beecork 1.5.0 → 1.6.0

package/dist/db/connection.d.ts

@@ -0,0 +1,29 @@
+/**
+ * Single source of truth for opening the Beecork SQLite database.
+ *
+ * Previously three sites each opened the DB with their own pragma setup:
+ *   - daemon side (db/index.ts) — applied migrations + WAL checkpoint interval
+ *   - MCP side (mcp/server.ts)  — read-only-ish singleton, no migrations
+ *   - doctor (cli/doctor.ts)    — ad-hoc read-only handle
+ *
+ * The pragmas matched today but the duplication was silent-drift bait. This
+ * helper centralizes pragma setup so future tweaks land in one place.
+ */
+import Database from 'better-sqlite3';
+export interface OpenDbOptions {
+    /** Open the file read-only (used by `beecork doctor` for status snapshots). */
+    readonly?: boolean;
+    /**
+     * If true, restrict file mode to 0o600 after open. Daemon side wants this;
+     * read-only sidecar handles don't need to retouch perms.
+     */
+    enforcePerms?: boolean;
+}
+/**
+ * Open a Beecork SQLite database with consistent pragmas.
+ *
+ * Migrations are NOT applied here — the daemon's `getDb()` runs migrations
+ * separately, so this helper can be reused by the MCP child + doctor without
+ * accidentally double-applying migrations.
+ */
+export declare function openDb(dbPath: string, opts?: OpenDbOptions): Database.Database;

package/dist/db/connection.js

@@ -0,0 +1,37 @@
+/**
+ * Single source of truth for opening the Beecork SQLite database.
+ *
+ * Previously three sites each opened the DB with their own pragma setup:
+ *   - daemon side (db/index.ts) — applied migrations + WAL checkpoint interval
+ *   - MCP side (mcp/server.ts)  — read-only-ish singleton, no migrations
+ *   - doctor (cli/doctor.ts)    — ad-hoc read-only handle
+ *
+ * The pragmas matched today but the duplication was silent-drift bait. This
+ * helper centralizes pragma setup so future tweaks land in one place.
+ */
+import Database from 'better-sqlite3';
+import fs from 'node:fs';
+/**
+ * Open a Beecork SQLite database with consistent pragmas.
+ *
+ * Migrations are NOT applied here — the daemon's `getDb()` runs migrations
+ * separately, so this helper can be reused by the MCP child + doctor without
+ * accidentally double-applying migrations.
+ */
+export function openDb(dbPath, opts = {}) {
+    const db = new Database(dbPath, opts.readonly ? { readonly: true } : undefined);
+    db.pragma('journal_mode = WAL');
+    db.pragma('foreign_keys = ON');
+    db.pragma('busy_timeout = 5000');
+    if (opts.enforcePerms && !opts.readonly) {
+        for (const p of [dbPath, dbPath + '-wal', dbPath + '-shm']) {
+            try {
+                fs.chmodSync(p, 0o600);
+            }
+            catch {
+                /* sidecar may not exist yet */
+            }
+        }
+    }
+    return db;
+}

