context-vault 2.8.5 → 2.8.7

package/README.md

@@ -10,16 +10,13 @@ Persistent memory for AI agents — saves and searches knowledge across sessions
 ## Quick Start
 
 ```bash
-npm install -g context-vault
-context-vault setup
+npx context-vault setup
 ```
 
-Setup auto-detects your AI tools (Claude Code, Codex, Claude Desktop, Cursor, Windsurf, Cline), downloads the embedding model (~22MB), seeds your vault with a starter entry, and verifies everything works.
+One command — no global install required. Setup detects your AI tools (Claude Code, Codex, Claude Desktop, Cursor, Windsurf, Cline, and more), downloads the embedding model (~22MB), seeds your vault, and configures MCP.
 
 Then open your AI tool and try: **"Search my vault for getting started"**
 
-> `context-mcp` still works as a CLI alias — `context-vault` is the primary command.
-
 ## What It Does
 
 - **Save** — insights, decisions, patterns, contacts. Your AI agent writes them as you work.
@@ -43,17 +40,19 @@ Entries are organized by `kind` (insight, decision, pattern, reference, contact,
 
 ## CLI
 
-| Command                          | Description                                               |
-| -------------------------------- | --------------------------------------------------------- |
-| `context-vault setup`            | Interactive installer — detects tools, writes MCP configs |
-| `context-vault ui [--port 3141]` | Web dashboard                                             |
-| `context-vault status`           | Vault health, paths, entry counts                         |
-| `context-vault reindex`          | Rebuild search index                                      |
-| `context-vault import <path>`    | Import .md, .csv, .json, .txt                             |
-| `context-vault export`           | Export to JSON or CSV                                     |
-| `context-vault sync`             | Sync with hosted account                                  |
-| `context-vault update`           | Check for updates                                         |
-| `context-vault uninstall`        | Remove MCP configs                                        |
+| Command                       | Description                                               |
+| ----------------------------- | --------------------------------------------------------- |
+| `context-vault setup`         | Interactive installer — detects tools, writes MCP configs |
+| `context-vault connect --key` | Connect AI tools to hosted vault                          |
+| `context-vault switch`        | Switch between local and hosted MCP modes                 |
+| `context-vault serve`         | Start the MCP server (used by AI clients)                 |
+| `context-vault status`        | Vault health, paths, entry counts                         |
+| `context-vault reindex`       | Rebuild search index                                      |
+| `context-vault import <path>` | Import .md, .csv, .json, .txt                             |
+| `context-vault export`        | Export to JSON or CSV                                     |
+| `context-vault ingest <url>`  | Fetch URL and save as vault entry                         |
+| `context-vault update`        | Check for updates                                         |
+| `context-vault uninstall`     | Remove MCP configs                                        |
 
 ## Manual MCP Config
 

package/bin/cli.js

@@ -21,9 +21,8 @@ import {
 } from "node:fs";
 import { join, resolve, dirname } from "node:path";
 import { homedir, platform } from "node:os";
-import { execSync, execFile, fork } from "node:child_process";
+import { execSync, execFile } from "node:child_process";
 import { fileURLToPath } from "node:url";
-import { createServer as createNetServer } from "node:net";
 
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = dirname(__filename);
@@ -39,6 +38,11 @@ function isInstalledPackage() {
   return ROOT.includes("/node_modules/") || ROOT.includes("\\node_modules\\");
 }
 
+/** Detect if running via npx (ephemeral cache — paths won't survive cache eviction) */
+function isNpx() {
+  return ROOT.includes("/_npx/") || ROOT.includes("\\_npx\\");
+}
+
 const bold = (s) => `\x1b[1m${s}\x1b[0m`;
 const dim = (s) => `\x1b[2m${s}\x1b[0m`;
 const green = (s) => `\x1b[32m${s}\x1b[0m`;
@@ -224,7 +228,6 @@ ${bold("Commands:")}
   ${cyan("connect")} --key cv_...  Connect AI tools to hosted vault
   ${cyan("switch")} local|hosted      Switch between local and hosted MCP modes
   ${cyan("serve")}                 Start the MCP server (used by AI clients)
-  ${cyan("ui")} [--port 3141]      Launch web dashboard
   ${cyan("reindex")}               Rebuild search index from knowledge files
   ${cyan("status")}                Show vault diagnostics
   ${cyan("update")}                Check for and install updates
@@ -232,8 +235,6 @@ ${bold("Commands:")}
   ${cyan("import")} <path>          Import entries from file or directory
   ${cyan("export")}                Export vault to JSON or CSV
   ${cyan("ingest")} <url>          Fetch URL and save as vault entry
-  ${cyan("link")} --key cv_...     Link local vault to hosted account
-  ${cyan("sync")}                  Sync entries between local and hosted
   ${cyan("migrate")}               Migrate vault between local and hosted
 
 ${bold("Options:")}
@@ -559,17 +560,6 @@ async function runSetup() {
     );
   }
 
