aismemory 0.5.0 → 0.5.1

package/dist/__tests__/token-expiry-reauth.test.js

@@ -0,0 +1,201 @@
+import { createServer } from 'node:http';
+import { spawn } from 'node:child_process';
+import { mkdtempSync, mkdirSync, writeFileSync, existsSync } from 'node:fs';
+import { tmpdir } from 'node:os';
+import { join, resolve } from 'path';
+import { describe, it, expect, beforeAll, afterAll, beforeEach } from 'vitest';
+import { generateAndSaveKeypair } from '../key-auth.js';
+/**
+ * Regression: mid-session TOKEN_EXPIRED failures (CORBOT-A5BBD580).
+ *
+ * The MCP checked credential expiry only when loading credentials.json at
+ * startup; ensureCredentials() returned the cached creds forever after, and
+ * no TOKEN_EXPIRED response ever cleared them. A session starting inside the
+ * final hours of the 7-day token life expired mid-session and every memory
+ * write failed until the process was restarted — observed 2026-05-24,
+ * 2026-05-31, 2026-06-09.
+ *
+ * After the fix:
+ *   1. ensureCredentials() treats creds expiring within a safety margin as
+ *      stale and silently re-runs key auth (challenge → did-prove).
+ *   2. A TOKEN_EXPIRED / INVALID_TOKEN response from any tool call clears
+ *      the cached creds, re-auths, and retries the call once.
+ *
+ * Both scenarios drive the real binary against a fake AIS server, with a
+ * key file present in the fake HOME so re-auth is silent (no device flow).
+ */
+const OLD_TOKEN = mintJwt('old-session-token');
+const NEW_TOKEN = mintJwt('fresh-after-reauth');
+function mintJwt(marker) {
+    const header = Buffer.from(JSON.stringify({ alg: 'HS256', typ: 'JWT' })).toString('base64url');
+    const payload = Buffer.from(JSON.stringify({ sub: 'user-1', user_id: 'user-1', tenant_id: 'tenant-1', marker })).toString('base64url');
+    return `${header}.${payload}.fakesig-${marker}`;
+}
+describe('aismemory MCP token-expiry re-auth', () => {
+    let fakeAis;
+    let port = 0;
+    let didProveCalls = 0;
+    const agentTokensSeen = [];
+    beforeAll(async () => {
+        fakeAis = createServer((req, res) => {
+            req.on('data', () => { });
+            req.on('end', () => {
+                const auth = (req.headers['authorization'] ?? '').replace('Bearer ', '');
+                if (req.url === '/v1/auth/challenge' && req.method === 'POST') {
+                    res.writeHead(200, { 'content-type': 'application/json' });
+                    res.end(JSON.stringify({
+                        success: true,
+                        data: { nonce: 'test-nonce', exp: Math.floor(Date.now() / 1000) + 60, hmac: 'test-hmac' },
+                    }));
+                    return;
+                }
+                if (req.url === '/v1/auth/did-prove' && req.method === 'POST') {
+                    didProveCalls += 1;
+                    res.writeHead(200, { 'content-type': 'application/json' });
+                    res.end(JSON.stringify({
+                        success: true,
+                        data: {
+                            bearerToken: NEW_TOKEN,
+                            expiresAt: new Date(Date.now() + 7 * 24 * 3600 * 1000).toISOString(),
+                        },
+                    }));
+                    return;
+                }
+                if (req.url?.startsWith('/v1/agents') && req.method === 'GET') {
+                    agentTokensSeen.push(auth);
+                    if (auth !== NEW_TOKEN) {
+                        res.writeHead(401, { 'content-type': 'application/json' });
+                        res.end(JSON.stringify({ success: false, error: { code: 'TOKEN_EXPIRED', message: 'Token expired' } }));
+                        return;
+                    }
+                    if (req.url === '/v1/agents') {
+                        res.writeHead(200, { 'content-type': 'application/json' });
+                        res.end(JSON.stringify({
+                            success: true,
+                            data: { agents: [{ id: 'agent-1', name: 'TestAgent', status: 'active' }] },
+                        }));
+                        return;
+                    }
+                    if (req.url === '/v1/agents/agent-1') {
+                        res.writeHead(200, { 'content-type': 'application/json' });
+                        res.end(JSON.stringify({
+                            success: true,
+                            data: { id: 'agent-1', name: 'TestAgent', status: 'active' },
+                        }));
+                        return;
+                    }
+                }
+                // Hydration / memory refresh / telemetry — irrelevant here.
+                res.writeHead(404, { 'content-type': 'application/json' });
+                res.end(JSON.stringify({ success: false, error: { code: 'NOT_FOUND' } }));
+            });
+        });
+        await new Promise((r) => {
+            fakeAis.listen(0, '127.0.0.1', () => {
+                const addr = fakeAis.address();
+                if (addr && typeof addr === 'object')
+                    port = addr.port;
+                r();
+            });
+        });
+    });
+    afterAll(async () => {
+        await new Promise((r) => fakeAis?.close(() => r()));
+    });
+    beforeEach(() => {
+        didProveCalls = 0;
+        agentTokensSeen.length = 0;
+    });
+    async function runWhoami(credsExpiresAt) {
+        const distPath = resolve(__dirname, '..', '..', 'dist', 'index.js');
+        if (!existsSync(distPath)) {
+            throw new Error(`dist/index.js missing — run \`pnpm build\` first (looked at ${distPath})`);
+        }
+        const fakeHome = mkdtempSync(join(tmpdir(), 'aismem-reauth-'));
+        const aismemDir = join(fakeHome, '.aismemory');
+        mkdirSync(aismemDir, { recursive: true });
+        writeFileSync(join(aismemDir, 'credentials.json'), JSON.stringify({
+            token: OLD_TOKEN,
+            agentId: 'agent-1',
+            tenantId: 'tenant-1',
+            expiresAt: credsExpiresAt,
+        }));
+        await generateAndSaveKeypair({
+            userId: 'user-1',
+            userDid: 'did:web:test:users:user-1',
+            keysDir: join(aismemDir, 'keys'),
+        });
+        let proc = null;
+        try {
+            proc = spawn('node', [distPath], {
+                env: { ...process.env, HOME: fakeHome, AIS_URL: `http://127.0.0.1:${port}` },
+                stdio: ['pipe', 'pipe', 'pipe'],
+            });
+            let stdoutBuf = '';
+            proc.stdout.on('data', (d) => { stdoutBuf += d.toString(); });
+            proc.stderr.on('data', () => { });
+            proc.stdin.write(JSON.stringify({
+                jsonrpc: '2.0', id: 1, method: 'initialize',
+                params: { protocolVersion: '2024-11-05', capabilities: {}, clientInfo: { name: 'reauth-test', version: '0.0.0' } },
+            }) + '\n');
+            await waitFor(() => stdoutBuf.includes('"id":1'), 5000, 'initialize response');
+            proc.stdin.write(JSON.stringify({
+                jsonrpc: '2.0', id: 2, method: 'tools/call',
+                params: { name: 'whoami', arguments: {} },
+            }) + '\n');
+            await waitFor(() => stdoutBuf.includes('"id":2'), 15000, 'whoami response');
+            return extractResponseText(stdoutBuf, 2);
+        }
+        finally {
+            proc?.kill();
+        }
+    }
+    it('re-auths via key file and retries once when AIS rejects the stored token', async () => {
+        // Creds look fresh by clock (30 days out) but the server rejects them —
+        // covers server-side rotation/expiry discovered only on use.
+        const response = await runWhoami(new Date(Date.now() + 30 * 24 * 3600 * 1000).toISOString());
+        expect(didProveCalls).toBe(1);
+        expect(response).toContain('TestAgent');
+        expect(response).not.toContain('TOKEN_EXPIRED');
+    }, 30000);
+    it('refuses near-expiry cached creds and re-auths before using them', async () => {
+        // Creds expire in 60s — inside the safety margin. The old token must
+        // never reach the API.
+        const response = await runWhoami(new Date(Date.now() + 60 * 1000).toISOString());
+        expect(didProveCalls).toBe(1);
+        expect(agentTokensSeen).not.toContain(OLD_TOKEN);
+        expect(response).toContain('TestAgent');
+    }, 30000);
+});
+function waitFor(predicate, ms, label) {
+    return new Promise((resolveOuter, reject) => {
+        const start = Date.now();
+        const tick = () => {
+            if (predicate()) {
+                resolveOuter();
+                return;
+            }
+            if (Date.now() - start > ms) {
+                reject(new Error(`timeout waiting for ${label}`));
+                return;
+            }
+            setTimeout(tick, 50);
+        };
+        tick();
+    });
+}
+function extractResponseText(buf, id) {
+    for (const line of buf.split('\n')) {
+        if (!line.includes(`"id":${id}`))
+            continue;
+        try {
+            const parsed = JSON.parse(line);
+            const text = parsed.result?.content?.[0]?.text;
+            if (typeof text === 'string')
+                return text;
+        }
+        catch { /* malformed line; skip */ }
+    }
+    return '';
+}
+//# sourceMappingURL=token-expiry-reauth.test.js.map

