brainclaw 1.8.0 → 1.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (140) hide show
  1. package/README.md +12 -11
  2. package/dist/brainclaw-vscode.vsix +0 -0
  3. package/dist/cli.js +138 -13
  4. package/dist/commands/add-step.js +1 -1
  5. package/dist/commands/bootstrap.js +2 -26
  6. package/dist/commands/check-security-mcp.js +50 -33
  7. package/dist/commands/check-security.js +86 -43
  8. package/dist/commands/claim.js +22 -21
  9. package/dist/commands/confirm.js +26 -0
  10. package/dist/commands/context-diff.js +1 -1
  11. package/dist/commands/dispatch-watch.js +142 -0
  12. package/dist/commands/doctor.js +113 -2
  13. package/dist/commands/estimation-report.js +115 -16
  14. package/dist/commands/harvest.js +285 -22
  15. package/dist/commands/init.js +123 -21
  16. package/dist/commands/loops-handlers.js +4 -0
  17. package/dist/commands/mcp-read-handlers.js +198 -29
  18. package/dist/commands/mcp.js +588 -92
  19. package/dist/commands/memory.js +21 -17
  20. package/dist/commands/migrate.js +81 -17
  21. package/dist/commands/prune.js +78 -4
  22. package/dist/commands/reflect.js +26 -20
  23. package/dist/commands/register-agent.js +57 -1
  24. package/dist/commands/repair.js +20 -0
  25. package/dist/commands/session-end.js +15 -6
  26. package/dist/commands/session-start.js +18 -1
  27. package/dist/commands/setup-security.js +39 -18
  28. package/dist/commands/setup.js +26 -27
  29. package/dist/commands/stale.js +16 -2
  30. package/dist/commands/uninstall.js +126 -34
  31. package/dist/commands/update-step.js +6 -0
  32. package/dist/commands/worktree.js +60 -0
  33. package/dist/core/actions.js +12 -3
  34. package/dist/core/agent-capability.js +11 -13
  35. package/dist/core/agent-files.js +844 -547
  36. package/dist/core/agent-integrations.js +0 -3
  37. package/dist/core/agent-inventory.js +67 -0
  38. package/dist/core/agent-registry.js +163 -29
  39. package/dist/core/agentrun-reconciler.js +33 -2
  40. package/dist/core/agentruns.js +7 -1
  41. package/dist/core/ai-agent-detection.js +31 -44
  42. package/dist/core/archival.js +15 -9
  43. package/dist/core/assignment-reconciler.js +56 -0
  44. package/dist/core/assignment-sweeper.js +127 -4
  45. package/dist/core/assignments.js +69 -11
  46. package/dist/core/bootstrap.js +233 -67
  47. package/dist/core/brainclaw-version.js +22 -0
  48. package/dist/core/candidates.js +21 -1
  49. package/dist/core/claims.js +313 -150
  50. package/dist/core/config.js +6 -1
  51. package/dist/core/context-diff.js +148 -20
  52. package/dist/core/context.js +129 -8
  53. package/dist/core/coordination.js +22 -3
  54. package/dist/core/dispatch-status.js +79 -5
  55. package/dist/core/dispatcher.js +64 -11
  56. package/dist/core/entity-operations.js +45 -24
  57. package/dist/core/entity-registry.js +31 -5
  58. package/dist/core/event-log.js +138 -21
  59. package/dist/core/events/checkpoint.js +258 -0
  60. package/dist/core/events/genesis.js +220 -0
  61. package/dist/core/events/journal.js +507 -0
  62. package/dist/core/events/materialize.js +126 -0
  63. package/dist/core/events/registry-post-image.js +110 -0
  64. package/dist/core/events/verify.js +109 -0
  65. package/dist/core/execution-adapters.js +23 -0
  66. package/dist/core/facade-schema.js +38 -0
  67. package/dist/core/gc-semantic.js +130 -5
  68. package/dist/core/handoff-snapshot.js +68 -0
  69. package/dist/core/ids.js +19 -8
  70. package/dist/core/instruction-templates.js +34 -115
  71. package/dist/core/io.js +39 -3
  72. package/dist/core/json-store.js +10 -1
  73. package/dist/core/lock.js +153 -28
  74. package/dist/core/loops/bootstrap-acquire.js +25 -1
  75. package/dist/core/loops/facade-schema.js +2 -0
  76. package/dist/core/loops/hooks/survey-signals-baseline.js +36 -0
  77. package/dist/core/loops/index.js +1 -0
  78. package/dist/core/loops/presets/bootstrap.js +7 -0
  79. package/dist/core/loops/store.js +17 -0
  80. package/dist/core/loops/verbs.js +24 -1
  81. package/dist/core/markdown.js +8 -76
  82. package/dist/core/mcp-command-resolution.js +245 -0
  83. package/dist/core/memory-compactor.js +5 -3
  84. package/dist/core/memory-lifecycle.js +282 -0
  85. package/dist/core/merge-risk.js +150 -0
  86. package/dist/core/messaging.js +8 -1
  87. package/dist/core/migration.js +11 -1
  88. package/dist/core/observer-mode.js +26 -0
  89. package/dist/core/operations/memory-mutation.js +90 -65
  90. package/dist/core/operations/plan.js +27 -1
  91. package/dist/core/protocol-skills.js +210 -0
  92. package/dist/core/reflection-safety.js +6 -7
