context-vault 3.7.0 → 3.9.0

package/src/remote.ts

@@ -0,0 +1,325 @@
+import type { RemoteConfig } from '@context-vault/core/types';
+
+const REQUEST_TIMEOUT_MS = 10_000;
+
+export interface RemoteSearchResult {
+  id: string;
+  kind: string;
+  category: string;
+  title: string | null;
+  body: string;
+  tags: string | null;
+  tier: string;
+  score: number;
+  created_at: string;
+  updated_at: string | null;
+  source: string | null;
+  identity_key: string | null;
+  meta: string | null;
+  file_path: string | null;
+  superseded_by: string | null;
+  expires_at: string | null;
+  source_files: string | null;
+  related_to: string | null;
+  indexed: number;
+  hit_count: number;
+  last_accessed_at: string | null;
+  recall_count: number;
+  recall_sessions: number;
+  last_recalled_at: string | null;
+  recall_members?: number;
+}
+
+export interface RemoteHint {
+  id: string;
+  title: string;
+  summary: string;
+  relevance: 'high' | 'medium';
+  kind: string;
+  tags: string[];
+}
+
+export interface TeamSearchResult extends RemoteSearchResult {
+  source: 'team';
+  recall_count: number;
+  recall_members?: number;
+}
+
+export interface PrivacyScanMatch {
+  type: string;
+  value: string;
+  field: string;
+  line: number;
+}
+
+export interface PublishResult {
+  ok: boolean;
+  id?: string;
+  error?: string;
+  status?: number;
+  privacyMatches?: PrivacyScanMatch[];
+  conflict?: {
+    existing_entry_id: string;
+    existing_author: string;
+    similarity: number;
+    suggestion: string;
+  };
+}
+
+export class RemoteClient {
+  private url: string;
+  private apiKey: string;
+
+  constructor(config: RemoteConfig) {
+    this.url = config.url.replace(/\/$/, '');
+    this.apiKey = config.apiKey;
+  }
+
+  async testConnection(): Promise<{ ok: boolean; error?: string; status?: unknown }> {
+    try {
+      const res = await this.fetch('/api/vault/status');
+      if (res.ok) {
+        const data = await res.json();
+        return { ok: true, status: data };
+      }
+      const text = await res.text().catch(() => '');
+      return { ok: false, error: `HTTP ${res.status}: ${text}` };
+    } catch (e) {
+      return { ok: false, error: (e as Error).message };
+    }
+  }
+
+  async saveEntry(entry: Record<string, unknown>): Promise<{ ok: boolean; id?: string; error?: string }> {
+    try {
+      const res = await this.fetch('/api/vault/entries', {
+        method: 'POST',
+        body: JSON.stringify(entry),
+      });
+      if (res.ok) {
+        const data = await res.json().catch(() => ({})) as Record<string, unknown>;
+        return { ok: true, id: data.id as string | undefined };
+      }
+      const text = await res.text().catch(() => '');
+      return { ok: false, error: `HTTP ${res.status}: ${text}` };
+    } catch (e) {
+      return { ok: false, error: (e as Error).message };
+    }
+  }
+
+  async search(params: Record<string, unknown>): Promise<RemoteSearchResult[]> {
+    try {
+      const query = new URLSearchParams();
+      if (params.query) query.set('q', String(params.query));
+      if (Array.isArray(params.tags) && params.tags.length) query.set('tags', params.tags.join(','));
+      if (params.kind) query.set('kind', String(params.kind));
+      if (params.category) query.set('category', String(params.category));
+      if (params.scope) query.set('scope', String(params.scope));
+      if (params.limit) query.set('limit', String(params.limit));
+      if (params.since) query.set('since', String(params.since));
+      if (params.until) query.set('until', String(params.until));
+
+      const res = await this.fetch(`/api/vault/search?${query.toString()}`);
+      if (!res.ok) return [];
