sources":["../../src/daemon/namespace.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,SAAS,CAAC;AAChD,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AACnD,OAAO,EAAE,SAAS,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AAEjE;;;;;;GAMG;AACH,MAAM,OAAO,gBAAgB;IAEjB;IADV,YACU,WAAmB,SAAS;QAA5B,aAAQ,GAAR,QAAQ,CAAoB;IACnC,CAAC;IAEJ;;OAEG;IACH,iBAAiB;QACf,IAAI,CAAC;YACH,YAAY,CAAC,SAAS,EAAE,CAAC,IAAI,EAAE,IAAI,EAAE,MAAM,CAAC,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;QACnE,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,IAAI,eAAe,EAAE,CAAC;QAC9B,CAAC;IACH,CAAC;IAED;;OAEG;IACH,iBAAiB;QACf,SAAS,CAAC,eAAe,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAClD,CAAC;IAED;;OAEG;IACH,YAAY,CAAC,MAAc;QACzB,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QAC5C,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;YACzB,MAAM,IAAI,KAAK,CAAC,kCAAkC,OAAO,EAAE,CAAC,CAAC;QAC/D,CAAC;IACH,CAAC;IAED;;;;;;OAMG;IACH,WAAW,CAAC,MAAc,EAAE,YAAsB;QAChD,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QAE5C,6BAA6B;QAC7B,4CAA4C;QAC5C,2BAA2B;QAC3B,wBAAwB;QACxB,4BAA4B;QAC5B,MAAM,MAAM,GAAG;YACb,gBAAgB,WAAW,CAAC,OAAO,CAAC,IAAI,WAAW,CAAC,eAAe,CAAC,EAAE;YACtE,iCAAiC,WAAW,CAAC,eAAe,CAAC,EAAE;YAC/D,MAAM,WAAW,CAAC,eAAe,CAAC,EAAE;YACpC,QAAQ,YAAY,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE;SAClD,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAEf,OAAO;YACL,OAAO,EAAE,SAAS;YAClB,IAAI,EAAE,CAAC,IAAI,EAAE,eAAe,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,CAAC;SACnE,CAAC;IACJ,CAAC;CACF;AAED,SAAS,WAAW,CAAC,CAAS;IAC5B,6DAA6D;IAC7D,OAAO,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,GAAG,GAAG,CAAC;AAC9C,CAAC"}

package/dist/daemon/peercred.d.ts

@@ -0,0 +1,15 @@
+import type { Socket } from 'node:net';
+interface PeerCred {
+    uid: number;
+    gid: number;
+    pid: number;
+}
+/**
+ * Extract the kernel-verified credentials (uid, gid, pid) of the peer
+ * process connected to a Unix domain socket.
+ *
+ * Uses SO_PEERCRED — the kernel fills this in at connect() time,
+ * so it cannot be spoofed by the client.
+ */
+export declare function getPeerCred(socket: Socket): PeerCred;
+export {};

package/dist/daemon/peercred.js

@@ -0,0 +1,19 @@
+import { createRequire } from 'node:module';
+const require = createRequire(import.meta.url);
+// Load the native N-API addon compiled by node-gyp
+const addon = require('../../build/Release/peercred.node');
+/**
+ * Extract the kernel-verified credentials (uid, gid, pid) of the peer
+ * process connected to a Unix domain socket.
+ *
+ * Uses SO_PEERCRED — the kernel fills this in at connect() time,
+ * so it cannot be spoofed by the client.
+ */
+export function getPeerCred(socket) {
+    const handle = socket._handle;
+    if (!handle || typeof handle.fd !== 'number' || handle.fd < 0) {
+        throw new Error('Cannot get file descriptor from socket');
+    }
+    return addon.getPeerCred(handle.fd);
+}
+//# sourceMappingURL=peercred.js.map

package/dist/daemon/peercred.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"peercred.js","sourceRoot":"","sources":["../../src/daemon/peercred.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAG5C,MAAM,OAAO,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAQ/C,mDAAmD;AACnD,MAAM,KAAK,GAA0C,OAAO,CAAC,mCAAmC,CAAC,CAAC;AAElG;;;;;;GAMG;AACH,MAAM,UAAU,WAAW,CAAC,MAAc;IACxC,MAAM,MAAM,GAAI,MAAc,CAAC,OAAO,CAAC;IACvC,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,CAAC,EAAE,KAAK,QAAQ,IAAI,MAAM,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC;QAC9D,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAC;IAC5D,CAAC;IACD,OAAO,KAAK,CAAC,WAAW,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;AACtC,CAAC"}

package/dist/daemon/queue.d.ts

@@ -0,0 +1,26 @@
+import type { Database } from './db.js';
+import type { ClaudeRunner } from './runner.js';
+export declare class QueueManager {
+    private db;
+    private runner;
+    private autoLintInterval;
+    private wikis;
+    private shuttingDown;
+    constructor(db: Database, runner: ClaudeRunner, autoLintInterval?: number);
+    /**
+     * Start draining queues. Called on daemon startup.
+     * Kicks off drain loops for all wikis with pending jobs.
+     */
+    start(): void;
+    /**
+     * Signal that a wiki has new work to process.
+     * If the wiki isn't already draining, starts a drain loop.
+     */
+    notify(wikiId: string): void;
+    /**
+     * Graceful shutdown. Waits for active jobs to finish.
+     */
+    stop(): Promise<void>;
+    private drainWiki;
+    private scheduleAutoLint;
+}