-  // Offer to launch UI
-  console.log();
-  if (!isNonInteractive) {
-    const launchUi = await prompt(`  Launch web dashboard? (y/N):`, "N");
-    if (launchUi.toLowerCase() === "y") {
-      console.log();
-      runUi();
-      return;
-    }
-  }
-
   // Health check
   console.log(`\n  ${dim("[5/5]")}${bold(" Health check...")}\n`);
   const okResults = results.filter((r) => r.ok);
@@ -608,7 +598,6 @@ async function runSetup() {
     ``,
     `  ${bold("CLI Commands:")}`,
     `  context-vault status    Show vault health`,
-    `  context-vault ui        Launch web dashboard`,
     `  context-vault update    Check for updates`,
   ];
   const innerWidth = Math.max(...boxLines.map((l) => l.length)) + 2;
@@ -636,7 +625,14 @@ async function configureClaude(tool, vaultDir) {
   } catch {}
 
   try {
-    if (isInstalledPackage()) {
+    if (isNpx()) {
+      const cmdArgs = ["-y", "context-vault", "serve"];
+      if (vaultDir) cmdArgs.push("--vault-dir", `"${vaultDir}"`);
+      execSync(
+        `claude mcp add -s user context-vault -- npx ${cmdArgs.join(" ")}`,
+        { stdio: "pipe", env },
+      );
+    } else if (isInstalledPackage()) {
       const launcherPath = join(HOME, ".context-mcp", "server.mjs");
       const cmdArgs = [`"${launcherPath}"`];
       if (vaultDir) cmdArgs.push("--vault-dir", `"${vaultDir}"`);
@@ -669,7 +665,13 @@ async function configureCodex(tool, vaultDir) {
   } catch {}
 
   try {
-    if (isInstalledPackage()) {
+    if (isNpx()) {
+      const cmdArgs = ["-y", "context-vault", "serve"];
+      if (vaultDir) cmdArgs.push("--vault-dir", `"${vaultDir}"`);
+      execSync(`codex mcp add context-vault -- npx ${cmdArgs.join(" ")}`, {
+        stdio: "pipe",
+      });
+    } else if (isInstalledPackage()) {
       const launcherPath = join(HOME, ".context-mcp", "server.mjs");
       const cmdArgs = [`"${launcherPath}"`];
       if (vaultDir) cmdArgs.push("--vault-dir", `"${vaultDir}"`);
@@ -717,7 +719,13 @@ function configureJsonTool(tool, vaultDir) {
   // Clean up old "context-mcp" key
   delete config[tool.configKey]["context-mcp"];
 
-  if (isInstalledPackage()) {
+  if (isNpx()) {
+    const serverArgs = vaultDir ? ["--vault-dir", vaultDir] : [];
+    config[tool.configKey]["context-vault"] = {
+      command: "npx",
+      args: ["-y", "context-vault", "serve", ...serverArgs],
+    };
+  } else if (isInstalledPackage()) {
     const launcherPath = join(HOME, ".context-mcp", "server.mjs");
     const serverArgs = [];
     if (vaultDir) serverArgs.push("--vault-dir", vaultDir);
@@ -1179,52 +1187,6 @@ async function runSwitch() {
   }
 }
 
-function runUi() {
-  const port = parseInt(getFlag("--port") || "3141", 10);
-  const localServer = join(ROOT, "scripts", "local-server.js");
-  if (!existsSync(localServer)) {
-    console.error(red("Local server not found."));
-    process.exit(1);
-  }
-
-  // Probe the port before forking
-  const probe = createNetServer();
-  probe.once("error", (e) => {
-    if (e.code === "EADDRINUSE") {
-      console.error(red(`  Port ${port} is already in use.`));
-      console.error(`  Try: ${cyan(`context-vault ui --port ${port + 1}`)}`);
-      process.exit(1);
-    }
-    // Other error — let the fork handle it
-    probe.close();
-    launchServer(port, localServer);
-  });
-  probe.listen(port, () => {
-    probe.close(() => {
-      launchServer(port, localServer);
-    });
-  });
-}
-
-function launchServer(port, localServer) {
-  const child = fork(localServer, [`--port=${port}`], { stdio: "inherit" });
-  child.on("exit", (code) => process.exit(code ?? 0));
-
-  setTimeout(() => {
-    try {
-      const url = `https://app.context-vault.com?local=${port}`;
-      console.log(`Opening ${url}`);
-      const open =
-        PLATFORM === "darwin"
-          ? "open"
-          : PLATFORM === "win32"
-            ? "start"
-            : "xdg-open";
-      execSync(`${open} ${url}`, { stdio: "ignore" });
-    } catch {}
-  }, 1500);
-}
-
 async function runReindex() {
   console.log(dim("Loading vault..."));
 
