engrm 0.1.0 → 0.2.0

package/dist/hooks/post-tool-use.js

@@ -0,0 +1,2357 @@
+#!/usr/bin/env node
+import { createRequire } from "node:module";
+var __require = /* @__PURE__ */ createRequire(import.meta.url);
+
+// src/config.ts
+import { existsSync, mkdirSync, readFileSync, writeFileSync } from "node:fs";
+import { homedir, hostname } from "node:os";
+import { join } from "node:path";
+import { randomBytes } from "node:crypto";
+var CONFIG_DIR = join(homedir(), ".engrm");
+var SETTINGS_PATH = join(CONFIG_DIR, "settings.json");
+var DB_PATH = join(CONFIG_DIR, "engrm.db");
+function getDbPath() {
+  return DB_PATH;
+}
+function generateDeviceId() {
+  const host = hostname().toLowerCase().replace(/[^a-z0-9-]/g, "");
+  const suffix = randomBytes(4).toString("hex");
+  return `${host}-${suffix}`;
+}
+function createDefaultConfig() {
+  return {
+    candengo_url: "",
+    candengo_api_key: "",
+    site_id: "",
+    namespace: "",
+    user_id: "",
+    user_email: "",
+    device_id: generateDeviceId(),
+    teams: [],
+    sync: {
+      enabled: true,
+      interval_seconds: 30,
+      batch_size: 50
+    },
+    search: {
+      default_limit: 10,
+      local_boost: 1.2,
+      scope: "all"
+    },
+    scrubbing: {
+      enabled: true,
+      custom_patterns: [],
+      default_sensitivity: "shared"
+    },
+    sentinel: {
+      enabled: false,
+      mode: "advisory",
+      provider: "openai",
+      model: "gpt-4o-mini",
+      api_key: "",
+      base_url: "",
+      skip_patterns: [],
+      daily_limit: 100,
+      tier: "free"
+    },
+    observer: {
+      enabled: true,
+      mode: "per_event",
+      model: "haiku"
+    }
+  };
+}
+function loadConfig() {
+  if (!existsSync(SETTINGS_PATH)) {
+    throw new Error(`Config not found at ${SETTINGS_PATH}. Run 'engrm init --manual' to configure.`);
+  }
+  const raw = readFileSync(SETTINGS_PATH, "utf-8");
+  let parsed;
+  try {
+    parsed = JSON.parse(raw);
+  } catch {
+    throw new Error(`Invalid JSON in ${SETTINGS_PATH}`);
+  }
+  if (typeof parsed !== "object" || parsed === null) {
+    throw new Error(`Config at ${SETTINGS_PATH} is not a JSON object`);
+  }
+  const config = parsed;
+  const defaults = createDefaultConfig();
+  return {
+    candengo_url: asString(config["candengo_url"], defaults.candengo_url),
+    candengo_api_key: asString(config["candengo_api_key"], defaults.candengo_api_key),
+    site_id: asString(config["site_id"], defaults.site_id),
+    namespace: asString(config["namespace"], defaults.namespace),
+    user_id: asString(config["user_id"], defaults.user_id),
+    user_email: asString(config["user_email"], defaults.user_email),
+    device_id: asString(config["device_id"], defaults.device_id),
+    teams: asTeams(config["teams"], defaults.teams),
+    sync: {
+      enabled: asBool(config["sync"]?.["enabled"], defaults.sync.enabled),
+      interval_seconds: asNumber(config["sync"]?.["interval_seconds"], defaults.sync.interval_seconds),
+      batch_size: asNumber(config["sync"]?.["batch_size"], defaults.sync.batch_size)
+    },
+    search: {
+      default_limit: asNumber(config["search"]?.["default_limit"], defaults.search.default_limit),
+      local_boost: asNumber(config["search"]?.["local_boost"], defaults.search.local_boost),
+      scope: asScope(config["search"]?.["scope"], defaults.search.scope)
+    },
+    scrubbing: {
+      enabled: asBool(config["scrubbing"]?.["enabled"], defaults.scrubbing.enabled),
+      custom_patterns: asStringArray(config["scrubbing"]?.["custom_patterns"], defaults.scrubbing.custom_patterns),
+      default_sensitivity: asSensitivity(config["scrubbing"]?.["default_sensitivity"], defaults.scrubbing.default_sensitivity)
+    },
+    sentinel: {
+      enabled: asBool(config["sentinel"]?.["enabled"], defaults.sentinel.enabled),
+      mode: asSentinelMode(config["sentinel"]?.["mode"], defaults.sentinel.mode),
+      provider: asLlmProvider(config["sentinel"]?.["provider"], defaults.sentinel.provider),
+      model: asString(config["sentinel"]?.["model"], defaults.sentinel.model),
+      api_key: asString(config["sentinel"]?.["api_key"], defaults.sentinel.api_key),
+      base_url: asString(config["sentinel"]?.["base_url"], defaults.sentinel.base_url),
+      skip_patterns: asStringArray(config["sentinel"]?.["skip_patterns"], defaults.sentinel.skip_patterns),
+      daily_limit: asNumber(config["sentinel"]?.["daily_limit"], defaults.sentinel.daily_limit),
+      tier: asTier(config["sentinel"]?.["tier"], defaults.sentinel.tier)
+    },
+    observer: {
+      enabled: asBool(config["observer"]?.["enabled"], defaults.observer.enabled),
+      mode: asObserverMode(config["observer"]?.["mode"], defaults.observer.mode),
+      model: asString(config["observer"]?.["model"], defaults.observer.model)
+    }
+  };
+}
+function configExists() {
+  return existsSync(SETTINGS_PATH);
+}
+function asString(value, fallback) {
+  return typeof value === "string" ? value : fallback;
+}
+function asNumber(value, fallback) {
+  return typeof value === "number" && !Number.isNaN(value) ? value : fallback;
+}
+function asBool(value, fallback) {
+  return typeof value === "boolean" ? value : fallback;
+}
+function asStringArray(value, fallback) {
+  return Array.isArray(value) && value.every((v) => typeof v === "string") ? value : fallback;
+}
+function asScope(value, fallback) {
+  if (value === "personal" || value === "team" || value === "all")
+    return value;
+  return fallback;
+}
+function asSensitivity(value, fallback) {
+  if (value === "shared" || value === "personal" || value === "secret")
+    return value;
+  return fallback;
+}
+function asSentinelMode(value, fallback) {
+  if (value === "advisory" || value === "blocking")
+    return value;
+  return fallback;
+}
+function asLlmProvider(value, fallback) {
+  if (value === "openai" || value === "anthropic" || value === "ollama" || value === "custom")
+    return value;
+  return fallback;
+}
+function asTier(value, fallback) {
+  if (value === "free" || value === "vibe" || value === "solo" || value === "pro" || value === "team" || value === "enterprise")
+    return value;
+  return fallback;
+}
+function asObserverMode(value, fallback) {
+  if (value === "per_event" || value === "per_session")
+    return value;
+  return fallback;
+}
+function asTeams(value, fallback) {
+  if (!Array.isArray(value))
+    return fallback;
+  return value.filter((t) => typeof t === "object" && t !== null && typeof t.id === "string" && typeof t.name === "string" && typeof t.namespace === "string");
+}
+
+// src/storage/migrations.ts
+var MIGRATIONS = [
+  {
+    version: 1,
+    description: "Initial schema: projects, observations, sessions, sync, FTS5",
+    sql: `
+      -- Projects (canonical identity across machines)
+      CREATE TABLE projects (
+          id              INTEGER PRIMARY KEY AUTOINCREMENT,
+          canonical_id    TEXT UNIQUE NOT NULL,
+          name            TEXT NOT NULL,
+          local_path      TEXT,
+          remote_url      TEXT,
+          first_seen_epoch INTEGER NOT NULL,
+          last_active_epoch INTEGER NOT NULL
+      );
+
+      -- Core observations table
+      CREATE TABLE observations (
+          id              INTEGER PRIMARY KEY AUTOINCREMENT,
+          session_id      TEXT,
+          project_id      INTEGER NOT NULL REFERENCES projects(id),
+          type            TEXT NOT NULL CHECK (type IN (
+              'bugfix', 'discovery', 'decision', 'pattern',
+              'change', 'feature', 'refactor', 'digest'
+          )),
+          title           TEXT NOT NULL,
+          narrative       TEXT,
+          facts           TEXT,
+          concepts        TEXT,
+          files_read      TEXT,
+          files_modified  TEXT,
+          quality         REAL DEFAULT 0.5 CHECK (quality BETWEEN 0.0 AND 1.0),
+          lifecycle       TEXT DEFAULT 'active' CHECK (lifecycle IN (
+              'active', 'aging', 'archived', 'purged', 'pinned'
+          )),
