context-vault 3.8.0 → 3.9.0

package/src/remote.ts

@@ -0,0 +1,325 @@
+import type { RemoteConfig } from '@context-vault/core/types';
+
+const REQUEST_TIMEOUT_MS = 10_000;
+
+export interface RemoteSearchResult {
+  id: string;
+  kind: string;
+  category: string;
+  title: string | null;
+  body: string;
+  tags: string | null;
+  tier: string;
+  score: number;
+  created_at: string;
+  updated_at: string | null;
+  source: string | null;
+  identity_key: string | null;
+  meta: string | null;
+  file_path: string | null;
+  superseded_by: string | null;
+  expires_at: string | null;
+  source_files: string | null;
+  related_to: string | null;
+  indexed: number;
+  hit_count: number;
+  last_accessed_at: string | null;
+  recall_count: number;
+  recall_sessions: number;
+  last_recalled_at: string | null;
+  recall_members?: number;
+}
+
+export interface RemoteHint {
+  id: string;
+  title: string;
+  summary: string;
+  relevance: 'high' | 'medium';
+  kind: string;
+  tags: string[];
+}
+
+export interface TeamSearchResult extends RemoteSearchResult {
+  source: 'team';
+  recall_count: number;
+  recall_members?: number;
+}
+
+export interface PrivacyScanMatch {
+  type: string;
+  value: string;
+  field: string;
+  line: number;
+}
+
+export interface PublishResult {
+  ok: boolean;
+  id?: string;
+  error?: string;
+  status?: number;
+  privacyMatches?: PrivacyScanMatch[];
+  conflict?: {
+    existing_entry_id: string;
+    existing_author: string;
+    similarity: number;
+    suggestion: string;
+  };
+}
+
+export class RemoteClient {
+  private url: string;
+  private apiKey: string;
+
+  constructor(config: RemoteConfig) {
+    this.url = config.url.replace(/\/$/, '');
+    this.apiKey = config.apiKey;
+  }
+
+  async testConnection(): Promise<{ ok: boolean; error?: string; status?: unknown }> {
+    try {
+      const res = await this.fetch('/api/vault/status');
+      if (res.ok) {
+        const data = await res.json();
+        return { ok: true, status: data };
+      }
+      const text = await res.text().catch(() => '');
+      return { ok: false, error: `HTTP ${res.status}: ${text}` };
+    } catch (e) {
+      return { ok: false, error: (e as Error).message };
+    }
+  }
+
+  async saveEntry(entry: Record<string, unknown>): Promise<{ ok: boolean; id?: string; error?: string }> {
+    try {
+      const res = await this.fetch('/api/vault/entries', {
+        method: 'POST',
+        body: JSON.stringify(entry),
+      });
+      if (res.ok) {
+        const data = await res.json().catch(() => ({})) as Record<string, unknown>;
+        return { ok: true, id: data.id as string | undefined };
+      }
+      const text = await res.text().catch(() => '');
+      return { ok: false, error: `HTTP ${res.status}: ${text}` };
+    } catch (e) {
+      return { ok: false, error: (e as Error).message };
+    }
+  }
+
+  async search(params: Record<string, unknown>): Promise<RemoteSearchResult[]> {
+    try {
+      const query = new URLSearchParams();
+      if (params.query) query.set('q', String(params.query));
+      if (Array.isArray(params.tags) && params.tags.length) query.set('tags', params.tags.join(','));
+      if (params.kind) query.set('kind', String(params.kind));
+      if (params.category) query.set('category', String(params.category));
+      if (params.scope) query.set('scope', String(params.scope));
+      if (params.limit) query.set('limit', String(params.limit));
+      if (params.since) query.set('since', String(params.since));
+      if (params.until) query.set('until', String(params.until));
+
+      const res = await this.fetch(`/api/vault/search?${query.toString()}`);
+      if (!res.ok) return [];