  93. package/dist/core/reputation.js +84 -2
  94. package/dist/core/runtime-signals.js +71 -9
  95. package/dist/core/runtime.js +84 -1
  96. package/dist/core/schema.js +114 -0
  97. package/dist/core/security-detectors.js +125 -0
  98. package/dist/core/security-extract.js +189 -0
  99. package/dist/core/security-guard.js +107 -29
  100. package/dist/core/security-packages.js +121 -0
  101. package/dist/core/security-scoring.js +76 -9
  102. package/dist/core/security.js +34 -2
  103. package/dist/core/sequence.js +11 -2
  104. package/dist/core/setup-flow.js +141 -13
  105. package/dist/core/staleness.js +72 -1
  106. package/dist/core/state.js +250 -54
  107. package/dist/core/store-resolution.js +19 -5
  108. package/dist/core/worktree.js +72 -8
  109. package/dist/facts.js +8 -8
  110. package/dist/facts.json +7 -7
  111. package/docs/PROTOCOL.md +223 -0
  112. package/docs/cli.md +11 -10
  113. package/docs/concepts/coordinator-runbook.md +129 -0
  114. package/docs/concepts/event-log-store-critique-A.md +333 -0
  115. package/docs/concepts/event-log-store-critique-B.md +353 -0
  116. package/docs/concepts/event-log-store-phase0-measurements.md +58 -0
  117. package/docs/concepts/event-log-store-proposal-A.md +365 -0
  118. package/docs/concepts/event-log-store-proposal-B.md +404 -0
  119. package/docs/concepts/event-log-store.md +928 -0
  120. package/docs/concepts/identity-model-proposal.md +371 -0
  121. package/docs/concepts/memory.md +5 -4
  122. package/docs/concepts/observer-protocol.md +361 -0
  123. package/docs/concepts/parallel-merge-protocol.md +71 -0
  124. package/docs/concepts/plans-and-claims.md +43 -0
  125. package/docs/concepts/skills.md +78 -0
  126. package/docs/concepts/workspace-bootstrapping.md +61 -0
  127. package/docs/integrations/agents.md +4 -4
  128. package/docs/integrations/cline.md +10 -11
  129. package/docs/integrations/codex.md +2 -2
  130. package/docs/integrations/continue.md +5 -5
  131. package/docs/integrations/copilot.md +14 -12
  132. package/docs/integrations/openclaw.md +7 -6
  133. package/docs/integrations/overview.md +7 -7
  134. package/docs/integrations/roo.md +3 -3
  135. package/docs/integrations/windsurf.md +6 -6
  136. package/docs/mcp-schema-changelog.md +29 -2
  137. package/docs/quickstart.md +48 -47
  138. package/docs/security.md +174 -15
  139. package/docs/storage.md +4 -2
  140. package/package.json +8 -6
@@ -1,11 +1,13 @@
1
1
  import fs from 'node:fs';
2
2
  import path from 'node:path';
3
3
  import { ConstraintSchema, DecisionSchema, TrapSchema, HandoffSchema, PlanItemSchema } from './schema.js';
4
- import { ensureMemoryDir, resolveEntityDir } from './io.js';
4
+ import { ensureMemoryDir, resolveEntityDir, writeFileAtomic } from './io.js';
5
5
  import { mutate } from './mutation-pipeline.js';
6
6
  import { commitMemoryChange } from './memory-git.js';
7
7
  import { appendEvent } from './event-log.js';
8
- import { loadVersionedJsonFile, saveVersionedJsonFile } from './migration.js';
8
+ import { appendJournalRecords, resolveJournalMode, resolveCheckpointRead } from './events/journal.js';
9
+ import { materializeStateFromCheckpoint } from './events/checkpoint.js';
10
+ import { loadVersionedJsonFile, serializeVersionedJson, preparePersistedDocument } from './migration.js';
9
11
  import { rebuildProjectMd } from './markdown.js';
10
12
  import { refreshLiveCompanions } from '../commands/export.js';
11
13
  import { logger } from './logger.js';
@@ -102,6 +104,24 @@ export function findLoadValidationWarning(entity, id, cwd) {
102
104
  export function loadState(cwd) {
103
105
  // Load from entity-aligned directories (with legacy fallback)
104
106
  const effectiveCwd = cwd ?? process.cwd();
107
+ // pln#566 Inc0 s2 — checkpointRead fast path. OFF by default (dual/off mode):
108
+ // projection files remain the read substrate. When the capability is enabled
109
+ // (primary soak) AND a verified journal-derived checkpoint exists, serve from
110
+ // checkpoint + sealed tail instead of reading every projection file. ANY
111
+ // failure (no checkpoint, failed verification, replay error) falls through to
112
+ // the projection read below — the checkpoint is never the sole truth.
113
+ if (resolveCheckpointRead(effectiveCwd)) {
114
+ try {
115
+ const fast = materializeStateFromCheckpoint(effectiveCwd);
116
+ // Merge over emptyState so the served State carries the same envelope
117
+ // fields (version/write_version) a projection read produces; the
118
+ // checkpoint only materializes the 5 entity collections. Already sorted
119
+ // by projectLiveToState.