+      const data = await res.json() as Record<string, unknown>;
+      return Array.isArray(data.entries) ? data.entries : Array.isArray(data) ? data as RemoteSearchResult[] : [];
+    } catch {
+      return [];
+    }
+  }
+
+  async teamSearch(teamId: string, params: Record<string, unknown>): Promise<TeamSearchResult[]> {
+    try {
+      const query = new URLSearchParams();
+      if (params.query) query.set('q', String(params.query));
+      if (Array.isArray(params.tags) && params.tags.length) query.set('tags', params.tags.join(','));
+      if (params.kind) query.set('kind', String(params.kind));
+      if (params.category) query.set('category', String(params.category));
+      if (params.limit) query.set('limit', String(params.limit));
+      if (params.since) query.set('since', String(params.since));
+      if (params.until) query.set('until', String(params.until));
+
+      const res = await this.fetch(`/api/team/${teamId}/search?${query.toString()}`);
+      if (!res.ok) return [];
+      const data = await res.json() as Record<string, unknown>;
+      const entries = Array.isArray(data.entries) ? data.entries : Array.isArray(data) ? data : [];
+      return (entries as TeamSearchResult[]).map(e => ({ ...e, source: 'team' as const }));
+    } catch {
+      return [];
+    }
+  }
+
+  async teamRecall(teamId: string, params: {
+    signal: string;
+    signal_type: string;
+    bucket?: string;
+    max_hints?: number;
+  }): Promise<RemoteHint[]> {
+    try {
+      const res = await this.fetch(`/api/team/${teamId}/search`, {
+        method: 'POST',
+        body: JSON.stringify(params),
+      });
+      if (!res.ok) return [];
+      const data = await res.json() as Record<string, unknown>;
+      return Array.isArray(data.hints) ? data.hints : Array.isArray(data) ? data as RemoteHint[] : [];
+    } catch {
+      return [];
+    }
+  }
+
+  async teamStatus(teamId: string): Promise<{ ok: boolean; error?: string; data?: Record<string, unknown> }> {
+    try {
+      const res = await this.fetch(`/api/team/${teamId}/status`);
+      if (res.ok) {
+        const data = await res.json() as Record<string, unknown>;
+        return { ok: true, data };
+      }
+      const text = await res.text().catch(() => '');
+      return { ok: false, error: `HTTP ${res.status}: ${text}` };
+    } catch (e) {
+      return { ok: false, error: (e as Error).message };
+    }
+  }
+
+  async publishToTeam(params: {
+    entryId: string;
+    teamId: string;
+    visibility: string;
+    force?: boolean;
+    entry?: Record<string, unknown>;
+  }): Promise<PublishResult> {
+    try {
+      const res = await this.fetch('/api/vault/publish', {
+        method: 'POST',
+        body: JSON.stringify({
+          entryId: params.entryId,
+          teamId: params.teamId,
+          visibility: params.visibility,
+          ...(params.force ? { force: true } : {}),
+          ...(params.entry || {}),
+        }),
+      });
+      const data = await res.json().catch(() => ({})) as Record<string, unknown>;
+      if (res.ok) {
+        return {
+          ok: true,
+          id: data.id as string | undefined,
+          conflict: data.conflict as PublishResult['conflict'],
+        };
+      }
+      if (res.status === 422 && data.code === 'PRIVACY_SCAN_FAILED') {
+        const matches = Array.isArray(data.matches) ? data.matches as PrivacyScanMatch[] : [];
+        return {
+          ok: false,
+          error: typeof data.error === 'string' ? data.error : 'Privacy scan failed',
+          status: 422,
+          privacyMatches: matches,
+        };
+      }
+      const errorText = typeof data.error === 'string' ? data.error : `HTTP ${res.status}`;
