npm - @wipcomputer/memory-crystal - Versions diffs - 0.7.10 - Mend

@wipcomputer/memory-crystal 0.7.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (157) hide show

package/.env.example +20 -0
package/CHANGELOG.md +367 -0
package/LICENSE +21 -0
package/README-ENTERPRISE.md +226 -0
package/README.md +127 -0
package/RELAY.md +199 -0
package/TECHNICAL.md +628 -0
package/_trash/RELEASE-NOTES-v0-7-4.md +64 -0
package/_trash/RELEASE-NOTES-v0-7-5.md +19 -0
package/cloud/README.md +116 -0
package/cloud/docs/gpt-system-instructions.md +69 -0
package/cloud/migrations/0001_init.sql +52 -0
package/dist/bridge.d.ts +7 -0
package/dist/bridge.js +14 -0
package/dist/bulk-copy.d.ts +17 -0
package/dist/bulk-copy.js +90 -0
package/dist/cc-hook.d.ts +8 -0
package/dist/cc-hook.js +368 -0
package/dist/cc-poller.d.ts +1 -0
package/dist/cc-poller.js +550 -0
package/dist/chunk-25LXQJ4Z.js +110 -0
package/dist/chunk-2DRXIRQW.js +97 -0
package/dist/chunk-2ZNH5F6E.js +1281 -0
package/dist/chunk-3G3SFYYI.js +288 -0
package/dist/chunk-3RG5ZIWI.js +10 -0
package/dist/chunk-3S6TI23B.js +97 -0
package/dist/chunk-3VFIJYS4.js +818 -0
package/dist/chunk-52QE3YI3.js +1169 -0
package/dist/chunk-57RP3DIN.js +1205 -0
package/dist/chunk-5HSZ4W2P.js +62 -0
package/dist/chunk-645IPXW3.js +290 -0
package/dist/chunk-7A7ELD4C.js +1205 -0
package/dist/chunk-7FYY4GZM.js +1205 -0
package/dist/chunk-7IUE7ODU.js +254 -0
package/dist/chunk-7RMLKZIS.js +108 -0
package/dist/chunk-AA3OPP4Z.js +432 -0
package/dist/chunk-ASSZDR6I.js +108 -0
package/dist/chunk-AYRJVWUC.js +1205 -0
package/dist/chunk-CCYI5O3D.js +148 -0
package/dist/chunk-D3I3ZSE2.js +411 -0
package/dist/chunk-DACSKLY6.js +219 -0
package/dist/chunk-DW5B4BL7.js +108 -0
package/dist/chunk-EKSACBTJ.js +1070 -0
package/dist/chunk-EXEZZADG.js +248 -0
package/dist/chunk-F3Y7EL7K.js +83 -0
package/dist/chunk-FHRZNOMW.js +1205 -0
package/dist/chunk-IM7N24MT.js +129 -0
package/dist/chunk-IPNYIXFK.js +1178 -0
package/dist/chunk-J7MRSZIO.js +167 -0
package/dist/chunk-JITKI2OI.js +106 -0
package/dist/chunk-JWZXYVET.js +1068 -0
package/dist/chunk-KCQUXVYT.js +108 -0
package/dist/chunk-KOQ43OX6.js +1281 -0
package/dist/chunk-KYVWO6ZM.js +1069 -0
package/dist/chunk-L3VHARQH.js +413 -0
package/dist/chunk-LBWDS6BE.js +288 -0
package/dist/chunk-LOVAHSQV.js +411 -0
package/dist/chunk-LQOYCAGG.js +446 -0
package/dist/chunk-LWAIPJ2W.js +146 -0
package/dist/chunk-M5DHKW7M.js +127 -0
package/dist/chunk-MBKCIJHM.js +1328 -0
package/dist/chunk-MK42FMEG.js +147 -0
package/dist/chunk-MOBMYHKL.js +1205 -0
package/dist/chunk-MPLTNMRG.js +67 -0
package/dist/chunk-NIJCVN3O.js +147 -0
package/dist/chunk-NZCFSZQ7.js +1205 -0
package/dist/chunk-O2UITJGH.js +465 -0
package/dist/chunk-OCRA44AZ.js +108 -0
package/dist/chunk-P3KJR66H.js +117 -0
package/dist/chunk-PEK6JH65.js +432 -0
package/dist/chunk-PJ6FFKEX.js +77 -0
package/dist/chunk-PLUBBZYR.js +800 -0
package/dist/chunk-PNKVD2UK.js +26 -0
package/dist/chunk-PSQZURHO.js +229 -0
package/dist/chunk-SGL6ISBJ.js +1061 -0
