chapterhouse 0.6.0 → 0.8.0

package/dist/api/server.test.js

@@ -124,6 +124,22 @@ function readProjectRegistryRows(testRoot) {
         db.close();
     }
 }
+function getAgentFilePath(testRoot, slug) {
+    return join(testRoot, ".chapterhouse", "agents", `${slug}.agent.md`);
+}
+function writeAgentFile(testRoot, slug, content) {
+    mkdirSync(join(testRoot, ".chapterhouse", "agents"), { recursive: true });
+    writeFileSync(getAgentFilePath(testRoot, slug), content, "utf-8");
+}
+function markBundledAgent(testRoot, slug, hash = "bundled-hash") {
+    const db = new Database(getProjectDbPath(testRoot));
+    try {
+        db.prepare(`INSERT OR REPLACE INTO max_state (key, value) VALUES (?, ?)`).run(`bundled_agent_hash:${slug}.agent.md`, hash);
+    }
+    finally {
+        db.close();
+    }
+}
 function setMemoryActiveScope(testRoot, slug) {
     const db = new Database(getProjectDbPath(testRoot));
     try {
@@ -192,6 +208,15 @@ async function withStartedServer(run, extraEnv = {}, timeoutMs = DEFAULT_API_SER
         rmSync(testRoot, { recursive: true, force: true });
     }
 }
+test("agent edits require a team lead when Entra auth is enabled", async () => {
+    const accessModule = await import("./agent-edit-access.js");
+    assert.equal(typeof accessModule.assertAgentEditAccess, "function", "assertAgentEditAccess should be exported");
+    const assertAgentEditAccess = accessModule.assertAgentEditAccess;
+    assert.doesNotThrow(() => assertAgentEditAccess({ entraAuthEnabled: false }, { role: "engineer" }));
+    assert.throws(() => assertAgentEditAccess({ entraAuthEnabled: true }, { role: "engineer" }), /Admin access required/);
+    assert.throws(() => assertAgentEditAccess({ entraAuthEnabled: true }), /Admin access required/);
+    assert.doesNotThrow(() => assertAgentEditAccess({ entraAuthEnabled: true }, { role: "team-lead" }));
+});
 test("server routes expose bootstrap and public config without auth", async () => {
     await withStartedServer(async ({ baseUrl }) => {
         const bootstrap = await fetch(`${baseUrl}/api/bootstrap`);
@@ -216,10 +241,319 @@ test("server channels route returns chapterhouse plus persistent agents in chann
         const channels = await response.json();
         assert.deepEqual(channels.map((channel) => channel.key), [
             "default",
+            "agent:korg",
         ]);
         assert.deepEqual(channels.map((channel) => channel.label), [
             "# chapterhouse",
+            "# korg",
         ]);
+        assert.equal(channels[1]?.scope, "pkb");
+    });
+});
+test("server agents routes return source-aware charter summaries and details", async () => {
+    await withStartedServer(async ({ baseUrl, authHeader, testRoot }) => {
+        writeAgentFile(testRoot, "alpha-custom", [
+            "---",
+            "name: Alpha Custom",
+            "description: First custom charter",
+            "model: gpt-5.4",
+            "scope: frontend",
+            "skills:",
+            "  - ui-copy",
+            "  - wireframes",
+            "---",
+            "",
+            "You are Alpha Custom.",
+        ].join("\n"));
+        writeAgentFile(testRoot, "zulu-custom", [
+            "---",
+            "name: Zulu Custom",
+            "description: Last custom charter",
+            "model: claude-sonnet-4.6",
+            "persistent: true",
+            "---",
+            "",
+            "You are Zulu Custom.",
+        ].join("\n"));
+        markBundledAgent(testRoot, "designer");
+        const listResponse = await fetch(`${baseUrl}/api/agents`, {
+            headers: { authorization: authHeader },
+        });
+        assert.equal(listResponse.status, 200);
+        const agents = await listResponse.json();
+        const firstCustomIndex = agents.findIndex((agent) => agent.type === "custom");
+        assert.notEqual(firstCustomIndex, -1);
+        assert.ok(agents.slice(0, firstCustomIndex).every((agent) => agent.type === "builtin"));
+        const customAgents = agents.filter((agent) => agent.type === "custom");