+      return { ok: false, error: errorText, status: res.status, conflict: data.conflict as PublishResult['conflict'] };
+    } catch (e) {
+      return { ok: false, error: (e as Error).message };
+    }
+  }
+
+  async recall(params: {
+    signal: string;
+    signal_type: string;
+    bucket?: string;
+    max_hints?: number;
+  }): Promise<RemoteHint[]> {
+    try {
+      const res = await this.fetch('/api/vault/recall', {
+        method: 'POST',
+        body: JSON.stringify(params),
+      });
+      if (!res.ok) return [];
+      const data = await res.json() as Record<string, unknown>;
+      return Array.isArray(data.hints) ? data.hints : Array.isArray(data) ? data as RemoteHint[] : [];
+    } catch {
+      return [];
+    }
+  }
+
+  private fetch(path: string, opts: RequestInit = {}): Promise<Response> {
+    const controller = new AbortController();
+    const timeout = setTimeout(() => controller.abort(), REQUEST_TIMEOUT_MS);
+
+    return globalThis.fetch(`${this.url}${path}`, {
+      ...opts,
+      signal: controller.signal,
+      headers: {
+        'Authorization': `Bearer ${this.apiKey}`,
+        'Content-Type': 'application/json',
+        ...(opts.headers || {}),
+      },
+    }).finally(() => clearTimeout(timeout));
+  }
+}
+
+let cachedClient: RemoteClient | null = null;
+let cachedConfigKey = '';
+
+export function getRemoteClient(config: { remote?: RemoteConfig }): RemoteClient | null {
+  if (!config.remote?.enabled || !config.remote?.apiKey) return null;
+
+  const key = `${config.remote.url}:${config.remote.apiKey}`;
+  if (cachedClient && cachedConfigKey === key) return cachedClient;
+
+  cachedClient = new RemoteClient(config.remote);
+  cachedConfigKey = key;
+  return cachedClient;
+}
+
+export function getTeamId(config: { remote?: RemoteConfig }): string | null {
+  return config.remote?.teamId || null;
+}
+
+/**
+ * Apply recall-driven ranking boost to team results.
+ * Entries with higher recall_count and recall_members rank higher.
+ * Formula: score * log(1 + recall_count) * (1 + 0.1 * recall_members)
+ */
+export function applyTeamRecallBoost<T extends { score?: number; recall_count?: number; recall_members?: number }>(
+  entries: T[]
+): T[] {
+  return entries.map(e => {
+    const baseScore = (e as any).score ?? 0;
+    const recallCount = e.recall_count ?? 0;
+    const recallMembers = e.recall_members ?? 0;
+    if (recallCount === 0 && recallMembers === 0) return e;
+    const boostedScore = baseScore * Math.log(1 + recallCount) * (1 + 0.1 * recallMembers);
+    return { ...e, score: boostedScore };
+  });
+}
+
+/**
+ * Merge local, personal remote, and team results.
+ * Priority: local > personal remote > team.
+ * Team results get recall-driven ranking boost before merge.
+ */
+export function mergeRemoteResults<T extends { id: string; score?: number }>(
+  localResults: T[],
+  remoteResults: T[],
+  limit: number
+): T[] {
+  const localIds = new Set(localResults.map(r => r.id));
+  const uniqueRemote = remoteResults.filter(r => !localIds.has(r.id));
+  const merged = [...localResults, ...uniqueRemote];
+  merged.sort((a, b) => ((b as any).score ?? 0) - ((a as any).score ?? 0));
+  return merged.slice(0, limit);
+}
+
+export function mergeWithTeamResults<T extends { id: string; score?: number; recall_count?: number; recall_members?: number }>(
+  localAndPersonal: T[],
+  teamResults: T[],
+  limit: number
+): T[] {
+  const existingIds = new Set(localAndPersonal.map(r => r.id));
+  const uniqueTeam = teamResults.filter(r => !existingIds.has(r.id));
+  const boostedTeam = applyTeamRecallBoost(uniqueTeam);
+  const merged = [...localAndPersonal, ...boostedTeam];
+  merged.sort((a, b) => ((b as any).score ?? 0) - ((a as any).score ?? 0));
+  return merged.slice(0, limit);
+}

