beecork 1.4.11 → 1.6.0

package/dist/util/logger.js

@@ -7,11 +7,24 @@ const LEVEL_PRIORITY = {
     warn: 2,
     error: 3,
 };
+// Patterns that should never reach disk or stdout. Each channel uses a per-call
+// sanitizer too (defense-in-depth), but the Logger is the last line of defense
+// for any third-party error object that happens to embed a secret in its message.
+const REDACTION_PATTERNS = [
+    { re: /bot\d+:[A-Za-z0-9_-]+/g, replacement: 'bot<REDACTED>' }, // Telegram bot token
+];
+function redact(s) {
+    let out = s;
+    for (const { re, replacement } of REDACTION_PATTERNS)
+        out = out.replace(re, replacement);
+    return out;
+}
+const ROTATE_BYTES = 10 * 1024 * 1024;
 class Logger {
     minLevel = 'info';
     logFile = null;
     stream = null;
-    writeCount = 0;
+    bytesWritten = 0;
     setLevel(level) {
         this.minLevel = level;
     }
@@ -20,18 +33,30 @@ class Logger {
         fs.mkdirSync(dir, { recursive: true });
         this.logFile = path.join(dir, name);
         this.stream = fs.createWriteStream(this.logFile, { flags: 'a' });
+        // Seed bytesWritten from the existing file size so we don't reset the
+        // rotation counter on every daemon restart.
+        try {
+            this.bytesWritten = fs.statSync(this.logFile).size;
+        }
+        catch {
+            this.bytesWritten = 0;
+        }
     }
     write(level, msg, ...args) {
         if (LEVEL_PRIORITY[level] < LEVEL_PRIORITY[this.minLevel])
             return;
         const timestamp = new Date().toISOString();
         const prefix = `[${timestamp}] [${level.toUpperCase()}]`;
-        const line = args.length > 0
-            ? `${prefix} ${msg} ${args.map(a => typeof a === 'string' ? a : JSON.stringify(a)).join(' ')}`
+        const raw = args.length > 0
+            ? `${prefix} ${msg} ${args.map((a) => (typeof a === 'string' ? a : JSON.stringify(a))).join(' ')}`
             : `${prefix} ${msg}`;
+        const line = redact(raw);
         if (this.stream) {
-            this.stream.write(line + '\n');
-            this.checkRotation();
+            const out = line + '\n';
+            this.stream.write(out);
+            this.bytesWritten += out.length;
+            if (this.bytesWritten > ROTATE_BYTES)
+                this.checkRotation();
         }
         if (level === 'error') {
             console.error(line);
@@ -43,31 +68,38 @@ class Logger {
             console.log(line);
         }
     }
-    debug(msg, ...args) { this.write('debug', msg, ...args); }
-    info(msg, ...args) { this.write('info', msg, ...args); }
-    warn(msg, ...args) { this.write('warn', msg, ...args); }
-    error(msg, ...args) { this.write('error', msg, ...args); }
+    debug(msg, ...args) {
+        this.write('debug', msg, ...args);
+    }
+    info(msg, ...args) {
+        this.write('info', msg, ...args);
+    }
+    warn(msg, ...args) {
+        this.write('warn', msg, ...args);
+    }
+    error(msg, ...args) {
+        this.write('error', msg, ...args);
+    }
     checkRotation() {
         if (!this.logFile || !this.stream)
             return;
-        this.writeCount++;
-        if (this.writeCount < 100)
-            return;
-        this.writeCount = 0;
+        // bytesWritten-based gate already triggered us; rotate without statSync.
         try {
-            const stats = fs.statSync(this.logFile);
-            if (stats.size > 10 * 1024 * 1024) {
-                this.stream.end();
-                const rotated = this.logFile + '.1';
-                try {
-                    fs.unlinkSync(rotated);
-                }
-                catch { }
-                fs.renameSync(this.logFile, rotated);
-                this.stream = fs.createWriteStream(this.logFile, { flags: 'a' });
+            this.stream.end();
+            const rotated = this.logFile + '.1';
+            try {
+                fs.unlinkSync(rotated);
             }
+            catch {
+                /* not fatal */
+            }
+            fs.renameSync(this.logFile, rotated);
+            this.stream = fs.createWriteStream(this.logFile, { flags: 'a' });
+            this.bytesWritten = 0;
+        }
+        catch {
+            /* rotation failure shouldn't kill the daemon */
         }
-        catch { }
     }
     close() {
         if (this.stream) {
@@ -77,3 +109,10 @@ class Logger {
     }
 }
 export const logger = new Logger();
+// Allow operators to bump verbosity at runtime without recompiling.
+// e.g. `BEECORK_LOG_LEVEL=debug beecork start` surfaces every claude subprocess
+// stdout/stderr line via the logger.debug calls.
+const envLevel = process.env.BEECORK_LOG_LEVEL?.toLowerCase();
+if (envLevel === 'debug' || envLevel === 'info' || envLevel === 'warn' || envLevel === 'error') {
+    logger.setLevel(envLevel);
+}