+          sensitivity     TEXT DEFAULT 'shared' CHECK (sensitivity IN (
+              'shared', 'personal', 'secret'
+          )),
+          user_id         TEXT NOT NULL,
+          device_id       TEXT NOT NULL,
+          agent           TEXT DEFAULT 'claude-code',
+          created_at      TEXT NOT NULL,
+          created_at_epoch INTEGER NOT NULL,
+          archived_at_epoch INTEGER,
+          compacted_into  INTEGER REFERENCES observations(id) ON DELETE SET NULL
+      );
+
+      -- Session tracking
+      CREATE TABLE sessions (
+          id              INTEGER PRIMARY KEY AUTOINCREMENT,
+          session_id      TEXT UNIQUE NOT NULL,
+          project_id      INTEGER REFERENCES projects(id),
+          user_id         TEXT NOT NULL,
+          device_id       TEXT NOT NULL,
+          agent           TEXT DEFAULT 'claude-code',
+          status          TEXT DEFAULT 'active' CHECK (status IN ('active', 'completed')),
+          observation_count INTEGER DEFAULT 0,
+          started_at_epoch INTEGER,
+          completed_at_epoch INTEGER
+      );
+
+      -- Session summaries (generated on Stop hook)
+      CREATE TABLE session_summaries (
+          id              INTEGER PRIMARY KEY AUTOINCREMENT,
+          session_id      TEXT UNIQUE NOT NULL,
+          project_id      INTEGER REFERENCES projects(id),
+          user_id         TEXT NOT NULL,
+          request         TEXT,
+          investigated    TEXT,
+          learned         TEXT,
+          completed       TEXT,
+          next_steps      TEXT,
+          created_at_epoch INTEGER
+      );
+
+      -- Sync outbox (offline-first queue)
+      CREATE TABLE sync_outbox (
+          id              INTEGER PRIMARY KEY AUTOINCREMENT,
+          record_type     TEXT NOT NULL CHECK (record_type IN ('observation', 'summary')),
+          record_id       INTEGER NOT NULL,
+          status          TEXT DEFAULT 'pending' CHECK (status IN (
+              'pending', 'syncing', 'synced', 'failed'
+          )),
+          retry_count     INTEGER DEFAULT 0,
+          max_retries     INTEGER DEFAULT 10,
+          last_error      TEXT,
+          created_at_epoch INTEGER NOT NULL,
+          synced_at_epoch  INTEGER,
+          next_retry_epoch INTEGER
+      );
+
+      -- Sync high-water mark and lifecycle job tracking
+      CREATE TABLE sync_state (
+          key   TEXT PRIMARY KEY,
+          value TEXT NOT NULL
+      );
+
+      -- FTS5 for local offline search (external content mode)
+      CREATE VIRTUAL TABLE observations_fts USING fts5(
+          title, narrative, facts, concepts,
+          content=observations,
+          content_rowid=id
+      );
+
+      -- Indexes: observations
+      CREATE INDEX idx_observations_project ON observations(project_id);
+      CREATE INDEX idx_observations_project_lifecycle ON observations(project_id, lifecycle);
+      CREATE INDEX idx_observations_type ON observations(type);
+      CREATE INDEX idx_observations_created ON observations(created_at_epoch);
+      CREATE INDEX idx_observations_session ON observations(session_id);
+      CREATE INDEX idx_observations_lifecycle ON observations(lifecycle);
+      CREATE INDEX idx_observations_quality ON observations(quality);
+      CREATE INDEX idx_observations_user ON observations(user_id);
+
+      -- Indexes: sessions
+      CREATE INDEX idx_sessions_project ON sessions(project_id);
+
+      -- Indexes: sync outbox
+      CREATE INDEX idx_outbox_status ON sync_outbox(status, next_retry_epoch);
+      CREATE INDEX idx_outbox_record ON sync_outbox(record_type, record_id);
+    `
+  },
+  {
+    version: 2,
+    description: "Add superseded_by for knowledge supersession",
+    sql: `
+      ALTER TABLE observations ADD COLUMN superseded_by INTEGER REFERENCES observations(id) ON DELETE SET NULL;
+      CREATE INDEX idx_observations_superseded ON observations(superseded_by);
+    `
+  },
+  {
+    version: 3,
+    description: "Add remote_source_id for pull deduplication",
+    sql: `
+      ALTER TABLE observations ADD COLUMN remote_source_id TEXT;
+      CREATE UNIQUE INDEX idx_observations_remote_source ON observations(remote_source_id) WHERE remote_source_id IS NOT NULL;
+    `
+  },
+  {
+    version: 4,
+    description: "Add sqlite-vec for local semantic search",
+    sql: `
+      CREATE VIRTUAL TABLE vec_observations USING vec0(
+        observation_id INTEGER PRIMARY KEY,
+        embedding float[384]
+      );
+    `,
+    condition: (db) => isVecExtensionLoaded(db)
+  },
+  {
+    version: 5,
+    description: "Session metrics and security findings",
+    sql: `
+      ALTER TABLE sessions ADD COLUMN files_touched_count INTEGER DEFAULT 0;
+      ALTER TABLE sessions ADD COLUMN searches_performed INTEGER DEFAULT 0;
+      ALTER TABLE sessions ADD COLUMN tool_calls_count INTEGER DEFAULT 0;
+
+      CREATE TABLE security_findings (
+          id              INTEGER PRIMARY KEY AUTOINCREMENT,
+          session_id      TEXT,
+          project_id      INTEGER NOT NULL REFERENCES projects(id),
+          finding_type    TEXT NOT NULL,
+          severity        TEXT NOT NULL DEFAULT 'medium' CHECK (severity IN ('critical', 'high', 'medium', 'low')),
+          pattern_name    TEXT NOT NULL,
+          file_path       TEXT,
+          snippet         TEXT,
+          tool_name       TEXT,
+          user_id         TEXT NOT NULL,
+          device_id       TEXT NOT NULL,
+          created_at_epoch INTEGER NOT NULL
+      );
+
+      CREATE INDEX idx_security_findings_session ON security_findings(session_id);
+      CREATE INDEX idx_security_findings_project ON security_findings(project_id, created_at_epoch);
+      CREATE INDEX idx_security_findings_severity ON security_findings(severity);
+    `
+  },
+  {
+    version: 6,
+    description: "Add risk_score, expand observation types to include standard",
+    sql: `
+      ALTER TABLE sessions ADD COLUMN risk_score INTEGER;
+
+      -- Recreate observations table with expanded type CHECK to include 'standard'
+      -- SQLite doesn't support ALTER CHECK, so we recreate the table
+      CREATE TABLE observations_new (
+          id              INTEGER PRIMARY KEY AUTOINCREMENT,
+          session_id      TEXT,
+          project_id      INTEGER NOT NULL REFERENCES projects(id),
+          type            TEXT NOT NULL CHECK (type IN (
+              'bugfix', 'discovery', 'decision', 'pattern',
+              'change', 'feature', 'refactor', 'digest', 'standard'
+          )),
+          title           TEXT NOT NULL,
+          narrative       TEXT,
+          facts           TEXT,
+          concepts        TEXT,
+          files_read      TEXT,
+          files_modified  TEXT,
+          quality         REAL DEFAULT 0.5 CHECK (quality BETWEEN 0.0 AND 1.0),
+          lifecycle       TEXT DEFAULT 'active' CHECK (lifecycle IN (
+              'active', 'aging', 'archived', 'purged', 'pinned'
+          )),
+          sensitivity     TEXT DEFAULT 'shared' CHECK (sensitivity IN (
+              'shared', 'personal', 'secret'
+          )),
+          user_id         TEXT NOT NULL,
+          device_id       TEXT NOT NULL,
+          agent           TEXT DEFAULT 'claude-code',
+          created_at      TEXT NOT NULL,
+          created_at_epoch INTEGER NOT NULL,
+          archived_at_epoch INTEGER,
+          compacted_into  INTEGER REFERENCES observations(id) ON DELETE SET NULL,
+          superseded_by   INTEGER REFERENCES observations(id) ON DELETE SET NULL,
+          remote_source_id TEXT
+      );
+
+      INSERT INTO observations_new SELECT * FROM observations;
+
+      DROP TABLE observations;
+      ALTER TABLE observations_new RENAME TO observations;
+
+      -- Recreate indexes
+      CREATE INDEX idx_observations_project ON observations(project_id);
+      CREATE INDEX idx_observations_project_lifecycle ON observations(project_id, lifecycle);
+      CREATE INDEX idx_observations_type ON observations(type);