package/dist/chunk-SJABZZT5.js +97 -0
package/dist/chunk-TD3P3K32.js +1199 -0
package/dist/chunk-TMDZJJKV.js +288 -0
package/dist/chunk-UNHVZB5G.js +411 -0
package/dist/chunk-VAFTWSTE.js +1061 -0
package/dist/chunk-VNFXFQBB.js +217 -0
package/dist/chunk-X3GVFKSJ.js +1205 -0
package/dist/chunk-XZ3S56RQ.js +1061 -0
package/dist/chunk-Y72C7F6O.js +148 -0
package/dist/chunk-YLICP577.js +1205 -0
package/dist/chunk-YX6AXLVK.js +159 -0
package/dist/chunk-ZCQYHTNU.js +146 -0
package/dist/cli.d.ts +1 -0
package/dist/cli.js +1105 -0
package/dist/cloud-crystal.js +6 -0
package/dist/core.d.ts +232 -0
package/dist/core.js +12 -0
package/dist/crypto.d.ts +20 -0
package/dist/crypto.js +27 -0
package/dist/crystal-capture.sh +29 -0
package/dist/crystal-serve.d.ts +4 -0
package/dist/crystal-serve.js +252 -0
package/dist/dev-update-SZ2Z4WCQ.js +6 -0
package/dist/discover.d.ts +30 -0
package/dist/discover.js +177 -0
package/dist/doctor.d.ts +9 -0
package/dist/doctor.js +334 -0
package/dist/dream-weaver.d.ts +8 -0
package/dist/dream-weaver.js +56 -0
package/dist/file-sync.d.ts +48 -0
package/dist/file-sync.js +18 -0
package/dist/installer.d.ts +61 -0
package/dist/installer.js +618 -0
package/dist/ldm-backup.sh +116 -0
package/dist/ldm.d.ts +50 -0
package/dist/ldm.js +32 -0
package/dist/mcp-server.d.ts +1 -0
package/dist/mcp-server.js +265 -0
package/dist/migrate.d.ts +1 -0
package/dist/migrate.js +89 -0
package/dist/mirror-sync.d.ts +1 -0
package/dist/mirror-sync.js +159 -0
package/dist/oc-backfill.d.ts +19 -0
package/dist/oc-backfill.js +74 -0
package/dist/openclaw.d.ts +5 -0
package/dist/openclaw.js +423 -0
package/dist/pair.d.ts +4 -0
package/dist/pair.js +75 -0
package/dist/poller.d.ts +1 -0
package/dist/poller.js +634 -0
package/dist/role.d.ts +24 -0
package/dist/role.js +13 -0
package/dist/search-pipeline-4K4OJSSS.js +255 -0
package/dist/search-pipeline-4PRS6LI7.js +280 -0
package/dist/search-pipeline-7UJMXPLO.js +280 -0
package/dist/search-pipeline-DQTRLGBH.js +74 -0
package/dist/search-pipeline-HNG37REH.js +282 -0
package/dist/search-pipeline-IZFPLBUB.js +280 -0
package/dist/search-pipeline-MID6F26Q.js +73 -0
package/dist/search-pipeline-N52JZFNN.js +282 -0
package/dist/search-pipeline-OPB2PRQQ.js +280 -0
package/dist/search-pipeline-VXTE5HAD.js +262 -0
package/dist/staging.d.ts +29 -0
package/dist/staging.js +21 -0
package/dist/summarize.d.ts +19 -0
package/dist/summarize.js +10 -0
package/dist/worker-demo.js +186 -0
package/dist/worker-mcp.js +404 -0
package/dist/worker.js +137 -0
package/migrations/0001_init.sql +51 -0
package/migrations/0002_cloud_storage.sql +49 -0
package/openclaw.plugin.json +11 -0
package/package.json +57 -0
package/scripts/crystal-capture 2.sh +29 -0
package/scripts/crystal-capture.sh +29 -0
package/scripts/deploy-cloud 2.sh +153 -0
package/scripts/deploy-cloud.sh +153 -0
package/scripts/ldm-backup.sh +116 -0
package/scripts/migrate-lance-to-sqlite.mjs +217 -0
package/skills/memory/SKILL.md +427 -0
package/wrangler-demo.toml +8 -0
package/wrangler-mcp.toml +24 -0