+        assert.deepEqual(customAgents.map((agent) => agent.name), ["Alpha Custom", "Zulu Custom"]);
+        const designer = agents.find((agent) => agent.slug === "designer");
+        assert.ok(designer);
+        assert.equal(designer.type, "builtin");
+        assert.equal(typeof designer.lastEdited, "string");
+        const alpha = agents.find((agent) => agent.slug === "alpha-custom");
+        assert.deepEqual(alpha, {
+            name: "Alpha Custom",
+            slug: "alpha-custom",
+            description: "First custom charter",
+            model: "gpt-5.4",
+            scope: "frontend",
+            type: "custom",
+            lastEdited: alpha?.lastEdited ?? null,
+        });
+        assert.equal(typeof alpha?.lastEdited, "string");
+        const detailResponse = await fetch(`${baseUrl}/api/agents/${encodeURIComponent("alpha-custom")}`, {
+            headers: { authorization: authHeader },
+        });
+        assert.equal(detailResponse.status, 200);
+        assert.deepEqual(await detailResponse.json(), {
+            name: "Alpha Custom",
+            slug: "alpha-custom",
+            description: "First custom charter",
+            model: "gpt-5.4",
+            scope: "frontend",
+            persistent: false,
+            skills: ["ui-copy", "wireframes"],
+            type: "custom",
+            editable: true,
+            systemPrompt: "You are Alpha Custom.",
+        });
+        const builtinDetailResponse = await fetch(`${baseUrl}/api/agents/${encodeURIComponent("designer")}`, {
+            headers: { authorization: authHeader },
+        });
+        assert.equal(builtinDetailResponse.status, 200);
+        const builtinDetail = await builtinDetailResponse.json();
+        assert.equal(builtinDetail.slug, "designer");
+        assert.equal(builtinDetail.type, "builtin");
+        assert.equal(builtinDetail.editable, false);
+        assert.equal(typeof builtinDetail.systemPrompt, "string");
+        assert.ok(builtinDetail.systemPrompt.length > 0);
+        const missingResponse = await fetch(`${baseUrl}/api/agents/${encodeURIComponent("missing-agent")}`, {
+            headers: { authorization: authHeader },
+        });
+        assert.equal(missingResponse.status, 404);
+        assert.deepEqual(await missingResponse.json(), { error: "Agent 'missing-agent' not found" });
+    });
+});
+test("server rejects invalid agent slugs before reading agent files", async () => {
+    await withStartedServer(async ({ baseUrl, authHeader, testRoot }) => {
+        writeFileSync(join(testRoot, "some-path.agent.md"), [
+            "---",
+            "name: Escaped Agent",
+            "description: Should never be readable",
+            "model: gpt-5.4",
+            "---",
+            "",
+            "You should not see this.",
+        ].join("\n"), "utf-8");
+        const response = await fetch(`${baseUrl}/api/agents/..%2F..%2Fsome-path`, {
+            headers: { authorization: authHeader },
+        });
+        assert.equal(response.status, 400);
+        assert.deepEqual(await response.json(), { error: "Invalid slug" });
+    });
+});
+test("server patches a custom agent file and reloads the persistent agent registry", async () => {
+    await withStartedServer(async ({ baseUrl, authHeader, testRoot }) => {
+        writeAgentFile(testRoot, "scribe", [
+            "---",
+            "name: Scribe",
+            "description: Drafts release notes",
+            "model: claude-sonnet-4.6",
+            "persistent: true",
+            "scope: docs",
+            "skills:",
+            "  - writing",
+            "tools:",
+            "  - bash",
+            "---",
+            "",
+            "Original system prompt.",
+        ].join("\n"));
+        const before = await fetch(`${baseUrl}/api/channels`, {
+            headers: { authorization: authHeader },
+        });
+        assert.equal(before.status, 200);
+        const response = await fetch(`${baseUrl}/api/agents/scribe`, {
+            method: "PATCH",