package/dist/util/paths.d.ts

@@ -7,5 +7,7 @@ export declare function getLogsDir(): string;
 export declare function getPidPath(): string;
 export declare function getRuntimeInfoPath(): string;
 export declare function getCronReloadSignalPath(): string;
+export declare function getWatcherReloadSignalPath(): string;
+export declare function getWhatsappSessionPath(): string;
 export declare function ensureBeecorkDirs(): void;
 export declare function expandHome(p: string): string;

package/dist/util/paths.js

@@ -3,7 +3,7 @@ import os from 'node:os';
 import fs from 'node:fs';
 const BEECORK_DIR = '.beecork';
 export function getBeecorkHome() {
-    return path.join(os.homedir(), BEECORK_DIR);
+    return process.env.BEECORK_HOME || path.join(os.homedir(), BEECORK_DIR);
 }
 export function getConfigPath() {
     return path.join(getBeecorkHome(), 'config.json');
@@ -29,10 +29,23 @@ export function getRuntimeInfoPath() {
 export function getCronReloadSignalPath() {
     return path.join(getBeecorkHome(), '.cron-reload');
 }
+export function getWatcherReloadSignalPath() {
+    return path.join(getBeecorkHome(), '.watcher-reload');
+}
+export function getWhatsappSessionPath() {
+    return path.join(getBeecorkHome(), 'whatsapp-session');
+}
 export function ensureBeecorkDirs() {
     const home = getBeecorkHome();
-    fs.mkdirSync(home, { recursive: true });
-    fs.mkdirSync(getLogsDir(), { recursive: true });
+    fs.mkdirSync(home, { recursive: true, mode: 0o700 });
+    // Upgrade an existing dir that was created with a looser umask before this fix landed.
+    try {
+        fs.chmodSync(home, 0o700);
+    }
+    catch {
+        /* not fatal if mode change fails */
+    }
+    fs.mkdirSync(getLogsDir(), { recursive: true, mode: 0o700 });
 }
 export function expandHome(p) {
     if (p.startsWith('~/') || p === '~') {

package/dist/util/rate-limiter.js

@@ -21,6 +21,14 @@ export class RateLimiter {
             logger.warn(`Rate limit: global limit reached (${this.globalLimit}/min)`);
             return false;
         }
+        // Bound the per-key map so a daemon that has seen many one-off keys
+        // (e.g. thousands of Telegram groups over months) doesn't leak memory.
+        if (this.perKey.size > 1000) {
+            for (const [k, w] of this.perKey) {
+                if (now > w.resetAt)
+                    this.perKey.delete(k);
+            }
+        }
         // Reset per-key window
         let keyWindow = this.perKey.get(key);
         if (!keyWindow || now > keyWindow.resetAt) {

package/dist/util/retry.js

@@ -10,7 +10,7 @@ export async function retryWithBackoff(fn, delays = [1000, 5000, 15000], label =
             lastError = err instanceof Error ? err : new Error(String(err));
             if (attempt < delays.length) {
                 logger.warn(`${label} failed (attempt ${attempt + 1}/${delays.length + 1}), retrying in ${delays[attempt]}ms: ${lastError.message}`);
-                await new Promise(resolve => setTimeout(resolve, delays[attempt]));
+                await new Promise((resolve) => setTimeout(resolve, delays[attempt]));
             }
         }
     }