package/dist/worker.js ADDED Viewed

@@ -0,0 +1,137 @@
+// src/worker.ts
+function authenticate(request, env) {
+  const auth = request.headers.get("Authorization");
+  if (!auth?.startsWith("Bearer ")) {
+    return json({ error: "Missing Authorization header" }, 401);
+  }
+  const token = auth.slice(7);
+  const tokenMap = {};
+  if (env.AUTH_TOKEN_CC_AIR) tokenMap[env.AUTH_TOKEN_CC_AIR] = "cc-air";
+  if (env.AUTH_TOKEN_CC_MINI) tokenMap[env.AUTH_TOKEN_CC_MINI] = "cc-mini";
+  if (env.AUTH_TOKEN_LESA) tokenMap[env.AUTH_TOKEN_LESA] = "lesa-mini";
+  const agentId = tokenMap[token];
+  if (!agentId) {
+    return json({ error: "Invalid token" }, 403);
+  }
+  return { agentId };
+}
+var VALID_CHANNELS = ["conversations", "mirror", "commands", "files", "chatgpt", "chatgpt-attachments"];
+function isValidChannel(channel) {
+  return VALID_CHANNELS.includes(channel);
+}
+async function handleDrop(request, env, agentId, channel) {
+  if (!isValidChannel(channel)) {
+    return json({ error: `Invalid channel: ${channel}. Valid: ${VALID_CHANNELS.join(", ")}` }, 400);
+  }
+  const body = await request.arrayBuffer();
+  if (body.byteLength === 0) {
+    return json({ error: "Empty payload" }, 400);
+  }
+  if (body.byteLength > 100 * 1024 * 1024) {
+    return json({ error: "Payload too large (max 100MB)" }, 413);
+  }
+  const id = crypto.randomUUID();
+  const key = `${channel}/${id}`;
+  const now = (/* @__PURE__ */ new Date()).toISOString();
+  await env.RELAY.put(key, body, {
+    customMetadata: {
+      agent_id: agentId,
+      dropped_at: now,
+      size: String(body.byteLength)
+    }
+  });
+  return json({ ok: true, id, channel, size: body.byteLength, dropped_at: now });
+}
+async function handlePickupList(env, channel) {
+  if (!isValidChannel(channel)) {
+    return json({ error: `Invalid channel: ${channel}` }, 400);
+  }
+  const listed = await env.RELAY.list({ prefix: `${channel}/` });
+  const blobs = listed.objects.map((obj) => ({
+    id: obj.key.split("/")[1],
+    size: obj.size,
+    dropped_at: obj.customMetadata?.dropped_at || obj.uploaded.toISOString(),
+    agent_id: obj.customMetadata?.agent_id || "unknown"
+  }));
+  return json({ channel, count: blobs.length, blobs });
+}
+async function handlePickup(env, channel, id) {
+  if (!isValidChannel(channel)) {
+    return json({ error: `Invalid channel: ${channel}` }, 400);
+  }
+  const key = `${channel}/${id}`;
+  const obj = await env.RELAY.get(key);
+  if (!obj) {
+    return json({ error: "Blob not found (already picked up or expired)" }, 404);
+  }
+  return new Response(obj.body, {
+    headers: {
+      "Content-Type": "application/octet-stream",
+      "X-Agent-Id": obj.customMetadata?.agent_id || "unknown",
+      "X-Dropped-At": obj.customMetadata?.dropped_at || ""
+    }
+  });
+}
+async function handleConfirm(env, channel, id) {
+  if (!isValidChannel(channel)) {
+    return json({ error: `Invalid channel: ${channel}` }, 400);
+  }
+  const key = `${channel}/${id}`;
+  const obj = await env.RELAY.head(key);
+  if (!obj) {
+    return json({ error: "Blob not found (already confirmed or expired)" }, 404);
+  }
+  await env.RELAY.delete(key);
+  return json({ ok: true, deleted: key });
+}
+function json(data, status = 200) {
+  return new Response(JSON.stringify(data), {
+    status,
+    headers: { "Content-Type": "application/json" }
+  });
+}
+var worker_default = {
+  async fetch(request, env) {
+    const url = new URL(request.url);
+    const parts = url.pathname.split("/").filter(Boolean);
+    if (parts[0] === "health" && request.method === "GET") {
+      return json({ ok: true, service: "memory-crystal-relay", mode: "ephemeral" });
+    }
+    const authResult = authenticate(request, env);
+    if (authResult instanceof Response) return authResult;
+    const { agentId } = authResult;
+    try {
+      if (parts[0] === "drop" && parts[1] && request.method === "POST") {
+        return handleDrop(request, env, agentId, parts[1]);
+      }
+      if (parts[0] === "pickup" && parts[1] && request.method === "GET") {
+        if (parts[2]) {
+          return handlePickup(env, parts[1], parts[2]);
+        }
+        return handlePickupList(env, parts[1]);
+      }
+      if (parts[0] === "confirm" && parts[1] && parts[2] && request.method === "DELETE") {
+        return handleConfirm(env, parts[1], parts[2]);
+      }
+      return json({ error: "Not found" }, 404);
+    } catch (err) {
+      return json({ error: err.message || "Internal error" }, 500);
+    }
+  },
+  // Scheduled cleanup: delete blobs older than 24h (TTL safety net)
+  async scheduled(event, env) {
+    const cutoff = Date.now() - 24 * 60 * 60 * 1e3;
+    for (const channel of VALID_CHANNELS) {
+      const listed = await env.RELAY.list({ prefix: `${channel}/` });
+      for (const obj of listed.objects) {
+        const droppedAt = obj.customMetadata?.dropped_at;
+        if (droppedAt && new Date(droppedAt).getTime() < cutoff) {
+          await env.RELAY.delete(obj.key);
+        }
+      }
+    }
+  }
+};
+export {
+  worker_default as default
+};