+            headers: {
+                authorization: authHeader,
+                "content-type": "application/json",
+            },
+            body: JSON.stringify({
+                name: "Scribe Prime",
+                description: "Publishes saved agent edits",
+                systemPrompt: "# Updated Prompt\n\nShip it.",
+            }),
+        });
+        assert.equal(response.status, 200);
+        assert.deepEqual(await response.json(), {
+            name: "Scribe Prime",
+            slug: "scribe",
+            description: "Publishes saved agent edits",
+            model: "claude-sonnet-4.6",
+            scope: "docs",
+            persistent: true,
+            skills: ["writing"],
+            type: "custom",
+            editable: true,
+            systemPrompt: "# Updated Prompt\n\nShip it.",
+        });
+        const saved = readFileSync(getAgentFilePath(testRoot, "scribe"), "utf-8");
+        assert.match(saved, /^---\n[\s\S]*\n---\n\n# Updated Prompt\n\nShip it\.\n?$/);
+        assert.match(saved, /name: Scribe Prime/);
+        assert.match(saved, /description: Publishes saved agent edits/);
+        assert.match(saved, /model: claude-sonnet-4.6/);
+        assert.match(saved, /scope: docs/);
+        assert.match(saved, /tools:\n  - bash/);
+        assert.match(saved, /skills:\n  - writing/);
+        const after = await fetch(`${baseUrl}/api/channels`, {
+            headers: { authorization: authHeader },
+        });
+        assert.equal(after.status, 200);
+        const channels = await after.json();
+        assert.deepEqual(channels.find((channel) => channel.slug === "scribe"), {
+            key: "agent:scribe",
+            label: "# scribe",
+            slug: "scribe",
+            name: "Scribe Prime",
+            description: "Publishes saved agent edits",
+            scope: "docs",
+        });
+    });
+});
+test("server rejects PATCH /api/agents/:slug when the request changes skills", async () => {
+    await withStartedServer(async ({ baseUrl, authHeader, testRoot }) => {
+        writeAgentFile(testRoot, "scribe", [
+            "---",
+            "name: Scribe",
+            "description: Drafts release notes",
+            "model: claude-sonnet-4.6",
+            "skills:",
+            "  - writing",
+            "---",
+            "",
+            "Original system prompt.",
+        ].join("\n"));
+        const response = await fetch(`${baseUrl}/api/agents/scribe`, {
+            method: "PATCH",
+            headers: {
+                authorization: authHeader,
+                "content-type": "application/json",
+            },
+            body: JSON.stringify({ skills: ["editing", "review"] }),
+        });
+        assert.equal(response.status, 400);
+        assert.match((await response.json()).error, /skills/i);
+    });
+});
+test("server rejects PATCH /api/agents/:slug when the request changes read-only fields", async () => {
+    await withStartedServer(async ({ baseUrl, authHeader, testRoot }) => {
+        writeAgentFile(testRoot, "scribe", [
+            "---",
+            "name: Scribe",
+            "description: Drafts release notes",
+            "model: claude-sonnet-4.6",
+            "---",
+            "",
+            "Original system prompt.",
+        ].join("\n"));
+        const response = await fetch(`${baseUrl}/api/agents/scribe`, {
+            method: "PATCH",
+            headers: {
+                authorization: authHeader,
+                "content-type": "application/json",
+            },
+            body: JSON.stringify({ slug: "other-scribe" }),
+        });
+        assert.equal(response.status, 400);
+        assert.match((await response.json()).error, /slug/i);
+    });
+});
+test("server rejects PATCH /api/agents/:slug for bundled agents", async () => {
+    await withStartedServer(async ({ baseUrl, authHeader }) => {
+        const response = await fetch(`${baseUrl}/api/agents/designer`, {
+            method: "PATCH",
+            headers: {
