autonomous-flow-daemon 1.1.0 → 1.9.0

package/src/daemon/client.ts

@@ -1,37 +1,78 @@
-import { readFileSync, existsSync } from "fs";
-import { PID_FILE, PORT_FILE } from "../constants";
-
-export interface DaemonInfo {
-  pid: number;
-  port: number;
-}
-
-export function getDaemonInfo(): DaemonInfo | null {
-  if (!existsSync(PID_FILE) || !existsSync(PORT_FILE)) return null;
-  const pid = parseInt(readFileSync(PID_FILE, "utf-8").trim(), 10);
-  const port = parseInt(readFileSync(PORT_FILE, "utf-8").trim(), 10);
-  if (isNaN(pid) || isNaN(port)) return null;
-  return { pid, port };
-}
-
-export async function isDaemonAlive(info: DaemonInfo): Promise<boolean> {
-  try {
-    const res = await fetch(`http://127.0.0.1:${info.port}/health`, {
-      signal: AbortSignal.timeout(2000),
-    });
-    const data = await res.json() as { status: string; pid: number };
-    return data.status === "alive" && data.pid === info.pid;
-  } catch {
-    return false;
-  }
-}
-
-export async function daemonRequest<T = unknown>(path: string): Promise<T> {
-  const info = getDaemonInfo();
-  if (!info) throw new Error("Daemon not running. Run `afd start` first.");
-  const res = await fetch(`http://127.0.0.1:${info.port}${path}`, {
-    signal: AbortSignal.timeout(5000),
-  });
-  if (!res.ok) throw new Error(`Daemon returned ${res.status}`);
-  return res.json() as T;
-}
+import { readFileSync, existsSync, unlinkSync } from "fs";
+import { resolveWorkspacePaths } from "../constants";
+import type { MeshEntry } from "./mesh";
+
+export interface DaemonInfo {
+  pid: number;
+  port: number;
+  workspace: string;
+}
+
+/**
+ * Read daemon PID/port from the workspace-local `.afd/` directory.
+ * Walks up from cwd to find the workspace root, so CLI commands
+ * work correctly even when invoked from subdirectories.
+ *
+ * If PID file exists but process is dead, cleans up stale files.
+ */
+export function getDaemonInfo(): DaemonInfo | null {
+  const paths = resolveWorkspacePaths();
+  if (!existsSync(paths.pidFile) || !existsSync(paths.portFile)) return null;
+
+  const pid = parseInt(readFileSync(paths.pidFile, "utf-8").trim(), 10);
+  const port = parseInt(readFileSync(paths.portFile, "utf-8").trim(), 10);
+  if (isNaN(pid) || isNaN(port)) return null;
+
+  // Stale PID detection: check if process is alive at OS level
+  if (!isProcessAlive(pid)) {
+    try { unlinkSync(paths.pidFile); } catch {}
+    try { unlinkSync(paths.portFile); } catch {}
+    return null;
+  }
+
+  return { pid, port, workspace: paths.root };
+}
+
+/** Check if a process exists at OS level (does not verify it's afd) */
+function isProcessAlive(pid: number): boolean {
+  try {
+    process.kill(pid, 0); // signal 0 = existence check
+    return true;
+  } catch {
+    return false;
+  }
+}
+
+export async function isDaemonAlive(info: DaemonInfo): Promise<boolean> {
+  try {
+    const res = await fetch(`http://127.0.0.1:${info.port}/health`, {
+      signal: AbortSignal.timeout(2000),
+    });
+    const data = await res.json() as { status: string; pid: number };
+    return data.status === "alive" && data.pid === info.pid;
+  } catch {
+    return false;
+  }
+}
+
+export async function daemonRequest<T = unknown>(path: string, method?: "GET"): Promise<T>;
+export async function daemonRequest<T = unknown>(path: string, method: "POST", body: unknown): Promise<T>;
+export async function daemonRequest<T = unknown>(path: string, method: "GET" | "POST" = "GET", body?: unknown): Promise<T> {
+  const info = getDaemonInfo();
+  if (!info) throw new Error("Daemon not running. Run `afd start` first.");
+  const init: RequestInit = {
+    method,
+    signal: AbortSignal.timeout(5000),
+  };
+  if (method === "POST" && body !== undefined) {
+    init.body = JSON.stringify(body);
+    init.headers = { "Content-Type": "application/json" };
+  }
+  const res = await fetch(`http://127.0.0.1:${info.port}${path}`, init);
+  if (!res.ok) throw new Error(`Daemon returned ${res.status}`);
+  return res.json() as T;
+}
+
+export async function getMeshPeers(): Promise<MeshEntry[]> {
+  return daemonRequest<MeshEntry[]>("/mesh/peers");
+}

package/src/daemon/event-batcher.ts

@@ -0,0 +1,108 @@
+/**
+ * EventBatcher — Adaptive debounce for file watcher events.