package/migrations/0001_init.sql ADDED Viewed

@@ -0,0 +1,51 @@
+-- Memory Crystal Cloud: OAuth + User tables
+-- Applied to D1 database: memory-crystal-cloud
+-- OAuth dynamic client registration
+CREATE TABLE IF NOT EXISTS oauth_clients (
+  client_id TEXT PRIMARY KEY,
+  client_secret_hash TEXT,
+  redirect_uris TEXT NOT NULL,
+  client_name TEXT,
+  created_at TEXT NOT NULL DEFAULT (datetime('now')),
+  last_used_at TEXT
+);
+-- Authorization codes (short-lived, PKCE)
+CREATE TABLE IF NOT EXISTS authorization_codes (
+  code TEXT PRIMARY KEY,
+  client_id TEXT NOT NULL,
+  user_id TEXT NOT NULL,
+  code_challenge TEXT NOT NULL,
+  code_challenge_method TEXT NOT NULL DEFAULT 'S256',
+  redirect_uri TEXT NOT NULL,
+  scope TEXT,
+  expires_at TEXT NOT NULL,
+  used INTEGER DEFAULT 0,
+  FOREIGN KEY (client_id) REFERENCES oauth_clients(client_id)
+);
+-- Access tokens (hashed, never stored raw)
+CREATE TABLE IF NOT EXISTS access_tokens (
+  token_hash TEXT PRIMARY KEY,
+  client_id TEXT NOT NULL,
+  user_id TEXT NOT NULL,
+  scope TEXT,
+  tier TEXT NOT NULL DEFAULT 'sovereign',
+  expires_at TEXT NOT NULL,
+  created_at TEXT NOT NULL DEFAULT (datetime('now')),
+  FOREIGN KEY (client_id) REFERENCES oauth_clients(client_id)
+);
+-- Users
+CREATE TABLE IF NOT EXISTS users (
+  user_id TEXT PRIMARY KEY,
+  email TEXT NOT NULL UNIQUE,
+  tier TEXT NOT NULL DEFAULT 'sovereign',
+  relay_token TEXT,
+  created_at TEXT NOT NULL DEFAULT (datetime('now'))
+);
+-- Index for token lookup
+CREATE INDEX IF NOT EXISTS idx_access_tokens_expires ON access_tokens(expires_at);
+CREATE INDEX IF NOT EXISTS idx_authorization_codes_expires ON authorization_codes(expires_at);

package/migrations/0002_cloud_storage.sql ADDED Viewed

@@ -0,0 +1,49 @@
+-- Memory Crystal Cloud: Tier 2 cloud storage tables
+-- Chunks and memories for cloud search (D1 + Vectorize)
+CREATE TABLE IF NOT EXISTS chunks (
+  id INTEGER PRIMARY KEY AUTOINCREMENT,
+  user_id TEXT NOT NULL,
+  text TEXT NOT NULL,
+  role TEXT NOT NULL DEFAULT 'user',
+  source_type TEXT NOT NULL DEFAULT 'chatgpt',
+  source_id TEXT NOT NULL DEFAULT '',
+  agent_id TEXT NOT NULL DEFAULT 'gpt',
+  token_count INTEGER DEFAULT 0,
+  created_at TEXT NOT NULL DEFAULT (datetime('now'))
+);
+CREATE TABLE IF NOT EXISTS memories (
+  id INTEGER PRIMARY KEY AUTOINCREMENT,
+  user_id TEXT NOT NULL,
+  text TEXT NOT NULL,
+  category TEXT NOT NULL DEFAULT 'fact',
+  confidence REAL NOT NULL DEFAULT 1.0,
+  source_ids TEXT DEFAULT '[]',
+  status TEXT NOT NULL DEFAULT 'active',
+  created_at TEXT NOT NULL DEFAULT (datetime('now')),
+  updated_at TEXT NOT NULL DEFAULT (datetime('now'))
+);
+-- FTS5 for BM25 text search
+CREATE VIRTUAL TABLE IF NOT EXISTS chunks_fts USING fts5(
+  text,
+  content='chunks',
+  content_rowid='id'
+);
+-- Triggers to keep FTS in sync
+CREATE TRIGGER IF NOT EXISTS chunks_ai AFTER INSERT ON chunks BEGIN
+  INSERT INTO chunks_fts(rowid, text) VALUES (new.id, new.text);
+END;
+CREATE TRIGGER IF NOT EXISTS chunks_ad AFTER DELETE ON chunks BEGIN
+  INSERT INTO chunks_fts(chunks_fts, rowid, text) VALUES ('delete', old.id, old.text);
+END;
+-- Indexes
+CREATE INDEX IF NOT EXISTS idx_chunks_user ON chunks(user_id);
+CREATE INDEX IF NOT EXISTS idx_chunks_agent ON chunks(agent_id);
+CREATE INDEX IF NOT EXISTS idx_chunks_created ON chunks(created_at);
+CREATE INDEX IF NOT EXISTS idx_memories_user ON memories(user_id);
+CREATE INDEX IF NOT EXISTS idx_memories_status ON memories(status);

package/openclaw.plugin.json ADDED Viewed

@@ -0,0 +1,11 @@
+{
+  "id": "memory-crystal",
+  "name": "Memory Crystal",
+  "description": "Sovereign memory system — search, remember, forget across all agent conversations and files.",
+  "skills": ["./skills"],
+  "configSchema": {
+    "type": "object",
+    "additionalProperties": false,
+    "properties": {}
+  }
+}