+                authorization: authHeader,
+                "content-type": "application/json",
+            },
+            body: JSON.stringify({ description: "Should not save" }),
+        });
+        assert.equal(response.status, 403);
+        assert.deepEqual(await response.json(), { error: "Built-in agents are read-only" });
+    });
+});
+test("server rejects PATCH /api/agents/:slug for non-team-leads in team mode", async () => {
+    await withStartedServer(async ({ baseUrl, authHeader, testRoot }) => {
+        writeAgentFile(testRoot, "scribe", [
+            "---",
+            "name: Scribe",
+            "description: Drafts release notes",
+            "model: claude-sonnet-4.6",
+            "---",
+            "",
+            "Original system prompt.",
+        ].join("\n"));
+        const response = await fetch(`${baseUrl}/api/agents/scribe`, {
+            method: "PATCH",
+            headers: {
+                authorization: authHeader,
+                "content-type": "application/json",
+            },
+            body: JSON.stringify({ description: "Should not save" }),
+        });
+        assert.equal(response.status, 403);
+        assert.deepEqual(await response.json(), { error: "Forbidden" });
+    }, {
+        CHAPTERHOUSE_MODE: "team",
+    });
+});
+test("server returns 404 when PATCH /api/agents/:slug targets a missing file", async () => {
+    await withStartedServer(async ({ baseUrl, authHeader }) => {
+        const response = await fetch(`${baseUrl}/api/agents/missing-agent`, {
+            method: "PATCH",
+            headers: {
+                authorization: authHeader,
+                "content-type": "application/json",
+            },
+            body: JSON.stringify({ description: "Still missing" }),
+        });
+        assert.equal(response.status, 404);
+        assert.deepEqual(await response.json(), { error: "Agent not found" });
+    });
+});
+test("server returns 400 when PATCH /api/agents/:slug cannot parse malformed agent content", async () => {
+    await withStartedServer(async ({ baseUrl, authHeader, testRoot }) => {
+        writeAgentFile(testRoot, "scribe", [
+            "---",
+            "name: Scribe",
+            "description: Drafts release notes",
+            "model: claude-sonnet-4.6",
+            "skills: [writing",
+            "---",
+            "",
+            "Original system prompt.",
+        ].join("\n"));
+        const response = await fetch(`${baseUrl}/api/agents/scribe`, {
+            method: "PATCH",
+            headers: {
+                authorization: authHeader,
+                "content-type": "application/json",
+            },
+            body: JSON.stringify({ description: "Broken input stays broken" }),
+        });
+        assert.equal(response.status, 400);
+        assert.match((await response.json()).error, /^Invalid content:/);
+    });
+});
+test("server returns 404 when confirming reload for an unknown agent", async () => {
+    await withStartedServer(async ({ baseUrl, authHeader }) => {
+        const response = await fetch(`${baseUrl}/api/agents/missing/reload-confirm`, {
+            method: "POST",
+            headers: { authorization: authHeader },
+        });
+        assert.equal(response.status, 404);
+        assert.match(await response.text(), /Agent not found/i);
     });
 });
 test("server runs in standalone mode without auth", async () => {
@@ -916,17 +1250,17 @@ test("server caps concurrent SSE connections per IP", async () => {
         let secondResponse;
         try {
             firstResponse = await fetch(`${baseUrl}/stream`, {
-                headers: { authorization: authHeader },
+                headers: { authorization: authHeader, connection: "close" },
                 signal: firstController.signal,
             });
             secondResponse = await fetch(`${baseUrl}/stream`, {
-                headers: { authorization: authHeader },
+                headers: { authorization: authHeader, connection: "close" },