package/src/stats/recall.ts

@@ -0,0 +1,139 @@
+import type { LocalCtx } from '../types.js';
+
+const RECALL_TARGET = 0.30;
+const DEAD_DAYS = 30;
+const TOP_COUNT = 10;
+
+export interface RecallSummary {
+  ratio: number;
+  target: number;
+  total_entries: number;
+  recalled_entries: number;
+  never_recalled: number;
+  avg_recall_count: number;
+  top_recalled: Array<{ title: string; recall_count: number; recall_sessions: number }>;
+  dead_entry_count: number;
+  dead_bucket_count: number;
+  top_dead_buckets: Array<{ bucket: string; count: number }>;
+  co_retrieval_pairs: number;
+}
+
+export interface CoRetrievalSummary {
+  total_pairs: number;
+  graph_density: number;
+  top_pairs: Array<{
+    title_a: string;
+    title_b: string;
+    weight: number;
+  }>;
+}
+
+export function gatherRecallSummary(ctx: LocalCtx): RecallSummary {
+  const { db } = ctx;
+
+  const totalRow = db.prepare('SELECT COUNT(*) as c FROM vault').get() as { c: number };
+  const total_entries = totalRow.c;
+
+  const recalledRow = db
+    .prepare('SELECT COUNT(*) as c FROM vault WHERE recall_count > 0')
+    .get() as { c: number };
+  const recalled_entries = recalledRow.c;
+  const never_recalled = total_entries - recalled_entries;
+  const ratio = total_entries > 0 ? Math.round((recalled_entries / total_entries) * 100) / 100 : 0;
+
+  const avgRow = db
+    .prepare(
+      'SELECT AVG(recall_count) as avg FROM vault WHERE recall_count > 0'
+    )
+    .get() as { avg: number | null };
+  const avg_recall_count = Math.round((avgRow.avg ?? 0) * 10) / 10;
+
+  const top_recalled = db
+    .prepare(
+      'SELECT title, recall_count, recall_sessions FROM vault WHERE recall_count > 0 ORDER BY recall_count DESC LIMIT ?'
+    )
+    .all(TOP_COUNT) as Array<{ title: string; recall_count: number; recall_sessions: number }>;
+
+  const deadRow = db
+    .prepare(
+      `SELECT COUNT(*) as c FROM vault WHERE recall_count = 0 AND created_at <= datetime('now', '-${DEAD_DAYS} days')`
+    )
+    .get() as { c: number };
+  const dead_entry_count = deadRow.c;
+
+  const deadBuckets = db
+    .prepare(
+      `SELECT tags, COUNT(*) as c FROM vault WHERE recall_count = 0 AND created_at <= datetime('now', '-${DEAD_DAYS} days') GROUP BY tags`
+    )
+    .all() as Array<{ tags: string; c: number }>;
+
+  const bucketMap = new Map<string, number>();
+  for (const row of deadBuckets) {
+    let tags: string[] = [];
+    try {
+      tags = JSON.parse(row.tags ?? '[]');
+    } catch {
+      tags = [];
+    }
+    const bucket = tags.find((t) => t.startsWith('bucket:'));
+    if (bucket) {
+      bucketMap.set(bucket, (bucketMap.get(bucket) ?? 0) + row.c);
+    }
+  }
+
+  const top_dead_buckets = [...bucketMap.entries()]
+    .sort((a, b) => b[1] - a[1])
+    .slice(0, 5)
+    .map(([bucket, count]) => ({ bucket: bucket.replace('bucket:', ''), count }));
+
+  const dead_bucket_count = bucketMap.size;
+
+  const coRow = db.prepare('SELECT COUNT(*) as c FROM co_retrievals').get() as { c: number };
+  const co_retrieval_pairs = coRow.c;
+
+  return {
+    ratio,
+    target: RECALL_TARGET,
+    total_entries,
+    recalled_entries,
+    never_recalled,
+    avg_recall_count,
+    top_recalled,
+    dead_entry_count,
+    dead_bucket_count,
+    top_dead_buckets,
+    co_retrieval_pairs,
+  };
+}
+
+export function gatherCoRetrievalSummary(ctx: LocalCtx): CoRetrievalSummary {
+  const { db } = ctx;
+
+  const pairsRow = db.prepare('SELECT COUNT(*) as c FROM co_retrievals').get() as { c: number };
+  const total_pairs = pairsRow.c;
+
+  const entryRow = db.prepare('SELECT COUNT(*) as c FROM vault').get() as { c: number };
+  const total_entries = entryRow.c;
+
+  const max_possible = total_entries > 1 ? (total_entries * (total_entries - 1)) / 2 : 1;
+  const graph_density = Math.round((total_pairs / max_possible) * 10000) / 10000;
+
+  const rawPairs = db
+    .prepare(
+      `SELECT c.entry_a, c.entry_b, c.count as weight, a.title as title_a, b.title as title_b
+       FROM co_retrievals c
+       JOIN vault a ON a.id = c.entry_a
+       JOIN vault b ON b.id = c.entry_b
+       ORDER BY c.count DESC
+       LIMIT 10`
+    )
+    .all() as Array<{ title_a: string; title_b: string; weight: number }>;
+
+  const top_pairs = rawPairs.map((row) => ({
+    title_a: row.title_a ?? '(untitled)',
+    title_b: row.title_b ?? '(untitled)',
+    weight: row.weight,
+  }));
+
+  return { total_pairs, graph_density, top_pairs };
+}

package/src/tools/context-status.ts

@@ -1,7 +1,9 @@
 import { existsSync, readFileSync } from 'node:fs';
 import { join } from 'node:path';
 import { gatherVaultStatus, computeGrowthWarnings } from '../status.js';
+import { gatherRecallSummary } from '../stats/recall.js';
 import { errorLogPath, errorLogCount } from '../error-log.js';
+import { getAutoMemory } from '../auto-memory.js';
 import { ok, err, kindIcon } from '../helpers.js';
 import type { LocalCtx, ToolResult } from '../types.js';
 