package/dist/__tests__/token-expiry-reauth.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"token-expiry-reauth.test.js","sourceRoot":"","sources":["../../src/__tests__/token-expiry-reauth.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAA0D,MAAM,WAAW,CAAC;AACjG,OAAO,EAAE,KAAK,EAAuC,MAAM,oBAAoB,CAAC;AAChF,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,aAAa,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAC5E,OAAO,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AACjC,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,MAAM,CAAC;AACrC,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AAC/E,OAAO,EAAE,sBAAsB,EAAE,MAAM,gBAAgB,CAAC;AAExD;;;;;;;;;;;;;;;;;;GAkBG;AAEH,MAAM,SAAS,GAAG,OAAO,CAAC,mBAAmB,CAAC,CAAC;AAC/C,MAAM,SAAS,GAAG,OAAO,CAAC,oBAAoB,CAAC,CAAC;AAEhD,SAAS,OAAO,CAAC,MAAc;IAC7B,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IAC/F,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CACzB,IAAI,CAAC,SAAS,CAAC,EAAE,GAAG,EAAE,QAAQ,EAAE,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,EAAE,CAAC,CACpF,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IACxB,OAAO,GAAG,MAAM,IAAI,OAAO,YAAY,MAAM,EAAE,CAAC;AAClD,CAAC;AAED,QAAQ,CAAC,oCAAoC,EAAE,GAAG,EAAE;IAClD,IAAI,OAA2B,CAAC;IAChC,IAAI,IAAI,GAAG,CAAC,CAAC;IACb,IAAI,aAAa,GAAG,CAAC,CAAC;IACtB,MAAM,eAAe,GAAa,EAAE,CAAC;IAErC,SAAS,CAAC,KAAK,IAAI,EAAE;QACnB,OAAO,GAAG,YAAY,CAAC,CAAC,GAAoB,EAAE,GAAmB,EAAE,EAAE;YACnE,GAAG,CAAC,EAAE,CAAC,MAAM,EAAE,GAAG,EAAE,GAAoD,CAAC,CAAC,CAAC;YAC3E,GAAG,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE;gBACjB,MAAM,IAAI,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;gBAEzE,IAAI,GAAG,CAAC,GAAG,KAAK,oBAAoB,IAAI,GAAG,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;oBAC9D,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;oBAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC;wBACrB,OAAO,EAAE,IAAI;wBACb,IAAI,EAAE,EAAE,KAAK,EAAE,YAAY,EAAE,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE;qBAC1F,CAAC,CAAC,CAAC;oBACJ,OAAO;gBACT,CAAC;gBAED,IAAI,GAAG,CAAC,GAAG,KAAK,oBAAoB,IAAI,GAAG,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;oBAC9D,aAAa,IAAI,CAAC,CAAC;oBACnB,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;oBAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC;wBACrB,OAAO,EAAE,IAAI;wBACb,IAAI,EAAE;4BACJ,WAAW,EAAE,SAAS;4BACtB,SAAS,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE;yBACrE;qBACF,CAAC,CAAC,CAAC;oBACJ,OAAO;gBACT,CAAC;gBAED,IAAI,GAAG,CAAC,GAAG,EAAE,UAAU,CAAC,YAAY,CAAC,IAAI,GAAG,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;oBAC9D,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;oBAC3B,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;wBACvB,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;wBAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,eAAe,EAAE,OAAO,EAAE,eAAe,EAAE,EAAE,CAAC,CAAC,CAAC;wBACxG,OAAO;oBACT,CAAC;oBACD,IAAI,GAAG,CAAC,GAAG,KAAK,YAAY,EAAE,CAAC;wBAC7B,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;wBAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC;4BACrB,OAAO,EAAE,IAAI;4BACb,IAAI,EAAE,EAAE,MAAM,EAAE,CAAC,EAAE,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,WAAW,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC,EAAE;yBAC3E,CAAC,CAAC,CAAC;wBACJ,OAAO;oBACT,CAAC;oBACD,IAAI,GAAG,CAAC,GAAG,KAAK,oBAAoB,EAAE,CAAC;wBACrC,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;wBAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC;4BACrB,OAAO,EAAE,IAAI;4BACb,IAAI,EAAE,EAAE,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,WAAW,EAAE,MAAM,EAAE,QAAQ,EAAE;yBAC7D,CAAC,CAAC,CAAC;wBACJ,OAAO;oBACT,CAAC;gBACH,CAAC;gBAED,4DAA4D;gBAC5D,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;gBAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,EAAE,CAAC,CAAC,CAAC;YAC5E,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,MAAM,IAAI,OAAO,CAAO,CAAC,CAAC,EAAE,EAAE;YAC5B,OAAQ,CAAC,MAAM,CAAC,CAAC,EAAE,WAAW,EAAE,GAAG,EAAE;gBACnC,MAAM,IAAI,GAAG,OAAQ,CAAC,OAAO,EAAE,CAAC;gBAChC,IAAI,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ;oBAAE,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC;gBACvD,CAAC,EAAE,CAAC;YACN,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,KAAK,IAAI,EAAE;QAClB,MAAM,IAAI,OAAO,CAAO,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,EAAE,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