                 signal: secondController.signal,
             });
             assert.equal(firstResponse.status, 200);
             assert.equal(secondResponse.status, 200);
             const rejected = await fetch(`${baseUrl}/stream`, {
-                headers: { authorization: authHeader },
+                headers: { authorization: authHeader, connection: "close" },
             });
             assert.equal(rejected.status, 429);
             assert.equal(rejected.headers.get("retry-after"), "60");
@@ -946,4 +1280,200 @@ test("server caps concurrent SSE connections per IP", async () => {
         API_RATE_LIMIT_SSE_MAX_CONNECTIONS: "2",
     });
 });
+test("POST /api/memory/active-scope sets and clears the active scope", async () => {
+    await withStartedServer(async ({ baseUrl, authHeader }) => {
+        const unauthorized = await fetch(`${baseUrl}/api/memory/active-scope`, {
+            method: "POST",
+            headers: { "content-type": "application/json" },
+            body: JSON.stringify({ scope: "chapterhouse" }),
+        });
+        assert.equal(unauthorized.status, 401);
+        const set = await fetch(`${baseUrl}/api/memory/active-scope`, {
+            method: "POST",
+            headers: { authorization: authHeader, "content-type": "application/json" },
+            body: JSON.stringify({ scope: "chapterhouse" }),
+        });
+        assert.equal(set.status, 200);
+        assert.deepEqual(await set.json(), { ok: true, scope: "chapterhouse" });
+        const verify = await fetch(`${baseUrl}/api/memory/active-scope`, {
+            headers: { authorization: authHeader },
+        });
+        assert.deepEqual(await verify.json(), { slug: "chapterhouse", title: "Chapterhouse" });
+        const clear = await fetch(`${baseUrl}/api/memory/active-scope`, {
+            method: "POST",
+            headers: { authorization: authHeader, "content-type": "application/json" },
+            body: JSON.stringify({ scope: null }),
+        });
+        assert.equal(clear.status, 200);
+        assert.deepEqual(await clear.json(), { ok: true, scope: null });
+        const unknownScope = await fetch(`${baseUrl}/api/memory/active-scope`, {
+            method: "POST",
+            headers: { authorization: authHeader, "content-type": "application/json" },
+            body: JSON.stringify({ scope: "nonexistent-scope" }),
+        });
+        assert.equal(unknownScope.status, 404);
+    });
+});
+test("GET /api/memory/scopes lists all scopes with entry counts", async () => {
+    await withStartedServer(async ({ baseUrl, authHeader }) => {
+        const unauthorized = await fetch(`${baseUrl}/api/memory/scopes`);
+        assert.equal(unauthorized.status, 401);
+        const res = await fetch(`${baseUrl}/api/memory/scopes`, {
+            headers: { authorization: authHeader },
+        });
+        assert.equal(res.status, 200);
+        const body = await res.json();
+        assert.ok(Array.isArray(body.scopes));
+        assert.ok(body.scopes.length >= 2, "expected at least 2 seeded scopes");
+        const chapterhouse = body.scopes.find((s) => s.slug === "chapterhouse");
+        assert.ok(chapterhouse, "expected chapterhouse scope");
+        assert.ok(typeof chapterhouse.counts.observations === "number");
+        assert.ok(typeof chapterhouse.counts.decisions === "number");
+    });
+});
+test("GET /api/memory/:scope returns entries for a scope and 404 for unknown", async () => {
+    await withStartedServer(async ({ baseUrl, authHeader }) => {
+        const unauthorized = await fetch(`${baseUrl}/api/memory/chapterhouse`);
+        assert.equal(unauthorized.status, 401);
+        const res = await fetch(`${baseUrl}/api/memory/chapterhouse`, {
+            headers: { authorization: authHeader },
+        });
+        assert.equal(res.status, 200);
+        const body = await res.json();
+        assert.ok(Array.isArray(body.entries));
+        assert.ok(typeof body.total === "number");
+        const withStore = await fetch(`${baseUrl}/api/memory/chapterhouse?store=decisions`, {