package/dist/db/index.js

@@ -1,9 +1,9 @@
 import crypto from 'node:crypto';
 import fs from 'node:fs';
 import path from 'node:path';
-import Database from 'better-sqlite3';
 import { getDbPath, ensureBeecorkDirs, expandHome } from '../util/paths.js';
 import { runMigrations } from './migrations.js';
+import { openDb } from './connection.js';
 import { logger } from '../util/logger.js';
 const SCHEMA = `
 CREATE TABLE IF NOT EXISTS tabs (
@@ -55,22 +55,40 @@ export function getDb() {
         return db;
     ensureBeecorkDirs();
     const dbPath = getDbPath();
-    db = new Database(dbPath);
-    db.pragma('journal_mode = WAL');
-    db.pragma('foreign_keys = ON');
-    db.pragma('busy_timeout = 5000');
+    db = openDb(dbPath, { enforcePerms: true });
     db.exec(SCHEMA);
     runMigrations(db);
-    // Periodic WAL checkpointing + table cleanup
+    // Periodic WAL checkpointing + table cleanup. Cheap precheck `LIMIT 1`
+    // SELECTs skip the DELETE entirely when nothing matches — saves the WAL
+    // write on a quiet system.
     walInterval = setInterval(() => {
         try {
             db?.pragma('wal_checkpoint(PASSIVE)');
-            // Prune old permission history (keep last 1000 entries)
-            db?.exec('DELETE FROM permission_history WHERE created_at < (SELECT created_at FROM permission_history ORDER BY created_at DESC LIMIT 1 OFFSET 999)');
-            db?.exec("DELETE FROM activity_log WHERE created_at < datetime('now', '-90 days')");
-            // Prune unused routing patterns so the per-message learned-routing scan
-            // doesn't grow unbounded. Keep patterns that have been hit recently or often.
-            db?.exec("DELETE FROM routing_preferences WHERE hit_count < 3 AND created_at < datetime('now', '-30 days')");
+            if (!db)
+                return;
+            // Prune old permission history (keep last 1000 entries). Two-pass: count
+            // first, then bulk-delete the oldest N. The previous correlated-subquery
+            // version re-evaluated the OFFSET 999 row per candidate, which scaled
+            // poorly past ~5k rows.
+            const permCount = db.prepare('SELECT COUNT(*) as c FROM permission_history').get().c;
+            if (permCount > 1000) {
+                db.prepare(`DELETE FROM permission_history WHERE id IN (
+             SELECT id FROM permission_history ORDER BY created_at ASC LIMIT ?
+           )`).run(permCount - 1000);
+            }
+            // Activity log: only DELETE if a candidate row exists, otherwise no-op.
+            const oldActivity = db
+                .prepare("SELECT 1 FROM activity_log WHERE created_at < datetime('now', '-90 days') LIMIT 1")
+                .get();
+            if (oldActivity)
+                db.exec("DELETE FROM activity_log WHERE created_at < datetime('now', '-90 days')");
+            // Routing preferences: same precheck pattern.
+            const stalePref = db
+                .prepare("SELECT 1 FROM routing_preferences WHERE hit_count < 3 AND created_at < datetime('now', '-30 days') LIMIT 1")
+                .get();
+            if (stalePref) {
+                db.exec("DELETE FROM routing_preferences WHERE hit_count < 3 AND created_at < datetime('now', '-30 days')");
+            }
         }
         catch (err) {
             logger.warn('WAL checkpoint/cleanup error:', err);