@@ -179,6 +181,24 @@ export function handler(_args: Record<string, any>, ctx: LocalCtx): ToolResult {
       }
     }
 
+    // Auto-memory detection
+    const autoMemory = getAutoMemory();
+    if (autoMemory.detected) {
+      const LINES_CAP = 200;
+      const overflowRisk = autoMemory.linesUsed > 160;
+      lines.push(``, `### Auto-Memory`);
+      lines.push(`| | |`);
+      lines.push(`|---|---|`);
+      lines.push(`| **Path** | ${autoMemory.path} |`);
+      lines.push(`| **Entries** | ${autoMemory.entries.length} |`);
+      lines.push(`| **Lines** | ${autoMemory.linesUsed}/${LINES_CAP} |`);
+      if (overflowRisk) {
+        lines.push(`| **Status** | ⚠ Approaching limit. Run \`/vault overflow\` to graduate entries. |`);
+      } else {
+        lines.push(`| **Status** | ✓ Healthy |`);
+      }
+    }
+
     if (status.stalePaths) {
       lines.push(``);
       lines.push(`### ⚠ Stale Paths`);
@@ -272,6 +292,26 @@ export function handler(_args: Record<string, any>, ctx: LocalCtx): ToolResult {
       lines.push('', '### Suggested Actions', ...actions);
     }
 
+    // Recall ratio structured summary
+    let recallSection: Record<string, unknown> | null = null;
+    try {
+      const rs = gatherRecallSummary(ctx);
+      recallSection = {
+        ratio: rs.ratio,
+        target: rs.target,
+        total_entries: rs.total_entries,
+        recalled_entries: rs.recalled_entries,
+        avg_recall_count: rs.avg_recall_count,
+        co_retrieval_pairs: rs.co_retrieval_pairs,
+      };
+      lines.push('', '### Recall Ratio');
+      lines.push('```json');
+      lines.push(JSON.stringify({ recall: recallSection }, null, 2));
+      lines.push('```');
+    } catch {
+      // non-fatal: skip recall section if unavailable
+    }
+
     return ok(lines.join('\n'));
   } catch (e) {
     return err(e instanceof Error ? e.message : String(e), 'STATUS_FAILED');

package/src/tools/get-context.ts

@@ -10,6 +10,7 @@ import { resolveTemporalParams } from '../temporal.js';
 import { collectLinkedEntries } from '../linking.js';
 import { ok, err, errWithHint, kindIcon, fmtDate } from '../helpers.js';
 import { isEmbedAvailable } from '@context-vault/core/embed';
+import { getRemoteClient, getTeamId, mergeRemoteResults, mergeWithTeamResults } from '../remote.js';
 import type { LocalCtx, SharedCtx, ToolResult } from '../types.js';
 
 const STALE_DUPLICATE_DAYS = 7;
@@ -575,6 +576,49 @@ export async function handler(
     trackAccess(ctx, filtered);
   }
 
+  // Remote merge: query hosted API and merge results (local wins for duplicates)
+  const remoteClient = getRemoteClient(ctx.config);
+  if (remoteClient && (hasQuery || hasFilters)) {
+    try {
+      const remoteResults = await remoteClient.search({
+        query: hasQuery ? query : undefined,
+        tags: effectiveTags.length ? effectiveTags : undefined,
+        kind: kindFilter || undefined,
+        category: scopedCategory || undefined,
+        scope: effectiveScope !== 'hot' ? effectiveScope : undefined,
+        limit: effectiveLimit,
+        since: effectiveSince || undefined,
+        until: effectiveUntil || undefined,
+      });
+      if (remoteResults.length > 0) {
+        filtered = mergeRemoteResults(filtered, remoteResults as any[], effectiveLimit);
+      }
+    } catch (e) {
+      console.warn(`[context-vault] Remote search failed: ${(e as Error).message}`);
+    }
+  }
+
+  // Team vault merge: query team vault if teamId is configured
+  const teamId = getTeamId(ctx.config);
+  if (remoteClient && teamId && (hasQuery || hasFilters)) {
+    try {
+      const teamResults = await remoteClient.teamSearch(teamId, {
+        query: hasQuery ? query : undefined,
+        tags: effectiveTags.length ? effectiveTags : undefined,
+        kind: kindFilter || undefined,
+        category: scopedCategory || undefined,
+        limit: effectiveLimit,
+        since: effectiveSince || undefined,
+        until: effectiveUntil || undefined,
+      });
+      if (teamResults.length > 0) {
+        filtered = mergeWithTeamResults(filtered, teamResults as any[], effectiveLimit);
+      }
+    } catch (e) {
+      console.warn(`[context-vault] Team search failed: ${(e as Error).message}`);
+    }
+  }
+
   // Brief score boost: briefs rank slightly higher so consolidated snapshots
   // surface above the individual entries they summarize.
   for (const r of filtered) {