+            headers: { authorization: authHeader },
+        });
+        assert.equal(withStore.status, 200);
+        const withTier = await fetch(`${baseUrl}/api/memory/chapterhouse?store=observations&tier=hot`, {
+            headers: { authorization: authHeader },
+        });
+        assert.equal(withTier.status, 200);
+        const notFound = await fetch(`${baseUrl}/api/memory/no-such-scope`, {
+            headers: { authorization: authHeader },
+        });
+        assert.equal(notFound.status, 404);
+        assert.deepEqual(await notFound.json(), { error: "Memory scope 'no-such-scope' not found" });
+    });
+});
+test("POST /api/memory/:scope/remember writes an observation or decision", async () => {
+    await withStartedServer(async ({ baseUrl, authHeader }) => {
+        const unauthorized = await fetch(`${baseUrl}/api/memory/chapterhouse/remember`, {
+            method: "POST",
+            headers: { "content-type": "application/json" },
+            body: JSON.stringify({ content: "Test observation" }),
+        });
+        assert.equal(unauthorized.status, 401);
+        const obs = await fetch(`${baseUrl}/api/memory/chapterhouse/remember`, {
+            method: "POST",
+            headers: { authorization: authHeader, "content-type": "application/json" },
+            body: JSON.stringify({ content: "Chapterhouse uses SQLite for memory." }),
+        });
+        assert.equal(obs.status, 200);
+        const obsBody = await obs.json();
+        assert.equal(obsBody.ok, true);
+        assert.ok(typeof obsBody.id === "string");
+        const dec = await fetch(`${baseUrl}/api/memory/chapterhouse/remember`, {
+            method: "POST",
+            headers: { authorization: authHeader, "content-type": "application/json" },
+            body: JSON.stringify({ kind: "decision", title: "Use SQLite", content: "SQLite chosen for persistence." }),
+        });
+        assert.equal(dec.status, 200);
+        const decBody = await dec.json();
+        assert.equal(decBody.ok, true);
+        const noTitle = await fetch(`${baseUrl}/api/memory/chapterhouse/remember`, {
+            method: "POST",
+            headers: { authorization: authHeader, "content-type": "application/json" },
+            body: JSON.stringify({ kind: "decision", content: "Missing title." }),
+        });
+        assert.equal(noTitle.status, 400);
+        const notFound = await fetch(`${baseUrl}/api/memory/missing-scope/remember`, {
+            method: "POST",
+            headers: { authorization: authHeader, "content-type": "application/json" },
+            body: JSON.stringify({ content: "Will not land." }),
+        });
+        assert.equal(notFound.status, 404);
+    });
+});
+test("GET /api/memory/inbox lists pending proposals", async () => {
+    await withStartedServer(async ({ baseUrl, authHeader }) => {
+        const unauthorized = await fetch(`${baseUrl}/api/memory/inbox`);
+        assert.equal(unauthorized.status, 401);
+        const empty = await fetch(`${baseUrl}/api/memory/inbox`, {
+            headers: { authorization: authHeader },
+        });
+        assert.equal(empty.status, 200);
+        const body = await empty.json();
+        assert.ok(Array.isArray(body.items));
+        assert.ok(typeof body.total === "number");
+        assert.equal(body.items.length, body.total);
+    });
+});
+test("POST /api/memory/inbox/:id/route accepts and rejects proposals", async () => {
+    await withStartedServer(async ({ baseUrl, authHeader }) => {
+        // First queue a proposal via the remember endpoint so we have something to route
+        const rememberRes = await fetch(`${baseUrl}/api/memory/chapterhouse/remember`, {
+            method: "POST",
+            headers: { authorization: authHeader, "content-type": "application/json" },
+            body: JSON.stringify({ content: "Proposal for inbox routing test." }),
+        });
+        assert.equal(rememberRes.status, 200);
+        const notFound = await fetch(`${baseUrl}/api/memory/inbox/99999/route`, {