package/package.json ADDED Viewed

@@ -0,0 +1,57 @@
+{
+  "name": "@wipcomputer/memory-crystal",
+  "version": "0.7.10",
+  "description": "Sovereign memory system — local-first with ephemeral encrypted relay. Your memory, your machine, your rules.",
+  "type": "module",
+  "main": "dist/core.js",
+  "openclaw": {
+    "extensions": [
+      "./dist/openclaw.js"
+    ]
+  },
+  "bin": {
+    "crystal": "dist/cli.js",
+    "crystal-mcp": "dist/mcp-server.js"
+  },
+  "scripts": {
+    "build": "tsup src/core.ts src/cli.ts src/mcp-server.ts src/openclaw.ts src/migrate.ts src/cc-hook.ts src/cc-poller.ts src/crypto.ts src/pair.ts src/poller.ts src/mirror-sync.ts src/file-sync.ts src/ldm.ts src/summarize.ts src/role.ts src/doctor.ts src/bridge.ts src/discover.ts src/bulk-copy.ts src/oc-backfill.ts src/dream-weaver.ts src/crystal-serve.ts src/staging.ts src/installer.ts --format esm --dts --outDir dist && tsup src/worker.ts --format esm --outDir dist --no-dts && cp scripts/crystal-capture.sh scripts/ldm-backup.sh dist/",
+    "build:local": "tsup src/core.ts src/cli.ts src/mcp-server.ts src/openclaw.ts src/migrate.ts src/cc-hook.ts src/cc-poller.ts src/crypto.ts src/pair.ts src/poller.ts src/mirror-sync.ts src/file-sync.ts src/ldm.ts src/summarize.ts src/role.ts src/doctor.ts src/bridge.ts src/discover.ts src/bulk-copy.ts src/oc-backfill.ts src/dream-weaver.ts src/crystal-serve.ts src/staging.ts src/installer.ts --format esm --dts --outDir dist",
+    "build:worker": "tsup src/worker.ts --format esm --outDir dist --no-dts",
+    "build:cloud": "tsup src/worker-mcp.ts src/cloud-crystal.ts --format esm --outDir dist --no-dts",
+    "deploy:cloud": "bash -c 'git diff --quiet HEAD -- src/ wrangler-mcp.toml || (echo \"ERROR: uncommitted changes. commit before deploying.\" && exit 1)' && wrangler deploy --config wrangler-mcp.toml",
+    "build:demo": "tsup src/worker-demo.ts --format esm --outDir dist --no-dts",
+    "dev:demo": "wrangler dev --config wrangler-demo.toml",
+    "deploy:demo": "bash -c 'git diff --quiet HEAD -- src/ wrangler-demo.toml || (echo \"ERROR: uncommitted changes. commit before deploying.\" && exit 1)' && wrangler deploy --config wrangler-demo.toml",
+    "dev": "tsup src/core.ts src/cli.ts src/mcp-server.ts src/openclaw.ts src/migrate.ts src/cc-hook.ts src/crypto.ts --format esm --watch --outDir dist",
+    "check": "node dist/cli.js status",
+    "search": "node dist/cli.js search",
+    "migrate": "node dist/migrate.js",
+    "cloud:dev": "cd cloud && npx wrangler dev",
+    "cloud:deploy": "cd cloud && npx wrangler deploy",
+    "cloud:db:migrate": "cd cloud && npx wrangler d1 migrations apply memory-crystal-cloud --local",
+    "cloud:db:migrate:remote": "cd cloud && npx wrangler d1 migrations apply memory-crystal-cloud --remote"
+  },
+  "dependencies": {
+    "dream-weaver-protocol": "file:../dream-weaver-protocol-private",
+    "@lancedb/lancedb": "^0.15.0",
+    "@modelcontextprotocol/sdk": "^1.12.1",
+    "agents": "^0.7.2",
+    "apache-arrow": "^18.1.0",
+    "better-sqlite3": "^11.8.1",
+    "qrcode-terminal": "^0.12.0",
+    "sqlite-vec": "^0.1.7-alpha.2",
+    "zod": "^4.3.6"
+  },
+  "optionalDependencies": {
+    "sqlite-vec-darwin-arm64": "^0.1.7-alpha.2"
+  },
+  "devDependencies": {
+    "@cloudflare/workers-types": "^4.20260228.1",
+    "@types/better-sqlite3": "^7.6.13",
+    "@types/node": "^22.0.0",
+    "@types/qrcode-terminal": "^0.12.2",
+    "tsup": "^8.0.0",
+    "typescript": "^5.7.0",
+    "wrangler": "^3.95.0"
+  }
+}

package/scripts/crystal-capture 2.sh ADDED Viewed

@@ -0,0 +1,29 @@
+#!/bin/bash
+# Job: crystal-capture
+# Continuous capture for Claude Code sessions.
+# Reads JSONL files on disk, ingests into Crystal, exports MD sessions, writes daily logs.
+# Primary capture path. Runs every minute via cron.
+# The Stop hook (cc-hook.ts) is a redundancy check only.
+#
+# Source of truth: memory-crystal-private/scripts/crystal-capture.sh
+# Deployed to: ~/.ldm/bin/crystal-capture.sh (via crystal init)
+# Cron entry: * * * * * ~/.ldm/bin/crystal-capture.sh >> /tmp/ldm-dev-tools/crystal-capture.log 2>&1
+#
+# The Node poller fetches the OpenAI API key internally via opRead() in core.ts.
+# opRead uses: op read "op://Agent Secrets/OpenAI API/api key" with the SA token from
+# ~/.openclaw/secrets/op-sa-token. Do NOT call op from this shell script... it triggers
+# macOS TCC popups when run from cron.
+# Cron provides minimal PATH. Ensure Homebrew binaries (node, op) are findable.
+export PATH="/opt/homebrew/bin:$PATH"
+POLLER="$HOME/.ldm/extensions/memory-crystal/dist/cc-poller.js"
+NODE="/opt/homebrew/bin/node"
+if [ ! -f "$POLLER" ]; then
+  echo "ERROR: cc-poller not found at $POLLER"
+  exit 1
+fi
+# Single run: scan all sessions, ingest new turns, export MD, exit.
+$NODE "$POLLER" 2>&1