+      CREATE INDEX idx_observations_created ON observations(created_at_epoch);
+      CREATE INDEX idx_observations_session ON observations(session_id);
+      CREATE INDEX idx_observations_lifecycle ON observations(lifecycle);
+      CREATE INDEX idx_observations_quality ON observations(quality);
+      CREATE INDEX idx_observations_user ON observations(user_id);
+      CREATE INDEX idx_observations_superseded ON observations(superseded_by);
+      CREATE UNIQUE INDEX idx_observations_remote_source ON observations(remote_source_id) WHERE remote_source_id IS NOT NULL;
+
+      -- Recreate FTS5 (external content mode — must rebuild after table recreation)
+      DROP TABLE IF EXISTS observations_fts;
+      CREATE VIRTUAL TABLE observations_fts USING fts5(
+          title, narrative, facts, concepts,
+          content=observations,
+          content_rowid=id
+      );
+      -- Rebuild FTS index
+      INSERT INTO observations_fts(observations_fts) VALUES('rebuild');
+    `
+  },
+  {
+    version: 7,
+    description: "Add packs_installed table for help pack tracking",
+    sql: `
+      CREATE TABLE IF NOT EXISTS packs_installed (
+          name            TEXT PRIMARY KEY,
+          installed_at    INTEGER NOT NULL,
+          observation_count INTEGER DEFAULT 0
+      );
+    `
+  }
+];
+function isVecExtensionLoaded(db) {
+  try {
+    db.exec("SELECT vec_version()");
+    return true;
+  } catch {
+    return false;
+  }
+}
+function runMigrations(db) {
+  const currentVersion = db.query("PRAGMA user_version").get();
+  let version = currentVersion.user_version;
+  for (const migration of MIGRATIONS) {
+    if (migration.version <= version)
+      continue;
+    if (migration.condition && !migration.condition(db)) {
+      continue;
+    }
+    db.exec("BEGIN TRANSACTION");
+    try {
+      db.exec(migration.sql);
+      db.exec(`PRAGMA user_version = ${migration.version}`);
+      db.exec("COMMIT");
+      version = migration.version;
+    } catch (error) {
+      db.exec("ROLLBACK");
+      throw new Error(`Migration ${migration.version} (${migration.description}) failed: ${error instanceof Error ? error.message : String(error)}`);
+    }
+  }
+}
+var LATEST_SCHEMA_VERSION = MIGRATIONS.filter((m) => !m.condition).reduce((max, m) => Math.max(max, m.version), 0);
+
+// src/storage/sqlite.ts
+var IS_BUN = typeof globalThis.Bun !== "undefined";
+function openDatabase(dbPath) {
+  if (IS_BUN) {
+    return openBunDatabase(dbPath);
+  }
+  return openNodeDatabase(dbPath);
+}
+function openBunDatabase(dbPath) {
+  const { Database } = __require("bun:sqlite");
+  if (process.platform === "darwin") {
+    const { existsSync: existsSync2 } = __require("node:fs");
+    const paths = [
+      "/opt/homebrew/opt/sqlite/lib/libsqlite3.dylib",
+      "/usr/local/opt/sqlite3/lib/libsqlite3.dylib"
+    ];
+    for (const p of paths) {
+      if (existsSync2(p)) {
+        try {
+          Database.setCustomSQLite(p);
+        } catch {}
+        break;
+      }
+    }
+  }
+  const db = new Database(dbPath);
+  return db;
+}
+function openNodeDatabase(dbPath) {
+  const BetterSqlite3 = __require("better-sqlite3");
+  const raw = new BetterSqlite3(dbPath);
+  return {
+    query(sql) {
+      const stmt = raw.prepare(sql);
+      return {
+        get(...params) {
+          return stmt.get(...params);
+        },
+        all(...params) {
+          return stmt.all(...params);
+        },
+        run(...params) {
+          return stmt.run(...params);
+        }
+      };
+    },
+    exec(sql) {
+      raw.exec(sql);
+    },
+    close() {
+      raw.close();
+    }
+  };
+}
+
+class MemDatabase {
+  db;
+  vecAvailable;
+  constructor(dbPath) {
+    this.db = openDatabase(dbPath);
+    this.db.exec("PRAGMA journal_mode = WAL");
+    this.db.exec("PRAGMA foreign_keys = ON");
+    this.vecAvailable = this.loadVecExtension();
+    runMigrations(this.db);
+  }
+  loadVecExtension() {
+    try {
+      const sqliteVec = __require("sqlite-vec");
+      sqliteVec.load(this.db);
+      return true;
+    } catch {
+      return false;
+    }
+  }
+  close() {
+    this.db.close();
+  }
+  upsertProject(project) {
+    const now = Math.floor(Date.now() / 1000);
+    const existing = this.db.query("SELECT * FROM projects WHERE canonical_id = ?").get(project.canonical_id);
+    if (existing) {
+      this.db.query(`UPDATE projects SET
+            local_path = COALESCE(?, local_path),
+            remote_url = COALESCE(?, remote_url),
+            last_active_epoch = ?
+          WHERE id = ?`).run(project.local_path ?? null, project.remote_url ?? null, now, existing.id);
+      return {
+        ...existing,
+        local_path: project.local_path ?? existing.local_path,
+        remote_url: project.remote_url ?? existing.remote_url,
+        last_active_epoch: now
+      };
+    }
+    const result = this.db.query(`INSERT INTO projects (canonical_id, name, local_path, remote_url, first_seen_epoch, last_active_epoch)
+        VALUES (?, ?, ?, ?, ?, ?)`).run(project.canonical_id, project.name, project.local_path ?? null, project.remote_url ?? null, now, now);
+    return this.db.query("SELECT * FROM projects WHERE id = ?").get(Number(result.lastInsertRowid));
+  }
+  getProjectByCanonicalId(canonicalId) {
+    return this.db.query("SELECT * FROM projects WHERE canonical_id = ?").get(canonicalId) ?? null;
+  }
+  getProjectById(id) {
+    return this.db.query("SELECT * FROM projects WHERE id = ?").get(id) ?? null;
+  }
+  insertObservation(obs) {
+    const now = Math.floor(Date.now() / 1000);
+    const createdAt = new Date().toISOString();
+    const result = this.db.query(`INSERT INTO observations (
+          session_id, project_id, type, title, narrative, facts, concepts,
+          files_read, files_modified, quality, lifecycle, sensitivity,
+          user_id, device_id, agent, created_at, created_at_epoch
+        ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`).run(obs.session_id ?? null, obs.project_id, obs.type, obs.title, obs.narrative ?? null, obs.facts ?? null, obs.concepts ?? null, obs.files_read ?? null, obs.files_modified ?? null, obs.quality, obs.lifecycle ?? "active", obs.sensitivity ?? "shared", obs.user_id, obs.device_id, obs.agent ?? "claude-code", createdAt, now);
+    const id = Number(result.lastInsertRowid);
+    const row = this.getObservationById(id);
+    this.ftsInsert(row);
+    if (obs.session_id) {
+      this.db.query("UPDATE sessions SET observation_count = observation_count + 1 WHERE session_id = ?").run(obs.session_id);
+    }
+    return row;
+  }
+  getObservationById(id) {
+    return this.db.query("SELECT * FROM observations WHERE id = ?").get(id) ?? null;
+  }
+  getObservationsByIds(ids) {
+    if (ids.length === 0)
+      return [];
+    const placeholders = ids.map(() => "?").join(",");
+    return this.db.query(`SELECT * FROM observations WHERE id IN (${placeholders}) ORDER BY created_at_epoch DESC`).all(...ids);
+  }
+  getRecentObservations(projectId, sincEpoch, limit = 50) {
+    return this.db.query(`SELECT * FROM observations
+        WHERE project_id = ? AND created_at_epoch > ?
+        ORDER BY created_at_epoch DESC
+        LIMIT ?`).all(projectId, sincEpoch, limit);
+  }
+  searchFts(query, projectId, lifecycles = ["active", "aging", "pinned"], limit = 20) {
+    const lifecyclePlaceholders = lifecycles.map(() => "?").join(",");
+    if (projectId !== null) {
+      return this.db.query(`SELECT o.id, observations_fts.rank
+          FROM observations_fts
+          JOIN observations o ON o.id = observations_fts.rowid
+          WHERE observations_fts MATCH ?
+            AND o.project_id = ?
+            AND o.lifecycle IN (${lifecyclePlaceholders})
+          ORDER BY observations_fts.rank
+          LIMIT ?`).all(query, projectId, ...lifecycles, limit);
+    }
+    return this.db.query(`SELECT o.id, observations_fts.rank
+        FROM observations_fts
+        JOIN observations o ON o.id = observations_fts.rowid
+        WHERE observations_fts MATCH ?