package/dist/util/text.d.ts

@@ -1,4 +1,18 @@
-import type { MediaAttachment } from '../channels/types.js';
+import type { MediaAttachment } from '../types.js';
+/**
+ * Shared message-size limits. Single source of truth so caps don't drift
+ * between channels, MCP, and dashboard.
+ */
+export declare const MESSAGE_LIMITS: {
+    /** Per-chunk send size (Telegram = 4096; other channels chunk to this too). */
+    readonly CHUNK: 4096;
+    /** HTTP request body cap (webhook + dashboard endpoints). */
+    readonly HTTP_BODY: number;
+    /** Webhook channel single-message payload. */
+    readonly WEBHOOK_PROMPT: 100000;
+    /** MCP tool content/message field. Tight because it goes through Claude's tool-result token budget. */
+    readonly MCP_CONTENT: 10240;
+};
 /** Split long text into chunks that fit within a message limit */
 export declare function chunkText(text: string, maxLength?: number): string[];
 /** Format an ISO date as a human-readable relative time */
@@ -8,5 +22,11 @@ export declare function parseTabMessage(text: string): {
     tabName: string;
     prompt: string;
 };
+/**
+ * Build the channel-side message text with an optional [tabName] prefix.
+ * Used by all three channels' sendResponse paths so the prefix format is
+ * consistent and the gate logic (skip "default", skip empty) lives in one place.
+ */
+export declare function formatTabbedResponse(text: string, tabName?: string): string;
 /** Build prompt text from media attachments */
 export declare function buildMediaPrompt(media: MediaAttachment[], textPrompt: string): string;

package/dist/util/text.js

@@ -1,4 +1,18 @@
-const DEFAULT_MAX_LENGTH = 4096;
+/**
+ * Shared message-size limits. Single source of truth so caps don't drift
+ * between channels, MCP, and dashboard.
+ */
+export const MESSAGE_LIMITS = {
+    /** Per-chunk send size (Telegram = 4096; other channels chunk to this too). */
+    CHUNK: 4096,
+    /** HTTP request body cap (webhook + dashboard endpoints). */
+    HTTP_BODY: 1024 * 1024, // 1 MB
+    /** Webhook channel single-message payload. */
+    WEBHOOK_PROMPT: 100_000, // 100 KB
+    /** MCP tool content/message field. Tight because it goes through Claude's tool-result token budget. */
+    MCP_CONTENT: 10_240, // 10 KB
+};
+const DEFAULT_MAX_LENGTH = MESSAGE_LIMITS.CHUNK;
 /** Split long text into chunks that fit within a message limit */
 export function chunkText(text, maxLength = DEFAULT_MAX_LENGTH) {
     if (text.length <= maxLength)
@@ -50,20 +64,36 @@ export function parseTabMessage(text) {
     }
     return { tabName: 'default', prompt: text };
 }
+/**
+ * Build the channel-side message text with an optional [tabName] prefix.
+ * Used by all three channels' sendResponse paths so the prefix format is
+ * consistent and the gate logic (skip "default", skip empty) lives in one place.
+ */
+export function formatTabbedResponse(text, tabName) {
+    if (!tabName || tabName === 'default')
+        return text;
+    return `[${tabName}] ${text}`;
+}
 /** Build prompt text from media attachments */
 export function buildMediaPrompt(media, textPrompt) {
     if (media.length === 0)
         return textPrompt;
-    const descriptions = media.map(m => {
+    const descriptions = media.map((m) => {
         if (m.type === 'voice' && m.caption?.startsWith('[Transcribed'))
             return m.caption;
         switch (m.type) {
-            case 'image': return `User sent an image: ${m.filePath}`;
-            case 'voice': return `User sent a voice message: ${m.filePath}`;
-            case 'audio': return `User sent an audio file: ${m.filePath}${m.fileName ? ` (${m.fileName})` : ''}`;
-            case 'video': return `User sent a video: ${m.filePath}`;
-            case 'document': return `User sent a file: ${m.filePath}${m.fileName ? ` (${m.fileName})` : ''}`;
-            default: return `User sent a file: ${m.filePath}`;
+            case 'image':
+                return `User sent an image: ${m.filePath}`;
+            case 'voice':
+                return `User sent a voice message: ${m.filePath}`;
+            case 'audio':
+                return `User sent an audio file: ${m.filePath}${m.fileName ? ` (${m.fileName})` : ''}`;
+            case 'video':
+                return `User sent a video: ${m.filePath}`;
+            case 'document':
+                return `User sent a file: ${m.filePath}${m.fileName ? ` (${m.fileName})` : ''}`;
+            default:
+                return `User sent a file: ${m.filePath}`;
         }
     });
     const mediaText = descriptions.join('\n');