package/dist/db/migrations.js

@@ -1,4 +1,24 @@
 import { logger } from '../util/logger.js';
+/*
+ * Migration authoring conventions:
+ *
+ * - Every migration runs inside a single transaction so partial failures are
+ *   atomically rolled back. Idempotency checks for ALTER TABLE ADD/DROP COLUMN
+ *   are performed inline below.
+ *
+ * - For destructive reshapes (column type change, rename, etc.) follow the
+ *   SQLite-recommended pattern, all in one migration so the transaction wraps
+ *   it cleanly:
+ *
+ *     CREATE TABLE new_X (...);
+ *     INSERT INTO new_X (a, b, c) SELECT a, b, c FROM X;
+ *     DROP TABLE X;
+ *     ALTER TABLE new_X RENAME TO X;
+ *
+ *   AVOID `DROP TABLE X; CREATE TABLE X (...)` without a copy step — migration
+ *   v13 did this and silently nuked user-created rows. The audit history flags
+ *   that as a one-off; do not repeat it.
+ */
 const MIGRATIONS = [
     {
         version: 2,
@@ -99,7 +119,7 @@ const MIGRATIONS = [
     {
         version: 8,
         description: 'Add system_prompt column to tabs',
-        up: "ALTER TABLE tabs ADD COLUMN system_prompt TEXT DEFAULT NULL",
+        up: 'ALTER TABLE tabs ADD COLUMN system_prompt TEXT DEFAULT NULL',
     },
     {
         version: 9,
@@ -265,6 +285,29 @@ const MIGRATIONS = [
         description: 'Drop idx_memories_content — leading-wildcard LIKE cannot use a B-tree index',
         up: 'DROP INDEX IF EXISTS idx_memories_content',
     },
+    {
+        version: 26,
+        description: 'Add status column to pending_messages for 3-state lifecycle (pending → processing → done|failed); allow nullable tab_name for notifications',
+        up: `
+      ALTER TABLE pending_messages ADD COLUMN status TEXT NOT NULL DEFAULT 'pending';
+      UPDATE pending_messages SET status = 'done' WHERE processed = 1;
+      UPDATE pending_messages SET status = 'pending' WHERE processed = 0;
+      CREATE INDEX IF NOT EXISTS idx_pending_status_created ON pending_messages(status, created_at);
+    `,
+    },
+    {
+        version: 27,
+        description: 'Add indexes for delegations (source_tab, target_tab) to prevent scans on completion lookup',
+        up: `
+      CREATE INDEX IF NOT EXISTS idx_delegations_source ON delegations(source_tab, status);
+      CREATE INDEX IF NOT EXISTS idx_delegations_target ON delegations(target_tab, status, created_at);
+    `,
+    },
+    {
+        version: 28,
+        description: 'Add idx_tabs_working_dir for the per-message routing query that finds tabs by project path',
+        up: 'CREATE INDEX IF NOT EXISTS idx_tabs_working_dir ON tabs(working_dir, last_activity_at)',
+    },
 ];
 export function runMigrations(db) {
     // Ensure schema_version table exists
@@ -291,38 +334,51 @@ export function runMigrations(db) {
         logger.info(`DB migration v${migration.version}: ${migration.description}`);
         // Split multi-statement migrations and apply each safely
         // (handles partial failures from previous runs where some statements succeeded)
-        const statements = migration.up.split(';').map(s => s.trim()).filter(s => s.length > 0);
-        for (const stmt of statements) {
-            try {
-                // For ALTER TABLE ADD COLUMN, check if column already exists first
-                const addMatch = stmt.match(/ALTER\s+TABLE\s+(\S+)\s+ADD\s+COLUMN\s+(\S+)/i);
-                if (addMatch) {
-                    const columns = db.pragma(`table_info(${addMatch[1]})`);
-                    if (columns.some(c => c.name === addMatch[2])) {
-                        logger.debug(`Migration v${migration.version}: column ${addMatch[1]}.${addMatch[2]} already exists, skipping`);
-                        continue;
+        const statements = migration.up
+            .split(';')
+            .map((s) => s.trim())
+            .filter((s) => s.length > 0);
+        // Wrap the whole migration in a transaction so a mid-statement failure
+        // rolls back to the pre-migration state. The schema_version bump is the
+        // final statement inside the transaction, so an aborted migration won't
+        // leave the DB in a half-applied state with the version already bumped.
+        const applyMigration = db.transaction(() => {
+            for (const stmt of statements) {
+                try {
+                    // For ALTER TABLE ADD COLUMN, check if column already exists first
+                    const addMatch = stmt.match(/ALTER\s+TABLE\s+(\S+)\s+ADD\s+COLUMN\s+(\S+)/i);
+                    if (addMatch) {
+                        const columns = db.pragma(`table_info(${addMatch[1]})`);
+                        if (columns.some((c) => c.name === addMatch[2])) {
+                            logger.debug(`Migration v${migration.version}: column ${addMatch[1]}.${addMatch[2]} already exists, skipping`);
+                            continue;
+                        }
+                    }
+                    // For ALTER TABLE DROP COLUMN, skip if column already gone
+                    const dropMatch = stmt.match(/ALTER\s+TABLE\s+(\S+)\s+DROP\s+COLUMN\s+(\S+)/i);
+                    if (dropMatch) {
+                        const columns = db.pragma(`table_info(${dropMatch[1]})`);
+                        if (!columns.some((c) => c.name === dropMatch[2])) {
+                            logger.debug(`Migration v${migration.version}: column ${dropMatch[1]}.${dropMatch[2]} already absent, skipping`);
+                            continue;
+                        }
                     }
+                    db.exec(stmt);
                 }
-                // For ALTER TABLE DROP COLUMN, skip if column already gone
-                const dropMatch = stmt.match(/ALTER\s+TABLE\s+(\S+)\s+DROP\s+COLUMN\s+(\S+)/i);
-                if (dropMatch) {
-                    const columns = db.pragma(`table_info(${dropMatch[1]})`);
-                    if (!columns.some(c => c.name === dropMatch[2])) {
-                        logger.debug(`Migration v${migration.version}: column ${dropMatch[1]}.${dropMatch[2]} already absent, skipping`);
+                catch (err) {
+                    const msg = err instanceof Error ? err.message : String(err);
+                    if (msg.includes('already exists') ||
+                        msg.includes('no such column') ||
+                        msg.includes('no such table') ||
+                        msg.includes('no such index')) {
+                        logger.debug(`Migration v${migration.version}: object already in target state, skipping statement`);
                         continue;
                     }
+                    throw err;
                 }
-                db.exec(stmt);
             }
-            catch (err) {
-                const msg = err instanceof Error ? err.message : String(err);
-                if (msg.includes('already exists') || msg.includes('no such column') || msg.includes('no such table') || msg.includes('no such index')) {
-                    logger.debug(`Migration v${migration.version}: object already in target state, skipping statement`);
-                    continue;
-                }
-                throw err;
-            }
-        }
-        db.prepare('UPDATE schema_version SET version = ?').run(migration.version);
+            db.prepare('UPDATE schema_version SET version = ?').run(migration.version);
+        });
+        applyMigration();
     }
 }