+            method: "POST",
+            headers: { authorization: authHeader, "content-type": "application/json" },
+            body: JSON.stringify({ action: "accept" }),
+        });
+        assert.equal(notFound.status, 404);
+        const badId = await fetch(`${baseUrl}/api/memory/inbox/not-a-number/route`, {
+            method: "POST",
+            headers: { authorization: authHeader, "content-type": "application/json" },
+            body: JSON.stringify({ action: "accept" }),
+        });
+        assert.equal(badId.status, 400);
+        const unauthorized = await fetch(`${baseUrl}/api/memory/inbox/1/route`, {
+            method: "POST",
+            headers: { "content-type": "application/json" },
+            body: JSON.stringify({ action: "accept" }),
+        });
+        assert.equal(unauthorized.status, 401);
+    });
+});
+test("GET /api/wiki/korg/sessions returns grouped active research sessions", async () => {
+    await withStartedServer(async ({ baseUrl, authHeader, testRoot }) => {
+        const db = new Database(getProjectDbPath(testRoot));
+        try {
+            db.prepare(`
+        INSERT INTO wiki_sources (id, source_type, origin, title, ingested_at, raw_path, parsed_content, pages_updated, status, session_id, session_name)
+        VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+      `).run("src-1", "text", "session-one", "First source", "2026-05-14T21:00:00.000Z", "sources/src-1.md", "open questions remain", "[]", "active", "compiler-research", "Compiler research");
+            db.prepare(`
+        INSERT INTO wiki_sources (id, source_type, origin, title, ingested_at, raw_path, parsed_content, pages_updated, status, session_id, session_name)
+        VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+      `).run("src-2", "text", "session-one-b", "Second source", "2026-05-14T22:00:00.000Z", "sources/src-2.md", "follow-up questions", "[]", "active", "compiler-research", "Compiler research");
+            db.prepare(`
+        INSERT INTO wiki_sources (id, source_type, origin, title, ingested_at, raw_path, parsed_content, pages_updated, status, session_id, session_name)
+        VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+      `).run("src-3", "text", "archived-session", "Archived source", "2026-05-13T20:00:00.000Z", "sources/src-3.md", "done", "[]", "archived", "old-session", "Old session");
+        }
+        finally {
+            db.close();
+        }
+        const response = await fetch(`${baseUrl}/api/wiki/korg/sessions`, {
+            headers: { authorization: authHeader },
+        });
+        assert.equal(response.status, 200);
+        assert.deepEqual(await response.json(), {
+            sessions: [
+                {
+                    id: "compiler-research",
+                    name: "Compiler research",
+                    source_count: 2,
+                    open_questions: 0,
+                    last_activity: "2026-05-14T22:00:00.000Z",
+                },
+            ],
+        });
+    });
+});
 //# sourceMappingURL=server.test.js.map

package/dist/config.js

@@ -58,6 +58,7 @@ const configSchema = z.object({
     CHAPTERHOUSE_MEMORY_INJECT: z.string().optional(),
     CHAPTERHOUSE_MEMORY_AUTO_ACCEPT: z.string().optional(),
     CHAPTERHOUSE_MEMORY_EOT_HOOK_ENABLED: z.string().optional(),
+    CHAPTERHOUSE_MEMORY_HOOKS_ENABLED: z.string().optional(),
     CHAPTERHOUSE_MEMORY_HOUSEKEEPING_ENABLED: z.string().optional(),
     CHAPTERHOUSE_MEMORY_HOUSEKEEPING_TURNS: z.string().optional(),
     CHAPTERHOUSE_MEMORY_DECAY_DAYS: z.string().optional(),
@@ -65,6 +66,8 @@ const configSchema = z.object({
     CHAPTERHOUSE_MEMORY_TIERING_ENABLED: z.string().optional(),
     CHAPTERHOUSE_MEMORY_HOT_RECALL_BOOST: z.string().optional(),
     CHAPTERHOUSE_MEMORY_HOT_AGE_DAYS: z.string().optional(),
+    CHAPTERHOUSE_PKB_CONSOLIDATION_ENABLED: z.string().optional(),
+    CHAPTERHOUSE_PKB_CONSOLIDATION_HOUR: z.string().optional(),
 });
 export const DEFAULT_MODEL = "claude-sonnet-4.6";