+          AND o.lifecycle IN (${lifecyclePlaceholders})
+        ORDER BY observations_fts.rank
+        LIMIT ?`).all(query, ...lifecycles, limit);
+  }
+  getTimeline(anchorId, projectId, depthBefore = 3, depthAfter = 3) {
+    const anchor = this.getObservationById(anchorId);
+    if (!anchor)
+      return [];
+    const projectFilter = projectId !== null ? "AND project_id = ?" : "";
+    const projectParams = projectId !== null ? [projectId] : [];
+    const before = this.db.query(`SELECT * FROM observations
+        WHERE created_at_epoch < ? ${projectFilter}
+          AND lifecycle IN ('active', 'aging', 'pinned')
+        ORDER BY created_at_epoch DESC
+        LIMIT ?`).all(anchor.created_at_epoch, ...projectParams, depthBefore);
+    const after = this.db.query(`SELECT * FROM observations
+        WHERE created_at_epoch > ? ${projectFilter}
+          AND lifecycle IN ('active', 'aging', 'pinned')
+        ORDER BY created_at_epoch ASC
+        LIMIT ?`).all(anchor.created_at_epoch, ...projectParams, depthAfter);
+    return [...before.reverse(), anchor, ...after];
+  }
+  pinObservation(id, pinned) {
+    const obs = this.getObservationById(id);
+    if (!obs)
+      return false;
+    if (pinned) {
+      if (obs.lifecycle !== "active" && obs.lifecycle !== "aging")
+        return false;
+      this.db.query("UPDATE observations SET lifecycle = 'pinned' WHERE id = ?").run(id);
+    } else {
+      if (obs.lifecycle !== "pinned")
+        return false;
+      this.db.query("UPDATE observations SET lifecycle = 'active' WHERE id = ?").run(id);
+    }
+    return true;
+  }
+  getActiveObservationCount(userId) {
+    if (userId) {
+      const result2 = this.db.query(`SELECT COUNT(*) as count FROM observations
+          WHERE lifecycle IN ('active', 'aging')
+            AND sensitivity != 'secret'
+            AND user_id = ?`).get(userId);
+      return result2?.count ?? 0;
+    }
+    const result = this.db.query(`SELECT COUNT(*) as count FROM observations
+        WHERE lifecycle IN ('active', 'aging')
+          AND sensitivity != 'secret'`).get();
+    return result?.count ?? 0;
+  }
+  supersedeObservation(oldId, newId) {
+    if (oldId === newId)
+      return false;
+    const replacement = this.getObservationById(newId);
+    if (!replacement)
+      return false;
+    let targetId = oldId;
+    const visited = new Set;
+    for (let depth = 0;depth < 10; depth++) {
+      const target2 = this.getObservationById(targetId);
+      if (!target2)
+        return false;
+      if (target2.superseded_by === null)
+        break;
+      if (target2.superseded_by === newId)
+        return true;
+      visited.add(targetId);
+      targetId = target2.superseded_by;
+      if (visited.has(targetId))
+        return false;
+    }
+    const target = this.getObservationById(targetId);
+    if (!target)
+      return false;
+    if (target.superseded_by !== null)
+      return false;
+    if (targetId === newId)
+      return false;
+    const now = Math.floor(Date.now() / 1000);
+    this.db.query(`UPDATE observations
+         SET superseded_by = ?, lifecycle = 'archived', archived_at_epoch = ?
+         WHERE id = ?`).run(newId, now, targetId);
+    this.ftsDelete(target);
+    this.vecDelete(targetId);
+    return true;
+  }
+  isSuperseded(id) {
+    const obs = this.getObservationById(id);
+    return obs !== null && obs.superseded_by !== null;
+  }
+  upsertSession(sessionId, projectId, userId, deviceId, agent = "claude-code") {
+    const existing = this.db.query("SELECT * FROM sessions WHERE session_id = ?").get(sessionId);
+    if (existing)
+      return existing;
+    const now = Math.floor(Date.now() / 1000);
+    this.db.query(`INSERT INTO sessions (session_id, project_id, user_id, device_id, agent, started_at_epoch)
+        VALUES (?, ?, ?, ?, ?, ?)`).run(sessionId, projectId, userId, deviceId, agent, now);
+    return this.db.query("SELECT * FROM sessions WHERE session_id = ?").get(sessionId);
+  }
+  completeSession(sessionId) {
+    const now = Math.floor(Date.now() / 1000);
+    this.db.query("UPDATE sessions SET status = 'completed', completed_at_epoch = ? WHERE session_id = ?").run(now, sessionId);
+  }
+  addToOutbox(recordType, recordId) {
+    const now = Math.floor(Date.now() / 1000);
+    this.db.query(`INSERT INTO sync_outbox (record_type, record_id, created_at_epoch)
+        VALUES (?, ?, ?)`).run(recordType, recordId, now);
+  }
+  getSyncState(key) {
+    const row = this.db.query("SELECT value FROM sync_state WHERE key = ?").get(key);
+    return row?.value ?? null;
+  }
+  setSyncState(key, value) {
+    this.db.query("INSERT INTO sync_state (key, value) VALUES (?, ?) ON CONFLICT(key) DO UPDATE SET value = ?").run(key, value, value);
+  }
+  ftsInsert(obs) {
+    this.db.query(`INSERT INTO observations_fts (rowid, title, narrative, facts, concepts)
+        VALUES (?, ?, ?, ?, ?)`).run(obs.id, obs.title, obs.narrative, obs.facts, obs.concepts);
+  }
+  ftsDelete(obs) {
+    this.db.query(`INSERT INTO observations_fts (observations_fts, rowid, title, narrative, facts, concepts)
+        VALUES ('delete', ?, ?, ?, ?, ?)`).run(obs.id, obs.title, obs.narrative, obs.facts, obs.concepts);
+  }
+  vecInsert(observationId, embedding) {
+    if (!this.vecAvailable)
+      return;
+    this.db.query("INSERT OR REPLACE INTO vec_observations (observation_id, embedding) VALUES (?, ?)").run(observationId, new Uint8Array(embedding.buffer));
+  }
+  vecDelete(observationId) {
+    if (!this.vecAvailable)
+      return;
+    this.db.query("DELETE FROM vec_observations WHERE observation_id = ?").run(observationId);
+  }
+  searchVec(queryEmbedding, projectId, lifecycles = ["active", "aging", "pinned"], limit = 20) {
+    if (!this.vecAvailable)
+      return [];
+    const lifecyclePlaceholders = lifecycles.map(() => "?").join(",");
+    const embeddingBlob = new Uint8Array(queryEmbedding.buffer);
+    if (projectId !== null) {
+      return this.db.query(`SELECT v.observation_id, v.distance
+           FROM vec_observations v
+           JOIN observations o ON o.id = v.observation_id
+           WHERE v.embedding MATCH ?
+             AND k = ?
+             AND o.project_id = ?
+             AND o.lifecycle IN (${lifecyclePlaceholders})
+             AND o.superseded_by IS NULL`).all(embeddingBlob, limit, projectId, ...lifecycles);
+    }
+    return this.db.query(`SELECT v.observation_id, v.distance
+         FROM vec_observations v
+         JOIN observations o ON o.id = v.observation_id
+         WHERE v.embedding MATCH ?
+           AND k = ?
+           AND o.lifecycle IN (${lifecyclePlaceholders})
+           AND o.superseded_by IS NULL`).all(embeddingBlob, limit, ...lifecycles);
+  }
+  getUnembeddedCount() {
+    if (!this.vecAvailable)
+      return 0;
+    const result = this.db.query(`SELECT COUNT(*) as count FROM observations o
+         WHERE o.lifecycle IN ('active', 'aging', 'pinned')
+         AND o.superseded_by IS NULL
+         AND NOT EXISTS (
+           SELECT 1 FROM vec_observations v WHERE v.observation_id = o.id
+         )`).get();
+    return result?.count ?? 0;
+  }
+  getUnembeddedObservations(limit = 100) {
+    if (!this.vecAvailable)
+      return [];
+    return this.db.query(`SELECT o.* FROM observations o
+         WHERE o.lifecycle IN ('active', 'aging', 'pinned')
+         AND o.superseded_by IS NULL
+         AND NOT EXISTS (
+           SELECT 1 FROM vec_observations v WHERE v.observation_id = o.id
+         )
+         ORDER BY o.created_at_epoch DESC
+         LIMIT ?`).all(limit);
+  }
+  insertSessionSummary(summary) {
+    const now = Math.floor(Date.now() / 1000);
+    const result = this.db.query(`INSERT INTO session_summaries (session_id, project_id, user_id, request, investigated, learned, completed, next_steps, created_at_epoch)
+        VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)`).run(summary.session_id, summary.project_id, summary.user_id, summary.request, summary.investigated, summary.learned, summary.completed, summary.next_steps, now);
+    const id = Number(result.lastInsertRowid);
+    return this.db.query("SELECT * FROM session_summaries WHERE id = ?").get(id);
+  }
+  getSessionSummary(sessionId) {
+    return this.db.query("SELECT * FROM session_summaries WHERE session_id = ?").get(sessionId) ?? null;
+  }
+  getRecentSummaries(projectId, limit = 5) {
+    return this.db.query(`SELECT * FROM session_summaries
+         WHERE project_id = ?