120
+ if (fast)
121
+ return { ...emptyState(), ...fast };
122
+ }
123
+ catch { /* fall through to projection read */ }
124
+ }
105
125
  const state = emptyState();
106
126
  state.active_constraints = loadDirectoryItems(resolveEntityDir('constraints', effectiveCwd, 'read'), ConstraintSchema, 'constraint');
107
127
  state.recent_decisions = loadDirectoryItems(resolveEntityDir('decisions', effectiveCwd, 'read'), DecisionSchema, 'decision');
@@ -116,72 +136,189 @@ export function loadState(cwd) {
116
136
  state.plan_items.sort((a, b) => a.created_at.localeCompare(b.created_at));
117
137
  return state;
118
138
  }
119
- function syncDirectory(dirPath, items, documentType, schema) {
120
- if (!fs.existsSync(dirPath)) {
121
- fs.mkdirSync(dirPath, { recursive: true });
139
+ const persistWriteStats = { written: 0, skippedUnchanged: 0 };
140
+ export function readPersistWriteStats() {
141
+ return { ...persistWriteStats };
142
+ }
143
+ export function resetPersistWriteStats() {
144
+ persistWriteStats.written = 0;
145
+ persistWriteStats.skippedUnchanged = 0;
146
+ }
147
+ /**
148
+ * Order-insensitive canonical form of a JSON document, for the dirty-tracking
149
+ * skip compare. Recursively sorts object keys; returns the raw input on parse
150
+ * failure so corrupt/non-JSON bytes never compare equal to a valid desired doc.
151
+ */
152
+ function canonicalJson(raw) {
153
+ const sortKeys = (value) => {
154
+ if (Array.isArray(value))
155
+ return value.map(sortKeys);
156
+ if (value && typeof value === 'object') {
157
+ return Object.fromEntries(Object.entries(value)
158
+ .sort(([a], [b]) => a.localeCompare(b))
159
+ .map(([k, v]) => [k, sortKeys(v)]));
160
+ }
161
+ return value;
162
+ };
163
+ try {
164
+ return JSON.stringify(sortKeys(JSON.parse(raw)));
165
+ }
166
+ catch {
167
+ return raw; // unparseable → never equals a canonical desired doc
122
168
  }
123
- // Write all current items
169
+ }
170
+ /**
171
+ * Pure planning pass: compute which projection files WOULD change, without
172
+ * writing anything. Same dirty-tracking + canonical-compare + parseable-guard
173
+ * logic as the old syncDirectory; only the IO is deferred to applySyncPlan.
174
+ */
175
+ function planSyncDirectory(dirPath, items, documentType, schema, deleteMissing) {
176
+ const plan = { dirPath, writes: [], deletes: [] };
177
+ // Write only the items whose on-disk bytes would change (dirty-tracking,
178
+ // pln#543 step 3). The comparison uses the writer's own serializer so a
179
+ // "skip" can never diverge from what saveVersionedJsonFile would produce.
180
+ // Safe against trp#126: a missing/byte-different file never matches, so an
181
+ // in-state entity whose projection is absent/corrupt is always rewritten.
124
182
  const currentIds = new Set();
125
183
  for (const item of items) {
126
184
  currentIds.add(item.id);
127
185
  const filepath = path.join(dirPath, `${item.id}.json`);
128
- saveVersionedJsonFile(documentType, filepath, item);
129
- }
130
- // Remove files that are no longer in the state (e.g. if deleted/pruned).
131
- // CRITICAL: we must distinguish "file dropped from state intentionally" from
132
- // "file silently dropped by loadDirectoryItems because its schema.parse threw".
133
- // Deleting the second kind corrupts data (see trap: silent-data-loss via
134
- // load-swallow + write-sync-GC). So before unlinking, we re-validate the file
135
- // against the schema. Parseable + not in state = intentional remove → unlink.
136
- // Unparseable = preserved, operator can inspect/repair.
137
- const files = fs.readdirSync(dirPath).filter(f => f.endsWith('.json'));
186
+ const desired = serializeVersionedJson(documentType, item);
187
+ let existing;
188
+ try {
189
+ existing = fs.readFileSync(filepath, 'utf-8');
190
+ }
191
+ catch {
192
+ existing = undefined; // missing/unreadable write
193
+ }
194
+ // Semantic (canonical, sorted-key) compare, not byte compare: loadState
195
+ // re-parses through zod which can reorder keys; a byte compare would
196
+ // rewrite the whole store every persist. Unparseable bytes never match
197
+ // → rewrite (keeps trp#126 safety).
198
+ if (existing !== undefined && canonicalJson(existing) === canonicalJson(desired)) {
199
+ persistWriteStats.skippedUnchanged += 1;
200
+ continue;
201
+ }
202
+ plan.writes.push({ filepath, desired, item, created: existing === undefined });
203
+ }
204
+ if (!deleteMissing)
205
+ return plan;
206
+ // Plan removals of files no longer in state. CRITICAL: distinguish an
207
+ // intentional drop from a file silently dropped by loadDirectoryItems on a
208
+ // schema.parse throw (deleting the second kind corrupts data — trp#126). Only
209
+ // parseable + not-in-state files are unlinked; unparseable are preserved.
210
+ const files = fs.existsSync(dirPath)
211
+ ? fs.readdirSync(dirPath).filter(f => f.endsWith('.json'))
212
+ : [];
138
213
  for (const file of files) {
139
214
  const id = file.replace('.json', '');
140
215
  if (currentIds.has(id))
141
216
  continue;
142
217
  const filepath = path.join(dirPath, file);
143
- let parseable = false;
144
218
  try {
145
219
  schema.parse(loadVersionedJsonFile(documentType, filepath).document);
146
- parseable = true;
147
220
  }
148
221
  catch {
149
222
  // Already logged by loadDirectoryItems — leave the file in place.