IAC5D,CAAC,CAAC,CAAC;IAEH,UAAU,CAAC,GAAG,EAAE;QACd,aAAa,GAAG,CAAC,CAAC;QAClB,eAAe,CAAC,MAAM,GAAG,CAAC,CAAC;IAC7B,CAAC,CAAC,CAAC;IAEH,KAAK,UAAU,SAAS,CAAC,cAAsB;QAC7C,MAAM,QAAQ,GAAG,OAAO,CAAC,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,UAAU,CAAC,CAAC;QACpE,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC1B,MAAM,IAAI,KAAK,CAAC,+DAA+D,QAAQ,GAAG,CAAC,CAAC;QAC9F,CAAC;QAED,MAAM,QAAQ,GAAG,WAAW,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,gBAAgB,CAAC,CAAC,CAAC;QAC/D,MAAM,SAAS,GAAG,IAAI,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;QAC/C,SAAS,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC1C,aAAa,CACX,IAAI,CAAC,SAAS,EAAE,kBAAkB,CAAC,EACnC,IAAI,CAAC,SAAS,CAAC;YACb,KAAK,EAAE,SAAS;YAChB,OAAO,EAAE,SAAS;YAClB,QAAQ,EAAE,UAAU;YACpB,SAAS,EAAE,cAAc;SAC1B,CAAC,CACH,CAAC;QACF,MAAM,sBAAsB,CAAC;YAC3B,MAAM,EAAE,QAAQ;YAChB,OAAO,EAAE,2BAA2B;YACpC,OAAO,EAAE,IAAI,CAAC,SAAS,EAAE,MAAM,CAAC;SACjC,CAAC,CAAC;QAEH,IAAI,IAAI,GAA0C,IAAI,CAAC;QACvD,IAAI,CAAC;YACH,IAAI,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE;gBAC/B,GAAG,EAAE,EAAE,GAAG,OAAO,CAAC,GAAG,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,oBAAoB,IAAI,EAAE,EAAE;gBAC5E,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;aAChC,CAAC,CAAC;YACH,IAAI,SAAS,GAAG,EAAE,CAAC;YACnB,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,CAAS,EAAE,EAAE,GAAG,SAAS,IAAI,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;YACtE,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,GAAG,EAAE,GAAc,CAAC,CAAC,CAAC;YAE7C,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC;gBAC9B,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC,EAAE,MAAM,EAAE,YAAY;gBAC3C,MAAM,EAAE,EAAE,eAAe,EAAE,YAAY,EAAE,YAAY,EAAE,EAAE,EAAE,UAAU,EAAE,EAAE,IAAI,EAAE,aAAa,EAAE,OAAO,EAAE,OAAO,EAAE,EAAE;aACnH,CAAC,GAAG,IAAI,CAAC,CAAC;YACX,MAAM,OAAO,CAAC,GAAG,EAAE,CAAC,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,IAAI,EAAE,qBAAqB,CAAC,CAAC;YAE/E,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC;gBAC9B,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC,EAAE,MAAM,EAAE,YAAY;gBAC3C,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,EAAE,EAAE;aAC1C,CAAC,GAAG,IAAI,CAAC,CAAC;YACX,MAAM,OAAO,CAAC,GAAG,EAAE,CAAC,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,KAAK,EAAE,iBAAiB,CAAC,CAAC;YAC5E,OAAO,mBAAmB,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC;QAC3C,CAAC;gBAAS,CAAC;YACT,IAAI,EAAE,IAAI,EAAE,CAAC;QACf,CAAC;IACH,CAAC;IAED,EAAE,CAAC,0EAA0E,EAAE,KAAK,IAAI,EAAE;QACxF,wEAAwE;QACxE,6DAA6D;QAC7D,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;QAE7F,MAAM,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAC9B,MAAM,CAAC,QAAQ,CAAC,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;QACxC,MAAM,CAAC,QAAQ,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,eAAe,CAAC,CAAC;IAClD,CAAC,EAAE,KAAK,CAAC,CAAC;IAEV,EAAE,CAAC,iEAAiE,EAAE,KAAK,IAAI,EAAE;QAC/E,qEAAqE;QACrE,uBAAuB;QACvB,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;QAEjF,MAAM,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAC9B,MAAM,CAAC,eAAe,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;QACjD,MAAM,CAAC,QAAQ,CAAC,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;IAC1C,CAAC,EAAE,KAAK,CAAC,CAAC;AACZ,CAAC,CAAC,CAAC;AAEH,SAAS,OAAO,CAAC,SAAwB,EAAE,EAAU,EAAE,KAAa;IAClE,OAAO,IAAI,OAAO,CAAC,CAAC,YAAY,EAAE,MAAM,EAAE,EAAE;QAC1C,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACzB,MAAM,IAAI,GAAG,GAAS,EAAE;YACtB,IAAI,SAAS,EAAE,EAAE,CAAC;gBAAC,YAAY,EAAE,CAAC;gBAAC,OAAO;YAAC,CAAC;YAC5C,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,GAAG,EAAE,EAAE,CAAC;gBAAC,MAAM,CAAC,IAAI,KAAK,CAAC,uBAAuB,KAAK,EAAE,CAAC,CAAC,CAAC;gBAAC,OAAO;YAAC,CAAC;YAC3F,UAAU,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;QACvB,CAAC,CAAC;QACF,IAAI,EAAE,CAAC;IACT,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,mBAAmB,CAAC,GAAW,EAAE,EAAU;IAClD,KAAK,MAAM,IAAI,IAAI,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;QACnC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,EAAE,CAAC;YAAE,SAAS;QAC3C,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAwD,CAAC;YACvF,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,IAAI,CAAC;YAC/C,IAAI,OAAO,IAAI,KAAK,QAAQ;gBAAE,OAAO,IAAI,CAAC;QAC5C,CAAC;QAAC,MAAM,CAAC,CAAC,0BAA0B,CAAC,CAAC;IACxC,CAAC;IACD,OAAO,EAAE,CAAC;AACZ,CAAC"}