package/scripts/crystal-capture.sh ADDED Viewed

@@ -0,0 +1,29 @@
+#!/bin/bash
+# Job: crystal-capture
+# Continuous capture for Claude Code sessions.
+# Reads JSONL files on disk, ingests into Crystal, exports MD sessions, writes daily logs.
+# Primary capture path. Runs every minute via cron.
+# The Stop hook (cc-hook.ts) is a redundancy check only.
+#
+# Source of truth: memory-crystal-private/scripts/crystal-capture.sh
+# Deployed to: ~/.ldm/bin/crystal-capture.sh (via crystal init)
+# Cron entry: * * * * * ~/.ldm/bin/crystal-capture.sh >> /tmp/ldm-dev-tools/crystal-capture.log 2>&1
+#
+# The Node poller fetches the OpenAI API key internally via opRead() in core.ts.
+# opRead uses: op read "op://Agent Secrets/OpenAI API/api key" with the SA token from
+# ~/.openclaw/secrets/op-sa-token. Do NOT call op from this shell script... it triggers
+# macOS TCC popups when run from cron.
+# Cron provides minimal PATH. Ensure Homebrew binaries (node, op) are findable.
+export PATH="/opt/homebrew/bin:$PATH"
+POLLER="$HOME/.ldm/extensions/memory-crystal/dist/cc-poller.js"
+NODE="/opt/homebrew/bin/node"
+if [ ! -f "$POLLER" ]; then
+  echo "ERROR: cc-poller not found at $POLLER"
+  exit 1
+fi
+# Single run: scan all sessions, ingest new turns, export MD, exit.
+$NODE "$POLLER" 2>&1