223
+ continue;
150
224
  }
151
- if (parseable) {
152
- fs.unlinkSync(filepath);
153
- }
225
+ plan.deletes.push({ filepath, id });
226
+ }
227
+ return plan;
228
+ }
229
+ /** Apply a planned sync: the actual projection-file writes/unlinks (the IO that
230
+ * must happen AFTER the journal append+fsync). Returns the dirty result. */
231
+ function applySyncPlan(plan) {
232
+ const result = { written: [], deleted: [] };
233
+ // Create the entity dir unconditionally (matches the pre-split syncDirectory,
234
+ // which always ensured the dir even for an empty/unchanged collection).
235
+ if (!fs.existsSync(plan.dirPath)) {
236
+ fs.mkdirSync(plan.dirPath, { recursive: true });
237
+ }
238
+ for (const { filepath, desired, item, created } of plan.writes) {
239
+ writeFileAtomic(filepath, desired);
240
+ persistWriteStats.written += 1;
241
+ result.written.push({ item, created });
154
242
  }
243
+ for (const { filepath, id } of plan.deletes) {
244
+ fs.unlinkSync(filepath);
245
+ result.deleted.push(id);
246
+ }
247
+ return result;
155
248
  }
156
249
  export function saveState(state, cwd) {
157
250
  persistState(state, cwd, { writeProjectMarkdown: false });
158
251
  }
159
252
  function persistStateUnlocked(state, cwd, options = {}) {
160
- writeStateDirectories(state, cwd);
253
+ ensureMemoryDir(cwd);
254
+ const effectiveCwd = cwd ?? process.cwd();
255
+ // pln#566 F1 — JOURNAL BEFORE PROJECTIONS (invariant I2). Persist now runs in
256
+ // three ordered phases so the journal can never lag the projections: a crash
257
+ // mid-persist leaves the journal AHEAD (the only direction lazy-reconcile can
258
+ // recover), never projections ahead (which materialize/verify could not
259
+ // explain). Phase 1 PLAN (pure compute, no IO) → Phase 2 emit+fsync the
260
+ // per-entity post-images to the journal → Phase 3 APPLY projection writes.
261
+ const { plans, legacyDeletes, dirty } = planStateDirectories(state, effectiveCwd, options.deleteMissing ?? false);
262
+ emitPerEntityJournalRecords(dirty, options.eventAction, effectiveCwd);
263
+ faultPoint('after_journal'); // test-only: crash AFTER journal, BEFORE projections
264
+ applyStatePlans(plans, legacyDeletes);
265
+ faultPoint('after_projection'); // test-only: crash AFTER projections written
161
266
  if (options.writeProjectMarkdown ?? true) {
162
- rebuildProjectMd(state, cwd);
267
+ rebuildProjectMd(state, effectiveCwd);
163
268
  }
269
+ // v1 events.jsonl: keep the coarse store event for existing consumers, but
270
+ // suppress its envelope-only journal dual-write — the v2 per-entity emit
271
+ // above is the authoritative §2.8 diff choke point.
164
272
  appendEvent({
165
273
  action: options.eventAction ?? 'update',
166
274
  item_type: 'state',
167
275
  agent: 'system',
168
276
  summary: options.eventSummary,
169
- }, cwd);
170
- commitMemoryChange(options.commitMessage ?? 'state update', cwd);
171
- // Auto-refresh live companion files (Tier B/C agents) after state mutations.
172
- // Non-fatal: failures are logged but don't break the mutation.
277
+ }, effectiveCwd, { journalDualWrite: false });
278
+ // NOTE (pln#558 step 2): the git commit and refreshLiveCompanions used to
279
+ // run here, INSIDE the mutation lock. A single persistState was holding
280
+ // the lock for >5s on Juan's machine (full-store rewrite + git add -A +
281
+ // git commit + live-companion refresh), which serialized every other
282
+ // writer. They are now invoked by persistState / mutateState AFTER the
283
+ // lock releases — see runPostWriteHooks below. The critical section is
284
+ // now writes-only; commit / companion-refresh are best-effort observers.
285
+ }
286
+ function runPostWriteHooks(cwd, commitMessage) {
287
+ // git add + git commit. Safe outside the lock because (a) git itself
288
+ // serializes concurrent index access via .git/index.lock, (b) the
289
+ // implementation already swallows failures (see memory-git.ts), and
290
+ // (c) the commit is an audit trail, not the data itself.
291
+ try {
292
+ commitMemoryChange(commitMessage, cwd);
293
+ }
294
+ catch { /* best-effort */ }
295
+ // Live companion files (Tier B/C agent surfaces). Already best-effort.
173
296
  try {
174
297
  refreshLiveCompanions(cwd);
175
298
  }
176
299
  catch { /* best-effort */ }
177
300
  }
178
- function cleanupLegacyDir(entityName, currentIds, cwd, documentType, schema) {
301
+ /**
302
+ * Test-only crash injection (pln#566 F1). No-op unless BRAINCLAW_FAULT_POINT
303
+ * matches the label — then it throws, simulating a process death at that exact
304
+ * point in the persist pipeline so crash-ordering invariants can be tested
305
+ * deterministically without racing a real SIGKILL.
306
+ */
307
+ function faultPoint(label) {
308
+ if (process.env.BRAINCLAW_FAULT_POINT === label) {
309
+ throw new Error(`fault-injection: crashed at "${label}" (BRAINCLAW_FAULT_POINT)`);
310
+ }
311
+ }
312
+ /**
313
+ * Plan (do not apply) the removal of legacy-dir orphans. Read-only: matches
314
+ * syncDirectory's safety condition (only parseable records absent from state
315
+ * are deletable; unparseable are preserved for inspection/repair). The actual
316
+ * unlink is deferred to applyStatePlans so it lands AFTER the journal append.