package/dist/__tests__/tool-args.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/__tests__/tool-args.test.js

@@ -0,0 +1,78 @@
+import { describe, it, expect } from 'vitest';
+import { MAX_MEMORY_CONTENT_LENGTH, parseAgentLoadArgs, parseEmptyToolArgs, parseHandoffArgs, parseRecallArgs, parseRememberArgs, } from '../tool-args.js';
+describe('parseRememberArgs', () => {
+    it('accepts valid remember payload', () => {
+        const parsed = parseRememberArgs({
+            content: 'hello',
+            type: 'fact',
+            importance: 0.8,
+        });
+        expect(parsed).toEqual({ content: 'hello', type: 'fact', importance: 0.8 });
+    });
+    it('applies defaults for optional fields', () => {
+        expect(parseRememberArgs({ content: 'x' })).toEqual({
+            content: 'x',
+            type: 'context',
+            importance: 0.5,
+        });
+    });
+    it('rejects missing content', () => {
+        expect(() => parseRememberArgs({})).toThrow(/content is required/);
+    });
+    it('rejects invalid memory type', () => {
+        expect(() => parseRememberArgs({ content: 'x', type: 'invalid' })).toThrow();
+    });
+    it('rejects importance outside 0-1', () => {
+        expect(() => parseRememberArgs({ content: 'x', importance: 2 })).toThrow();
+    });
+    it('rejects oversized content', () => {
+        expect(() => parseRememberArgs({ content: 'x'.repeat(MAX_MEMORY_CONTENT_LENGTH + 1) })).toThrow(/exceeds maximum length/);
+    });
+});
+describe('parseRecallArgs', () => {
+    it('requires query', () => {
+        expect(() => parseRecallArgs({})).toThrow(/query is required/);
+    });
+    it('accepts query with optional limit and type', () => {
+        expect(parseRecallArgs({ query: 'cats', limit: 5, type: 'fact' })).toEqual({
+            query: 'cats',
+            limit: 5,
+            type: 'fact',
+        });
+    });
+    it('rejects limit above MAX_QUERY_LIMIT', () => {
+        expect(() => parseRecallArgs({ query: 'x', limit: 101 })).toThrow();
+    });
+    it('rejects oversized query', () => {
+        expect(() => parseRecallArgs({ query: 'q'.repeat(MAX_MEMORY_CONTENT_LENGTH + 1) })).toThrow(/exceeds maximum length/);
+    });
+});
+describe('parseHandoffArgs', () => {
+    it('accepts empty handoff args', () => {
+        expect(parseHandoffArgs({})).toEqual({});
+    });
+    it('accepts summary and keyLearnings', () => {
+        expect(parseHandoffArgs({ summary: 'done', keyLearnings: ['a', 'b'] })).toEqual({ summary: 'done', keyLearnings: ['a', 'b'] });
+    });
+    it('rejects too many keyLearnings', () => {
+        expect(() => parseHandoffArgs({ keyLearnings: Array.from({ length: 101 }, () => 'x') })).toThrow(/maximum of 100/);
+    });
+});
+describe('parseAgentLoadArgs', () => {
+    it('requires non-empty query', () => {
+        expect(() => parseAgentLoadArgs({})).toThrow(/query is required/);
+        expect(() => parseAgentLoadArgs({ query: '   ' })).toThrow(/query is required/);
+    });
+    it('trims whitespace from query', () => {
+        expect(parseAgentLoadArgs({ query: '  Corbot  ' })).toEqual({ query: 'Corbot' });
+    });
+});
+describe('parseEmptyToolArgs', () => {
+    it('accepts empty object for no-arg tools', () => {
+        expect(parseEmptyToolArgs({})).toEqual({});
+    });
+    it('rejects unexpected keys', () => {
+        expect(() => parseEmptyToolArgs({ extra: true })).toThrow();
+    });
+});
+//# sourceMappingURL=tool-args.test.js.map