package/dist/delegation/manager.js

@@ -12,7 +12,9 @@ export function createDelegation(sourceTab, targetTab, message, returnToTab) {
         throw new Error(`Delegation depth limit reached (max ${MAX_DELEGATION_DEPTH}). Tab "${sourceTab}" cannot delegate further.`);
     }
     // Check pending limit
-    const pending = db.prepare("SELECT COUNT(*) as c FROM delegations WHERE source_tab = ? AND status IN ('pending', 'running')").get(sourceTab).c;
+    const pending = db
+        .prepare("SELECT COUNT(*) as c FROM delegations WHERE source_tab = ? AND status IN ('pending', 'running')")
+        .get(sourceTab).c;
     if (pending >= MAX_PENDING_PER_TAB) {
         throw new Error(`Too many pending delegations for tab "${sourceTab}" (max ${MAX_PENDING_PER_TAB}).`);
     }
@@ -37,7 +39,9 @@ export function createDelegation(sourceTab, targetTab, message, returnToTab) {
 export function completeDelegation(targetTab, result) {
     const db = getDb();
     // Find the most recent pending/running delegation to this tab
-    const row = db.prepare("SELECT * FROM delegations WHERE target_tab = ? AND status IN ('pending', 'running') ORDER BY created_at DESC LIMIT 1").get(targetTab);
+    const row = db
+        .prepare("SELECT * FROM delegations WHERE target_tab = ? AND status IN ('pending', 'running') ORDER BY created_at DESC LIMIT 1")
+        .get(targetTab);
     if (!row)
         return null;
     db.prepare("UPDATE delegations SET status = 'completed', result = ?, completed_at = datetime('now') WHERE id = ?").run(result.slice(0, 50000), row.id); // Cap result at 50KB
@@ -62,7 +66,7 @@ export function getPendingDelegations(tabName) {
         ? "SELECT * FROM delegations WHERE source_tab = ? AND status IN ('pending', 'running') ORDER BY created_at"
         : "SELECT * FROM delegations WHERE status IN ('pending', 'running') ORDER BY created_at";
     const rows = tabName ? db.prepare(query).all(tabName) : db.prepare(query).all();
-    return rows.map(r => ({
+    return rows.map((r) => ({
         id: r.id,
         sourceTab: r.source_tab,
         targetTab: r.target_tab,
@@ -78,6 +82,8 @@ export function getPendingDelegations(tabName) {
 /** Get current delegation depth for a tab */
 function getCurrentDepth(tabName) {
     const db = getDb();
-    const row = db.prepare("SELECT MAX(depth) as d FROM delegations WHERE source_tab = ? AND status IN ('pending', 'running')").get(tabName);
+    const row = db
+        .prepare("SELECT MAX(depth) as d FROM delegations WHERE source_tab = ? AND status IN ('pending', 'running')")
+        .get(tabName);
     return row.d ?? 0;
 }