+ *
+ * Strategy:
+ * - Immune file changes → fast-path (immediate, no debounce)
+ * - All other events → 300ms debounce batch
+ * - Deduplicates: same file multiple events → last event wins
+ * - Cancels out: add + unlink on same file → removed from batch
+ */
+
+export interface BatchedEvent {
+  event: string;
+  path: string;
+  timestamp: number;
+}
+
+export interface EventBatcherOptions {
+  /** Debounce window in ms (default: 300) */
+  debounceMs?: number;
+  /** Check if a path is an immune-protected file (fast-path) */
+  isImmunePath?: (path: string) => boolean;
+  /** Handler for fast-path (immediate) events */
+  onImmediate: (event: string, path: string) => void;
+  /** Handler for batched events (fired after debounce window) */
+  onBatch: (events: BatchedEvent[]) => void;
+}
+
+export class EventBatcher {
+  private readonly debounceMs: number;
+  private readonly isImmunePath: (path: string) => boolean;
+  private readonly onImmediate: (event: string, path: string) => void;
+  private readonly onBatch: (events: BatchedEvent[]) => void;
+
+  private pendingEvents = new Map<string, BatchedEvent>();
+  private timer: ReturnType<typeof setTimeout> | null = null;
+  private batchCount = 0;
+
+  constructor(options: EventBatcherOptions) {
+    this.debounceMs = options.debounceMs ?? 300;
+    this.isImmunePath = options.isImmunePath ?? (() => false);
+    this.onImmediate = options.onImmediate;
+    this.onBatch = options.onBatch;
+  }
+
+  /** Push a new file event. Returns true if handled immediately (fast-path). */
+  push(event: string, path: string): boolean {
+    // Fast-path: immune file change → immediate processing for auto-heal responsiveness
+    if (event === "change" && this.isImmunePath(path)) {
+      this.onImmediate(event, path);
+      return true;
+    }
+
+    const now = Date.now();
+    const existing = this.pendingEvents.get(path);
+
+    // Cancel out: add + unlink on same file
+    if (existing) {
+      if ((existing.event === "add" && event === "unlink") ||
+          (existing.event === "unlink" && event === "add")) {
+        this.pendingEvents.delete(path);
+        return false;
+      }
+    }
+
+    // Last event wins for same file
+    this.pendingEvents.set(path, { event, path, timestamp: now });
+
+    // Start/reset debounce timer
+    if (this.timer) clearTimeout(this.timer);
+    this.timer = setTimeout(() => this.flush(), this.debounceMs);
+
+    return false;
+  }
+
+  /** Flush all pending events immediately */
+  flush(): void {
+    if (this.timer) {
+      clearTimeout(this.timer);
+      this.timer = null;
+    }
+
+    if (this.pendingEvents.size === 0) return;
+
+    const events = [...this.pendingEvents.values()];
+    this.pendingEvents.clear();
+    this.batchCount++;
+    this.onBatch(events);
+  }
+
+  /** Get the number of batches processed */
+  get totalBatches(): number {
+    return this.batchCount;
+  }
+
+  /** Get the number of pending events */
+  get pendingCount(): number {
+    return this.pendingEvents.size;
+  }
+
+  /** Destroy the batcher, clearing any pending timers */
+  destroy(): void {
+    if (this.timer) {
+      clearTimeout(this.timer);
+      this.timer = null;
+    }
+    this.pendingEvents.clear();
+  }
+}

package/src/daemon/guards.ts

@@ -0,0 +1,13 @@
+import { resolve } from "path";
+
+/**
+ * Guard: reject resolved paths outside the workspace root.