package/dist/__tests__/tool-args.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"tool-args.test.js","sourceRoot":"","sources":["../../src/__tests__/tool-args.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAC9C,OAAO,EACL,yBAAyB,EACzB,kBAAkB,EAClB,kBAAkB,EAClB,gBAAgB,EAChB,eAAe,EACf,iBAAiB,GAClB,MAAM,iBAAiB,CAAC;AAEzB,QAAQ,CAAC,mBAAmB,EAAE,GAAG,EAAE;IACjC,EAAE,CAAC,gCAAgC,EAAE,GAAG,EAAE;QACxC,MAAM,MAAM,GAAG,iBAAiB,CAAC;YAC/B,OAAO,EAAE,OAAO;YAChB,IAAI,EAAE,MAAM;YACZ,UAAU,EAAE,GAAG;SAChB,CAAC,CAAC;QACH,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,EAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,UAAU,EAAE,GAAG,EAAE,CAAC,CAAC;IAC9E,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sCAAsC,EAAE,GAAG,EAAE;QAC9C,MAAM,CAAC,iBAAiB,CAAC,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC;YAClD,OAAO,EAAE,GAAG;YACZ,IAAI,EAAE,SAAS;YACf,UAAU,EAAE,GAAG;SAChB,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,yBAAyB,EAAE,GAAG,EAAE;QACjC,MAAM,CAAC,GAAG,EAAE,CAAC,iBAAiB,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,qBAAqB,CAAC,CAAC;IACrE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,6BAA6B,EAAE,GAAG,EAAE;QACrC,MAAM,CAAC,GAAG,EAAE,CAAC,iBAAiB,CAAC,EAAE,OAAO,EAAE,GAAG,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC;IAC/E,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,gCAAgC,EAAE,GAAG,EAAE;QACxC,MAAM,CAAC,GAAG,EAAE,CAAC,iBAAiB,CAAC,EAAE,OAAO,EAAE,GAAG,EAAE,UAAU,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC;IAC7E,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,2BAA2B,EAAE,GAAG,EAAE;QACnC,MAAM,CAAC,GAAG,EAAE,CACV,iBAAiB,CAAC,EAAE,OAAO,EAAE,GAAG,CAAC,MAAM,CAAC,yBAAyB,GAAG,CAAC,CAAC,EAAE,CAAC,CAC1E,CAAC,OAAO,CAAC,wBAAwB,CAAC,CAAC;IACtC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,iBAAiB,EAAE,GAAG,EAAE;IAC/B,EAAE,CAAC,gBAAgB,EAAE,GAAG,EAAE;QACxB,MAAM,CAAC,GAAG,EAAE,CAAC,eAAe,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;IACjE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,4CAA4C,EAAE,GAAG,EAAE;QACpD,MAAM,CAAC,eAAe,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC;YACzE,KAAK,EAAE,MAAM;YACb,KAAK,EAAE,CAAC;YACR,IAAI,EAAE,MAAM;SACb,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,qCAAqC,EAAE,GAAG,EAAE;QAC7C,MAAM,CAAC,GAAG,EAAE,CAAC,eAAe,CAAC,EAAE,KAAK,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC;IACtE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,yBAAyB,EAAE,GAAG,EAAE;QACjC,MAAM,CAAC,GAAG,EAAE,CACV,eAAe,CAAC,EAAE,KAAK,EAAE,GAAG,CAAC,MAAM,CAAC,yBAAyB,GAAG,CAAC,CAAC,EAAE,CAAC,CACtE,CAAC,OAAO,CAAC,wBAAwB,CAAC,CAAC;IACtC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,kBAAkB,EAAE,GAAG,EAAE;IAChC,EAAE,CAAC,4BAA4B,EAAE,GAAG,EAAE;QACpC,MAAM,CAAC,gBAAgB,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;IAC3C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,kCAAkC,EAAE,GAAG,EAAE;QAC1C,MAAM,CACJ,gBAAgB,CAAC,EAAE,OAAO,EAAE,MAAM,EAAE,YAAY,EAAE,CAAC,GAAG,EAAE,GAAG,CAAC,EAAE,CAAC,CAChE,CAAC,OAAO,CAAC,EAAE,OAAO,EAAE,MAAM,EAAE,YAAY,EAAE,CAAC,GAAG,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC;IAC3D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+BAA+B,EAAE,GAAG,EAAE;QACvC,MAAM,CAAC,GAAG,EAAE,CACV,gBAAgB,CAAC,EAAE,YAAY,EAAE,KAAK,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,GAAG,EAAE,EAAE,GAAG,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,CAC3E,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC;IAC9B,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,oBAAoB,EAAE,GAAG,EAAE;IAClC,EAAE,CAAC,0BAA0B,EAAE,GAAG,EAAE;QAClC,MAAM,CAAC,GAAG,EAAE,CAAC,kBAAkB,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;QAClE,MAAM,CAAC,GAAG,EAAE,CAAC,kBAAkB,CAAC,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;IAClF,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,6BAA6B,EAAE,GAAG,EAAE;QACrC,MAAM,CAAC,kBAAkB,CAAC,EAAE,KAAK,EAAE,YAAY,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,CAAC;IACnF,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,oBAAoB,EAAE,GAAG,EAAE;IAClC,EAAE,CAAC,uCAAuC,EAAE,GAAG,EAAE;QAC/C,MAAM,CAAC,kBAAkB,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;IAC7C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,yBAAyB,EAAE,GAAG,EAAE;QACjC,MAAM,CAAC,GAAG,EAAE,CAAC,kBAAkB,CAAC,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC;IAC9D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/auth-staleness.d.ts

@@ -0,0 +1,27 @@
+/**
+ * Credential staleness + auth-error detection for the MCP re-auth loop.
+ *
+ * key-auth.ts promises: "When the JWT expires (or AIS rotates JWT_SECRET)
+ * the client silently re-runs challenge/prove. The user notices nothing."
+ * These helpers are the detection half of that promise (CORBOT-A5BBD580):
+ * ensureCredentials() uses isCredsStale() to refuse near-expiry cached
+ * creds, and the tool dispatcher uses isAuthErrorResult() to clear creds
+ * and retry once when AIS rejects a token mid-session.
+ */
+/**
+ * Safety margin before the recorded expiry at which cached credentials are
+ * treated as stale. Five minutes comfortably covers clock skew between the
+ * client and AIS plus the duration of any single tool call.
+ */
+export declare const CREDS_STALENESS_MARGIN_MS: number;
+/**
+ * True when credentials expiring at `expiresAt` should no longer be used at
+ * time `nowMs`. Unparseable expiry timestamps are treated as stale — a
+ * re-auth is cheap, silently using a token of unknown validity is not.
+ */
+export declare function isCredsStale(expiresAt: string, nowMs: number, marginMs?: number): boolean;
+/**
+ * True when an AIS response body is a token-rejection error
+ * (TOKEN_EXPIRED or INVALID_TOKEN) — the signal to re-auth and retry.
+ */
+export declare function isAuthErrorResult(result: unknown): boolean;

package/dist/auth-staleness.js

@@ -0,0 +1,41 @@
+/**
+ * Credential staleness + auth-error detection for the MCP re-auth loop.
+ *
+ * key-auth.ts promises: "When the JWT expires (or AIS rotates JWT_SECRET)
+ * the client silently re-runs challenge/prove. The user notices nothing."
+ * These helpers are the detection half of that promise (CORBOT-A5BBD580):
+ * ensureCredentials() uses isCredsStale() to refuse near-expiry cached
+ * creds, and the tool dispatcher uses isAuthErrorResult() to clear creds
+ * and retry once when AIS rejects a token mid-session.
+ */
+/**
+ * Safety margin before the recorded expiry at which cached credentials are
+ * treated as stale. Five minutes comfortably covers clock skew between the
+ * client and AIS plus the duration of any single tool call.
+ */
+export const CREDS_STALENESS_MARGIN_MS = 5 * 60 * 1000;
+/**
+ * True when credentials expiring at `expiresAt` should no longer be used at
+ * time `nowMs`. Unparseable expiry timestamps are treated as stale — a
+ * re-auth is cheap, silently using a token of unknown validity is not.
+ */
+export function isCredsStale(expiresAt, nowMs, marginMs = CREDS_STALENESS_MARGIN_MS) {
+    const expiresMs = Date.parse(expiresAt);
+    if (Number.isNaN(expiresMs))
+        return true;
+    return expiresMs - nowMs <= marginMs;
+}
+/**
+ * True when an AIS response body is a token-rejection error
+ * (TOKEN_EXPIRED or INVALID_TOKEN) — the signal to re-auth and retry.
+ */
+export function isAuthErrorResult(result) {
+    if (typeof result !== 'object' || result === null)
+        return false;
+    const r = result;
+    if (r.success !== false)
+        return false;
+    const code = r.error?.code;
+    return code === 'TOKEN_EXPIRED' || code === 'INVALID_TOKEN';
+}
+//# sourceMappingURL=auth-staleness.js.map