317
+ */
318
+ function planCleanupLegacyDir(entityName, currentIds, cwd, documentType, schema) {
319
+ const out = [];
179
320
  const writeDir = resolveEntityDir(entityName, cwd, 'write');
180
321
  const readDir = resolveEntityDir(entityName, cwd, 'read');
181
- // If read resolves to a different (legacy) directory, clean orphans there too.
182
- // Match syncDirectory's safety condition: only delete parseable records that
183
- // are absent from the current state. Schema-invalid legacy files may be drifted
184
- // data that operators still need to inspect or repair.
185
322
  if (readDir !== writeDir && fs.existsSync(readDir)) {
186
323
  const files = fs.readdirSync(readDir).filter(f => f.endsWith('.json'));
187
324
  for (const file of files) {
@@ -189,51 +326,110 @@ function cleanupLegacyDir(entityName, currentIds, cwd, documentType, schema) {
189
326
  if (currentIds.has(id))
190
327
  continue;
191
328
  const filepath = path.join(readDir, file);
192
- let parseable = false;
193
329
  try {
194
330
  schema.parse(loadVersionedJsonFile(documentType, filepath).document);
195
- parseable = true;
196
331
  }
197
332
  catch {
198
333
  logger.warn(`Preserving unparseable legacy ${entityName} file ${file}`);
199
334
  continue;
200
335
  }
201
- if (parseable) {
202
- fs.unlinkSync(filepath);
203
- }
336
+ out.push({ filepath, id }); // O3: surfaced so a delete tombstone is emitted
204
337
  }
205
338
  }
339
+ return out;
206
340
  }
207
- function writeStateDirectories(state, cwd) {
208
- ensureMemoryDir(cwd);
209
- const effectiveCwd = cwd ?? process.cwd();
341
+ /**
342
+ * Phase 1 of persist: compute every projection change WITHOUT writing. The
343
+ * returned `dirty` (post-images + tombstone ids) lets the journal be emitted +
344
+ * fsync'd before applyStatePlans touches any file (pln#566 F1 / I2).
345
+ */
346
+ function planStateDirectories(state, cwd, deleteMissing) {
210
347
  const entities = [
211
- { name: 'constraints', items: state.active_constraints, docType: 'constraint', schema: ConstraintSchema },
212
- { name: 'decisions', items: state.recent_decisions, docType: 'decision', schema: DecisionSchema },
213
- { name: 'traps', items: state.known_traps, docType: 'trap', schema: TrapSchema },
214
- { name: 'handoffs', items: state.open_handoffs, docType: 'handoff', schema: HandoffSchema },
215
- { name: 'plans', items: state.plan_items, docType: 'plan', schema: PlanItemSchema },
348
+ { name: 'constraints', itemType: 'constraint', items: state.active_constraints, docType: 'constraint', schema: ConstraintSchema },
349
+ { name: 'decisions', itemType: 'decision', items: state.recent_decisions, docType: 'decision', schema: DecisionSchema },
350
+ { name: 'traps', itemType: 'trap', items: state.known_traps, docType: 'trap', schema: TrapSchema },
351
+ { name: 'handoffs', itemType: 'handoff', items: state.open_handoffs, docType: 'handoff', schema: HandoffSchema },
352
+ { name: 'plans', itemType: 'plan', items: state.plan_items, docType: 'plan', schema: PlanItemSchema },
216
353
  ];
217
- for (const { name, items, docType, schema } of entities) {
218
- const writeDir = resolveEntityDir(name, effectiveCwd, 'write');
219
- syncDirectory(writeDir, items, docType, schema);
220
- const currentIds = new Set(items.map(item => item.id));
221
- cleanupLegacyDir(name, currentIds, effectiveCwd, docType, schema);
354
+ const plans = [];
355
+ const legacyDeletes = [];
356
+ const dirty = [];
357
+ for (const { name, itemType, items, docType, schema } of entities) {
358
+ const writeDir = resolveEntityDir(name, cwd, 'write');
359
+ const plan = planSyncDirectory(writeDir, items, docType, schema, deleteMissing);
360
+ plans.push(plan);
361
+ const deleted = plan.deletes.map(d => d.id);
362
+ if (deleteMissing) {
363
+ // O3: legacy-dir orphans must also emit a delete tombstone.
364
+ const legacy = planCleanupLegacyDir(name, new Set(items.map(i => i.id)), cwd, docType, schema);
365
+ for (const l of legacy) {
366
+ legacyDeletes.push(l);
367
+ deleted.push(l.id);
368
+ }
369
+ }
370
+ dirty.push({ itemType, written: plan.writes.map(w => ({ item: w.item, created: w.created })), deleted });
371
+ }
372
+ return { plans, legacyDeletes, dirty };
373
+ }
374
+ /** Phase 3 of persist: apply the planned projection writes/unlinks (the IO that
375
+ * must follow the journal append+fsync). */
376
+ function applyStatePlans(plans, legacyDeletes) {
377
+ for (const plan of plans)
378
+ applySyncPlan(plan);
379
+ for (const { filepath } of legacyDeletes) {
380
+ try {
381
+ fs.unlinkSync(filepath);
382
+ }
383
+ catch { /* already gone — idempotent */ }
384
+ }
385
+ }
386
+ /**
387
+ * Emit one journal record per dirty entity with its full post-image
388
+ * (entity-state class, §2.1.1 / §2.8): the persist path is where the store's
389
+ * source-of-truth events are minted, because only it holds the entity docs.
390
+ * No-op when the journal flag is off. Failures are swallowed inside
391
+ * appendJournalRecords (dual mode: v1 projections remain the truth).