+ * Throws if absPath is not under wsRoot.
+ */
+export function assertInsideWorkspace(absPath: string, wsRoot: string): void {
+  const normalizedPath = absPath.replace(/\\/g, "/").toLowerCase();
+  const normalizedRoot = resolve(wsRoot).replace(/\\/g, "/").toLowerCase();
+  if (!normalizedPath.startsWith(normalizedRoot + "/") && normalizedPath !== normalizedRoot) {
+    throw new Error("Access denied: path outside workspace");
+  }
+}

package/src/daemon/http-routes.ts

@@ -0,0 +1,376 @@
+/**
+ * HTTP routes for daemon IPC — extracted from server.ts.
+ */
+
+import { readFileSync, writeFileSync } from "fs";
+import { resolve } from "path";
+import { generateHologram } from "../core/hologram";
+import { diagnose } from "../core/immune";
+import type { PatchOp } from "../core/immune";
+import { buildShiftSummary } from "../core/boast";
+import { analyzeQuarantine, listQuarantine, evolve } from "../core/evolution";
+import { MAX_SSE_CLIENTS } from "./types";
+import { subscriptionManager } from "./mcp-subscriptions";
+import type { DaemonContext } from "./types";
+import { assertInsideWorkspace as _assertWs } from "./guards";
+import { shouldAcceptRemote } from "../core/federation";
+import { listMeshPeers } from "./mesh";
+
+/** Create the HTTP fetch handler for Bun.serve */
+export function createHttpHandler(ctx: DaemonContext, cleanup: () => void) {
+  return async function fetch(req: Request): Promise<Response> {
+    const url = new URL(req.url);
+
+    if (url.pathname === "/health") {
+      return Response.json({ status: "alive", pid: process.pid, workspace: ctx.ws.root, port: ctx.port });
+    }
+
+    if (url.pathname === "/mini-status") {
+      const last = ctx.state.autoHealLog.length > 0
+        ? ctx.state.autoHealLog[ctx.state.autoHealLog.length - 1].id
+        : null;
+      // Defense reasons from in-memory mistakeCache (not DB query — stays under 200ms)
+      const reasonSet = new Set<string>();
+      for (const entries of ctx.state.mistakeCache.values()) {
+        for (const e of entries) {
+          reasonSet.add(e.mistake_type);
+          if (reasonSet.size >= 3) break;
+        }
+        if (reasonSet.size >= 3) break;
+      }
+      const latestLog = ctx.state.autoHealLog.length > 0
+        ? ctx.state.autoHealLog[ctx.state.autoHealLog.length - 1]
+        : null;
+      const latestDefense = latestLog
+        ? { file: latestLog.file, healMs: latestLog.healMs, at: latestLog.at }
+        : null;
+      // session_saved_tokens_k: DB의 오늘치 stats 사용
+      // (MCP 프로세스와 HTTP 데몬이 별개 프로세스라 in-memory sessionOriginalChars는 항상 0)
+      const todayStr = ctx.today();
+      const dailyRows = ctx.getDailyAll.all();
+      const todayRow = dailyRows.find(r => r.date === todayStr);
+      const sessionSavedTokensK = todayRow
+        ? Math.round(Math.max(0, todayRow.original_chars - todayRow.hologram_chars) / 4 / 100) / 10
+        : 0;
+      return Response.json({
+        status: "ON",
+        healed_count: ctx.state.autoHealCount,
+        last_healed: last,
+        total_defenses: ctx.state.autoHealCount,
+        defense_reasons: [...reasonSet],
+        latest_defense: latestDefense,
+        saved_tokens_k: Math.round(Math.max(0, ctx.state.hologramStats.totalOriginalChars - ctx.state.hologramStats.totalHologramChars) / 4 / 100) / 10,
+        session_saved_tokens_k: sessionSavedTokensK,
+      });
+    }
+
+    // Track HTTP API calls as telemetry
+    const _apiPath = url.pathname.replace(/^\//, "");
+    if (["/hologram", "/read", "/diagnose", "/score", "/evolution", "/sync"].includes(url.pathname)) {
+      try { ctx.insertTelemetry.run("mcp", `http_${_apiPath}`, null, null, Date.now()); } catch { /* crash-only */ }
+    }
+
+    if (url.pathname === "/hologram") {
+      const file = url.searchParams.get("file");