+      const data = await res.json() as Record<string, unknown>;
+      return Array.isArray(data.entries) ? data.entries : Array.isArray(data) ? data as RemoteSearchResult[] : [];
+    } catch {
+      return [];
+    }
+  }
+
+  async teamSearch(teamId: string, params: Record<string, unknown>): Promise<TeamSearchResult[]> {
+    try {
+      const query = new URLSearchParams();
+      if (params.query) query.set('q', String(params.query));
+      if (Array.isArray(params.tags) && params.tags.length) query.set('tags', params.tags.join(','));
+      if (params.kind) query.set('kind', String(params.kind));
+      if (params.category) query.set('category', String(params.category));
+      if (params.limit) query.set('limit', String(params.limit));
+      if (params.since) query.set('since', String(params.since));
+      if (params.until) query.set('until', String(params.until));
+
+      const res = await this.fetch(`/api/team/${teamId}/search?${query.toString()}`);
+      if (!res.ok) return [];
+      const data = await res.json() as Record<string, unknown>;
+      const entries = Array.isArray(data.entries) ? data.entries : Array.isArray(data) ? data : [];
+      return (entries as TeamSearchResult[]).map(e => ({ ...e, source: 'team' as const }));
+    } catch {
+      return [];
+    }
+  }
+
+  async teamRecall(teamId: string, params: {
+    signal: string;
+    signal_type: string;
+    bucket?: string;
+    max_hints?: number;
+  }): Promise<RemoteHint[]> {
+    try {
+      const res = await this.fetch(`/api/team/${teamId}/search`, {
+        method: 'POST',
+        body: JSON.stringify(params),
+      });
+      if (!res.ok) return [];
+      const data = await res.json() as Record<string, unknown>;
+      return Array.isArray(data.hints) ? data.hints : Array.isArray(data) ? data as RemoteHint[] : [];
+    } catch {
+      return [];
+    }
+  }
+
+  async teamStatus(teamId: string): Promise<{ ok: boolean; error?: string; data?: Record<string, unknown> }> {
+    try {
+      const res = await this.fetch(`/api/team/${teamId}/status`);
+      if (res.ok) {
+        const data = await res.json() as Record<string, unknown>;
+        return { ok: true, data };
+      }
+      const text = await res.text().catch(() => '');
+      return { ok: false, error: `HTTP ${res.status}: ${text}` };
+    } catch (e) {
+      return { ok: false, error: (e as Error).message };
+    }
+  }
+
+  async publishToTeam(params: {
+    entryId: string;
+    teamId: string;
+    visibility: string;
+    force?: boolean;
+    entry?: Record<string, unknown>;
+  }): Promise<PublishResult> {
+    try {
+      const res = await this.fetch('/api/vault/publish', {
+        method: 'POST',
+        body: JSON.stringify({
+          entryId: params.entryId,
+          teamId: params.teamId,
+          visibility: params.visibility,
+          ...(params.force ? { force: true } : {}),
+          ...(params.entry || {}),
+        }),
+      });
+      const data = await res.json().catch(() => ({})) as Record<string, unknown>;
+      if (res.ok) {
+        return {
+          ok: true,
+          id: data.id as string | undefined,
+          conflict: data.conflict as PublishResult['conflict'],
+        };
+      }
+      if (res.status === 422 && data.code === 'PRIVACY_SCAN_FAILED') {
+        const matches = Array.isArray(data.matches) ? data.matches as PrivacyScanMatch[] : [];
+        return {
+          ok: false,
+          error: typeof data.error === 'string' ? data.error : 'Privacy scan failed',
+          status: 422,
+          privacyMatches: matches,
+        };
+      }
+      const errorText = typeof data.error === 'string' ? data.error : `HTTP ${res.status}`;