392
+ */
393
+ function emitPerEntityJournalRecords(dirty, storeAction, cwd) {
394
+ if (resolveJournalMode(cwd) === 'off')
395
+ return;
396
+ const records = [];
397
+ for (const { itemType, written, deleted } of dirty) {
398
+ for (const { item, created } of written) {
399
+ // Post-image = the prepared document (with schema_version), so the
400
+ // journal record is byte-faithful to the projection: materialize can
401
+ // reconstruct an identical file, and verify compares like-for-like.
402
+ records.push({
403
+ action: storeAction && storeAction !== 'update' ? storeAction : (created ? 'create' : 'update'),
404
+ item_type: itemType,
405
+ item_id: item.id,
406
+ agent: 'system',
407
+ payload: preparePersistedDocument(itemType, item),
408
+ });
409
+ }
410
+ for (const id of deleted) {
411
+ records.push({ action: 'delete', item_type: itemType, item_id: id, agent: 'system' });
412
+ }
222
413
  }
414
+ if (records.length > 0)
415
+ appendJournalRecords(records, cwd);
223
416
  }
224
417
  export function persistState(state, cwd, options = {}) {
225
418
  const effectiveCwd = cwd ?? process.cwd();
226
419
  mutate({ cwd: effectiveCwd }, () => {
227
420
  persistStateUnlocked(state, effectiveCwd, options);
228
421
  });
422
+ runPostWriteHooks(effectiveCwd, options.commitMessage ?? 'state update');
229
423
  }
230
424
  export function mutateState(mutateFn, cwd, options = {}) {
231
425
  const effectiveCwd = cwd ?? process.cwd();
232
- return mutate({ cwd: effectiveCwd }, () => {
426
+ const result = mutate({ cwd: effectiveCwd }, () => {
233
427
  const state = loadState(effectiveCwd);
234
- const result = mutateFn(state);
235
- persistStateUnlocked(state, effectiveCwd, options);
236
- return result;
428
+ const value = mutateFn(state);
429
+ persistStateUnlocked(state, effectiveCwd, { ...options, deleteMissing: true });
430
+ return value;
237
431
  });
432
+ runPostWriteHooks(effectiveCwd, options.commitMessage ?? 'state update');
433
+ return result;
238
434
  }
239
435
  //# sourceMappingURL=state.js.map
@@ -166,12 +166,24 @@ export function resolveProjectRef(ref, cwd = process.cwd(), storeChainOptions) {
166
166
  ?? resolveWorkspaceRoot(cwd, storeChainOptions);
167
167
  if (!wsRoot)
168
168
  return undefined;
169
- // Try as absolute path
169
+ // The trust boundary for raw path refs is the provided cwd. Callers in
170
+ // MCP context set cwd to the workspace root, so child projects resolve
171
+ // naturally. Walking further up (to a user-level store at home) would
172
+ // allow path-injection to sibling or home stores — that is the vulnerability
173
+ // we are closing. Name-based lookup below is unrestricted since it matches
174
+ // by project_name / project_id, not by arbitrary path.
175
+ const trustBoundary = path.resolve(cwd);
176
+ // Try as absolute path — only allowed if within the cwd boundary.
170
177
  if (path.isAbsolute(ref)) {
178
+ if (!isAtOrBelow(ref, trustBoundary))
179
+ return undefined;
171
180
  return fs.existsSync(path.join(ref, MEMORY_DIR, 'config.yaml')) ? ref : undefined;
172
181
  }
173
- // Try as relative path from workspace root
174
- const asPath = path.resolve(wsRoot, ref);
182
+ // Try as relative path resolved from the cwd boundary.
183
+ // Guards against ../ traversal (e.g. "../sibling-project").
184
+ const asPath = path.resolve(trustBoundary, ref);
185
+ if (!isAtOrBelow(asPath, trustBoundary))
186
+ return undefined;
175
187
  if (fs.existsSync(path.join(asPath, MEMORY_DIR, 'config.yaml'))) {
176
188
  return asPath;
177
189
  }
@@ -315,8 +327,10 @@ function findClosestStoreBelow(target, ceiling) {
315
327
  */
316
328
  function isAtOrBelow(dir, ancestor) {
317
329
  const rel = path.relative(ancestor, dir);
318
- // If relative path starts with '..', dir is above ancestor
319
- return !rel.startsWith('..');
330
+ // '..' prefix → dir is above ancestor. An absolute result means a different
331
+ // Windows drive (path.relative returns the absolute `to` path then), which is
332
+ // also outside the boundary — without this check `D:\evil` would pass.
333
+ return !rel.startsWith('..') && !path.isAbsolute(rel);
320
334
  }
321
335
  function resolveAbsoluteTargetPath(cwd, target) {
322
336
  if (path.isAbsolute(target)) {
@@ -10,6 +10,30 @@ import { parsePorcelainZ, isSystemDirtyPath } from './dirty-scope.js';
10
10
  function gitPath(p) {
11
11
  return p.replace(/\\/g, '/');
12
12
  }
13
+ /**
14
+ * can_45316d5c — sanitize a scope-derived slug into a valid git branch
15
+ * component (`git check-ref-format` rules). Scopes like `.github/workflows`
16
+ * produced `feat/.github-workflows`, which git rejects (component starting
17
+ * with a dot), failing the whole worktree creation.
18
+ *
19
+ * Rules covered: no leading dots/dashes, no trailing dots, no `..`, no
20
+ * `@{`, no control/space/`~^:?*[\\` characters, no trailing `.lock`.