+      if (!file) return Response.json({ error: "?file= required" }, { status: 400 });
+      try {
+        const absPath = resolve(file);
+        _assertWs(absPath, ctx.ws.root);
+        const source = readFileSync(absPath, "utf-8");
+        const contextFile = url.searchParams.get("contextFile");
+        const result = await generateHologram(file, source, contextFile ? { contextFile: resolve(contextFile) } : undefined);
+        ctx.persistHologramStats(result.originalLength, result.hologramLength);
+        return Response.json(result);
+      } catch (err: unknown) {
+        return Response.json({ error: err instanceof Error ? err.message : String(err) }, { status: 404 });
+      }
+    }
+
+    if (url.pathname === "/workspace-map") {
+      const mapText = ctx.getWorkspaceMap();
+      const { totalProjectBytes, mapBytes } = ctx.getWorkspaceMapStats();
+      if (totalProjectBytes > 0) {
+        ctx.persistCtxSavings('wsmap', totalProjectBytes, Math.max(0, totalProjectBytes - mapBytes));
+      }
+      return new Response(mapText, { headers: { "Content-Type": "text/plain" } });
+    }
+
+    if (url.pathname === "/read") {
+      const file = url.searchParams.get("file");
+      if (!file) return Response.json({ error: "?file= required" }, { status: 400 });
+      try {
+        const AFD_READ_THRESHOLD = 10 * 1024;
+        const absPath = resolve(file);
+        _assertWs(absPath, ctx.ws.root);
+        const source = readFileSync(absPath, "utf-8");
+        const rawStart = parseInt(url.searchParams.get("startLine") ?? "", 10);
+        const rawEnd = parseInt(url.searchParams.get("endLine") ?? "", 10);
+
+        if (Number.isFinite(rawStart) && Number.isFinite(rawEnd)) {
+          const lines = source.split("\n");
+          const s = Math.max(1, rawStart) - 1;
+          const e = Math.min(lines.length, rawEnd);
+          return Response.json({ file, lines: lines.slice(s, e), range: [s + 1, e], totalLines: lines.length });
+        }
+        if (source.length < AFD_READ_THRESHOLD) {
+          return Response.json({ file, content: source, mode: "full" });
+        }
+        const result = await generateHologram(file, source);
+        ctx.persistHologramStats(result.originalLength, result.hologramLength);
+        return Response.json({ file, hologram: result.hologram, mode: "hologram", originalSize: source.length, totalLines: source.split("\n").length });
+      } catch (err: unknown) {
+        return Response.json({ error: err instanceof Error ? err.message : String(err) }, { status: 404 });
+      }
+    }
+
+    if (url.pathname === "/mistake-history") {
+      const file = url.searchParams.get("file");
+      if (!file) return Response.json({ error: "?file= required" }, { status: 400 });
+      const normalizedFile = file.replace(/\\/g, "/");
+      const cached = ctx.state.mistakeCache.get(normalizedFile);
+      return Response.json({ mistakes: cached ?? [] });
+    }
+
+    if (url.pathname === "/diagnose") {
+      const raw = url.searchParams.get("raw") === "true";
+      const known = ctx.antibodyIds.all().map(r => r.id);
+      const result = diagnose(known, { raw });
+      const PROACTIVE_HOLOGRAM_THRESHOLD = 5 * 1024;
+
+      const enriched = await Promise.all(result.symptoms.map(async (s: { fileTarget: string; [k: string]: unknown }) => {
+        const snapshot = ctx.state.fileSnapshots.get(s.fileTarget)
+          ?? ctx.state.fileSnapshots.get(s.fileTarget.replace(/\//g, "\\"));
+        if (!snapshot) return s;
+        if (snapshot.length > PROACTIVE_HOLOGRAM_THRESHOLD) {
+          const hologram = await ctx.safeHologram(s.fileTarget, snapshot);
+          return {
+            ...s, hologram,
+            contextNote: `File is ${(snapshot.length / 1024).toFixed(1)}KB — hologram skeleton provided to save tokens (${Math.round((1 - hologram.length / snapshot.length) * 100)}% reduction).`,