@@ -1845,185 +1807,6 @@ async function runIngest() {
   console.log();
 }
 
-async function runLink() {
-  const apiKey = getFlag("--key");
-  const hostedUrl = getFlag("--url") || "https://api.context-vault.com";
-
-  if (!apiKey) {
-    console.log(`\n  ${bold("context-vault link")} --key cv_...\n`);
-    console.log(`  Link your local vault to a hosted Context Vault account.\n`);
-    console.log(`  Options:`);
-    console.log(`    --key <key>   API key (required)`);
-    console.log(
-      `    --url <url>   Hosted server URL (default: https://api.context-vault.com)`,
-    );
-    console.log();
-    return;
-  }
-
-  console.log(dim("  Verifying API key..."));
-
-  let user;
-  try {
-    const response = await fetch(`${hostedUrl}/api/me`, {
-      headers: { Authorization: `Bearer ${apiKey}` },
-    });
-    if (!response.ok) throw new Error(`HTTP ${response.status}`);
-    user = await response.json();
-  } catch (e) {
-    console.error(red(`  Verification failed: ${e.message}`));
-    console.error(dim(`  Check your API key and server URL.`));
-    process.exit(1);
-  }
-
-  // Store credentials in config
-  const dataDir = join(HOME, ".context-mcp");
-  const configPath = join(dataDir, "config.json");
-  let config = {};
-  if (existsSync(configPath)) {
-    try {
-      config = JSON.parse(readFileSync(configPath, "utf-8"));
-    } catch {}
-  }
-
-  config.hostedUrl = hostedUrl;
-  config.apiKey = apiKey;
-  config.userId = user.userId || user.id;
-  config.email = user.email;
-  config.linkedAt = new Date().toISOString();
-
-  mkdirSync(dataDir, { recursive: true });
-  writeFileSync(configPath, JSON.stringify(config, null, 2) + "\n");
-
-  console.log();
-  console.log(green(`  ✓ Linked to ${user.email}`));
-  console.log(dim(`    Tier: ${user.tier || "free"}`));
-  console.log(dim(`    Server: ${hostedUrl}`));
-  console.log(dim(`    Config: ${configPath}`));
-  console.log();
-}
-
-async function runSync() {
-  const dryRun = flags.has("--dry-run");
-  const pushOnly = flags.has("--push-only");
-  const pullOnly = flags.has("--pull-only");
-
-  // Read credentials
-  const dataDir = join(HOME, ".context-mcp");
-  const configPath = join(dataDir, "config.json");
-  let storedConfig = {};
-  if (existsSync(configPath)) {
-    try {
-      storedConfig = JSON.parse(readFileSync(configPath, "utf-8"));
-    } catch {}
-  }
-
-  const apiKey = getFlag("--key") || storedConfig.apiKey;
-  const hostedUrl =
-    getFlag("--url") ||
-    storedConfig.hostedUrl ||
-    "https://api.context-vault.com";
-
-  if (!apiKey) {
-    console.error(
-      red("  Not linked. Run `context-vault link --key cv_...` first."),
-    );
-    process.exit(1);
-  }
-
-  const { resolveConfig } = await import("@context-vault/core/core/config");
-  const { initDatabase, prepareStatements, insertVec, deleteVec } =
-    await import("@context-vault/core/index/db");
-  const { embed } = await import("@context-vault/core/index/embed");
-  const {
-    buildLocalManifest,
-    fetchRemoteManifest,
-    computeSyncPlan,
-    executeSync,
-  } = await import("@context-vault/core/sync");
-
-  const config = resolveConfig();
-  if (!config.vaultDirExists) {
-    console.error(red(`  Vault directory not found: ${config.vaultDir}`));
-    process.exit(1);
-  }
-
-  const db = await initDatabase(config.dbPath);
-  const stmts = prepareStatements(db);
-  const ctx = {
-    db,
-    config,
-    stmts,
-    embed,
-    insertVec: (r, e) => insertVec(stmts, r, e),
-    deleteVec: (r) => deleteVec(stmts, r),
-  };
-
-  console.log(dim("  Building manifests..."));
-  const local = buildLocalManifest(ctx);
-
-  let remote;
-  try {
-    remote = await fetchRemoteManifest(hostedUrl, apiKey);
-  } catch (e) {
-    db.close();
-    console.error(red(`  Failed to fetch remote manifest: ${e.message}`));
-    process.exit(1);
-  }
-
-  const plan = computeSyncPlan(local, remote);
-
-  // Apply push-only / pull-only filters
-  if (pushOnly) plan.toPull = [];
-  if (pullOnly) plan.toPush = [];
-
-  console.log();
-  console.log(`  ${bold("Sync Plan")}`);
-  console.log(`    Push (local → remote): ${plan.toPush.length} entries`);
-  console.log(`    Pull (remote → local): ${plan.toPull.length} entries`);
-  console.log(`    Up to date:            ${plan.upToDate.length} entries`);
-
-  if (plan.toPush.length === 0 && plan.toPull.length === 0) {
-    db.close();
-    console.log(green("\n  ✓ Everything in sync."));
-    console.log();
-    return;
-  }
-
-  if (dryRun) {
-    db.close();
-    console.log(dim("\n  Dry run — no changes were made."));
-    console.log();
-    return;
-  }
-
-  console.log(dim("\n  Syncing..."));
-
-  const result = await executeSync(ctx, {
-    hostedUrl,
-    apiKey,
-    plan,
-    onProgress: (phase, current, total) => {
-      process.stdout.write(
-        `\r  ${phase === "push" ? "Pushing" : "Pulling"}... ${current}/${total}`,
-      );
-    },
-  });
-
-  db.close();
-
-  console.log(`\r  ${green("✓")} Sync complete                      `);
-  console.log(`    ${green("↑")} ${result.pushed} pushed`);
-  console.log(`    ${green("↓")} ${result.pulled} pulled`);
-  if (result.failed > 0) {
-    console.log(`    ${red("x")} ${result.failed} failed`);
-    for (const err of result.errors.slice(0, 5)) {
-      console.log(`      ${dim(err)}`);
-    }
-  }
-  console.log();
-}
-
 async function runServe() {
   await import("../src/server/index.js");
 }
@@ -2052,9 +1835,6 @@ async function main() {
     case "serve":
       await runServe();
       break;
-    case "ui":
-      runUi();
-      break;
     case "import":
       await runImport();
       break;
@@ -2064,12 +1844,6 @@ async function main() {
     case "ingest":
       await runIngest();
       break;
-    case "link":
-      await runLink();
-      break;
-    case "sync":
-      await runSync();
-      break;
     case "reindex":
       await runReindex();
       break;

package/node_modules/@context-vault/core/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@context-vault/core",
-  "version": "2.8.5",
+  "version": "2.8.7",
   "type": "module",
   "description": "Shared core: capture, index, retrieve, tools, and utilities for context-vault",
   "main": "src/index.js",

package/node_modules/@context-vault/core/src/retrieve/index.js

@@ -16,8 +16,8 @@ const VEC_WEIGHT = 0.6;
  */
 export function buildFtsQuery(query) {
   const words = query
-    .split(/\s+/)
-    .map((w) => w.replace(/[*"()\-:^~{}]/g, ""))
+    .split(/[\s-]+/)
+    .map((w) => w.replace(/[*"():^~{}]/g, ""))
     .filter((w) => w.length > 0);
   if (!words.length) return null;
   return words.map((w) => `"${w}"`).join(" AND ");

package/node_modules/@context-vault/core/src/server/tools/save-context.js

@@ -26,6 +26,7 @@ function validateSaveInput({
   meta,
   source,
   identity_key,
+  expires_at,
 }) {
   if (kind !== undefined && kind !== null) {
     if (typeof kind !== "string" || kind.length > MAX_KIND_LENGTH) {
@@ -93,6 +94,14 @@ function validateSaveInput({
       );
     }
   }
+  if (expires_at !== undefined && expires_at !== null) {
+    if (
+      typeof expires_at !== "string" ||
+      isNaN(new Date(expires_at).getTime())
+    ) {
+      return err("expires_at must be a valid ISO date string", "INVALID_INPUT");
+    }
+  }
   return null;
 }
 