+         ORDER BY created_at_epoch DESC, id DESC
+         LIMIT ?`).all(projectId, limit);
+  }
+  incrementSessionMetrics(sessionId, increments) {
+    const sets = [];
+    const params = [];
+    if (increments.files) {
+      sets.push("files_touched_count = files_touched_count + ?");
+      params.push(increments.files);
+    }
+    if (increments.searches) {
+      sets.push("searches_performed = searches_performed + ?");
+      params.push(increments.searches);
+    }
+    if (increments.toolCalls) {
+      sets.push("tool_calls_count = tool_calls_count + ?");
+      params.push(increments.toolCalls);
+    }
+    if (sets.length === 0)
+      return;
+    params.push(sessionId);
+    this.db.query(`UPDATE sessions SET ${sets.join(", ")} WHERE session_id = ?`).run(...params);
+  }
+  getSessionMetrics(sessionId) {
+    return this.db.query("SELECT * FROM sessions WHERE session_id = ?").get(sessionId) ?? null;
+  }
+  insertSecurityFinding(finding) {
+    const now = Math.floor(Date.now() / 1000);
+    const result = this.db.query(`INSERT INTO security_findings (session_id, project_id, finding_type, severity, pattern_name, file_path, snippet, tool_name, user_id, device_id, created_at_epoch)
+        VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`).run(finding.session_id ?? null, finding.project_id, finding.finding_type, finding.severity, finding.pattern_name, finding.file_path ?? null, finding.snippet ?? null, finding.tool_name ?? null, finding.user_id, finding.device_id, now);
+    const id = Number(result.lastInsertRowid);
+    return this.db.query("SELECT * FROM security_findings WHERE id = ?").get(id);
+  }
+  getSecurityFindings(projectId, options = {}) {
+    const limit = options.limit ?? 50;
+    if (options.severity) {
+      return this.db.query(`SELECT * FROM security_findings
+           WHERE project_id = ? AND severity = ?
+           ORDER BY created_at_epoch DESC
+           LIMIT ?`).all(projectId, options.severity, limit);
+    }
+    return this.db.query(`SELECT * FROM security_findings
+         WHERE project_id = ?
+         ORDER BY created_at_epoch DESC
+         LIMIT ?`).all(projectId, limit);
+  }
+  getSecurityFindingsCount(projectId) {
+    const rows = this.db.query(`SELECT severity, COUNT(*) as count FROM security_findings
+         WHERE project_id = ?
+         GROUP BY severity`).all(projectId);
+    const counts = {
+      critical: 0,
+      high: 0,
+      medium: 0,
+      low: 0
+    };
+    for (const row of rows) {
+      counts[row.severity] = row.count;
+    }
+    return counts;
+  }
+  setSessionRiskScore(sessionId, score) {
+    this.db.query("UPDATE sessions SET risk_score = ? WHERE session_id = ?").run(score, sessionId);
+  }
+  getObservationsBySession(sessionId) {
+    return this.db.query(`SELECT * FROM observations WHERE session_id = ? ORDER BY created_at_epoch ASC`).all(sessionId);
+  }
+  getInstalledPacks() {
+    try {
+      const rows = this.db.query("SELECT name FROM packs_installed").all();
+      return rows.map((r) => r.name);
+    } catch {
+      return [];
+    }
+  }
+  markPackInstalled(name, observationCount) {
+    const now = Math.floor(Date.now() / 1000);
+    this.db.query("INSERT OR REPLACE INTO packs_installed (name, installed_at, observation_count) VALUES (?, ?, ?)").run(name, now, observationCount);
+  }
+}
+
+// src/capture/extractor.ts
+var SKIP_TOOLS = new Set([
+  "Glob",
+  "Grep",
+  "Read",
+  "WebSearch",
+  "WebFetch",
+  "Agent"
+]);
+var SKIP_BASH_PATTERNS = [
+  /^\s*(ls|pwd|cd|echo|cat|head|tail|wc|which|whoami|date|uname)\b/,
+  /^\s*git\s+(status|log|branch|diff|show|remote)\b/,
+  /^\s*(node|bun|npm|npx|yarn|pnpm)\s+--?version\b/,
+  /^\s*export\s+/,
+  /^\s*#/
+];
+var TRIVIAL_RESPONSE_PATTERNS = [
+  /^$/,
+  /^\s*$/,
+  /^Already up to date\.$/
+];
+function extractObservation(event) {
+  const { tool_name, tool_input, tool_response } = event;
+  if (SKIP_TOOLS.has(tool_name)) {
+    return null;
+  }
+  switch (tool_name) {
+    case "Edit":
+      return extractFromEdit(tool_input, tool_response);
+    case "Write":
+      return extractFromWrite(tool_input, tool_response);
+    case "Bash":
+      return extractFromBash(tool_input, tool_response);
+    default:
+      if (tool_name.startsWith("mcp__")) {
+        return extractFromMcpTool(tool_name, tool_input, tool_response);
+      }
+      return null;
+  }
+}
+function extractFromEdit(input, response) {
+  const filePath = input["file_path"];
+  if (!filePath)
+    return null;
+  const oldStr = input["old_string"];
+  const newStr = input["new_string"];
+  if (!oldStr && !newStr)
+    return null;
+  if (oldStr && newStr) {
+    const oldTrimmed = oldStr.trim();
+    const newTrimmed = newStr.trim();
+    if (oldTrimmed === newTrimmed)
+      return null;
+    if (Math.abs(oldTrimmed.length - newTrimmed.length) < 3 && oldTrimmed.length < 20) {
+      return null;
+    }
+  }
+  const fileName = filePath.split("/").pop() ?? filePath;
+  const changeSize = (newStr?.length ?? 0) - (oldStr?.length ?? 0);
+  const verb = changeSize > 50 ? "Extended" : changeSize < -50 ? "Reduced" : "Modified";
+  return {
+    type: "change",
+    title: `${verb} ${fileName}`,
+    narrative: buildEditNarrative(oldStr, newStr, filePath),
+    files_modified: [filePath]
+  };
+}
+function extractFromWrite(input, response) {
+  const filePath = input["file_path"];
+  if (!filePath)
+    return null;
+  const content = input["content"];
+  const fileName = filePath.split("/").pop() ?? filePath;
+  if (content === undefined || content.length < 50)
+    return null;
+  return {
+    type: "change",
+    title: `Created ${fileName}`,
+    narrative: `New file created: ${filePath}`,
+    files_modified: [filePath]
+  };
+}
+function extractFromBash(input, response) {
+  const command = input["command"];
+  if (!command)
+    return null;
+  for (const pattern of SKIP_BASH_PATTERNS) {
+    if (pattern.test(command))
+      return null;
+  }
+  for (const pattern of TRIVIAL_RESPONSE_PATTERNS) {
+    if (pattern.test(response.trim()))
+      return null;
+  }
+  const hasError = detectError(response);
+  const isTestRun = detectTestRun(command);
+  if (isTestRun) {
+    return extractTestResult(command, response);
+  }
+  if (hasError) {
+    return {
+      type: "bugfix",
+      title: summariseCommand(command) + " (error)",
+      narrative: `Command: ${truncate(command, 200)}
+Error: ${truncate(response, 500)}`
+    };
+  }
+  if (/\b(npm|bun|yarn|pnpm)\s+(install|add|remove|uninstall)\b/.test(command)) {
+    return {
+      type: "change",
+      title: `Dependency change: ${summariseCommand(command)}`,
+      narrative: `Command: ${truncate(command, 200)}
+Output: ${truncate(response, 300)}`
+    };
+  }
+  if (/\b(npm|bun|yarn)\s+(run\s+)?(build|compile|bundle)\b/.test(command)) {
+    if (hasError) {
+      return {
+        type: "bugfix",
+        title: `Build failure: ${summariseCommand(command)}`,
+        narrative: `Build command failed.
+Command: ${truncate(command, 200)}
+Output: ${truncate(response, 500)}`
+      };
+    }
+    return null;
+  }
+  if (response.length > 200) {
+    return {
+      type: "change",
+      title: summariseCommand(command),
+      narrative: `Command: ${truncate(command, 200)}
+Output: ${truncate(response, 300)}`
+    };
+  }
+  return null;
+}
+function extractFromMcpTool(toolName, input, response) {
+  if (toolName.startsWith("mcp__engrm__"))
+    return null;
+  if (response.length < 100)
+    return null;
+  const parts = toolName.split("__");
+  const serverName = parts[1] ?? "unknown";
+  const toolAction = parts[2] ?? "unknown";
+  return {
+    type: "change",
+    title: `${serverName}: ${toolAction}`,
+    narrative: `MCP tool ${toolName} called.
+Response: ${truncate(response, 300)}`
+  };
+}
+function detectError(response) {
+  const lower = response.toLowerCase();
+  return lower.includes("error:") || lower.includes("error[") || lower.includes("failed") || lower.includes("exception") || lower.includes("traceback") || lower.includes("panic:") || lower.includes("fatal:") || /exit code [1-9]/.test(lower);
+}
+function detectTestRun(command) {
+  return /\b(test|spec|jest|vitest|mocha|pytest|cargo\s+test|go\s+test|bun\s+test)\b/i.test(command);
+}
+function extractTestResult(command, response) {
+  const hasFailure = /[1-9]\d*\s+(fail|failed|failures?)\b/i.test(response) || /\bFAILED\b/.test(response) || /\berror\b/i.test(response);
+  const hasPass = /\d+\s+(pass|passed|ok)\b/i.test(response) || /\bPASS\b/.test(response);
+  if (hasFailure) {
+    return {
+      type: "bugfix",
+      title: `Test failure: ${summariseCommand(command)}`,
+      narrative: `Test run failed.