+          };
+        }
+        return { ...s, context: snapshot };
+      }));
+      return Response.json({ ...result, symptoms: enriched });
+    }
+
+    if (url.pathname === "/antibodies") {
+      return Response.json({ antibodies: ctx.listAntibodies.all() });
+    }
+
+    if (url.pathname === "/antibodies/learn" && req.method === "POST") {
+      try {
+        const body = await req.json() as {
+          id: string; patternType: string; fileTarget: string; patches: PatchOp[];
+          scope?: string; version?: number; updatedAt?: string;
+        };
+        const scope = body.scope ?? "local";
+        const incomingVersion = body.version ?? 1;
+        const updatedAt = body.updatedAt ?? new Date().toISOString();
+        // Non-local antibodies are stored under their fqid to avoid collisions
+        const storageId = scope === "local" ? body.id : `${scope}/${body.id}`;
+
+        const incomingPatch = JSON.stringify(body.patches);
+
+        type ExistingRow = { ab_version: number; updated_at: string; patch_op: string } | null;
+        const existing = ctx.db.prepare(
+          "SELECT ab_version, updated_at, patch_op FROM antibodies WHERE id = ?"
+        ).get(storageId) as ExistingRow;
+
+        if (existing) {
+          const decision = shouldAcceptRemote(
+            { version: incomingVersion, updatedAt, patch: incomingPatch },
+            { version: existing.ab_version, updatedAt: existing.updated_at, patch: existing.patch_op },
+          );
+          if (!decision.accept) {
+            return Response.json({ status: "skipped", reason: decision.reason, id: storageId });
+          }
+          ctx.db.prepare(
+            "UPDATE antibodies SET patch_op = ?, file_target = ?, ab_version = ?, updated_at = ?, scope = ? WHERE id = ?"
+          ).run(incomingPatch, body.fileTarget, incomingVersion, updatedAt, scope, storageId);
+          return Response.json({ status: "updated", reason: decision.reason, id: storageId });
+        }
+
+        ctx.insertAntibody.run(storageId, body.patternType, body.fileTarget, JSON.stringify(body.patches));
+        subscriptionManager.dispatchResourceUpdated("afd://antibodies");
+        ctx.db.prepare(
+          "UPDATE antibodies SET scope = ?, ab_version = ?, updated_at = ? WHERE id = ?"
+        ).run(scope, incomingVersion, updatedAt, storageId);
+        return Response.json({ status: "learned", id: storageId });
+      } catch (err: unknown) {
+        return Response.json({ error: err instanceof Error ? err.message : String(err) }, { status: 400 });
+      }
+    }
+
+    if (url.pathname === "/auto-heal/record" && req.method === "POST") {
+      try {
+        const body = await req.json() as { id: string; file?: string; healMs?: number };
+        ctx.state.autoHealCount++;
+        ctx.state.autoHealLog.push({ id: body.id, at: Date.now(), file: body.file ?? body.id, healMs: body.healMs ?? 0 });
+        if (ctx.state.autoHealLog.length > 100) ctx.state.autoHealLog.shift();
+        try { ctx.insertTelemetry.run("immune", "heal_hit", JSON.stringify({ antibodyId: body.id }), null, Date.now()); } catch { /* crash-only */ }
+        return Response.json({ status: "recorded", total: ctx.state.autoHealCount });
+      } catch (err: unknown) {
+        return Response.json({ error: err instanceof Error ? err.message : String(err) }, { status: 400 });
+      }
+    }
+
+    if (url.pathname === "/score") {
+      const uptime = Math.floor((Date.now() - ctx.state.startedAt) / 1000);
+      const eventCount = ctx.db.query("SELECT COUNT(*) as cnt FROM events").get() as { cnt: number };
+      const abCount = ctx.countAntibodies.get() as { cnt: number };
+      const hs = ctx.state.hologramStats;
+      const globalSavings = hs.totalOriginalChars > 0