@@ -178,6 +187,7 @@ export async function handler(
     meta,
     source,
     identity_key,
+    expires_at,
   });
   if (inputErr) return inputErr;
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "context-vault",
-  "version": "2.8.5",
+  "version": "2.8.7",
   "type": "module",
   "description": "Persistent memory for AI agents — saves and searches knowledge across sessions",
   "bin": {
@@ -55,7 +55,7 @@
     "@context-vault/core"
   ],
   "dependencies": {
-    "@context-vault/core": "^2.8.5",
+    "@context-vault/core": "^2.8.7",
     "@modelcontextprotocol/sdk": "^1.26.0",
     "better-sqlite3": "^12.6.2",
     "sqlite-vec": "^0.1.0"

package/scripts/postinstall.js

@@ -90,13 +90,18 @@ async function main() {
     }
   }
 
-  // ── 3. Write local server launcher ───────────────────────────────────
-  const SERVER_ABS = join(PKG_ROOT, "src", "server", "index.js");
-  const DATA_DIR = join(homedir(), ".context-mcp");
-  const LAUNCHER = join(DATA_DIR, "server.mjs");
-  mkdirSync(DATA_DIR, { recursive: true });
-  writeFileSync(LAUNCHER, `import "${SERVER_ABS}";\n`);
-  console.log("[context-vault] Local server launcher written to " + LAUNCHER);
+  // ── 3. Write local server launcher (global installs only) ────────────
+  // Under npx the path would be stale after cache eviction — configs use
+  // `npx context-vault serve` instead, so skip writing the launcher.
+  const isNpx = PKG_ROOT.includes("/_npx/") || PKG_ROOT.includes("\\_npx\\");
+  if (!isNpx) {
+    const SERVER_ABS = join(PKG_ROOT, "src", "server", "index.js");
+    const DATA_DIR = join(homedir(), ".context-mcp");
+    const LAUNCHER = join(DATA_DIR, "server.mjs");
+    mkdirSync(DATA_DIR, { recursive: true });
+    writeFileSync(LAUNCHER, `import "${SERVER_ABS}";\n`);
+    console.log("[context-vault] Local server launcher written to " + LAUNCHER);
+  }
 }
 
 main().catch(() => {});