21
+ */
22
+ export function sanitizeBranchComponent(raw, fallback = 'scope') {
23
+ let slug = raw
24
+ .replace(/[\s~^:?*[\]\\]/g, '-') // chars forbidden by check-ref-format
25
+ .replace(/@\{/g, '-') // reflog syntax
26
+ .replace(/\.\.+/g, '.') // no double dots
27
+ .replace(/[^a-zA-Z0-9._-]/g, '-') // conservative whitelist for the rest
28
+ .replace(/-+/g, '-') // collapse dashes
29
+ .replace(/^[.-]+/, '') // no leading dot/dash
30
+ .replace(/[.-]+$/, ''); // no trailing dot/dash
31
+ if (/\.lock$/i.test(slug))
32
+ slug = slug.slice(0, -'.lock'.length);
33
+ if (!slug)
34
+ slug = fallback;
35
+ return slug.slice(0, 48);
36
+ }
13
37
  /**
14
38
  * Stack marker → shared directories mapping.
15
39
  * Maven/Gradle/Cargo intentionally excluded — their dep caches live
@@ -138,7 +162,15 @@ function canonicalizeScopePath(target) {
138
162
  * project even when two projects share the same repo name.
139
163
  */
140
164
  export function worktreesBaseDir(mainWorktreePath) {
141
- const hash = crypto.createHash('sha1').update(mainWorktreePath).digest('hex').slice(0, 12);
165
+ let stablePath = path.resolve(mainWorktreePath);
166
+ try {
167
+ stablePath = fs.realpathSync.native(stablePath);
168
+ }
169
+ catch { /* path may not exist yet; path.resolve is still deterministic */ }
170
+ if (process.platform === 'win32' || /^[a-zA-Z]:[\\/]/.test(mainWorktreePath)) {
171
+ stablePath = stablePath.toLowerCase();
172
+ }
173
+ const hash = crypto.createHash('sha1').update(stablePath).digest('hex').slice(0, 12);
142
174
  return path.join(os.homedir(), '.brainclaw', 'worktrees', hash);
143
175
  }
144
176
  /**
@@ -244,7 +276,7 @@ export function commitWorktreeOnBehalf(worktreePath, message, options = {}) {
244
276
  if (!add.ok) {
245
277
  return { committed: false, files_changed: [], reason: `git add failed: ${add.stderr.trim()}` };
246
278
  }
247
- runGit(['reset', '-q', '--', 'LANE-RESULT.json', '.brainclaw'], worktreePath);
279
+ runGit(['reset', '-q', '--', 'LANE-RESULT.json', '.brainclaw', '.brainclaw-heartbeat-*'], worktreePath);
248
280
  // The files actually staged for this commit (post-exclusion) — also the
249
281
  // truthful files_changed report.
250
282
  const staged = runGit(['diff', '--cached', '--name-only'], worktreePath);
@@ -320,6 +352,7 @@ export function resetWorktreeToRef(worktreePath, ref) {
320
352
  const norm = p.replace(/\\/g, '/');
321
353
  return norm !== '.brainclaw-worktree.json'
322
354
  && !norm.startsWith('.brainclaw/')
355
+ && !norm.startsWith('.brainclaw-heartbeat-')
323
356
  && !norm.startsWith('.git/');
324
357
  });
325
358
  if (residue.length > 0) {
@@ -420,14 +453,42 @@ export function createWorktree(mainWorktreePath, branchName, options = {}) {
420
453
  const branchCheck = runGit(['rev-parse', '--verify', branchName], mainWorktreePath);
421
454
  const branchExists = branchCheck.ok;
422
455
  const baseRef = options.baseRef ?? 'HEAD';
423
- if (branchExists && options.resetExistingBranch) {
456
+ if (branchExists) {
424
457
  const attachedWorktreePath = findWorktreePathForBranch(listWorktrees(mainWorktreePath), branchName);
425
458
  if (attachedWorktreePath) {
426
- throw new Error(`Cannot reset branch ${branchName}: it is checked out in worktree ${attachedWorktreePath}. Remove or merge that worktree first.`);
459
+ throw new Error(`Cannot reuse branch ${branchName}: it is checked out in worktree ${attachedWorktreePath}. Remove or merge that worktree first.`);
427
460
  }
428
- const reset = runGit(['branch', '--force', branchName, baseRef], mainWorktreePath);
429
- if (!reset.ok) {
430
- throw new Error(`git branch --force failed for ${branchName}: ${reset.stderr.trim()}`);
461
+ if (options.resetExistingBranch) {
462
+ const reset = runGit(['branch', '--force', branchName, baseRef], mainWorktreePath);
463
+ if (!reset.ok) {
464
+ throw new Error(`git branch --force failed for ${branchName}: ${reset.stderr.trim()}`);
465
+ }
466
+ }
467
+ else {
468
+ // can_2e282880 (worktree-as-contract at creation): a reused branch is a
469
+ // CONTRACT that the worker starts from the dispatch base, not from
470
+ // whatever stale base the branch happened to sit on (observed live: a
471
+ // June dispatch reused a feat/<scope> branch based on April master).
472
+ // - branch has NO commits ahead of the base → silently re-point it to
473
+ // the base (it carries nothing worth keeping);
474
+ // - branch HAS commits not on the base → REFUSE and name them: they
475
+ // are unharvested work — merging/harvesting first is the only safe
476
+ // move, a silent reset would destroy it and a silent reuse would
477
+ // run the worker on a stale base.