+        ? Math.round((hs.totalOriginalChars - hs.totalHologramChars) / hs.totalOriginalChars * 1000) / 10
+        : 0;
+      const dailyRows = ctx.getDailyAll.all() as { date: string; requests: number; original_chars: number; hologram_chars: number }[];
+      const todayRow = dailyRows.find(r => r.date === ctx.today());
+      const ctxDailyRaw = ctx.getCtxSavingsDaily.all() as { date: string; type: string; requests: number; original_chars: number; saved_chars: number }[];
+      const ctxLifetimeRaw = ctx.getCtxSavingsLifetime.all() as { type: string; total_requests: number; total_original_chars: number; total_saved_chars: number }[];
+      return Response.json({
+        uptime,
+        filesDetected: ctx.state.filesDetected,
+        totalEvents: eventCount.cnt,
+        lastEvent: ctx.state.lastEvent,
+        lastEventAt: ctx.state.lastEventAt,
+        watchedFiles: [...ctx.state.watchedFiles],
+        watchTargets: ctx.discoveryTargets,
+        hologram: {
+          lifetime: { requests: hs.totalRequests, originalChars: hs.totalOriginalChars, hologramChars: hs.totalHologramChars, savings: globalSavings },
+          today: todayRow ? {
+            requests: todayRow.requests, originalChars: todayRow.original_chars, hologramChars: todayRow.hologram_chars,
+            savings: todayRow.original_chars > 0 ? Math.round((todayRow.original_chars - todayRow.hologram_chars) / todayRow.original_chars * 1000) / 10 : 0,
+          } : null,
+          daily: dailyRows.map(r => ({ date: r.date, requests: r.requests, originalChars: r.original_chars, hologramChars: r.hologram_chars })),
+        },
+        ctxSavings: {
+          daily: ctxDailyRaw,
+          lifetime: ctxLifetimeRaw,
+        },
+        immune: {
+          antibodies: abCount.cnt,
+          autoHealed: ctx.state.autoHealCount,
+          lastAutoHeal: ctx.state.autoHealLog.length > 0 ? ctx.state.autoHealLog[ctx.state.autoHealLog.length - 1] : null,
+        },
+        ecosystem: {
+          detected: ctx.state.ecosystems.map(e => ({ name: e.adapter.name, confidence: e.confidence, schema: e.adapter.getHarnessSchema() })),
+          primary: ctx.state.ecosystems[0]?.adapter.name ?? "Unknown",
+        },
+        suppression: {
+          massEventsSkipped: ctx.state.suppressionSkippedCount,
+          dormantTransitions: ctx.state.dormantTransitions.length,
+          activeTaps: ctx.state.firstTapTimestamps.size,
+        },
+        evolution: (() => {
+          const q = listQuarantine();
+          return { totalQuarantined: q.length, totalLearned: q.filter(e => e.learned).length, pending: q.filter(e => !e.learned).length };
+        })(),
+        dynamicImmune: {
+          activeValidators: ctx.state.customValidators.size,
+          validatorNames: [...ctx.state.customValidators.keys()],
+        },
+      });
+    }
+
+    if (url.pathname === "/evolution") {
+      return Response.json(evolve());
+    }
+
+    if (url.pathname === "/evolution/status") {
+      const q = listQuarantine();
+      const stats = analyzeQuarantine();
+      return Response.json({
+        totalQuarantined: q.length, totalLearned: q.filter(e => e.learned).length, pending: stats.pending,
+        lessons: stats.lessons.map(l => ({ file: l.entry.originalPath, type: l.failureType, timestamp: l.entry.timestamp, suggestion: l.suggestion })),
+      });
+    }
+
+    if (url.pathname === "/sync") {
+      type AntibodyRow = { id: string; pattern_type: string; file_target: string; patch_op: string; created_at: string; scope?: string; ab_version?: number; updated_at?: string };
+      const rows = ctx.listAntibodies.all() as AntibodyRow[];
+      const sanitized = rows.flatMap(r => {
+        let patches: PatchOp[];
+        try { patches = JSON.parse(r.patch_op) as PatchOp[]; } catch { return []; }
+        const cleanPatches = patches.map(p => ({