package/dist/auth-staleness.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-staleness.js","sourceRoot":"","sources":["../src/auth-staleness.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH;;;;GAIG;AACH,MAAM,CAAC,MAAM,yBAAyB,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;AAEvD;;;;GAIG;AACH,MAAM,UAAU,YAAY,CAC1B,SAAiB,EACjB,KAAa,EACb,WAAmB,yBAAyB;IAE5C,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;IACxC,IAAI,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC;QAAE,OAAO,IAAI,CAAC;IACzC,OAAO,SAAS,GAAG,KAAK,IAAI,QAAQ,CAAC;AACvC,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,iBAAiB,CAAC,MAAe;IAC/C,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,MAAM,KAAK,IAAI;QAAE,OAAO,KAAK,CAAC;IAChE,MAAM,CAAC,GAAG,MAA0D,CAAC;IACrE,IAAI,CAAC,CAAC,OAAO,KAAK,KAAK;QAAE,OAAO,KAAK,CAAC;IACtC,MAAM,IAAI,GAAG,CAAC,CAAC,KAAK,EAAE,IAAI,CAAC;IAC3B,OAAO,IAAI,KAAK,eAAe,IAAI,IAAI,KAAK,eAAe,CAAC;AAC9D,CAAC"}

package/dist/auto-handoff.d.ts

@@ -1,9 +1,11 @@
 export declare class ActivityTracker {
     private toolCounts;
     private storedMemories;
+    private storedMemoryCount;
     recordToolUse(toolName: string): void;
     recordMemoryStored(content: string): void;
     getToolCounts(): Record<string, number>;
+    getStoredMemoryCount(): number;
     getStoredMemories(): string[];
     hasActivity(): boolean;
 }

package/dist/auto-handoff.js

@@ -1,15 +1,30 @@
+/** Max verbatim snippets kept for handoff keyLearnings (FIFO). */
+const MAX_STORED_MEMORY_SNIPPETS = 10;
+/** Max chars per snippet to bound handoff payload size. */
+const MAX_STORED_MEMORY_SNIPPET_CHARS = 512;
 export class ActivityTracker {
     toolCounts = {};
     storedMemories = [];
+    storedMemoryCount = 0;
     recordToolUse(toolName) {
         this.toolCounts[toolName] = (this.toolCounts[toolName] ?? 0) + 1;
     }
     recordMemoryStored(content) {
-        this.storedMemories.push(content);
+        this.storedMemoryCount++;
+        const snippet = content.length > MAX_STORED_MEMORY_SNIPPET_CHARS
+            ? `${content.slice(0, MAX_STORED_MEMORY_SNIPPET_CHARS)}…`
+            : content;
+        this.storedMemories.push(snippet);
+        if (this.storedMemories.length > MAX_STORED_MEMORY_SNIPPETS) {
+            this.storedMemories.shift();
+        }
     }
     getToolCounts() {
         return { ...this.toolCounts };
     }
+    getStoredMemoryCount() {
+        return this.storedMemoryCount;
+    }
     getStoredMemories() {
         return [...this.storedMemories];
     }
@@ -24,30 +39,39 @@ export function buildHandoffPayload(tracker) {
     const toolParts = Object.entries(tracker.getToolCounts())
         .map(([name, count]) => `${name} (${count})`)
         .join(', ');
+    const memoryCount = tracker.getStoredMemoryCount();
     const memories = tracker.getStoredMemories();
-    const summary = `Used tools: ${toolParts}.${memories.length > 0 ? ` Stored ${memories.length} memories.` : ''}`;
+    const summary = `Used tools: ${toolParts}.${memoryCount > 0 ? ` Stored ${memoryCount} memories.` : ''}`;
     return { summary, keyLearnings: memories };
 }
+const HANDOFF_FETCH_TIMEOUT_MS = 5_000;
 export function setupAutoHandoff(aisUrl, agentId, token, tracker, onBeforeExit) {
-    const doHandoff = () => {
+    let exiting = false;
+    const doHandoff = async () => {
+        if (exiting)
+            return;
+        exiting = true;
         if (!tracker.hasActivity())
             return;
         const payload = buildHandoffPayload(tracker);
-        fetch(`${aisUrl}/v1/agents/${agentId}/handoff`, {
-            method: 'POST',
-            headers: { 'Content-Type': 'application/json', Authorization: `Bearer ${token}` },
-            body: JSON.stringify(payload),
-        }).catch(() => { }); // Best-effort
+        try {
+            await fetch(`${aisUrl}/v1/agents/${agentId}/handoff`, {
+                method: 'POST',
+                headers: { 'Content-Type': 'application/json', Authorization: `Bearer ${token}` },
+                body: JSON.stringify(payload),
+                signal: AbortSignal.timeout(HANDOFF_FETCH_TIMEOUT_MS),
+            });
+        }
+        catch {
+            // Best-effort — still exit if POST fails or times out
+        }
         if (onBeforeExit)
             onBeforeExit();
     };
-    process.on('SIGTERM', () => {
-        doHandoff();
-        process.exit(0);
-    });
-    process.on('SIGINT', () => {
-        doHandoff();
-        process.exit(0);
-    });
+    const onSignal = () => {
+        void doHandoff().finally(() => process.exit(0));
+    };
+    process.on('SIGTERM', onSignal);
+    process.on('SIGINT', onSignal);
 }
 //# sourceMappingURL=auto-handoff.js.map