package/dist/index.js

@@ -27,38 +27,35 @@ program
     .action(async () => {
     await setupWizard();
 });
+program.command('start').description('Start the Beecork daemon').action(startDaemon);
+program.command('stop').description('Stop the Beecork daemon').action(stopDaemon);
 program
-    .command('start')
-    .description('Start the Beecork daemon')
-    .action(startDaemon);
-program
-    .command('stop')
-    .description('Stop the Beecork daemon')
-    .action(stopDaemon);
+    .command('uninstall')
+    .description('Uninstall the Beecork system service (launchd / systemd / Task Scheduler)')
+    .action(async () => {
+    const { uninstallService } = await import('./service/install.js');
+    try {
+        const result = uninstallService();
+        console.log(result);
+    }
+    catch (err) {
+        console.error('Service uninstall failed:', err instanceof Error ? err.message : String(err));
+        process.exit(1);
+    }
+});
 program
     .command('status')
     .description('Show daemon status, running tabs, and tasks')
     .action(showStatus);
-program
-    .command('tabs')
-    .description('List all virtual tabs')
-    .action(listTabs);
+program.command('tabs').description('List all virtual tabs').action(listTabs);
 program
     .command('logs [tab]')
     .description('Tail logs for a tab (default: daemon logs)')
     .action(tailLogs);
 // Tasks (new name)
-const taskCmd = program
-    .command('tasks')
-    .description('Manage scheduled tasks');
-taskCmd
-    .command('list')
-    .description('List all tasks')
-    .action(listCrons);
-taskCmd
-    .command('delete <id>')
-    .description('Delete a task by ID')
-    .action(deleteCron);
+const taskCmd = program.command('tasks').description('Manage scheduled tasks');
+taskCmd.command('list').description('List all tasks').action(listCrons);
+taskCmd.command('delete <id>').description('Delete a task by ID').action(deleteCron);
 program
     .command('task')
     .description('Alias for tasks')
@@ -76,14 +73,8 @@ program
 const cronCmd = program
     .command('cron', { hidden: true })
     .description('Manage cron jobs (alias for tasks)');
-cronCmd
-    .command('list')
-    .description('List all cron jobs')
-    .action(listCrons);
-cronCmd
-    .command('delete <id>')
-    .description('Delete a cron job by ID')
-    .action(deleteCron);
+cronCmd.command('list').description('List all cron jobs').action(listCrons);
+cronCmd.command('delete <id>').description('Delete a cron job by ID').action(deleteCron);
 // Watcher commands
 program
     .command('watches')
@@ -106,24 +97,14 @@ program
         await listWatchers();
     }
 });
-const memoryCmd = program
-    .command('memory')
-    .description('Manage long-term memories');
-memoryCmd
-    .command('list')
-    .description('List stored memories')
-    .action(listMemories);
-memoryCmd
-    .command('delete <id>')
-    .description('Delete a memory by ID')
-    .action(deleteMemory);
+const memoryCmd = program.command('memory').description('Manage long-term memories');
+memoryCmd.command('list').description('List stored memories').action(listMemories);
+memoryCmd.command('delete <id>').description('Delete a memory by ID').action(deleteMemory);
 program
     .command('send <message>')
     .description('Send a message to the default tab (for testing)')
     .action(sendMessage);
-const channelCmd = program
-    .command('channel')
-    .description('Manage community channel plugins');
+const channelCmd = program.command('channel').description('Manage community channel plugins');
 channelCmd
     .command('install <package>')
     .description('Install a community channel (npm package)')
@@ -151,7 +132,7 @@ program
     .action(async () => {
     const readline = await import('node:readline');
     const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
-    const ask = (q, def) => new Promise(r => rl.question(def ? `${q} [${def}]: ` : `${q}: `, a => r(a.trim() || def || '')));
+    const ask = (q, def) => new Promise((r) => rl.question(def ? `${q} [${def}]: ` : `${q}: `, (a) => r(a.trim() || def || '')));
     console.log('\nDiscord Setup\n');
     console.log('  1. Go to https://discord.com/developers/applications');
     console.log('  2. Click "New Application", give it a name');
@@ -180,7 +161,7 @@ program
     .action(async (opts) => {
     if (opts.disable) {
         const { getConfig, saveConfig } = await import('./config.js');