+          ...p,
+          path: p.path.replace(/^[A-Za-z]:/, "").replace(/\\/g, "/"),
+          value: p.value?.replace(/[A-Za-z]:\\[^\s"']*/g, "<redacted>"),
+        }));
+        const scope = r.scope ?? "local";
+        const cleanId = r.id.replace(/^[A-Za-z]:/, "").replace(/\\/g, "/");
+        // fqid: non-local ids are already stored as "<scope>/<name>", local use "local/<id>"
+        const fqid = scope !== "local" ? cleanId : `local/${cleanId}`;
+        return [{
+          id: cleanId,
+          scope,
+          fqid,
+          patternType: r.pattern_type,
+          fileTarget: r.file_target.replace(/^[A-Za-z]:/, "").replace(/\\/g, "/"),
+          patches: cleanPatches,
+          version: r.ab_version ?? 1,
+          updatedAt: r.updated_at ?? r.created_at,
+          learnedAt: r.created_at,
+        }];
+      });
+      const payload = {
+        version: "1.7", generatedAt: new Date().toISOString(),
+        ecosystem: ctx.state.ecosystems[0]?.adapter.name ?? "Unknown",
+        scope: "local",  // publisher scope — overridden by CLI syncRemotePush
+        antibodyCount: sanitized.length, antibodies: sanitized,
+      };
+      const payloadPath = resolve(ctx.ws.afdDir, "global-vaccine-payload.json");
+      writeFileSync(payloadPath, JSON.stringify(payload, null, 2), "utf-8");
+      return Response.json({ status: "exported", path: payloadPath, count: sanitized.length });
+    }
+
+    if (url.pathname === "/shift-summary") {
+      const uptime = Math.floor((Date.now() - ctx.state.startedAt) / 1000);
+      const eventCount = ctx.db.query("SELECT COUNT(*) as cnt FROM events").get() as { cnt: number };
+      const hs = ctx.state.hologramStats;
+      const hologramSavedChars = Math.max(0, hs.totalOriginalChars - hs.totalHologramChars);
+      return Response.json(buildShiftSummary({
+        uptimeSeconds: uptime, totalEvents: eventCount.cnt, healsPerformed: ctx.state.autoHealCount,
+        totalFileBytesSaved: ctx.state.totalFileBytesSaved, suppressionsSkipped: ctx.state.suppressionSkippedCount,
+        dormantTransitions: ctx.state.dormantTransitions.length, hologramSavedChars,
+      }));
+    }
+
+    if (url.pathname === "/events") {
+      if (ctx.state.sseClients.size >= MAX_SSE_CLIENTS) {
+        return Response.json({ error: "Too many SSE clients" }, { status: 429 });
+      }
+      let sseController: ReadableStreamDefaultController<Uint8Array> | null = null;
+      const stream = new ReadableStream<Uint8Array>({
+        start(controller) { sseController = controller; ctx.state.sseClients.add(controller); },
+        cancel() { if (sseController) ctx.state.sseClients.delete(sseController); },
+      });
+      return new Response(stream, {
+        headers: { "Content-Type": "text/event-stream", "Cache-Control": "no-cache", "Connection": "keep-alive" },
+      });
+    }
+
+    if (url.pathname === "/telemetry") {
+      const days = parseInt(url.searchParams.get("days") ?? "7", 10) || 7;
+      const since = Date.now() - days * 86_400_000;
+      try {
+        const rows = ctx.db.prepare(
+          "SELECT category, action, COUNT(*) as cnt, AVG(duration_ms) as avg_ms FROM telemetry WHERE timestamp >= ? GROUP BY category, action ORDER BY cnt DESC"
+        ).all(since) as { category: string; action: string; cnt: number; avg_ms: number | null }[];
+        return Response.json({ days, rows });
+      } catch {
+        return Response.json({ days, rows: [] });
+      }
+    }
+
+    if (url.pathname === "/mesh/peers") {
+      return Response.json(listMeshPeers(ctx.ws.root));
+    }
+
+    if (url.pathname === "/stop") {
+      cleanup();
+      setTimeout(() => process.exit(0), 100);
+      return Response.json({ status: "stopping" });
+    }
+
+    return Response.json({ error: "not found" }, { status: 404 });
+  };
+}