package/dist/auto-handoff.js.map

@@ -1 +1 @@
-{"version":3,"file":"auto-handoff.js","sourceRoot":"","sources":["../src/auto-handoff.ts"],"names":[],"mappings":"AAAA,MAAM,OAAO,eAAe;IAClB,UAAU,GAA2B,EAAE,CAAC;IACxC,cAAc,GAAa,EAAE,CAAC;IAEtC,aAAa,CAAC,QAAgB;QAC5B,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;IACnE,CAAC;IAED,kBAAkB,CAAC,OAAe;QAChC,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACpC,CAAC;IAED,aAAa;QACX,OAAO,EAAE,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC;IAChC,CAAC;IAED,iBAAiB;QACf,OAAO,CAAC,GAAG,IAAI,CAAC,cAAc,CAAC,CAAC;IAClC,CAAC;IAED,WAAW;QACT,OAAO,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC;IACjD,CAAC;CACF;AAOD,MAAM,UAAU,mBAAmB,CAAC,OAAwB;IAC1D,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE,EAAE,CAAC;QAC3B,OAAO,EAAE,OAAO,EAAE,uCAAuC,EAAE,YAAY,EAAE,EAAE,EAAE,CAAC;IAChF,CAAC;IACD,MAAM,SAAS,GAAG,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,aAAa,EAAE,CAAC;SACtD,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,GAAG,IAAI,KAAK,KAAK,GAAG,CAAC;SAC5C,IAAI,CAAC,IAAI,CAAC,CAAC;IACd,MAAM,QAAQ,GAAG,OAAO,CAAC,iBAAiB,EAAE,CAAC;IAC7C,MAAM,OAAO,GAAG,eAAe,SAAS,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,WAAW,QAAQ,CAAC,MAAM,YAAY,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;IAChH,OAAO,EAAE,OAAO,EAAE,YAAY,EAAE,QAAQ,EAAE,CAAC;AAC7C,CAAC;AAED,MAAM,UAAU,gBAAgB,CAC9B,MAAc,EACd,OAAe,EACf,KAAa,EACb,OAAwB,EACxB,YAAyB;IAEzB,MAAM,SAAS,GAAG,GAAS,EAAE;QAC3B,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE;YAAE,OAAO;QACnC,MAAM,OAAO,GAAG,mBAAmB,CAAC,OAAO,CAAC,CAAC;QAC7C,KAAK,CAAC,GAAG,MAAM,cAAc,OAAO,UAAU,EAAE;YAC9C,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,aAAa,EAAE,UAAU,KAAK,EAAE,EAAE;YACjF,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC;SAC9B,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC,CAAC,cAAc;QAClC,IAAI,YAAY;YAAE,YAAY,EAAE,CAAC;IACnC,CAAC,CAAC;IACF,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,GAAG,EAAE;QACzB,SAAS,EAAE,CAAC;QACZ,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC,CAAC,CAAC;IACH,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,GAAG,EAAE;QACxB,SAAS,EAAE,CAAC;QACZ,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC,CAAC,CAAC;AACL,CAAC"}
+{"version":3,"file":"auto-handoff.js","sourceRoot":"","sources":["../src/auto-handoff.ts"],"names":[],"mappings":"AAAA,kEAAkE;AAClE,MAAM,0BAA0B,GAAG,EAAE,CAAC;AACtC,2DAA2D;AAC3D,MAAM,+BAA+B,GAAG,GAAG,CAAC;AAE5C,MAAM,OAAO,eAAe;IAClB,UAAU,GAA2B,EAAE,CAAC;IACxC,cAAc,GAAa,EAAE,CAAC;IAC9B,iBAAiB,GAAG,CAAC,CAAC;IAE9B,aAAa,CAAC,QAAgB;QAC5B,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;IACnE,CAAC;IAED,kBAAkB,CAAC,OAAe;QAChC,IAAI,CAAC,iBAAiB,EAAE,CAAC;QACzB,MAAM,OAAO,GACX,OAAO,CAAC,MAAM,GAAG,+BAA+B;YAC9C,CAAC,CAAC,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,+BAA+B,CAAC,GAAG;YACzD,CAAC,CAAC,OAAO,CAAC;QACd,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAClC,IAAI,IAAI,CAAC,cAAc,CAAC,MAAM,GAAG,0BAA0B,EAAE,CAAC;YAC5D,IAAI,CAAC,cAAc,CAAC,KAAK,EAAE,CAAC;QAC9B,CAAC;IACH,CAAC;IAED,aAAa;QACX,OAAO,EAAE,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC;IAChC,CAAC;IAED,oBAAoB;QAClB,OAAO,IAAI,CAAC,iBAAiB,CAAC;IAChC,CAAC;IAED,iBAAiB;QACf,OAAO,CAAC,GAAG,IAAI,CAAC,cAAc,CAAC,CAAC;IAClC,CAAC;IAED,WAAW;QACT,OAAO,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC;IACjD,CAAC;CACF;AAOD,MAAM,UAAU,mBAAmB,CAAC,OAAwB;IAC1D,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE,EAAE,CAAC;QAC3B,OAAO,EAAE,OAAO,EAAE,uCAAuC,EAAE,YAAY,EAAE,EAAE,EAAE,CAAC;IAChF,CAAC;IACD,MAAM,SAAS,GAAG,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,aAAa,EAAE,CAAC;SACtD,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,GAAG,IAAI,KAAK,KAAK,GAAG,CAAC;SAC5C,IAAI,CAAC,IAAI,CAAC,CAAC;IACd,MAAM,WAAW,GAAG,OAAO,CAAC,oBAAoB,EAAE,CAAC;IACnD,MAAM,QAAQ,GAAG,OAAO,CAAC,iBAAiB,EAAE,CAAC;IAC7C,MAAM,OAAO,GAAG,eAAe,SAAS,IAAI,WAAW,GAAG,CAAC,CAAC,CAAC,CAAC,WAAW,WAAW,YAAY,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;IACxG,OAAO,EAAE,OAAO,EAAE,YAAY,EAAE,QAAQ,EAAE,CAAC;AAC7C,CAAC;AAED,MAAM,wBAAwB,GAAG,KAAK,CAAC;AAEvC,MAAM,UAAU,gBAAgB,CAC9B,MAAc,EACd,OAAe,EACf,KAAa,EACb,OAAwB,EACxB,YAAyB;IAEzB,IAAI,OAAO,GAAG,KAAK,CAAC;IAEpB,MAAM,SAAS,GAAG,KAAK,IAAmB,EAAE;QAC1C,IAAI,OAAO;YAAE,OAAO;QACpB,OAAO,GAAG,IAAI,CAAC;QAEf,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE;YAAE,OAAO;QAEnC,MAAM,OAAO,GAAG,mBAAmB,CAAC,OAAO,CAAC,CAAC;QAC7C,IAAI,CAAC;YACH,MAAM,KAAK,CAAC,GAAG,MAAM,cAAc,OAAO,UAAU,EAAE;gBACpD,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,aAAa,EAAE,UAAU,KAAK,EAAE,EAAE;gBACjF,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC;gBAC7B,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,wBAAwB,CAAC;aACtD,CAAC,CAAC;QACL,CAAC;QAAC,MAAM,CAAC;YACP,sDAAsD;QACxD,CAAC;QACD,IAAI,YAAY;YAAE,YAAY,EAAE,CAAC;IACnC,CAAC,CAAC;IAEF,MAAM,QAAQ,GAAG,GAAS,EAAE;QAC1B,KAAK,SAAS,EAAE,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;IAClD,CAAC,CAAC;IAEF,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;IAChC,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;AACjC,CAAC"}