+Command: ${truncate(command, 200)}
+Output: ${truncate(response, 500)}`
+    };
+  }
+  if (hasPass && !hasFailure) {
+    return null;
+  }
+  return null;
+}
+function buildEditNarrative(oldStr, newStr, filePath) {
+  const parts = [`File: ${filePath}`];
+  if (oldStr && newStr) {
+    const oldLines = oldStr.split(`
+`).length;
+    const newLines = newStr.split(`
+`).length;
+    if (oldLines !== newLines) {
+      parts.push(`Lines: ${oldLines} → ${newLines}`);
+    }
+    parts.push(`Replaced: ${truncate(oldStr, 100)}`);
+    parts.push(`With: ${truncate(newStr, 100)}`);
+  } else if (newStr) {
+    parts.push(`Added: ${truncate(newStr, 150)}`);
+  }
+  return parts.join(`
+`);
+}
+function summariseCommand(command) {
+  const trimmed = command.trim();
+  const firstLine = trimmed.split(`
+`)[0] ?? trimmed;
+  return truncate(firstLine, 80);
+}
+function truncate(text, maxLen) {
+  if (text.length <= maxLen)
+    return text;
+  return text.slice(0, maxLen - 3) + "...";
+}
+
+// src/tools/save.ts
+import { relative, isAbsolute } from "node:path";
+
+// src/capture/scrubber.ts
+var DEFAULT_PATTERNS = [
+  {
+    source: "sk-[a-zA-Z0-9]{20,}",
+    flags: "g",
+    replacement: "[REDACTED_API_KEY]",
+    description: "OpenAI API keys",
+    category: "api_key",
+    severity: "critical"
+  },
+  {
+    source: "Bearer [a-zA-Z0-9\\-._~+/]+=*",
+    flags: "g",
+    replacement: "[REDACTED_BEARER]",
+    description: "Bearer auth tokens",
+    category: "token",
+    severity: "medium"
+  },
+  {
+    source: "password[=:]\\s*\\S+",
+    flags: "gi",
+    replacement: "password=[REDACTED]",
+    description: "Passwords in config",
+    category: "password",
+    severity: "high"
+  },
+  {
+    source: "postgresql://[^\\s]+",
+    flags: "g",
+    replacement: "[REDACTED_DB_URL]",
+    description: "PostgreSQL connection strings",
+    category: "db_url",
+    severity: "high"
+  },
+  {
+    source: "mongodb://[^\\s]+",
+    flags: "g",
+    replacement: "[REDACTED_DB_URL]",
+    description: "MongoDB connection strings",
+    category: "db_url",
+    severity: "high"
+  },
+  {
+    source: "mysql://[^\\s]+",
+    flags: "g",
+    replacement: "[REDACTED_DB_URL]",
+    description: "MySQL connection strings",
+    category: "db_url",
+    severity: "high"
+  },
+  {
+    source: "AKIA[A-Z0-9]{16}",
+    flags: "g",
+    replacement: "[REDACTED_AWS_KEY]",
+    description: "AWS access keys",
+    category: "api_key",
+    severity: "critical"
+  },
+  {
+    source: "ghp_[a-zA-Z0-9]{36}",
+    flags: "g",
+    replacement: "[REDACTED_GH_TOKEN]",
+    description: "GitHub personal access tokens",
+    category: "token",
+    severity: "high"
+  },
+  {
+    source: "gho_[a-zA-Z0-9]{36}",
+    flags: "g",
+    replacement: "[REDACTED_GH_TOKEN]",
+    description: "GitHub OAuth tokens",
+    category: "token",
+    severity: "high"
+  },
+  {
+    source: "github_pat_[a-zA-Z0-9_]{22,}",
+    flags: "g",
+    replacement: "[REDACTED_GH_TOKEN]",
+    description: "GitHub fine-grained PATs",
+    category: "token",
+    severity: "high"
+  },
+  {
+    source: "cvk_[a-f0-9]{64}",
+    flags: "g",
+    replacement: "[REDACTED_CANDENGO_KEY]",
+    description: "Candengo API keys",
+    category: "api_key",
+    severity: "critical"
+  },
+  {
+    source: "xox[bpras]-[a-zA-Z0-9\\-]+",
+    flags: "g",
+    replacement: "[REDACTED_SLACK_TOKEN]",
+    description: "Slack tokens",
+    category: "token",
+    severity: "high"
+  }
+];
+function compileCustomPatterns(patterns) {
+  const compiled = [];
+  for (const pattern of patterns) {
+    try {
+      new RegExp(pattern);
+      compiled.push({
+        source: pattern,
+        flags: "g",
+        replacement: "[REDACTED_CUSTOM]",
+        description: `Custom pattern: ${pattern}`,
+        category: "custom",
+        severity: "medium"
+      });
+    } catch {}
+  }
+  return compiled;
+}
+function scrubSecrets(text, customPatterns = []) {
+  let result = text;
+  const allPatterns = [...DEFAULT_PATTERNS, ...compileCustomPatterns(customPatterns)];
+  for (const pattern of allPatterns) {
+    result = result.replace(new RegExp(pattern.source, pattern.flags), pattern.replacement);
+  }
+  return result;
+}
+function containsSecrets(text, customPatterns = []) {
+  const allPatterns = [...DEFAULT_PATTERNS, ...compileCustomPatterns(customPatterns)];
+  for (const pattern of allPatterns) {
+    if (new RegExp(pattern.source, pattern.flags).test(text))
+      return true;
+  }
+  return false;
+}
+
+// src/capture/quality.ts
+var QUALITY_THRESHOLD = 0.1;
+function scoreQuality(input) {
+  let score = 0;
+  switch (input.type) {
+    case "bugfix":
+      score += 0.3;
+      break;
+    case "decision":
+      score += 0.3;
+      break;
+    case "discovery":
+      score += 0.2;
+      break;
+    case "pattern":
+      score += 0.2;
+      break;
+    case "feature":
+      score += 0.15;
+      break;
+    case "refactor":
+      score += 0.15;
+      break;
+    case "change":
+      score += 0.05;
+      break;
+    case "digest":
+      score += 0.3;
+      break;
+  }
+  if (input.narrative && input.narrative.length > 50) {
+    score += 0.15;
+  }
+  if (input.facts) {
+    try {
+      const factsArray = JSON.parse(input.facts);
+      if (factsArray.length >= 2)
+        score += 0.15;
+      else if (factsArray.length === 1)
+        score += 0.05;
+    } catch {
+      if (input.facts.length > 20)
+        score += 0.05;
+    }
+  }
+  if (input.concepts) {
+    try {
+      const conceptsArray = JSON.parse(input.concepts);
+      if (conceptsArray.length >= 1)
+        score += 0.1;
+    } catch {
+      if (input.concepts.length > 10)
+        score += 0.05;
+    }
+  }
+  const modifiedCount = input.filesModified?.length ?? 0;
+  if (modifiedCount >= 3)
+    score += 0.2;
+  else if (modifiedCount >= 1)
+    score += 0.1;
+  if (input.isDuplicate) {
+    score -= 0.3;
+  }
+  return Math.max(0, Math.min(1, score));
+}
+function meetsQualityThreshold(input) {
+  return scoreQuality(input) >= QUALITY_THRESHOLD;
+}
+
+// src/capture/dedup.ts
+function tokenise(text) {
+  const cleaned = text.toLowerCase().replace(/[^a-z0-9\s]/g, " ").trim();
+  const tokens = cleaned.split(/\s+/).filter((t) => t.length > 0);
+  return new Set(tokens);
+}
+function jaccardSimilarity(a, b) {
+  const tokensA = tokenise(a);
+  const tokensB = tokenise(b);
+  if (tokensA.size === 0 && tokensB.size === 0)
+    return 1;
+  if (tokensA.size === 0 || tokensB.size === 0)
+    return 0;
+  let intersectionSize = 0;
+  for (const token of tokensA) {
+    if (tokensB.has(token))
+      intersectionSize++;
+  }
+  const unionSize = tokensA.size + tokensB.size - intersectionSize;
+  if (unionSize === 0)
+    return 0;
+  return intersectionSize / unionSize;
+}
+var DEDUP_THRESHOLD = 0.8;
+function findDuplicate(newTitle, candidates) {
+  let bestMatch = null;
+  let bestScore = 0;
+  for (const candidate of candidates) {
+    const similarity = jaccardSimilarity(newTitle, candidate.title);
+    if (similarity > DEDUP_THRESHOLD && similarity > bestScore) {
+      bestScore = similarity;
+      bestMatch = candidate;
+    }
+  }