+      return { ok: false, error: errorText, status: res.status, conflict: data.conflict as PublishResult['conflict'] };
+    } catch (e) {
+      return { ok: false, error: (e as Error).message };
+    }
+  }
+
+  async recall(params: {
+    signal: string;
+    signal_type: string;
+    bucket?: string;
+    max_hints?: number;
+  }): Promise<RemoteHint[]> {
+    try {
+      const res = await this.fetch('/api/vault/recall', {
+        method: 'POST',
+        body: JSON.stringify(params),
+      });
+      if (!res.ok) return [];
+      const data = await res.json() as Record<string, unknown>;
+      return Array.isArray(data.hints) ? data.hints : Array.isArray(data) ? data as RemoteHint[] : [];
+    } catch {
+      return [];
+    }
+  }
+
+  private fetch(path: string, opts: RequestInit = {}): Promise<Response> {
+    const controller = new AbortController();
+    const timeout = setTimeout(() => controller.abort(), REQUEST_TIMEOUT_MS);
+
+    return globalThis.fetch(`${this.url}${path}`, {
+      ...opts,
+      signal: controller.signal,
+      headers: {
+        'Authorization': `Bearer ${this.apiKey}`,
+        'Content-Type': 'application/json',
+        ...(opts.headers || {}),
+      },
+    }).finally(() => clearTimeout(timeout));
+  }
+}
+
+let cachedClient: RemoteClient | null = null;
+let cachedConfigKey = '';
+
+export function getRemoteClient(config: { remote?: RemoteConfig }): RemoteClient | null {
+  if (!config.remote?.enabled || !config.remote?.apiKey) return null;
+
+  const key = `${config.remote.url}:${config.remote.apiKey}`;
+  if (cachedClient && cachedConfigKey === key) return cachedClient;
+
+  cachedClient = new RemoteClient(config.remote);
+  cachedConfigKey = key;
+  return cachedClient;
+}
+
+export function getTeamId(config: { remote?: RemoteConfig }): string | null {
+  return config.remote?.teamId || null;
+}
+
+/**
+ * Apply recall-driven ranking boost to team results.
+ * Entries with higher recall_count and recall_members rank higher.
+ * Formula: score * log(1 + recall_count) * (1 + 0.1 * recall_members)
+ */
+export function applyTeamRecallBoost<T extends { score?: number; recall_count?: number; recall_members?: number }>(
+  entries: T[]
+): T[] {
+  return entries.map(e => {
+    const baseScore = (e as any).score ?? 0;
+    const recallCount = e.recall_count ?? 0;
+    const recallMembers = e.recall_members ?? 0;
+    if (recallCount === 0 && recallMembers === 0) return e;
+    const boostedScore = baseScore * Math.log(1 + recallCount) * (1 + 0.1 * recallMembers);
+    return { ...e, score: boostedScore };
+  });
+}
+
+/**
+ * Merge local, personal remote, and team results.
+ * Priority: local > personal remote > team.
+ * Team results get recall-driven ranking boost before merge.
+ */
+export function mergeRemoteResults<T extends { id: string; score?: number }>(
+  localResults: T[],
+  remoteResults: T[],
+  limit: number
+): T[] {
+  const localIds = new Set(localResults.map(r => r.id));
+  const uniqueRemote = remoteResults.filter(r => !localIds.has(r.id));
+  const merged = [...localResults, ...uniqueRemote];
+  merged.sort((a, b) => ((b as any).score ?? 0) - ((a as any).score ?? 0));
+  return merged.slice(0, limit);
+}
+
+export function mergeWithTeamResults<T extends { id: string; score?: number; recall_count?: number; recall_members?: number }>(
+  localAndPersonal: T[],
+  teamResults: T[],
+  limit: number
+): T[] {
+  const existingIds = new Set(localAndPersonal.map(r => r.id));
+  const uniqueTeam = teamResults.filter(r => !existingIds.has(r.id));
+  const boostedTeam = applyTeamRecallBoost(uniqueTeam);
+  const merged = [...localAndPersonal, ...boostedTeam];
+  merged.sort((a, b) => ((b as any).score ?? 0) - ((a as any).score ?? 0));
+  return merged.slice(0, limit);
+}