-        const { getBeecorkHome } = await import('./util/paths.js');
+        const { getWhatsappSessionPath } = await import('./util/paths.js');
         const fs = await import('node:fs');
         const config = getConfig();
         if (config.whatsapp) {
@@ -188,7 +169,7 @@ program
             saveConfig(config);
         }
         // Remove session files
-        const sessionPath = `${getBeecorkHome()}/whatsapp-session`;
+        const sessionPath = getWhatsappSessionPath();
         if (fs.existsSync(sessionPath)) {
             fs.rmSync(sessionPath, { recursive: true, force: true });
         }
@@ -211,7 +192,7 @@ program
     const readline = await import('node:readline');
     const fs = await import('node:fs');
     const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
-    const ask = (q, def) => new Promise(r => rl.question(def ? `${q} [${def}]: ` : `${q}: `, a => r(a.trim() || def || '')));
+    const ask = (q, def) => new Promise((r) => rl.question(def ? `${q} [${def}]: ` : `${q}: `, (a) => r(a.trim() || def || '')));
     console.log('\nWhatsApp Setup\n');
     console.log('  You need two WhatsApp accounts:');
     console.log('  1. A bot account (separate SIM) — will scan the QR code to pair');
@@ -223,9 +204,9 @@ program
         return;
     }
     const { getConfig, saveConfig } = await import('./config.js');
-    const { getBeecorkHome } = await import('./util/paths.js');
+    const { getWhatsappSessionPath } = await import('./util/paths.js');
     const config = getConfig();
-    const sessionPath = `${getBeecorkHome()}/whatsapp-session`;
+    const sessionPath = getWhatsappSessionPath();
     config.whatsapp = {
         enabled: true,
         mode: 'baileys',
@@ -237,7 +218,7 @@ program
     rl.close();
     // Pair immediately — show QR code in this terminal
     try {
-        const { default: makeWASocket, useMultiFileAuthState, DisconnectReason, fetchLatestBaileysVersion } = await import('@whiskeysockets/baileys');
+        const { default: makeWASocket, useMultiFileAuthState, DisconnectReason, fetchLatestBaileysVersion, } = await import('@whiskeysockets/baileys');
         const pino = (await import('pino')).default;
         const silentLogger = pino({ level: 'silent' });
         fs.mkdirSync(sessionPath, { recursive: true, mode: 0o700 });
@@ -288,7 +269,10 @@ program
                 if (update.connection === 'close') {
                     if (paired)
                         return; // Expected disconnect after pairing
-                    const reason = update.lastDisconnect?.error?.output?.statusCode;
+                    // baileys' DisconnectError type isn't exported cleanly; this is the
+                    // standard shape its error objects have.
+                    const reason = update.lastDisconnect?.error
+                        ?.output?.statusCode;
                     if (reason === DisconnectReason.loggedOut) {
                         console.log('\n✗ WhatsApp logged out. Please try again.\n');
                         process.exit(1);
@@ -317,7 +301,7 @@ program
     const readline = await import('node:readline');
     const crypto = await import('node:crypto');
     const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
-    const ask = (q, def) => new Promise(r => rl.question(def ? `${q} [${def}]: ` : `${q}: `, a => r(a.trim() || def || '')));
+    const ask = (q, def) => new Promise((r) => rl.question(def ? `${q} [${def}]: ` : `${q}: `, (a) => r(a.trim() || def || '')));
     console.log('\nWebhook Setup\n');
     console.log('  Webhooks let any service trigger Beecork via HTTP.');
     console.log('  Send POST requests to: http://localhost:PORT/webhook/tabName\n');
@@ -438,9 +422,7 @@ program
     const { runDoctor } = await import('./cli/doctor.js');
     await runDoctor();
 });
-const mcpCmd = program
-    .command('mcp')
-    .description('Manage MCP server configurations');
+const mcpCmd = program.command('mcp').description('Manage MCP server configurations');
 mcpCmd
     .command('add <name> <command> [args...]')
     .description('Register an MCP server')
@@ -590,9 +572,7 @@ program
     }
     console.log(formatKnowledgeForContext(entries));
 });
-const storeCmd = program
-    .command('store')
-    .description('Browse and install community extensions');
+const storeCmd = program.command('store').description('Browse and install community extensions');
 storeCmd
     .command('search <query>')
     .description('Search for beecork packages on npm')