package/scripts/deploy-cloud 2.sh ADDED Viewed

@@ -0,0 +1,153 @@
+#!/usr/bin/env bash
+#
+# deploy-cloud.sh — Deploy Memory Crystal Cloud MCP server to Cloudflare.
+# Pulls all credentials from 1Password. No keys in env files.
+#
+# Usage:
+#   bash scripts/deploy-cloud.sh          # full setup (first time)
+#   bash scripts/deploy-cloud.sh deploy   # just redeploy Worker code
+#
+# Prerequisites:
+#   - wrangler CLI installed (npm install -g wrangler)
+#   - 1Password items populated:
+#     "Parker - Cloudflare Memory Crystal Keys" (api-token, account-id)
+#     "OpenAI API" (api key)
+set -euo pipefail
+REPO_DIR="$(cd "$(dirname "$0")/.." && pwd)"
+cd "$REPO_DIR"
+# ── Pull credentials from 1Password ──
+echo "Pulling credentials from 1Password..."
+OP_TOKEN=$(cat ~/.openclaw/secrets/op-sa-token)
+CF_API_TOKEN=$(OP_SERVICE_ACCOUNT_TOKEN="$OP_TOKEN" op item get "Parker - Cloudflare Memory Crystal Keys" \
+  --vault="Agent Secrets" --fields label=api-token --reveal)
+CF_ACCOUNT_ID=$(OP_SERVICE_ACCOUNT_TOKEN="$OP_TOKEN" op item get "Parker - Cloudflare Memory Crystal Keys" \
+  --vault="Agent Secrets" --fields label=account-id --reveal)
+OPENAI_API_KEY=$(OP_SERVICE_ACCOUNT_TOKEN="$OP_TOKEN" op item get "OpenAI API" \
+  --vault="Agent Secrets" --fields label="api key" --reveal)
+if [[ "$CF_API_TOKEN" == "REPLACE_WITH_CLOUDFLARE_API_TOKEN" || "$CF_ACCOUNT_ID" == "REPLACE_WITH_CLOUDFLARE_ACCOUNT_ID" ]]; then
+  echo "Error: Cloudflare credentials not yet filled in 1Password."
+  echo "Update 'Parker - Cloudflare Memory Crystal Keys' in Agent Secrets vault."
+  exit 1
+fi
+export CLOUDFLARE_API_TOKEN="$CF_API_TOKEN"
+export CLOUDFLARE_ACCOUNT_ID="$CF_ACCOUNT_ID"
+echo "  Cloudflare Account ID: ${CF_ACCOUNT_ID:0:8}..."
+echo "  Cloudflare API Token: ${CF_API_TOKEN:0:8}..."
+echo "  OpenAI API Key: ${OPENAI_API_KEY:0:8}..."
+# ── Deploy only? ──
+if [[ "${1:-}" == "deploy" ]]; then
+  echo ""
+  echo "Building and deploying Worker..."
+  npm run build:cloud
+  npx wrangler deploy --config wrangler-mcp.toml
+  echo "Done. Worker deployed."
+  exit 0
+fi
+# ── Full setup (first time) ──
+echo ""
+echo "=== Step 1: Create D1 database ==="
+# Check if database already exists
+DB_ID=$(npx wrangler d1 list --json 2>/dev/null | python3 -c "
+import sys, json
+dbs = json.load(sys.stdin)
+for db in dbs:
+    if db['name'] == 'memory-crystal-cloud':
+        print(db['uuid'])
+        break
+" 2>/dev/null || echo "")
+if [[ -z "$DB_ID" ]]; then
+  echo "Creating D1 database: memory-crystal-cloud"
+  DB_OUTPUT=$(npx wrangler d1 create memory-crystal-cloud 2>&1)
+  DB_ID=$(echo "$DB_OUTPUT" | grep -oE '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}' | head -1)
+  echo "  Created: $DB_ID"
+else
+  echo "  Already exists: $DB_ID"
+fi
+if [[ -z "$DB_ID" ]]; then
+  echo "Error: Could not get D1 database ID"
+  exit 1
+fi
+# Update wrangler-mcp.toml with database ID
+if grep -q 'database_id = ""' wrangler-mcp.toml; then
+  sed -i.bak "s/database_id = \"\"/database_id = \"$DB_ID\"/" wrangler-mcp.toml
+  rm -f wrangler-mcp.toml.bak
+  echo "  Updated wrangler-mcp.toml with database_id"
+fi
+echo ""
+echo "=== Step 2: Create Vectorize index ==="
+VEC_EXISTS=$(npx wrangler vectorize list --json 2>/dev/null | python3 -c "
+import sys, json
+indexes = json.load(sys.stdin)
+for idx in indexes:
+    if idx['name'] == 'memory-crystal-chunks':
+        print('yes')
+        break
+" 2>/dev/null || echo "")
+if [[ "$VEC_EXISTS" != "yes" ]]; then
+  echo "Creating Vectorize index: memory-crystal-chunks (1024 dims, cosine)"
+  npx wrangler vectorize create memory-crystal-chunks --dimensions 1024 --metric cosine
+  echo "  Created."
+else
+  echo "  Already exists."
+fi
+echo ""
+echo "=== Step 3: Run D1 migrations ==="
+npx wrangler d1 migrations apply memory-crystal-cloud --config wrangler-mcp.toml
+echo "  Migrations applied."
+echo ""
+echo "=== Step 4: Set Worker secrets ==="
+echo "$OPENAI_API_KEY" | npx wrangler secret put OPENAI_API_KEY --config wrangler-mcp.toml
+echo "  OPENAI_API_KEY set."
+# Generate signing key for OAuth tokens
+MCP_SIGNING_KEY=$(openssl rand -hex 32)
+echo "$MCP_SIGNING_KEY" | npx wrangler secret put MCP_SIGNING_KEY --config wrangler-mcp.toml
+echo "  MCP_SIGNING_KEY set (generated)."
+# Generate relay encryption key (base64, 32 bytes)
+RELAY_KEY=$(openssl rand -base64 32)
+echo "$RELAY_KEY" | npx wrangler secret put RELAY_ENCRYPTION_KEY --config wrangler-mcp.toml
+echo "  RELAY_ENCRYPTION_KEY set (generated)."
+echo ""
+echo "=== Step 5: Build and deploy ==="
+npm run build:cloud
+npx wrangler deploy --config wrangler-mcp.toml
+echo ""
+echo "=== Done ==="
+echo ""
+echo "Memory Crystal Cloud MCP server deployed."
+echo "Worker URL: https://memory-crystal-cloud.<your-subdomain>.workers.dev"
+echo ""
+echo "Next steps:"
+echo "  1. Test: curl https://memory-crystal-cloud.<subdomain>.workers.dev/health"
+echo "  2. Test OAuth: GET /.well-known/oauth-authorization-server"
+echo "  3. Connect from ChatGPT or Claude"