package/dist/voice/index.js

@@ -10,7 +10,11 @@ export function initVoiceProviders(voice) {
         stt = createSTTProvider({ provider: voice.sttProvider, apiKey: voice.sttApiKey });
     }
     if (voice?.ttsProvider && voice.ttsProvider !== 'none') {
-        tts = createTTSProvider({ provider: voice.ttsProvider, apiKey: voice.ttsApiKey, voice: voice.ttsVoice });
+        tts = createTTSProvider({
+            provider: voice.ttsProvider,
+            apiKey: voice.ttsApiKey,
+            voice: voice.ttsVoice,
+        });
     }
     return { stt, tts };
 }

package/dist/voice/stt.js

@@ -1,5 +1,6 @@
-import fs from 'node:fs';
+import { readFile } from 'node:fs/promises';
 import { logger } from '../util/logger.js';
+import { assertInsideMediaDir } from '../media/store.js';
 /** OpenAI Whisper API provider */
 export class WhisperAPIProvider {
     apiKey;
@@ -10,26 +11,33 @@ export class WhisperAPIProvider {
         try {
             // Make a lightweight request to warm up the HTTPS connection
             await fetch('https://api.openai.com/v1/models', {
-                headers: { 'Authorization': `Bearer ${this.apiKey}` },
+                headers: { Authorization: `Bearer ${this.apiKey}` },
                 signal: AbortSignal.timeout(5000),
             });
         }
-        catch { /* non-critical */ }
+        catch {
+            /* non-critical */
+        }
     }
     async transcribe(filePath) {
+        // Defense-in-depth: callers should already constrain filePath to the media dir,
+        // but verify here so a leaked/forged MediaAttachment.filePath cannot exfiltrate
+        // arbitrary files (e.g. ~/.ssh/id_rsa) to the Whisper API.
+        const safePath = assertInsideMediaDir(filePath);
+        const buffer = await readFile(safePath);
         const formData = new FormData();
-        formData.append('file', new Blob([fs.readFileSync(filePath)]), 'audio.ogg');
+        formData.append('file', new Blob([buffer]), 'audio.ogg');
         formData.append('model', 'whisper-1');
         const response = await fetch('https://api.openai.com/v1/audio/transcriptions', {
             method: 'POST',
-            headers: { 'Authorization': `Bearer ${this.apiKey}` },
+            headers: { Authorization: `Bearer ${this.apiKey}` },
             body: formData,
             signal: AbortSignal.timeout(60000),
         });
         if (!response.ok) {
             throw new Error(`Whisper API error: ${response.status} ${response.statusText}`);
         }
-        const result = await response.json();
+        const result = (await response.json());
         return result.text;
     }
 }

package/dist/voice/tts.js

@@ -14,7 +14,7 @@ export class OpenAITTSProvider {
         const response = await fetch('https://api.openai.com/v1/audio/speech', {
             method: 'POST',
             headers: {
-                'Authorization': `Bearer ${this.apiKey}`,
+                Authorization: `Bearer ${this.apiKey}`,
                 'Content-Type': 'application/json',
             },
             body: JSON.stringify({