 export const DEFAULT_TEAM_WIKI_CACHE_TTL_MINUTES = 60;
@@ -140,6 +143,17 @@ function parsePositiveNumberEnv(name, rawValue, defaultValue) {
     }
     return parsed;
 }
+function parseHourEnv(name, rawValue, defaultValue) {
+    const normalized = rawValue?.trim();
+    if (!normalized) {
+        return defaultValue;
+    }
+    const parsed = Number(normalized);
+    if (!Number.isInteger(parsed) || parsed < 0 || parsed > 23) {
+        throw new Error(`${name} must be an integer between 0 and 23, got: "${rawValue}"`);
+    }
+    return parsed;
+}
 function parseCorsAllowedOrigins(rawValue) {
     const normalized = rawValue?.trim();
     if (!normalized) {
@@ -298,6 +312,8 @@ export function parseRuntimeConfig(env, options = {}) {
     const memoryInboxRetentionDays = parsePositiveIntegerEnv("CHAPTERHOUSE_MEMORY_INBOX_RETENTION_DAYS", raw.CHAPTERHOUSE_MEMORY_INBOX_RETENTION_DAYS, 7);
     const memoryHotRecallBoost = parsePositiveNumberEnv("CHAPTERHOUSE_MEMORY_HOT_RECALL_BOOST", raw.CHAPTERHOUSE_MEMORY_HOT_RECALL_BOOST, 1.5);
     const memoryHotAgeDays = parsePositiveIntegerEnv("CHAPTERHOUSE_MEMORY_HOT_AGE_DAYS", raw.CHAPTERHOUSE_MEMORY_HOT_AGE_DAYS, 30);
+    const pkbConsolidationEnabled = parseBooleanEnv("CHAPTERHOUSE_PKB_CONSOLIDATION_ENABLED", raw.CHAPTERHOUSE_PKB_CONSOLIDATION_ENABLED, true);
+    const pkbConsolidationHour = parseHourEnv("CHAPTERHOUSE_PKB_CONSOLIDATION_HOUR", raw.CHAPTERHOUSE_PKB_CONSOLIDATION_HOUR, 3);
     if (effectiveEntraAuthEnabled && (!effectiveEntraTenantId || !effectiveEntraClientId)) {
         throw new Error("ENTRA_AUTH_ENABLED=true requires ENTRA_TENANT_ID and ENTRA_CLIENT_ID");
     }
@@ -348,6 +364,7 @@ export function parseRuntimeConfig(env, options = {}) {
         memoryInjectEnabled: parseZeroOneEnv("CHAPTERHOUSE_MEMORY_INJECT", raw.CHAPTERHOUSE_MEMORY_INJECT, true),
         memoryAutoAcceptEnabled: parseZeroOneEnv("CHAPTERHOUSE_MEMORY_AUTO_ACCEPT", raw.CHAPTERHOUSE_MEMORY_AUTO_ACCEPT, true),
         memoryEndOfTaskHookEnabled: parseZeroOneEnv("CHAPTERHOUSE_MEMORY_EOT_HOOK_ENABLED", raw.CHAPTERHOUSE_MEMORY_EOT_HOOK_ENABLED, true),
+        memoryHooksEnabled: parseZeroOneEnv("CHAPTERHOUSE_MEMORY_HOOKS_ENABLED", raw.CHAPTERHOUSE_MEMORY_HOOKS_ENABLED, true),
         memoryHousekeepingEnabled: parseZeroOneEnv("CHAPTERHOUSE_MEMORY_HOUSEKEEPING_ENABLED", raw.CHAPTERHOUSE_MEMORY_HOUSEKEEPING_ENABLED, true),
         memoryHousekeepingTurns,
         memoryDecayDays,
@@ -355,6 +372,8 @@ export function parseRuntimeConfig(env, options = {}) {
         memoryTieringEnabled: parseZeroOneEnv("CHAPTERHOUSE_MEMORY_TIERING_ENABLED", raw.CHAPTERHOUSE_MEMORY_TIERING_ENABLED, true),
         memoryHotRecallBoost,
         memoryHotAgeDays,
+        pkbConsolidationEnabled,
+        pkbConsolidationHour,
         modeCompatibilityWarnings,
     };
 }
@@ -406,6 +425,7 @@ export const config = {
     memoryInjectEnabled: runtimeConfig.memoryInjectEnabled,
     memoryAutoAcceptEnabled: runtimeConfig.memoryAutoAcceptEnabled,
     memoryEndOfTaskHookEnabled: runtimeConfig.memoryEndOfTaskHookEnabled,
+    memoryHooksEnabled: runtimeConfig.memoryHooksEnabled,
     memoryHousekeepingEnabled: runtimeConfig.memoryHousekeepingEnabled,
     memoryHousekeepingTurns: runtimeConfig.memoryHousekeepingTurns,
     memoryDecayDays: runtimeConfig.memoryDecayDays,
@@ -413,6 +433,14 @@ export const config = {
     memoryTieringEnabled: runtimeConfig.memoryTieringEnabled,
     memoryHotRecallBoost: runtimeConfig.memoryHotRecallBoost,
     memoryHotAgeDays: runtimeConfig.memoryHotAgeDays,
+    pkbConsolidationEnabled: runtimeConfig.pkbConsolidationEnabled,
+    pkbConsolidationHour: runtimeConfig.pkbConsolidationHour,
+    get PKB_CONSOLIDATION_ENABLED() {
+        return runtimeConfig.pkbConsolidationEnabled;
+    },
+    get PKB_CONSOLIDATION_HOUR() {
+        return runtimeConfig.pkbConsolidationHour;
+    },
     modeCompatibilityWarnings: runtimeConfig.modeCompatibilityWarnings,
     copilotAuthToken: runtimeConfig.copilotAuthToken,
     get copilotModel() {