package/scripts/local-server.js

@@ -1,793 +0,0 @@
-#!/usr/bin/env node
-/**
- * local-server.js — Local mode: serves app + vault API with no auth.
- *
- * Uses local SQLite vault. No authentication required.
- * Usage: node local-server.js [--port 3141]
- */
-
-import { createServer } from "node:http";
-import {
-  createReadStream,
-  existsSync,
-  statSync,
-  unlinkSync,
-  readFileSync,
-  writeFileSync,
-  mkdirSync,
-} from "node:fs";
-import { join, resolve, dirname, extname } from "node:path";
-import { fileURLToPath } from "node:url";
-import { homedir, platform } from "node:os";
-import { execSync } from "node:child_process";
-import { resolveConfig } from "@context-vault/core/core/config";
-import {
-  initDatabase,
-  prepareStatements,
-  insertVec,
-  deleteVec,
-} from "@context-vault/core/index/db";
-import { embed } from "@context-vault/core/index/embed";
-import { captureAndIndex, updateEntryFile } from "@context-vault/core/capture";
-import { indexEntry } from "@context-vault/core/index";
-import { hybridSearch } from "@context-vault/core/retrieve";
-import { gatherVaultStatus } from "@context-vault/core/core/status";
-import { normalizeKind } from "@context-vault/core/core/files";
-import { categoryFor } from "@context-vault/core/core/categories";
-import { parseFile } from "@context-vault/core/capture/importers";
-import { importEntries } from "@context-vault/core/capture/import-pipeline";
-import { ingestUrl } from "@context-vault/core/capture/ingest-url";
-import {
-  buildLocalManifest,
-  fetchRemoteManifest,
-  computeSyncPlan,
-  executeSync,
-} from "@context-vault/core/sync";
-
-const __dirname = dirname(fileURLToPath(import.meta.url));
-const LOCAL_ROOT = resolve(__dirname, "..");
-const APP_DIST = resolve(LOCAL_ROOT, "app-dist");
-
-const MIME = {
-  ".html": "text/html",
-  ".js": "application/javascript",
-  ".css": "text/css",
-  ".json": "application/json",
-  ".ico": "image/x-icon",
-  ".svg": "image/svg+xml",
-};
-
-function formatEntry(row) {
-  return {
-    id: row.id,
-    kind: row.kind,
-    category: row.category,
-    title: row.title || null,
-    body: row.body || null,
-    tags: row.tags ? JSON.parse(row.tags) : [],
-    meta: row.meta
-      ? typeof row.meta === "string"
-        ? JSON.parse(row.meta)
-        : row.meta
-      : {},
-    source: row.source || null,
-    identity_key: row.identity_key || null,
-    expires_at: row.expires_at || null,
-    created_at: row.created_at,
-  };
-}
-
-function validateEntry(data, { requireKind = true, requireBody = true } = {}) {
-  if (requireKind && !data.kind)
-    return { error: "kind is required", status: 400 };
-  if (data.kind && !/^[a-z0-9-]+$/.test(data.kind))
-    return {
-      error: "kind must be lowercase alphanumeric/hyphens",
-      status: 400,
-    };
-  if (requireBody && !data.body)
-    return { error: "body is required", status: 400 };
-  if (data.body && data.body.length > 100 * 1024)
-    return { error: "body max 100KB", status: 400 };
-  if (categoryFor(data.kind) === "entity" && !data.identity_key)
-    return {
-      error: `Entity kind "${data.kind}" requires identity_key`,
-      status: 400,
-    };
-  return null;
-}
-
-function getAllowedOrigin(req) {
-  const origin = req.headers["origin"];
-  if (!origin) return null;
-  const lower = origin.toLowerCase();
-  if (
-    lower === "https://context-vault.com" ||
-    lower === "https://www.context-vault.com"
-  )
-    return origin;
-  if (/^http:\/\/(localhost|127\.0\.0\.1)(:\d+)?$/.test(lower)) return origin;
-  return null;
-}
-
-async function main() {
-  const portArg = process.argv.find((a) => a.startsWith("--port="));
-  const portVal = portArg
-    ? portArg.split("=")[1]
-    : process.argv[process.argv.indexOf("--port") + 1];
-  const port = parseInt(portVal || "3141", 10);
-
-  const config = resolveConfig();
-  config.vaultDirExists = existsSync(config.vaultDir);
-  let db = await initDatabase(config.dbPath);
-  let stmts = prepareStatements(db);
-
-  const state = {
-    db,
-    config,
-    stmts,
-    embed,
-    get ctx() {
-      return {
-        db: state.db,
-        config: state.config,
-        stmts: state.stmts,
-        embed: state.embed,
-        insertVec: (r, e) => insertVec(state.stmts, r, e),
-        deleteVec: (r) => deleteVec(state.stmts, r),
-        userId: null,
-      };
-    },
-  };
-
-  const server = createServer(async (req, res) => {
-    const url = req.url?.replace(/\?.*$/, "") || "/";
-
-    const allowedOrigin = getAllowedOrigin(req);
-    const corsHeaders = allowedOrigin
-      ? {
-          "Access-Control-Allow-Origin": allowedOrigin,
-          "Access-Control-Allow-Methods": "GET, POST, PUT, DELETE, OPTIONS",
-          "Access-Control-Allow-Headers": "Content-Type, Authorization",
-          Vary: "Origin",
-        }
-      : { Vary: "Origin" };
-
-    if (req.method === "OPTIONS") {
-      res.writeHead(204, corsHeaders);
-      res.end();
-      return;
-    }
-
-    const json = (data, status = 200) => {
-      res.writeHead(status, {
-        "Content-Type": "application/json",
-        ...corsHeaders,
-      });
-      res.end(JSON.stringify(data));
-    };
-
-    const readBody = () =>
-      new Promise((resolve) => {
-        let body = "";
-        req.on("data", (c) => (body += c));
-        req.on("end", () => {
-          try {
-            resolve(body ? JSON.parse(body) : null);
-          } catch {
-            resolve(null);
-          }
-        });
-      });
-
-    const ctx = state.ctx;
-
-    if (url === "/api/local/browse" && req.method === "POST") {
-      const os = platform();
-      try {
-        let selected;
-        if (os === "darwin") {
-          selected = execSync(
-            `osascript -e 'POSIX path of (choose folder with prompt "Select vault folder")'`,
-            { encoding: "utf-8", timeout: 30000 },
-          ).trim();
-        } else if (os === "linux") {
-          selected = execSync(
-            `zenity --file-selection --directory --title="Select vault folder" 2>/dev/null`,
-            { encoding: "utf-8", timeout: 30000 },
-          ).trim();
-        } else {
-          return json(
-            { error: "Folder picker not supported on this platform" },
-            501,
-          );
-        }
-
-        if (selected) {