package/scripts/deploy-cloud.sh ADDED Viewed

@@ -0,0 +1,153 @@
+#!/usr/bin/env bash
+#
+# deploy-cloud.sh — Deploy Memory Crystal Cloud MCP server to Cloudflare.
+# Pulls all credentials from 1Password. No keys in env files.
+#
+# Usage:
+#   bash scripts/deploy-cloud.sh          # full setup (first time)
+#   bash scripts/deploy-cloud.sh deploy   # just redeploy Worker code
+#
+# Prerequisites:
+#   - wrangler CLI installed (npm install -g wrangler)
+#   - 1Password items populated:
+#     "Parker - Cloudflare Memory Crystal Keys" (api-token, account-id)
+#     "OpenAI API" (api key)
+set -euo pipefail
+REPO_DIR="$(cd "$(dirname "$0")/.." && pwd)"
+cd "$REPO_DIR"
+# ── Pull credentials from 1Password ──
+echo "Pulling credentials from 1Password..."
+OP_TOKEN=$(cat ~/.openclaw/secrets/op-sa-token)
+CF_API_TOKEN=$(OP_SERVICE_ACCOUNT_TOKEN="$OP_TOKEN" op item get "Parker - Cloudflare Memory Crystal Keys" \
+  --vault="Agent Secrets" --fields label=api-token --reveal)
+CF_ACCOUNT_ID=$(OP_SERVICE_ACCOUNT_TOKEN="$OP_TOKEN" op item get "Parker - Cloudflare Memory Crystal Keys" \
+  --vault="Agent Secrets" --fields label=account-id --reveal)
+OPENAI_API_KEY=$(OP_SERVICE_ACCOUNT_TOKEN="$OP_TOKEN" op item get "OpenAI API" \
+  --vault="Agent Secrets" --fields label="api key" --reveal)
+if [[ "$CF_API_TOKEN" == "REPLACE_WITH_CLOUDFLARE_API_TOKEN" || "$CF_ACCOUNT_ID" == "REPLACE_WITH_CLOUDFLARE_ACCOUNT_ID" ]]; then
+  echo "Error: Cloudflare credentials not yet filled in 1Password."
+  echo "Update 'Parker - Cloudflare Memory Crystal Keys' in Agent Secrets vault."
+  exit 1
+fi
+export CLOUDFLARE_API_TOKEN="$CF_API_TOKEN"
+export CLOUDFLARE_ACCOUNT_ID="$CF_ACCOUNT_ID"
+echo "  Cloudflare Account ID: ${CF_ACCOUNT_ID:0:8}..."
+echo "  Cloudflare API Token: ${CF_API_TOKEN:0:8}..."
+echo "  OpenAI API Key: ${OPENAI_API_KEY:0:8}..."
+# ── Deploy only? ──
+if [[ "${1:-}" == "deploy" ]]; then
+  echo ""
+  echo "Building and deploying Worker..."
+  npm run build:cloud
+  npx wrangler deploy --config wrangler-mcp.toml
+  echo "Done. Worker deployed."
+  exit 0
+fi
+# ── Full setup (first time) ──
+echo ""
+echo "=== Step 1: Create D1 database ==="
+# Check if database already exists
+DB_ID=$(npx wrangler d1 list --json 2>/dev/null | python3 -c "
+import sys, json
+dbs = json.load(sys.stdin)
+for db in dbs:
+    if db['name'] == 'memory-crystal-cloud':
+        print(db['uuid'])
+        break
+" 2>/dev/null || echo "")
+if [[ -z "$DB_ID" ]]; then
+  echo "Creating D1 database: memory-crystal-cloud"
+  DB_OUTPUT=$(npx wrangler d1 create memory-crystal-cloud 2>&1)
+  DB_ID=$(echo "$DB_OUTPUT" | grep -oE '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}' | head -1)
+  echo "  Created: $DB_ID"
+else
+  echo "  Already exists: $DB_ID"
+fi
+if [[ -z "$DB_ID" ]]; then
+  echo "Error: Could not get D1 database ID"
+  exit 1
+fi
+# Update wrangler-mcp.toml with database ID
+if grep -q 'database_id = ""' wrangler-mcp.toml; then
+  sed -i.bak "s/database_id = \"\"/database_id = \"$DB_ID\"/" wrangler-mcp.toml
+  rm -f wrangler-mcp.toml.bak
+  echo "  Updated wrangler-mcp.toml with database_id"
+fi
+echo ""
+echo "=== Step 2: Create Vectorize index ==="
+VEC_EXISTS=$(npx wrangler vectorize list --json 2>/dev/null | python3 -c "
+import sys, json
+indexes = json.load(sys.stdin)
+for idx in indexes:
+    if idx['name'] == 'memory-crystal-chunks':
+        print('yes')
+        break
+" 2>/dev/null || echo "")
+if [[ "$VEC_EXISTS" != "yes" ]]; then
+  echo "Creating Vectorize index: memory-crystal-chunks (1024 dims, cosine)"
+  npx wrangler vectorize create memory-crystal-chunks --dimensions 1024 --metric cosine
+  echo "  Created."
+else
+  echo "  Already exists."
+fi
+echo ""
+echo "=== Step 3: Run D1 migrations ==="
+npx wrangler d1 migrations apply memory-crystal-cloud --config wrangler-mcp.toml
+echo "  Migrations applied."
+echo ""
+echo "=== Step 4: Set Worker secrets ==="
+echo "$OPENAI_API_KEY" | npx wrangler secret put OPENAI_API_KEY --config wrangler-mcp.toml
+echo "  OPENAI_API_KEY set."
+# Generate signing key for OAuth tokens
+MCP_SIGNING_KEY=$(openssl rand -hex 32)
+echo "$MCP_SIGNING_KEY" | npx wrangler secret put MCP_SIGNING_KEY --config wrangler-mcp.toml
+echo "  MCP_SIGNING_KEY set (generated)."
+# Generate relay encryption key (base64, 32 bytes)
+RELAY_KEY=$(openssl rand -base64 32)
+echo "$RELAY_KEY" | npx wrangler secret put RELAY_ENCRYPTION_KEY --config wrangler-mcp.toml
+echo "  RELAY_ENCRYPTION_KEY set (generated)."
+echo ""
+echo "=== Step 5: Build and deploy ==="
+npm run build:cloud
+npx wrangler deploy --config wrangler-mcp.toml
+echo ""
+echo "=== Done ==="
+echo ""
+echo "Memory Crystal Cloud MCP server deployed."
+echo "Worker URL: https://memory-crystal-cloud.<your-subdomain>.workers.dev"
+echo ""
+echo "Next steps:"
+echo "  1. Test: curl https://memory-crystal-cloud.<subdomain>.workers.dev/health"
+echo "  2. Test OAuth: GET /.well-known/oauth-authorization-server"
+echo "  3. Connect from ChatGPT or Claude"