package/src/tools/context-status.ts

@@ -3,6 +3,7 @@ import { join } from 'node:path';
 import { gatherVaultStatus, computeGrowthWarnings } from '../status.js';
 import { gatherRecallSummary } from '../stats/recall.js';
 import { errorLogPath, errorLogCount } from '../error-log.js';
+import { getAutoMemory } from '../auto-memory.js';
 import { ok, err, kindIcon } from '../helpers.js';
 import type { LocalCtx, ToolResult } from '../types.js';
 
@@ -180,6 +181,24 @@ export function handler(_args: Record<string, any>, ctx: LocalCtx): ToolResult {
       }
     }
 
+    // Auto-memory detection
+    const autoMemory = getAutoMemory();
+    if (autoMemory.detected) {
+      const LINES_CAP = 200;
+      const overflowRisk = autoMemory.linesUsed > 160;
+      lines.push(``, `### Auto-Memory`);
+      lines.push(`| | |`);
+      lines.push(`|---|---|`);
+      lines.push(`| **Path** | ${autoMemory.path} |`);
+      lines.push(`| **Entries** | ${autoMemory.entries.length} |`);
+      lines.push(`| **Lines** | ${autoMemory.linesUsed}/${LINES_CAP} |`);
+      if (overflowRisk) {
+        lines.push(`| **Status** | ⚠ Approaching limit. Run \`/vault overflow\` to graduate entries. |`);
+      } else {
+        lines.push(`| **Status** | ✓ Healthy |`);
+      }
+    }
+
     if (status.stalePaths) {
       lines.push(``);
       lines.push(`### ⚠ Stale Paths`);

package/src/tools/get-context.ts

@@ -10,6 +10,7 @@ import { resolveTemporalParams } from '../temporal.js';
 import { collectLinkedEntries } from '../linking.js';
 import { ok, err, errWithHint, kindIcon, fmtDate } from '../helpers.js';
 import { isEmbedAvailable } from '@context-vault/core/embed';
+import { getRemoteClient, getTeamId, mergeRemoteResults, mergeWithTeamResults } from '../remote.js';
 import type { LocalCtx, SharedCtx, ToolResult } from '../types.js';
 
 const STALE_DUPLICATE_DAYS = 7;
@@ -575,6 +576,49 @@ export async function handler(
     trackAccess(ctx, filtered);
   }
 
+  // Remote merge: query hosted API and merge results (local wins for duplicates)
+  const remoteClient = getRemoteClient(ctx.config);
+  if (remoteClient && (hasQuery || hasFilters)) {
+    try {
+      const remoteResults = await remoteClient.search({
+        query: hasQuery ? query : undefined,
+        tags: effectiveTags.length ? effectiveTags : undefined,
+        kind: kindFilter || undefined,
+        category: scopedCategory || undefined,
+        scope: effectiveScope !== 'hot' ? effectiveScope : undefined,
+        limit: effectiveLimit,
+        since: effectiveSince || undefined,
+        until: effectiveUntil || undefined,
+      });
+      if (remoteResults.length > 0) {
+        filtered = mergeRemoteResults(filtered, remoteResults as any[], effectiveLimit);
+      }
+    } catch (e) {
+      console.warn(`[context-vault] Remote search failed: ${(e as Error).message}`);
+    }
+  }
+
+  // Team vault merge: query team vault if teamId is configured
+  const teamId = getTeamId(ctx.config);
+  if (remoteClient && teamId && (hasQuery || hasFilters)) {
+    try {
+      const teamResults = await remoteClient.teamSearch(teamId, {
+        query: hasQuery ? query : undefined,
+        tags: effectiveTags.length ? effectiveTags : undefined,
+        kind: kindFilter || undefined,
+        category: scopedCategory || undefined,
+        limit: effectiveLimit,
+        since: effectiveSince || undefined,
+        until: effectiveUntil || undefined,
+      });
+      if (teamResults.length > 0) {
+        filtered = mergeWithTeamResults(filtered, teamResults as any[], effectiveLimit);
+      }
+    } catch (e) {
+      console.warn(`[context-vault] Team search failed: ${(e as Error).message}`);
+    }
+  }
+
   // Brief score boost: briefs rank slightly higher so consolidated snapshots
   // surface above the individual entries they summarize.
   for (const r of filtered) {