-          return json({ path: selected });
-        }
-        return json({ path: null, cancelled: true });
-      } catch {
-        // User cancelled the dialog or command failed
-        return json({ path: null, cancelled: true });
-      }
-    }
-
-    if (url === "/api/local/connect" && req.method === "POST") {
-      const data = await readBody();
-      if (!data?.vaultDir?.trim())
-        return json(
-          { error: "vaultDir is required", code: "INVALID_INPUT" },
-          400,
-        );
-      let vaultPath = data.vaultDir.trim().replace(/^~/, homedir());
-      vaultPath = resolve(vaultPath);
-      if (!existsSync(vaultPath))
-        return json(
-          { error: "Vault folder not found", code: "NOT_FOUND" },
-          404,
-        );
-      if (!statSync(vaultPath).isDirectory())
-        return json(
-          { error: "Path is not a directory", code: "INVALID_INPUT" },
-          400,
-        );
-      try {
-        try {
-          state.db.close();
-        } catch {}
-        const newConfig = {
-          ...state.config,
-          vaultDir: vaultPath,
-          dbPath: join(vaultPath, ".context-vault.db"),
-          vaultDirExists: true,
-        };
-        state.config = newConfig;
-        state.db = await initDatabase(newConfig.dbPath);
-        state.stmts = prepareStatements(state.db);
-        console.log(`[context-vault] Switched to vault: ${vaultPath}`);
-        return json({
-          userId: "local",
-          email: "local@localhost",
-          name: "Local",
-          tier: "free",
-          createdAt: new Date().toISOString(),
-        });
-      } catch (e) {
-        console.error(`[local-server] Connect error: ${e.message}`);
-        return json(
-          { error: `Failed to connect: ${e.message}`, code: "CONNECT_FAILED" },
-          500,
-        );
-      }
-    }
-
-    if (url === "/api/health" && req.method === "GET") {
-      return json({ ok: true, mode: "local" });
-    }
-
-    if (url === "/api/me" && req.method === "GET") {
-      return json({
-        userId: "local",
-        email: "local@localhost",
-        name: "Local",
-        tier: "free",
-        createdAt: new Date().toISOString(),
-      });
-    }
-
-    if (url === "/api/billing/usage" && req.method === "GET") {
-      const status = gatherVaultStatus(ctx, {});
-      const total = status.kindCounts.reduce((s, k) => s + k.c, 0);
-      const storageMb =
-        Math.round((status.dbSizeBytes / (1024 * 1024)) * 100) / 100;
-      return json({
-        tier: "free",
-        limits: {
-          maxEntries: "unlimited",
-          requestsPerDay: "unlimited",
-          storageMb: 1024,
-          exportEnabled: true,
-        },
-        usage: { requestsToday: 0, entriesUsed: total, storageMb },
-      });
-    }
-
-    if (url === "/api/keys" && req.method === "GET") {
-      return json({ keys: [] });
-    }
-
-    if (url === "/api/vault/status" && req.method === "GET") {
-      const status = gatherVaultStatus(ctx, {});
-      return json({
-        entries: {
-          total: status.kindCounts.reduce((s, k) => s + k.c, 0),
-          by_kind: Object.fromEntries(
-            status.kindCounts.map((k) => [k.kind, k.c]),
-          ),
-          by_category: Object.fromEntries(
-            status.categoryCounts.map((k) => [k.category, k.c]),
-          ),
-        },
-        files: { total: status.fileCount, directories: status.subdirs },
-        database: {
-          size: status.dbSize,
-          size_bytes: status.dbSizeBytes,
-          stale_paths: status.staleCount,
-          expired: status.expiredCount,
-        },
-        embeddings: status.embeddingStatus,
-        embed_model_available: status.embedModelAvailable,
-        health:
-          status.errors.length === 0 && !status.stalePaths ? "ok" : "degraded",
-        errors: status.errors,
-      });
-    }
-
-    if (url.startsWith("/api/vault/entries") && req.method === "GET") {
-      const idMatch = url.match(/\/api\/vault\/entries\/([^/]+)$/);
-      if (idMatch) {
-        const entry = stmts.getEntryById.get(idMatch[1]);
-        if (!entry)
-          return json({ error: "Entry not found", code: "NOT_FOUND" }, 404);
-        return json(formatEntry(entry));
-      }
-      const u = new URL(req.url || "", "http://localhost");
-      const kind = u.searchParams.get("kind") || null;
-      const category = u.searchParams.get("category") || null;
-      const limit = Math.min(
-        parseInt(u.searchParams.get("limit") || "20", 10) || 20,
-        100,
-      );
-      const offset = parseInt(u.searchParams.get("offset") || "0", 10) || 0;
-      const clauses = ["(expires_at IS NULL OR expires_at > datetime('now'))"];
-      const params = [];
-      if (kind) {
-        clauses.push("kind = ?");
-        params.push(normalizeKind(kind));
-      }
-      if (category) {
-        clauses.push("category = ?");
-        params.push(category);
-      }
-      const where = clauses.length ? `WHERE ${clauses.join(" AND ")}` : "";
-      const total = ctx.db
-        .prepare(`SELECT COUNT(*) as c FROM vault ${where}`)
-        .get(...params).c;
-      const rows = ctx.db
-        .prepare(
-          `SELECT * FROM vault ${where} ORDER BY created_at DESC LIMIT ? OFFSET ?`,
-        )
-        .all(...params, limit, offset);
-      return json({ entries: rows.map(formatEntry), total, limit, offset });
-    }
-
-    if (url === "/api/vault/entries" && req.method === "POST") {
-      const data = await readBody();
-      if (!data)
-        return json({ error: "Invalid JSON body", code: "INVALID_INPUT" }, 400);
-      const err = validateEntry(data);
-      if (err)
-        return json({ error: err.error, code: "INVALID_INPUT" }, err.status);
-      try {
-        const entry = await captureAndIndex(ctx, {
-          kind: data.kind,
-          title: data.title,
-          body: data.body,
-          meta: data.meta,
-          tags: data.tags,
-          source: data.source || "rest-api",
-          identity_key: data.identity_key,
-          expires_at: data.expires_at,
-          userId: null,
-        });
-        return json(formatEntry(stmts.getEntryById.get(entry.id)), 201);
-      } catch (e) {
-        console.error(`[local-server] Create error: ${e.message}`);
-        return json(