package/dist/knowledge/manager.js

@@ -7,14 +7,15 @@ const GLOBAL_KNOWLEDGE_DIR = path.join(getBeecorkHome(), 'knowledge');
 const GLOBAL_CATEGORIES = ['people', 'preferences', 'routines', 'general'];
 /** Ensure global knowledge directory exists */
 function ensureGlobalDir() {
-    fs.mkdirSync(GLOBAL_KNOWLEDGE_DIR, { recursive: true });
+    fs.mkdirSync(GLOBAL_KNOWLEDGE_DIR, { recursive: true, mode: 0o700 });
 }
 const knowledgeCache = new Map();
 /** Read a knowledge file with mtime-based caching, return content or empty string */
 function readKnowledgeCached(filePath) {
+    // Skip the existsSync precheck — fs.statSync throws ENOENT on missing files,
+    // catching that gets us the same fall-through. This halves the syscall count
+    // on every Claude message that triggers knowledge injection.
     try {
-        if (!fs.existsSync(filePath))
-            return '';
         const stat = fs.statSync(filePath);
         const cached = knowledgeCache.get(filePath);
         if (cached && cached.mtime === stat.mtimeMs)
@@ -24,16 +25,24 @@ function readKnowledgeCached(filePath) {
         return content;
     }
     catch (err) {
+        if (err?.code === 'ENOENT')
+            return '';
         logger.warn(`Failed to read knowledge file ${filePath}:`, err);
         return '';
     }
 }
 /** Append to a knowledge file */
 function appendToFile(filePath, content) {
-    fs.mkdirSync(path.dirname(filePath), { recursive: true });
+    fs.mkdirSync(path.dirname(filePath), { recursive: true, mode: 0o700 });
     const existing = readKnowledgeCached(filePath);
     const separator = existing.endsWith('\n') || existing === '' ? '' : '\n';
-    fs.writeFileSync(filePath, existing + separator + content + '\n');
+    fs.writeFileSync(filePath, existing + separator + content + '\n', { mode: 0o600 });
+    try {
+        fs.chmodSync(filePath, 0o600);
+    }
+    catch {
+        /* not fatal */
+    }
 }
 // ─── Layer 1: Global Knowledge ───
 export function getGlobalKnowledge() {
@@ -71,8 +80,10 @@ export function addProjectKnowledge(projectPath, content) {
 // ─── Layer 3: Tab Knowledge (database) ───
 export function getTabKnowledge(tabName) {
     const db = getDb();
-    const rows = db.prepare('SELECT content FROM memories WHERE tab_name = ? ORDER BY created_at DESC LIMIT 50').all(tabName);
-    return rows.map(r => ({ content: r.content, scope: 'tab', source: tabName }));
+    const rows = db
+        .prepare('SELECT content FROM memories WHERE tab_name = ? ORDER BY created_at DESC LIMIT 50')
+        .all(tabName);
+    return rows.map((r) => ({ content: r.content, scope: 'tab', source: tabName }));
 }
 // ─── Combined Knowledge ───
 export function getAllKnowledge(projectPath, tabName) {
@@ -94,7 +105,7 @@ export function formatKnowledgeForContext(entries) {
     if (entries.length === 0)
         return '';
     const sections = [];
-    const global = entries.filter(e => e.scope === 'global');
+    const global = entries.filter((e) => e.scope === 'global');
     if (global.length > 0) {
         sections.push('[Your knowledge (global)]');
         for (const entry of global) {
@@ -103,14 +114,14 @@ export function formatKnowledgeForContext(entries) {
             sections.push(entry.content);
         }
     }
-    const project = entries.filter(e => e.scope === 'project');
+    const project = entries.filter((e) => e.scope === 'project');
     if (project.length > 0) {
         sections.push('\n[Project knowledge]');
         for (const entry of project) {
             sections.push(entry.content);
         }
     }
-    const tab = entries.filter(e => e.scope === 'tab');
+    const tab = entries.filter((e) => e.scope === 'tab');
     if (tab.length > 0) {
         sections.push('\n[Context from memory]');
         for (const entry of tab) {
@@ -131,7 +142,10 @@ export function addKnowledge(content, scope, options) {
             addProjectKnowledge(options.projectPath, content);
             break;
         case 'tab': {
-            // Use existing memory system
+            // Use existing memory system. Inline INSERT here (rather than the
+            // MemoryStore wrapper) because knowledge → session would invert the
+            // module dep direction; the schema duplication is one column list and
+            // the shape is stable.
             const db = getDb();
             db.prepare('INSERT INTO memories (content, tab_name, source) VALUES (?, ?, ?)').run(content, options?.tabName || null, 'tool');
             break;
@@ -142,5 +156,5 @@ export function addKnowledge(content, scope, options) {
 export function searchKnowledge(query, projectPath, tabName) {
     const all = getAllKnowledge(projectPath, tabName);
     const lower = query.toLowerCase();
-    return all.filter(e => e.content.toLowerCase().includes(lower));
+    return all.filter((e) => e.content.toLowerCase().includes(lower));
 }