package/src/tools/publish-to-team.test.ts

@@ -0,0 +1,115 @@
+import { describe, it, expect, vi, beforeEach } from 'vitest';
+
+vi.mock('../remote.js', () => ({
+  getRemoteClient: vi.fn(),
+  getTeamId: vi.fn(),
+}));
+
+vi.mock('../helpers.js', async () => {
+  const actual = await vi.importActual('../helpers.js');
+  return actual;
+});
+
+import { handler } from './publish-to-team.js';
+import { getRemoteClient, getTeamId } from '../remote.js';
+
+function makeCtx(entry?: Record<string, any>) {
+  return {
+    config: { remote: { enabled: true, url: 'http://test', apiKey: 'k', teamId: 'team-1' } },
+    stmts: {
+      getEntryById: {
+        get: vi.fn().mockReturnValue(entry ?? {
+          id: 'entry-1',
+          kind: 'insight',
+          category: 'knowledge',
+          title: 'Test Entry',
+          body: 'Some body',
+          tags: '["tag1"]',
+          meta: '{}',
+          source: null,
+          identity_key: null,
+          tier: 'working',
+        }),
+      },
+    },
+  } as any;
+}
+
+describe('publish_to_team handler', () => {
+  beforeEach(() => {
+    vi.clearAllMocks();
+    (getTeamId as any).mockReturnValue('team-1');
+  });
+
+  it('returns formatted advisory on 422 privacy scan failure', async () => {
+    const mockClient = {
+      publishToTeam: vi.fn().mockResolvedValue({
+        ok: false,
+        status: 422,
+        error: 'Entry contains potentially sensitive content',
+        privacyMatches: [
+          { type: 'email', value: 'fe***@klarhimmel.se', field: 'body', line: 3 },
+          { type: 'api_key', value: 'sk-proj-...abc', field: 'body', line: 7 },
+        ],
+      }),
+    };
+    (getRemoteClient as any).mockReturnValue(mockClient);
+
+    const result = await handler({ entry_id: 'entry-1' }, makeCtx(), {} as any);
+
+    expect(result.isError).toBeUndefined();
+    const text = result.content[0].text;
+    expect(text).toContain('sensitive content');
+    expect(text).toContain('email in body (line 3)');
+    expect(text).toContain('api_key in body (line 7)');
+    expect(text).toContain('force: true');
+  });
+
+  it('passes force: true through to the remote client', async () => {
+    const mockClient = {
+      publishToTeam: vi.fn().mockResolvedValue({
+        ok: true,
+        id: 'team-entry-1',
+      }),
+    };
+    (getRemoteClient as any).mockReturnValue(mockClient);
+
+    await handler({ entry_id: 'entry-1', force: true }, makeCtx(), {} as any);
+
+    expect(mockClient.publishToTeam).toHaveBeenCalledWith(
+      expect.objectContaining({ force: true })
+    );
+  });
+
+  it('passes force: false when not set', async () => {
+    const mockClient = {
+      publishToTeam: vi.fn().mockResolvedValue({
+        ok: true,
+        id: 'team-entry-1',
+      }),
+    };
+    (getRemoteClient as any).mockReturnValue(mockClient);
+
+    await handler({ entry_id: 'entry-1' }, makeCtx(), {} as any);
+
+    expect(mockClient.publishToTeam).toHaveBeenCalledWith(
+      expect.objectContaining({ force: false })
+    );
+  });
+
+  it('returns error for non-privacy 422 failures', async () => {
+    const mockClient = {
+      publishToTeam: vi.fn().mockResolvedValue({
+        ok: false,
+        status: 422,
+        error: 'Some other validation error',
+      }),
+    };
+    (getRemoteClient as any).mockReturnValue(mockClient);
+
+    const result = await handler({ entry_id: 'entry-1' }, makeCtx(), {} as any);
+
+    expect(result.isError).toBe(true);
+    expect(result.content[0].text).toContain('Failed to publish');
+  });
+});