package/dist/watchers/scheduler.js

@@ -3,9 +3,10 @@ import path from 'node:path';
 import { WatcherStore } from './store.js';
 import { evaluateWatcher } from './evaluator.js';
 import { execAsync, intervalToMs } from '../tasks/scheduler.js';
-import { getBeecorkHome, getLogsDir } from '../util/paths.js';
+import { getLogsDir, getWatcherReloadSignalPath } from '../util/paths.js';
 import { logger } from '../util/logger.js';
-const WATCHER_RELOAD_SIGNAL_NAME = '.watcher-reload';
+import { PendingMessageStore } from '../session/pending-store.js';
+import { logActivity } from '../timeline/index.js';
 export class WatcherScheduler {
     store = new WatcherStore();
     // watcherId -> due time in ms epoch for next check
@@ -48,12 +49,14 @@ export class WatcherScheduler {
     }
     /** Check for the reload signal file and reload if present */
     checkForReload() {
-        const signalPath = path.join(getBeecorkHome(), WATCHER_RELOAD_SIGNAL_NAME);
+        const signalPath = getWatcherReloadSignalPath();
         if (fs.existsSync(signalPath)) {
             try {
                 fs.unlinkSync(signalPath);
             }
-            catch { /* race condition, ok */ }
+            catch {
+                /* race condition, ok */
+            }
             logger.info('Watchers: reload signal detected, reloading');
             this.loadAndSchedule();
         }
@@ -102,6 +105,9 @@ export class WatcherScheduler {
             if (result.triggered) {
                 this.store.markTriggered(watcher.id);
                 await fs.promises.appendFile(logFile, `[${new Date().toISOString()}] TRIGGERED: ${result.output.slice(0, 500)}\n`);
+                logActivity('watcher_triggered', `Watcher "${watcher.name}" triggered`, {
+                    details: result.output.slice(0, 500),
+                });
                 await this.executeAction(watcher, result.output);
             }
             else {
@@ -156,7 +162,7 @@ export class WatcherScheduler {
                             message = watcher.actionDetails.slice(colonIdx + 1).trim();
                         }
                         const fullMessage = `[Watcher "${watcher.name}" triggered] ${message}\n\nWatcher output:\n${output.slice(0, 500)}`;
-                        db.prepare('INSERT INTO pending_messages (tab_name, message, type) VALUES (?, ?, ?)').run(tabName, fullMessage, 'delegation');
+                        PendingMessageStore.enqueueDelegation(tabName, fullMessage, db);
                         if (this.onNotify) {
                             await this.onNotify(`Watcher "${watcher.name}" triggered -- delegated to tab:${tabName}`);
                         }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "beecork",
-  "version": "1.4.11",
+  "version": "1.6.0",
   "description": "Claude Code always-on infrastructure — a phone number, a memory, and an alarm clock",
   "type": "module",
   "bin": {
@@ -15,6 +15,8 @@
     "dev:daemon": "tsx src/daemon.ts",
     "test": "vitest",
     "lint": "eslint src/",
+    "format": "prettier --write \"src/**/*.ts\"",
+    "format:check": "prettier --check \"src/**/*.ts\"",
     "build:css": "tailwindcss --content src/dashboard/html.ts --minify",
     "prepublishOnly": "npm test && npm run build",
     "postinstall": "node scripts/postinstall.mjs"
@@ -27,6 +29,7 @@
     "cron-parser": "^5.5.0",
     "discord.js": "^14.26.2",
     "node-telegram-bot-api": "^0.67.0",
+    "pino": "^9.5.0",
     "qrcode-terminal": "^0.12.0",
     "uuid": "^13.0.0"
   },
@@ -36,6 +39,8 @@
     "@types/node": "^24.0.0",
     "@types/node-telegram-bot-api": "^0.64.14",
     "eslint": "^10.2.0",
+    "eslint-config-prettier": "^10.1.8",
+    "prettier": "^3.8.3",
     "tailwindcss": "^4.2.2",
     "tsx": "^4.21.0",
     "typescript": "^6.0.2",

package/dist/session/tool-classifier.d.ts

@@ -1,4 +0,0 @@
-/** Reserved for future approval mode implementation. Not currently wired into the runtime. */
-export type ToolRisk = 'safe' | 'dangerous';
-/** Classify a tool call as safe or dangerous */
-export declare function classifyTool(toolName: string, input: Record<string, unknown>): ToolRisk;

package/dist/session/tool-classifier.js

@@ -1,56 +0,0 @@
-const SAFE_TOOLS = new Set([
-    'Read', 'Glob', 'Grep', 'LSP', 'WebFetch', 'WebSearch',
-    'ToolSearch', 'TaskGet', 'TaskList',
-]);
-const DANGEROUS_TOOLS = new Set([
-    'Write', 'Edit', 'NotebookEdit',
-    'TaskCreate', 'TaskUpdate', 'TaskStop',
-]);
-const SAFE_BASH_PATTERNS = [
-    /^(ls|cat|head|tail|wc|file|stat|which|type|echo|printf)\b/,
-    /^git\s+(status|log|diff|show|branch|tag|remote)\b/,
-    /^(pwd|whoami|hostname|date|uname|env|printenv)\b/,
-    /^(find|grep|rg|fd|ag)\b/,
-    /^(node|python|ruby|go)\s+--?(version|help)/,
-    /^npm\s+(list|ls|view|info|outdated|audit)\b/,
-    /^curl\s.*-X\s*GET\b/,
-    /^curl\s+(?!.*-X\s*(POST|PUT|DELETE|PATCH))(?!.*--data)(?!.*-d\s)/,
-];
-const DANGEROUS_BASH_PATTERNS = [
-    /^rm\b/,
-    /^(mv|cp)\b.*--?(force|f)\b/,
-    /^chmod\b/,
-    /^chown\b/,
-    /^git\s+(push|reset|rebase|merge|checkout\s+--)\b/,
-    /^(docker|kubectl|terraform|ansible)\b/,
-    /^(sudo|su)\b/,
-    /^npm\s+(publish|install|uninstall|link)\b/,
-    /^(kill|killall|pkill)\b/,
-    /^curl\s.*-X\s*(POST|PUT|DELETE|PATCH)\b/,
-];
-/** Classify a tool call as safe or dangerous */
-export function classifyTool(toolName, input) {
-    if (SAFE_TOOLS.has(toolName))
-        return 'safe';
-    if (DANGEROUS_TOOLS.has(toolName))
-        return 'dangerous';
-    // Bash tool: inspect the command
-    if (toolName === 'Bash') {
-        const command = String(input.command || '').trim();
-        for (const pattern of SAFE_BASH_PATTERNS) {
-            if (pattern.test(command))
-                return 'safe';
-        }
-        for (const pattern of DANGEROUS_BASH_PATTERNS) {
-            if (pattern.test(command))
-                return 'dangerous';
-        }
-        // Default: unknown bash commands are dangerous
-        return 'dangerous';
-    }
-    // MCP tools from external servers: default to dangerous
-    if (toolName.startsWith('mcp__'))
-        return 'dangerous';
-    // Unknown tools: default to dangerous
-    return 'dangerous';
-}