package/src/tools/publish-to-team.test.ts

@@ -0,0 +1,115 @@
+import { describe, it, expect, vi, beforeEach } from 'vitest';
+
+vi.mock('../remote.js', () => ({
+  getRemoteClient: vi.fn(),
+  getTeamId: vi.fn(),
+}));
+
+vi.mock('../helpers.js', async () => {
+  const actual = await vi.importActual('../helpers.js');
+  return actual;
+});
+
+import { handler } from './publish-to-team.js';
+import { getRemoteClient, getTeamId } from '../remote.js';
+
+function makeCtx(entry?: Record<string, any>) {
+  return {
+    config: { remote: { enabled: true, url: 'http://test', apiKey: 'k', teamId: 'team-1' } },
+    stmts: {
+      getEntryById: {
+        get: vi.fn().mockReturnValue(entry ?? {
+          id: 'entry-1',
+          kind: 'insight',
+          category: 'knowledge',
+          title: 'Test Entry',
+          body: 'Some body',
+          tags: '["tag1"]',
+          meta: '{}',
+          source: null,
+          identity_key: null,
+          tier: 'working',
+        }),
+      },
+    },
+  } as any;
+}
+
+describe('publish_to_team handler', () => {
+  beforeEach(() => {
+    vi.clearAllMocks();
+    (getTeamId as any).mockReturnValue('team-1');
+  });
+
+  it('returns formatted advisory on 422 privacy scan failure', async () => {
+    const mockClient = {
+      publishToTeam: vi.fn().mockResolvedValue({
+        ok: false,
+        status: 422,
+        error: 'Entry contains potentially sensitive content',
+        privacyMatches: [
+          { type: 'email', value: 'fe***@klarhimmel.se', field: 'body', line: 3 },
+          { type: 'api_key', value: 'sk-proj-...abc', field: 'body', line: 7 },
+        ],
+      }),
+    };
+    (getRemoteClient as any).mockReturnValue(mockClient);
+
+    const result = await handler({ entry_id: 'entry-1' }, makeCtx(), {} as any);
+
+    expect(result.isError).toBeUndefined();
+    const text = result.content[0].text;
+    expect(text).toContain('sensitive content');
+    expect(text).toContain('email in body (line 3)');
+    expect(text).toContain('api_key in body (line 7)');
+    expect(text).toContain('force: true');
+  });
+
+  it('passes force: true through to the remote client', async () => {
+    const mockClient = {
+      publishToTeam: vi.fn().mockResolvedValue({
+        ok: true,
+        id: 'team-entry-1',
+      }),
+    };
+    (getRemoteClient as any).mockReturnValue(mockClient);
+
+    await handler({ entry_id: 'entry-1', force: true }, makeCtx(), {} as any);
+
+    expect(mockClient.publishToTeam).toHaveBeenCalledWith(
+      expect.objectContaining({ force: true })
+    );
+  });
+
+  it('passes force: false when not set', async () => {
+    const mockClient = {
+      publishToTeam: vi.fn().mockResolvedValue({
+        ok: true,
+        id: 'team-entry-1',
+      }),
+    };
+    (getRemoteClient as any).mockReturnValue(mockClient);
+
+    await handler({ entry_id: 'entry-1' }, makeCtx(), {} as any);
+
+    expect(mockClient.publishToTeam).toHaveBeenCalledWith(
+      expect.objectContaining({ force: false })
+    );
+  });
+
+  it('returns error for non-privacy 422 failures', async () => {
+    const mockClient = {
+      publishToTeam: vi.fn().mockResolvedValue({
+        ok: false,
+        status: 422,
+        error: 'Some other validation error',
+      }),
+    };
+    (getRemoteClient as any).mockReturnValue(mockClient);
+
+    const result = await handler({ entry_id: 'entry-1' }, makeCtx(), {} as any);
+
+    expect(result.isError).toBe(true);
+    expect(result.content[0].text).toContain('Failed to publish');
+  });
+});