package/src/tools/publish-to-team.ts

@@ -0,0 +1,112 @@
+import { z } from 'zod';
+import { ok, err } from '../helpers.js';
+import { getRemoteClient, getTeamId } from '../remote.js';
+import type { LocalCtx, SharedCtx, ToolResult } from '../types.js';
+
+export const name = 'publish_to_team';
+
+export const description =
+  'Publish a local vault entry to a team vault. Wraps the POST /api/vault/publish endpoint. Returns the published entry and any conflict advisory from the server. If the server detects sensitive content, returns an advisory with matched patterns. Use force: true to override.';
+
+export const inputSchema = {
+  entry_id: z
+    .string()
+    .describe('The ULID of the local entry to publish to the team vault.'),
+  team_id: z
+    .string()
+    .optional()
+    .describe('Team ID to publish to. Defaults to the teamId in remote config.'),
+  force: z
+    .boolean()
+    .optional()
+    .describe('When true, skip the server-side privacy scan and publish anyway. Use when you have reviewed the content and confirmed it is safe to share.'),
+};
+
+export async function handler(
+  { entry_id, team_id, force }: Record<string, any>,
+  ctx: LocalCtx,
+  _shared: SharedCtx
+): Promise<ToolResult> {
+  const remoteClient = getRemoteClient(ctx.config);
+  if (!remoteClient) {
+    return err('Remote is not configured. Run `context-vault remote setup` first.', 'NOT_CONFIGURED');
+  }
+
+  const effectiveTeamId = team_id || getTeamId(ctx.config);
+  if (!effectiveTeamId) {
+    return err(
+      'No team ID specified and none configured. Use `context-vault team join <team-id>` or pass team_id parameter.',
+      'NO_TEAM'
+    );
+  }
+
+  const existing = ctx.stmts.getEntryById.get(entry_id) as Record<string, any> | undefined;
+  if (!existing) {
+    return err(`Entry not found locally: ${entry_id}`, 'NOT_FOUND');
+  }
+
+  if (existing.category === 'event') {
+    return err('Event entries cannot be published to team vaults (private by design).', 'FORBIDDEN');
+  }
+
+  const tags = existing.tags ? JSON.parse(existing.tags) : [];
+  const meta = existing.meta ? JSON.parse(existing.meta) : {};
+
+  const result = await remoteClient.publishToTeam({
+    entryId: entry_id,
+    teamId: effectiveTeamId,
+    visibility: 'team',
+    force: !!force,
+    entry: {
+      kind: existing.kind,
+      title: existing.title,
+      body: existing.body,
+      tags,
+      meta,
+      source: existing.source,
+      identity_key: existing.identity_key,
+      tier: existing.tier,
+      category: existing.category,
+    },
+  });
+
+  if (!result.ok) {
+    if (result.status === 422 && result.privacyMatches?.length) {
+      return formatPrivacyAdvisory(result.privacyMatches);
+    }
+
+    const parts = [`Failed to publish: ${result.error}`];
+    if (result.conflict) {
+      parts.push('');
+      parts.push(`Conflict detected: similar entry by ${result.conflict.existing_author} (${(result.conflict.similarity * 100).toFixed(0)}% match)`);
+      parts.push(`  Entry ID: ${result.conflict.existing_entry_id}`);
+      parts.push(`  ${result.conflict.suggestion}`);
+    }
+    return err(parts.join('\n'), 'PUBLISH_FAILED');
+  }
+
+  const parts = [
+    `## Published to team`,
+    `Entry \`${entry_id}\` published to team \`${effectiveTeamId}\``,
+  ];
+  if (result.id) {
+    parts.push(`Team entry ID: \`${result.id}\``);
+  }
+  if (result.conflict) {
+    parts.push('');
+    parts.push(`**Conflict advisory:** Similar entry by ${result.conflict.existing_author} (${(result.conflict.similarity * 100).toFixed(0)}% match)`);
+    parts.push(`  Entry: \`${result.conflict.existing_entry_id}\``);
+    parts.push(`  ${result.conflict.suggestion}`);
+  }
+  return ok(parts.join('\n'));
+}
+
+function formatPrivacyAdvisory(matches: Array<{ type: string; value: string; field: string; line: number }>): ToolResult {
+  const lines = ['This entry contains sensitive content that should be removed before sharing:'];
+  for (const m of matches) {
+    lines.push(`- ${m.type} in ${m.field} (line ${m.line}): ${m.value}`);
+  }
+  lines.push('');
+  lines.push('Remove these and try again, or set force: true to override.');
+  return ok(lines.join('\n'));
+}