package/dist/users/index.d.ts

@@ -1,2 +0,0 @@
-export { resolveUser, registerUser, linkIdentity, listUsers, hasAdmin } from './service.js';
-export type { User } from './service.js';

package/dist/users/index.js

@@ -1 +0,0 @@
-export { resolveUser, registerUser, linkIdentity, listUsers, hasAdmin } from './service.js';

package/dist/users/service.d.ts

@@ -1,17 +0,0 @@
-export interface User {
-    id: string;
-    name: string;
-    role: 'admin' | 'user';
-    budgetUsd: number | null;
-    createdAt: string;
-}
-/** Get or create a user from a channel identity */
-export declare function resolveUser(channelId: string, peerId: string): User | null;
-/** Register a new user */
-export declare function registerUser(name: string, channelId: string, peerId: string, role?: 'admin' | 'user'): User;
-/** Link an additional channel identity to an existing user */
-export declare function linkIdentity(userId: string, channelId: string, peerId: string): boolean;
-/** Get all users */
-export declare function listUsers(): User[];
-/** Check if any admin exists */
-export declare function hasAdmin(): boolean;

package/dist/users/service.js

@@ -1,46 +0,0 @@
-import { v4 as uuidv4 } from 'uuid';
-import { getDb } from '../db/index.js';
-import { logger } from '../util/logger.js';
-function rowToUser(row) {
-    return { id: row.id, name: row.name, role: row.role, budgetUsd: row.budget_usd, createdAt: row.created_at };
-}
-/** Get or create a user from a channel identity */
-export function resolveUser(channelId, peerId) {
-    const db = getDb();
-    const identity = db.prepare('SELECT user_id FROM identities WHERE channel_id = ? AND peer_id = ?').get(channelId, peerId);
-    if (!identity)
-        return null;
-    const row = db.prepare('SELECT * FROM users WHERE id = ?').get(identity.user_id);
-    return row ? rowToUser(row) : null;
-}
-/** Register a new user */
-export function registerUser(name, channelId, peerId, role = 'user') {
-    const db = getDb();
-    const id = uuidv4();
-    db.prepare('INSERT INTO users (id, name, role) VALUES (?, ?, ?)').run(id, name, role);
-    db.prepare('INSERT INTO identities (user_id, channel_id, peer_id) VALUES (?, ?, ?)').run(id, channelId, peerId);
-    logger.info(`User registered: ${name} (${role}) via ${channelId}:${peerId}`);
-    return { id, name, role, budgetUsd: null, createdAt: new Date().toISOString() };
-}
-/** Link an additional channel identity to an existing user */
-export function linkIdentity(userId, channelId, peerId) {
-    const db = getDb();
-    try {
-        db.prepare('INSERT INTO identities (user_id, channel_id, peer_id) VALUES (?, ?, ?)').run(userId, channelId, peerId);
-        return true;
-    }
-    catch {
-        return false; // Already linked or conflict
-    }
-}
-/** Get all users */
-export function listUsers() {
-    const db = getDb();
-    return db.prepare('SELECT * FROM users ORDER BY created_at').all().map(rowToUser);
-}
-/** Check if any admin exists */
-export function hasAdmin() {
-    const db = getDb();
-    const row = db.prepare("SELECT COUNT(*) as c FROM users WHERE role = 'admin'").get();
-    return row.c > 0;
-}