+  return bestMatch;
+}
+
+// src/storage/projects.ts
+import { execSync } from "node:child_process";
+import { existsSync as existsSync2, readFileSync as readFileSync2 } from "node:fs";
+import { basename, join as join2 } from "node:path";
+function normaliseGitRemoteUrl(remoteUrl) {
+  let url = remoteUrl.trim();
+  url = url.replace(/^(?:https?|ssh|git):\/\//, "");
+  url = url.replace(/^[^@]+@/, "");
+  url = url.replace(/^([^/:]+):(?!\d)/, "$1/");
+  url = url.replace(/\.git$/, "");
+  url = url.replace(/\/+$/, "");
+  const slashIndex = url.indexOf("/");
+  if (slashIndex !== -1) {
+    const host = url.substring(0, slashIndex).toLowerCase();
+    const path = url.substring(slashIndex);
+    url = host + path;
+  } else {
+    url = url.toLowerCase();
+  }
+  return url;
+}
+function projectNameFromCanonicalId(canonicalId) {
+  const parts = canonicalId.split("/");
+  return parts[parts.length - 1] ?? canonicalId;
+}
+function getGitRemoteUrl(directory) {
+  try {
+    const url = execSync("git remote get-url origin", {
+      cwd: directory,
+      encoding: "utf-8",
+      timeout: 5000,
+      stdio: ["pipe", "pipe", "pipe"]
+    }).trim();
+    return url || null;
+  } catch {
+    try {
+      const remotes = execSync("git remote", {
+        cwd: directory,
+        encoding: "utf-8",
+        timeout: 5000,
+        stdio: ["pipe", "pipe", "pipe"]
+      }).trim().split(`
+`).filter(Boolean);
+      if (remotes.length === 0)
+        return null;
+      const url = execSync(`git remote get-url ${remotes[0]}`, {
+        cwd: directory,
+        encoding: "utf-8",
+        timeout: 5000,
+        stdio: ["pipe", "pipe", "pipe"]
+      }).trim();
+      return url || null;
+    } catch {
+      return null;
+    }
+  }
+}
+function readProjectConfigFile(directory) {
+  const configPath = join2(directory, ".engrm.json");
+  if (!existsSync2(configPath))
+    return null;
+  try {
+    const raw = readFileSync2(configPath, "utf-8");
+    const parsed = JSON.parse(raw);
+    if (typeof parsed["project_id"] !== "string" || !parsed["project_id"]) {
+      return null;
+    }
+    return {
+      project_id: parsed["project_id"],
+      name: typeof parsed["name"] === "string" ? parsed["name"] : undefined
+    };
+  } catch {
+    return null;
+  }
+}
+function detectProject(directory) {
+  const remoteUrl = getGitRemoteUrl(directory);
+  if (remoteUrl) {
+    const canonicalId = normaliseGitRemoteUrl(remoteUrl);
+    return {
+      canonical_id: canonicalId,
+      name: projectNameFromCanonicalId(canonicalId),
+      remote_url: remoteUrl,
+      local_path: directory
+    };
+  }
+  const configFile = readProjectConfigFile(directory);
+  if (configFile) {
+    return {
+      canonical_id: configFile.project_id,
+      name: configFile.name ?? projectNameFromCanonicalId(configFile.project_id),
+      remote_url: null,
+      local_path: directory
+    };
+  }
+  const dirName = basename(directory);
+  return {
+    canonical_id: `local/${dirName}`,
+    name: dirName,
+    remote_url: null,
+    local_path: directory
+  };
+}
+
+// src/embeddings/embedder.ts
+var _available = null;
+var _pipeline = null;
+var MODEL_NAME = "Xenova/all-MiniLM-L6-v2";
+async function embedText(text) {
+  const pipe = await getPipeline();
+  if (!pipe)
+    return null;
+  try {
+    const output = await pipe(text, { pooling: "mean", normalize: true });
+    return new Float32Array(output.data);
+  } catch {
+    return null;
+  }
+}
+function composeEmbeddingText(obs) {
+  const parts = [obs.title];
+  if (obs.narrative)
+    parts.push(obs.narrative);
+  if (obs.facts) {
+    try {
+      const facts = JSON.parse(obs.facts);
+      if (Array.isArray(facts) && facts.length > 0) {
+        parts.push(facts.map((f) => `- ${f}`).join(`
+`));
+      }
+    } catch {
+      parts.push(obs.facts);
+    }
+  }
+  if (obs.concepts) {
+    try {
+      const concepts = JSON.parse(obs.concepts);
+      if (Array.isArray(concepts) && concepts.length > 0) {
+        parts.push(concepts.join(", "));
+      }
+    } catch {}
+  }
+  return parts.join(`
+
+`);
+}
+async function getPipeline() {
+  if (_pipeline)
+    return _pipeline;
+  if (_available === false)
+    return null;
+  try {
+    const { pipeline } = await import("@xenova/transformers");
+    _pipeline = await pipeline("feature-extraction", MODEL_NAME);
+    _available = true;
+    return _pipeline;
+  } catch (err) {
+    _available = false;
+    console.error(`[engrm] Local embedding model unavailable: ${err instanceof Error ? err.message : String(err)}`);
+    return null;
+  }
+}
+
+// src/capture/recurrence.ts
+var DISTANCE_THRESHOLD = 0.15;
+async function detectRecurrence(db, config, observation) {
+  if (observation.type !== "bugfix") {
+    return { patternCreated: false };
+  }
+  if (!db.vecAvailable) {
+    return { patternCreated: false };
+  }
+  const text = composeEmbeddingText(observation);
+  const embedding = await embedText(text);
+  if (!embedding) {
+    return { patternCreated: false };
+  }
+  const vecResults = db.searchVec(embedding, null, ["active", "aging", "pinned"], 10);
+  for (const match of vecResults) {
+    if (match.observation_id === observation.id)
+      continue;
+    if (match.distance > DISTANCE_THRESHOLD)
+      continue;
+    const matched = db.getObservationById(match.observation_id);
+    if (!matched)
+      continue;
+    if (matched.type !== "bugfix")
+      continue;
+    if (matched.session_id === observation.session_id)
+      continue;
+    if (await patternAlreadyExists(db, observation, matched))
+      continue;
+    let matchedProjectName;
+    if (matched.project_id !== observation.project_id) {
+      const proj = db.getProjectById(matched.project_id);
+      if (proj)
+        matchedProjectName = proj.name;
+    }
+    const similarity = 1 - match.distance;
+    const result = await saveObservation(db, config, {
+      type: "pattern",
+      title: `Recurring bugfix: ${observation.title}`,
+      narrative: `This bug pattern has appeared in multiple sessions. Original: "${matched.title}" (session ${matched.session_id?.slice(0, 8) ?? "unknown"}). Latest: "${observation.title}". Similarity: ${(similarity * 100).toFixed(0)}%. Consider addressing the root cause.`,
+      facts: [
+        `First seen: ${matched.created_at.split("T")[0]}`,
+        `Recurred: ${observation.created_at.split("T")[0]}`,
+        `Similarity: ${(similarity * 100).toFixed(0)}%`
+      ],
+      concepts: mergeConceptsFromBoth(observation, matched),
+      cwd: process.cwd(),
+      session_id: observation.session_id ?? undefined
+    });
+    if (result.success && result.observation_id) {
+      return {
+        patternCreated: true,
+        patternId: result.observation_id,
+        matchedObservationId: matched.id,
+        matchedProjectName,
+        matchedTitle: matched.title,
+        similarity
+      };
+    }
+  }
+  return { patternCreated: false };
+}
+async function patternAlreadyExists(db, obs1, obs2) {
+  const recentPatterns = db.db.query(`SELECT * FROM observations
+       WHERE type = 'pattern' AND lifecycle IN ('active', 'aging', 'pinned')
+       AND title LIKE ?