-          { error: "Failed to create entry", code: "CREATE_FAILED" },
-          500,
-        );
-      }
-    }
-
-    if (url.match(/^\/api\/vault\/entries\/[^/]+$/) && req.method === "PUT") {
-      const id = url.split("/").pop();
-      const data = await readBody();
-      if (!data)
-        return json({ error: "Invalid JSON body", code: "INVALID_INPUT" }, 400);
-      const err = validateEntry(data, {
-        requireKind: false,
-        requireBody: false,
-      });
-      if (err)
-        return json({ error: err.error, code: "INVALID_INPUT" }, err.status);
-      const existing = stmts.getEntryById.get(id);
-      if (!existing)
-        return json({ error: "Entry not found", code: "NOT_FOUND" }, 404);
-      try {
-        const entry = updateEntryFile(ctx, existing, {
-          title: data.title,
-          body: data.body,
-          tags: data.tags,
-          meta: data.meta,
-          source: data.source,
-          expires_at: data.expires_at,
-        });
-        await indexEntry(ctx, entry);
-        return json(formatEntry(stmts.getEntryById.get(id)));
-      } catch (e) {
-        console.error(`[local-server] Update error: ${e.message}`);
-        return json(
-          { error: "Failed to update entry", code: "UPDATE_FAILED" },
-          500,
-        );
-      }
-    }
-
-    if (
-      url.match(/^\/api\/vault\/entries\/[^/]+$/) &&
-      req.method === "DELETE"
-    ) {
-      const id = url.split("/").pop();
-      const entry = stmts.getEntryById.get(id);
-      if (!entry)
-        return json({ error: "Entry not found", code: "NOT_FOUND" }, 404);
-      if (entry.file_path) {
-        try {
-          unlinkSync(entry.file_path);
-        } catch {}
-      }
-      const rowidResult = stmts.getRowid.get(id);
-      if (rowidResult?.rowid) {
-        try {
-          deleteVec(stmts, Number(rowidResult.rowid));
-        } catch {}
-      }
-      stmts.deleteEntry.run(id);
-      return json({
-        deleted: true,
-        id,
-        kind: entry.kind,
-        title: entry.title || null,
-      });
-    }
-
-    if (url === "/api/vault/search" && req.method === "POST") {
-      const data = await readBody();
-      if (!data || !data.query?.trim())
-        return json({ error: "query is required", code: "INVALID_INPUT" }, 400);
-      const limit = Math.min(parseInt(data.limit || 20, 10) || 20, 100);
-      const offset = parseInt(data.offset || 0, 10) || 0;
-      try {
-        const results = await hybridSearch(ctx, data.query, {
-          kindFilter: data.kind ? normalizeKind(data.kind) : null,
-          categoryFilter: data.category || null,
-          limit,
-          offset,
-          decayDays: ctx.config.eventDecayDays || 30,
-          userIdFilter: undefined,
-        });
-        const formatted = results.map((row) => ({
-          ...formatEntry(row),
-          score: Math.round(row.score * 1000) / 1000,
-        }));
-        return json({
-          results: formatted,
-          count: formatted.length,
-          query: data.query,
-        });
-      } catch (e) {
-        console.error(`[local-server] Search error: ${e.message}`);
-        return json({ error: "Search failed", code: "SEARCH_FAILED" }, 500);
-      }
-    }
-
-    if (url === "/api/vault/import/bulk" && req.method === "POST") {
-      const data = await readBody();
-      if (!data || !Array.isArray(data.entries)) {
-        return json(
-          {
-            error: "Invalid body — expected { entries: [...] }",
-            code: "INVALID_INPUT",
-          },
-          400,
-        );
-      }
-      if (data.entries.length > 500) {
-        return json(
-          { error: "Maximum 500 entries per request", code: "LIMIT_EXCEEDED" },
-          400,
-        );
-      }
-
-      const result = await importEntries(ctx, data.entries, {
-        source: "bulk-import",
-      });
-      return json({
-        imported: result.imported,
-        failed: result.failed,
-        errors: result.errors.slice(0, 10).map((e) => e.error),
-      });
-    }
-
-    if (url === "/api/vault/import/file" && req.method === "POST") {
-      const data = await readBody();
-      if (!data?.filename || !data?.content) {
-        return json(
-          { error: "filename and content are required", code: "INVALID_INPUT" },
-          400,
-        );
-      }
-
-      const entries = parseFile(data.filename, data.content, {
-        kind: data.kind,
-        source: data.source || "file-import",
-      });
-      if (!entries.length)
-        return json({
-          imported: 0,
-          failed: 0,
-          errors: ["No entries parsed from file"],
-        });
-
-      const result = await importEntries(ctx, entries, {
-        source: data.source || "file-import",
-      });
-      return json({
-        imported: result.imported,
-        failed: result.failed,
-        errors: result.errors.slice(0, 10).map((e) => e.error),
-      });
-    }
-
-    if (url.startsWith("/api/vault/export") && req.method === "GET") {
-      const u = new URL(req.url || "", "http://localhost");
-      const format = u.searchParams.get("format") || "json";
-
-      const rows = ctx.db
-        .prepare(
-          "SELECT * FROM vault WHERE (expires_at IS NULL OR expires_at > datetime('now')) ORDER BY created_at DESC",
-        )
-        .all();
-
-      const entries = rows.map(formatEntry);
-
-      if (format === "csv") {
-        const headers = [
-          "id",
-          "kind",
-          "category",
-          "title",
-          "body",
-          "tags",
-          "source",
-          "identity_key",
-          "expires_at",
-          "created_at",
-        ];
-        const csvLines = [headers.join(",")];
-        for (const e of entries) {
-          const row = headers.map((h) => {
-            let val = e[h];
-            if (Array.isArray(val)) val = val.join(", ");
-            if (val == null) val = "";
-            val = String(val);
-            if (val.includes(",") || val.includes('"') || val.includes("\n")) {
-              val = '"' + val.replace(/"/g, '""') + '"';
-            }
-            return val;
-          });
-          csvLines.push(row.join(","));
-        }
-        res.writeHead(200, {
-          "Content-Type": "text/csv",
-          ...corsHeaders,
-        });