478
+ const ahead = runGit(['rev-list', '--count', `${baseRef}..${branchName}`], mainWorktreePath);
479
+ const aheadCount = ahead.ok ? parseInt(ahead.stdout.trim(), 10) : NaN;
480
+ if (!Number.isFinite(aheadCount)) {
481
+ throw new Error(`Cannot assess divergence of existing branch ${branchName} vs ${baseRef}: ${ahead.stderr.trim()}`);
482
+ }
483
+ if (aheadCount > 0) {
484
+ const commits = runGit(['log', '--oneline', '-n', '5', `${baseRef}..${branchName}`], mainWorktreePath);
485
+ throw new Error(`Refusing to reuse branch ${branchName}: it has ${aheadCount} commit(s) not on ${baseRef} (unharvested work). ` +
486
+ `Harvest/merge or delete the branch first. Divergent commits:\n${commits.stdout.trim()}`);
487
+ }
488
+ const reset = runGit(['branch', '--force', branchName, baseRef], mainWorktreePath);
489
+ if (!reset.ok) {
490
+ throw new Error(`git branch --force failed for ${branchName}: ${reset.stderr.trim()}`);
491
+ }
431
492
  }
432
493
  }
433
494
  // Use forward-slash paths for git on Windows
@@ -817,7 +878,10 @@ export function worktreeHasOnlyBirthNoise(statusZStdout) {
817
878
  const paths = parsePorcelainZ(statusZStdout);
818
879
  return paths.every((p) => {
819
880
  const norm = p.replace(/\\/g, '/');
820
- return WORKTREE_BIRTH_NOISE.has(norm) || isSystemDirtyPath(norm);
881
+ return WORKTREE_BIRTH_NOISE.has(norm)
882
+ || norm.startsWith('.brainclaw-heartbeat-') // worker liveness sentinel (sprint 1.5)
883
+ || norm === 'LANE-RESULT.json' // worker outcome report — harvested, never committed
884
+ || isSystemDirtyPath(norm);
821
885
  });
822
886
  }
823
887
  /**
package/dist/facts.js CHANGED
@@ -1,8 +1,8 @@
1
1
  // Generated by scripts/emit-site-facts.mjs at build time. Do not edit manually.
2
- // Source: brainclaw v1.8.0 on 2026-06-09T07:31:59.599Z
2
+ // Source: brainclaw v1.9.0 on 2026-06-15T14:49:43.510Z
3
3
  export const FACTS = {
4
- "version": "1.8.0",
5
- "generated_at": "2026-06-09T07:31:59.599Z",
4
+ "version": "1.9.0",
5
+ "generated_at": "2026-06-15T14:49:43.510Z",
6
6
  "tools": {
7
7
  "count": 62,
8
8
  "published_count": 61,
@@ -197,8 +197,8 @@ export const FACTS = {
197
197
  "workflow_model": "interactive",
198
198
  "tier": "A",
199
199
  "has_mcp": true,
200
- "has_hooks": true,
201
- "has_skills": true,
200
+ "has_hooks": false,
201
+ "has_skills": false,
202
202
  "has_rules": true,
203
203
  "instruction_file": ".clinerules/brainclaw.md",
204
204
  "mcp_config_scope": "project",
@@ -214,7 +214,7 @@ export const FACTS = {
214
214
  "workflow_model": "task-based",
215
215
  "tier": "A",
216
216
  "has_mcp": true,
217
- "has_hooks": true,
217
+ "has_hooks": false,
218
218
  "has_skills": true,
219
219
  "has_rules": true,
220
220
  "instruction_file": "AGENTS.md",
@@ -436,8 +436,8 @@ export const FACTS = {
436
436
  "workflow_model": "interactive",
437
437
  "tier": "A",
438
438
  "has_mcp": true,
439
- "has_hooks": true,
440
- "has_skills": true,
439
+ "has_hooks": false,
440
+ "has_skills": false,
441
441
  "has_rules": true,
442
442
  "instruction_file": ".windsurfrules",
443
443
  "mcp_config_scope": "machine",
package/dist/facts.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
- "version": "1.8.0",
3
- "generated_at": "2026-06-09T07:31:59.599Z",
2
+ "version": "1.9.0",
3
+ "generated_at": "2026-06-15T14:49:43.510Z",
4
4
  "tools": {
5
5
  "count": 62,
6
6
  "published_count": 61,
@@ -195,8 +195,8 @@
195
195
  "workflow_model": "interactive",
196
196
  "tier": "A",
197
197
  "has_mcp": true,
198
- "has_hooks": true,
199
- "has_skills": true,
198
+ "has_hooks": false,
199
+ "has_skills": false,
200
200
  "has_rules": true,
201
201
  "instruction_file": ".clinerules/brainclaw.md",
202
202
  "mcp_config_scope": "project",
@@ -212,7 +212,7 @@
212
212
  "workflow_model": "task-based",
213
213
  "tier": "A",
214
214
  "has_mcp": true,
215
- "has_hooks": true,
215
+ "has_hooks": false,
216
216
  "has_skills": true,
217
217
  "has_rules": true,
218
218
  "instruction_file": "AGENTS.md",
@@ -434,8 +434,8 @@
434
434
  "workflow_model": "interactive",
435
435
  "tier": "A",
436
436
  "has_mcp": true,
437
- "has_hooks": true,
438
- "has_skills": true,
437
+ "has_hooks": false,
438
+ "has_skills": false,
439
439
  "has_rules": true,
440
440
  "instruction_file": ".windsurfrules",
441
441
  "mcp_config_scope": "machine",