package/dist/cli/sync-memory.js

@@ -3,6 +3,8 @@ import { join, resolve } from 'node:path';
 import { homedir } from 'node:os';
 import { createInterface } from 'node:readline/promises';
 import { runIngestion } from '../pipeline/ingestion.js';
+import { loadExistingHashes } from '../pipeline/existing-hashes.js';
+import { bulkStoreViaAis, singleWriteAllViaAis } from '../pipeline/bulk-store.js';
 import { LocalClaudeSource } from '../sources/local-claude.js';
 import { SyncConfig } from '../config.js';
 import { TrustLedger } from '../trust-ledger.js';
@@ -11,7 +13,13 @@ import { interactiveReview, bulkSelectAll } from '../review/cli-review.js';
 import { resolveScope } from '../pipeline/scope-resolver.js';
 import { readClaudeMemoryTree } from './read-claude-memory-tree.js';
 function parseArgs(argv) {
-    const args = { source: 'claude-local', dryRun: false, saveScope: false };
+    const args = {
+        source: 'claude-local',
+        dryRun: false,
+        saveScope: false,
+        acceptAll: false,
+        singleWrite: false,
+    };
     for (let i = 0; i < argv.length; i++) {
         if (argv[i] === '--source' && argv[i + 1]) {
             args.source = argv[++i];
@@ -25,6 +33,12 @@ function parseArgs(argv) {
         else if (argv[i] === '--save-scope') {
             args.saveScope = true;
         }
+        else if (argv[i] === '--accept-all') {
+            args.acceptAll = true;
+        }
+        else if (argv[i] === '--single-write') {
+            args.singleWrite = true;
+        }
     }
     return args;
 }
@@ -33,38 +47,6 @@ function getAdapter(id) {
         return new LocalClaudeSource();
     throw new Error(`Unknown source: ${id}. Phase 1 supports only 'claude-local'.`);
 }
-async function bulkStoreViaAis(agentId, drafts) {
-    const apiBase = process.env['AIS_DOMAIN']
-        ? `https://${process.env['AIS_DOMAIN']}`
-        : 'https://ais.agentsandswarms.ai';
-    const apiKey = process.env['AIS_SERVICE_KEY'] ?? process.env['AIS_API_KEY'];
-    const tenantId = process.env['AIS_TENANT_ID'];
-    if (!apiKey || !tenantId)
-        throw new Error('AIS_API_KEY and AIS_TENANT_ID must be set');
-    const body = {
-        memories: drafts.map((d) => ({
-            content: d.content,
-            type: d.type,
-            importance: d.importance,
-            metadata: { provenance: d.provenance, trustScoreHint: d.trustScore },
-        })),
-    };
-    const res = await fetch(`${apiBase}/v1/agents/${agentId}/memory/bulk`, {
-        method: 'POST',
-        headers: {
-            'Content-Type': 'application/json',
-            'x-api-key': apiKey,
-            'x-tenant-id': tenantId,
-        },
-        body: JSON.stringify(body),
-    });
-    if (!res.ok) {
-        const bodyText = await res.text().catch(() => '');
-        throw new Error(`AIS bulk store failed: HTTP ${res.status} ${res.statusText}${bodyText ? ` — ${bodyText.slice(0, 500)}` : ''}`);
-    }
-    const json = (await res.json());
-    return { created: json.data?.created ?? [], failed: json.data?.failed ?? [] };
-}
 async function main() {
     const args = parseArgs(process.argv.slice(2));
     const agentId = process.env['AIS_AGENT_ID'];
@@ -112,19 +94,32 @@ async function main() {
         scope.label,
     ].join('|');
     const firstSyncForScope = !ledger.isTrusted(agentId, adapter.id, scopeKey);
-    const review = async (drafts) => args.dryRun
+    const review = async (drafts) => args.dryRun || args.acceptAll
         ? bulkSelectAll(drafts)
         : interactiveReview(drafts, {
             sourceId: adapter.id,
             scopeLabel: scope.label,
             firstSyncForScope,
         });
+    const apiKey = process.env['AIS_SERVICE_KEY'] ?? process.env['AIS_API_KEY'];
+    const tenantId = process.env['AIS_TENANT_ID'];
+    const apiBase = process.env['AIS_DOMAIN']
+        ? `https://${process.env['AIS_DOMAIN']}`
+        : 'https://ais.agentsandswarms.ai';
     const bulkStore = args.dryRun
         ? async (drafts) => ({
             created: drafts.map((_, i) => ({ index: i, id: `dry-run-${i}` })),
             failed: [],
         })
-        : (drafts) => bulkStoreViaAis(agentId, drafts);
+        : (() => {
+            if (!apiKey || !tenantId)
+                throw new Error('AIS_API_KEY and AIS_TENANT_ID must be set');
+            const creds = { apiBase, apiKey, tenantId };
+            return args.singleWrite
+                ? (drafts) => singleWriteAllViaAis(agentId, drafts, creds)
+                : (drafts) => bulkStoreViaAis(agentId, drafts, creds);
+        })();
+    const existingHashes = await loadExistingHashes(agentId, mirror, apiKey && tenantId ? { apiBase, apiKey, tenantId } : undefined);
     const result = await runIngestion({
         adapter,
         rawSourceData,
@@ -133,7 +128,7 @@ async function main() {
         config,
         ledger,
         mirror,
-        existingHashes: new Set(),
+        existingHashes,
         bulkStore,
         review,
     });