-        res.end(csvLines.join("\n"));
-        return;
-      }
-
-      return json({
-        entries,
-        total: entries.length,
-        exported_at: new Date().toISOString(),
-      });
-    }
-
-    if (url === "/api/vault/ingest" && req.method === "POST") {
-      const data = await readBody();
-      if (!data?.url)
-        return json({ error: "url is required", code: "INVALID_INPUT" }, 400);
-
-      try {
-        const entry = await ingestUrl(data.url, {
-          kind: data.kind,
-          tags: data.tags,
-        });
-        const result = await captureAndIndex(ctx, entry);
-        return json(formatEntry(ctx.stmts.getEntryById.get(result.id)), 201);
-      } catch (e) {
-        return json(
-          { error: `Ingestion failed: ${e.message}`, code: "INGEST_FAILED" },
-          500,
-        );
-      }
-    }
-
-    if (url === "/api/vault/manifest" && req.method === "GET") {
-      const rows = ctx.db
-        .prepare(
-          "SELECT id, kind, title, created_at FROM vault WHERE (expires_at IS NULL OR expires_at > datetime('now')) ORDER BY created_at DESC",
-        )
-        .all();
-      return json({
-        entries: rows.map((r) => ({
-          id: r.id,
-          kind: r.kind,
-          title: r.title || null,
-          created_at: r.created_at,
-        })),
-      });
-    }
-
-    if (url === "/api/local/link" && req.method === "GET") {
-      const dataDir = join(homedir(), ".context-mcp");
-      const configPath = join(dataDir, "config.json");
-      let storedConfig = {};
-      if (existsSync(configPath)) {
-        try {
-          storedConfig = JSON.parse(readFileSync(configPath, "utf-8"));
-        } catch {}
-      }
-      return json({
-        linked: !!storedConfig.apiKey,
-        email: storedConfig.email || null,
-        hostedUrl: storedConfig.hostedUrl || null,
-        linkedAt: storedConfig.linkedAt || null,
-        tier: storedConfig.tier || null,
-      });
-    }
-
-    if (url === "/api/local/link" && req.method === "POST") {
-      const data = await readBody();
-      const dataDir = join(homedir(), ".context-mcp");
-      const configPath = join(dataDir, "config.json");
-
-      let storedConfig = {};
-      if (existsSync(configPath)) {
-        try {
-          storedConfig = JSON.parse(readFileSync(configPath, "utf-8"));
-        } catch {}
-      }
-
-      if (!data?.apiKey) {
-        // Unlink
-        delete storedConfig.apiKey;
-        delete storedConfig.hostedUrl;
-        delete storedConfig.userId;
-        delete storedConfig.email;
-        delete storedConfig.linkedAt;
-        delete storedConfig.tier;
-        writeFileSync(configPath, JSON.stringify(storedConfig, null, 2) + "\n");
-        return json({ linked: false });
-      }
-
-      const hostedUrl = data.hostedUrl || "https://api.context-vault.com";
-      try {
-        const response = await fetch(`${hostedUrl}/api/me`, {
-          headers: { Authorization: `Bearer ${data.apiKey}` },
-        });
-        if (!response.ok) throw new Error(`HTTP ${response.status}`);
-        const user = await response.json();
-
-        storedConfig.apiKey = data.apiKey;
-        storedConfig.hostedUrl = hostedUrl;
-        storedConfig.userId = user.userId || user.id;
-        storedConfig.email = user.email;
-        storedConfig.tier = user.tier || "free";
-        storedConfig.linkedAt = new Date().toISOString();
-
-        mkdirSync(dataDir, { recursive: true });
-        writeFileSync(configPath, JSON.stringify(storedConfig, null, 2) + "\n");
-
-        return json({
-          linked: true,
-          email: user.email,
-          tier: user.tier || "free",
-        });
-      } catch (e) {
-        return json(
-          { error: `Verification failed: ${e.message}`, code: "AUTH_FAILED" },
-          401,
-        );
-      }
-    }
-
-    if (url === "/api/local/sync" && req.method === "POST") {
-      const dataDir = join(homedir(), ".context-mcp");
-      const configPath = join(dataDir, "config.json");
-      let storedConfig = {};
-      if (existsSync(configPath)) {
-        try {
-          storedConfig = JSON.parse(readFileSync(configPath, "utf-8"));
-        } catch {}
-      }
-
-      if (!storedConfig.apiKey) {
-        return json(
-          { error: "Not linked. Use link endpoint first.", code: "NOT_LINKED" },
-          400,
-        );
-      }
-
-      try {
-        const local = buildLocalManifest(ctx);
-        const remote = await fetchRemoteManifest(
-          storedConfig.hostedUrl,
-          storedConfig.apiKey,
-        );
-        const plan = computeSyncPlan(local, remote);
-        const result = await executeSync(ctx, {
-          hostedUrl: storedConfig.hostedUrl,
-          apiKey: storedConfig.apiKey,
-          plan,
-        });
-        return json(result);
-      } catch (e) {
-        return json(
-          { error: `Sync failed: ${e.message}`, code: "SYNC_FAILED" },
-          500,
-        );
-      }
-    }
-
-    const filePath = join(
-      APP_DIST,
-      url === "/" ? "index.html" : url.replace(/^\//, ""),
-    );
-    if (!filePath.startsWith(APP_DIST)) {
-      res.writeHead(403);
-      res.end();
-      return;
-    }
-    if (!existsSync(filePath) || !statSync(filePath).isFile()) {
-      const fallback = join(APP_DIST, "index.html");
-      if (existsSync(fallback)) {
-        res.writeHead(200, { "Content-Type": "text/html" });
-        createReadStream(fallback).pipe(res);
-        return;
-      }
-      res.writeHead(404);
-      res.end();
-      return;
-    }
-    const type = MIME[extname(filePath)] || "application/octet-stream";
-    res.writeHead(200, { "Content-Type": type });
-    createReadStream(filePath).pipe(res);
-  });
-
-  server.listen(port, () => {
-    console.log(`[context-vault] Local mode: http://localhost:${port}`);
-    console.log(`[context-vault] Vault: ${config.vaultDir}`);
-    console.log(`[context-vault] No authentication required`);
-  });
-
-  process.on("SIGINT", () => {
-    try {
-      state.db.close();
-    } catch {}
-    process.exit(0);
-  });
-  process.on("SIGTERM", () => {
-    try {
-      state.db.close();
-    } catch {}
-    process.exit(0);
-  });
-}
-
-main().catch((e) => {
-  console.error(`[local-server] Fatal: ${e.message}`);
-  process.exit(1);
-});