+       ORDER BY created_at_epoch DESC LIMIT 5`).all(`%${obs1.title.slice(0, 30)}%`);
+  for (const p of recentPatterns) {
+    if (p.narrative?.includes(obs2.title.slice(0, 30)))
+      return true;
+  }
+  return false;
+}
+function mergeConceptsFromBoth(obs1, obs2) {
+  const concepts = new Set;
+  for (const obs of [obs1, obs2]) {
+    if (obs.concepts) {
+      try {
+        const parsed = JSON.parse(obs.concepts);
+        if (Array.isArray(parsed)) {
+          for (const c of parsed) {
+            if (typeof c === "string")
+              concepts.add(c);
+          }
+        }
+      } catch {}
+    }
+  }
+  return [...concepts];
+}
+
+// src/capture/conflict.ts
+var SIMILARITY_THRESHOLD = 0.25;
+async function detectDecisionConflict(db, observation) {
+  if (observation.type !== "decision") {
+    return { hasConflict: false };
+  }
+  if (!observation.narrative || observation.narrative.trim().length < 20) {
+    return { hasConflict: false };
+  }
+  if (db.vecAvailable) {
+    return detectViaVec(db, observation);
+  }
+  return detectViaFts(db, observation);
+}
+async function detectViaVec(db, observation) {
+  const text = composeEmbeddingText(observation);
+  const embedding = await embedText(text);
+  if (!embedding)
+    return { hasConflict: false };
+  const results = db.searchVec(embedding, observation.project_id, ["active", "aging", "pinned"], 10);
+  for (const match of results) {
+    if (match.observation_id === observation.id)
+      continue;
+    if (match.distance > SIMILARITY_THRESHOLD)
+      continue;
+    const existing = db.getObservationById(match.observation_id);
+    if (!existing)
+      continue;
+    if (existing.type !== "decision")
+      continue;
+    if (!existing.narrative)
+      continue;
+    const conflict = narrativesConflict(observation.narrative, existing.narrative);
+    if (conflict) {
+      return {
+        hasConflict: true,
+        conflictingId: existing.id,
+        conflictingTitle: existing.title,
+        reason: conflict
+      };
+    }
+  }
+  return { hasConflict: false };
+}
+async function detectViaFts(db, observation) {
+  const keywords = observation.title.split(/\s+/).filter((w) => w.length > 3).slice(0, 5).join(" ");
+  if (!keywords)
+    return { hasConflict: false };
+  const ftsResults = db.searchFts(keywords, observation.project_id, ["active", "aging", "pinned"], 10);
+  for (const match of ftsResults) {
+    if (match.id === observation.id)
+      continue;
+    const existing = db.getObservationById(match.id);
+    if (!existing)
+      continue;
+    if (existing.type !== "decision")
+      continue;
+    if (!existing.narrative)
+      continue;
+    const conflict = narrativesConflict(observation.narrative, existing.narrative);
+    if (conflict) {
+      return {
+        hasConflict: true,
+        conflictingId: existing.id,
+        conflictingTitle: existing.title,
+        reason: conflict
+      };
+    }
+  }
+  return { hasConflict: false };
+}
+function narrativesConflict(narrative1, narrative2) {
+  const n1 = narrative1.toLowerCase();
+  const n2 = narrative2.toLowerCase();
+  const opposingPairs = [
+    [["should use", "decided to use", "chose", "prefer", "went with"], ["should not", "decided against", "avoid", "rejected", "don't use"]],
+    [["enable", "turn on", "activate", "add"], ["disable", "turn off", "deactivate", "remove"]],
+    [["increase", "more", "higher", "scale up"], ["decrease", "less", "lower", "scale down"]],
+    [["keep", "maintain", "preserve"], ["replace", "migrate", "switch from", "deprecate"]]
+  ];
+  for (const [positive, negative] of opposingPairs) {
+    const n1HasPositive = positive.some((w) => n1.includes(w));
+    const n1HasNegative = negative.some((w) => n1.includes(w));
+    const n2HasPositive = positive.some((w) => n2.includes(w));
+    const n2HasNegative = negative.some((w) => n2.includes(w));
+    if (n1HasPositive && n2HasNegative || n1HasNegative && n2HasPositive) {
+      return "Narratives suggest opposing conclusions on a similar topic";
+    }
+  }
+  return null;
+}
+
+// src/tools/save.ts
+var VALID_TYPES = [
+  "bugfix",
+  "discovery",
+  "decision",
+  "pattern",
+  "change",
+  "feature",
+  "refactor",
+  "digest",
+  "standard"
+];
+async function saveObservation(db, config, input) {
+  if (!VALID_TYPES.includes(input.type)) {
+    return {
+      success: false,
+      reason: `Invalid type '${input.type}'. Must be one of: ${VALID_TYPES.join(", ")}`
+    };
+  }
+  if (!input.title || input.title.trim().length === 0) {
+    return { success: false, reason: "Title is required" };
+  }
+  const cwd = input.cwd ?? process.cwd();
+  const detected = detectProject(cwd);
+  const project = db.upsertProject({
+    canonical_id: detected.canonical_id,
+    name: detected.name,
+    local_path: detected.local_path,
+    remote_url: detected.remote_url
+  });
+  const customPatterns = config.scrubbing.enabled ? config.scrubbing.custom_patterns : [];
+  const title = config.scrubbing.enabled ? scrubSecrets(input.title, customPatterns) : input.title;
+  const narrative = input.narrative ? config.scrubbing.enabled ? scrubSecrets(input.narrative, customPatterns) : input.narrative : null;
+  const factsJson = input.facts ? config.scrubbing.enabled ? scrubSecrets(JSON.stringify(input.facts), customPatterns) : JSON.stringify(input.facts) : null;
+  const conceptsJson = input.concepts ? JSON.stringify(input.concepts) : null;
+  const filesRead = input.files_read ? input.files_read.map((f) => toRelativePath(f, cwd)) : null;
+  const filesModified = input.files_modified ? input.files_modified.map((f) => toRelativePath(f, cwd)) : null;
+  const filesReadJson = filesRead ? JSON.stringify(filesRead) : null;
+  const filesModifiedJson = filesModified ? JSON.stringify(filesModified) : null;
+  let sensitivity = input.sensitivity ?? config.scrubbing.default_sensitivity;
+  if (config.scrubbing.enabled && containsSecrets([input.title, input.narrative, JSON.stringify(input.facts)].filter(Boolean).join(" "), customPatterns)) {
+    if (sensitivity === "shared") {
+      sensitivity = "personal";
+    }
+  }
+  const oneDayAgo = Math.floor(Date.now() / 1000) - 86400;
+  const recentObs = db.getRecentObservations(project.id, oneDayAgo);
+  const candidates = recentObs.map((o) => ({
+    id: o.id,
+    title: o.title
+  }));
+  const duplicate = findDuplicate(title, candidates);
+  const qualityInput = {
+    type: input.type,
+    title,
+    narrative,
+    facts: factsJson,
+    concepts: conceptsJson,
+    filesRead,
+    filesModified,
+    isDuplicate: duplicate !== null
+  };
+  const qualityScore = scoreQuality(qualityInput);
+  if (!meetsQualityThreshold(qualityInput)) {
+    return {
+      success: false,
+      quality_score: qualityScore,
+      reason: `Quality score ${qualityScore.toFixed(2)} below threshold`
+    };
+  }
+  if (duplicate) {
+    return {
+      success: true,
+      merged_into: duplicate.id,
+      quality_score: qualityScore,
+      reason: `Merged into existing observation #${duplicate.id}`
+    };
+  }
+  const obs = db.insertObservation({
+    session_id: input.session_id ?? null,
+    project_id: project.id,
+    type: input.type,
+    title,
+    narrative,
+    facts: factsJson,
+    concepts: conceptsJson,
+    files_read: filesReadJson,
+    files_modified: filesModifiedJson,
+    quality: qualityScore,
+    lifecycle: "active",
+    sensitivity,
+    user_id: config.user_id,
+    device_id: config.device_id,
+    agent: input.agent ?? "claude-code"
+  });
+  db.addToOutbox("observation", obs.id);
+  if (db.vecAvailable) {
+    try {
+      const text = composeEmbeddingText(obs);
+      const embedding = await embedText(text);
+      if (embedding) {
+        db.vecInsert(obs.id, embedding);
+      }
+    } catch {}
+  }
+  let recallHint;
+  if (input.type === "bugfix") {
+    try {
+      const recurrence = await detectRecurrence(db, config, obs);
+      if (recurrence.patternCreated && recurrence.matchedTitle) {
+        const projectLabel = recurrence.matchedProjectName ? ` in ${recurrence.matchedProjectName}` : "";
+        recallHint = `You solved a similar issue${projectLabel}: "${recurrence.matchedTitle}"`;
+      }
+    } catch {}
+  }
+  let conflictWarning;
+  if (input.type === "decision") {
+    try {
+      const conflict = await detectDecisionConflict(db, obs);
+      if (conflict.hasConflict && conflict.conflictingTitle) {
+        conflictWarning = `Potential conflict with existing decision: "${conflict.conflictingTitle}" — ${conflict.reason}`;
+      }
+    } catch {}
+  }
+  return {
+    success: true,
+    observation_id: obs.id,
+    quality_score: qualityScore,
+    recall_hint: recallHint,
+    conflict_warning: conflictWarning
+  };
+}
+function toRelativePath(filePath, projectRoot) {
+  if (!isAbsolute(filePath))
+    return filePath;
+  const rel = relative(projectRoot, filePath);
+  if (rel.startsWith(".."))
+    return filePath;
+  return rel;
+}
+
+// src/capture/scanner.ts
+function scanForSecrets(text, customPatterns = []) {
+  if (!text)
+    return [];
+  const allPatterns = [
+    ...DEFAULT_PATTERNS,
+    ...compileCustomScanPatterns(customPatterns)
+  ];
+  const findings = [];
+  for (const pattern of allPatterns) {
+    const regex = new RegExp(pattern.source, pattern.flags);
+    let match;
+    while ((match = regex.exec(text)) !== null) {
+      const snippet = buildRedactedSnippet(text, match.index, match[0].length, pattern.replacement);
+      findings.push({
+        finding_type: pattern.category,
+        severity: pattern.severity,
+        pattern_name: pattern.description,
+        snippet
+      });
+      if (match[0].length === 0) {
+        regex.lastIndex++;
+      }
+    }
+  }
+  return findings;
+}
+function buildRedactedSnippet(text, matchStart, matchLength, replacement) {
+  const CONTEXT_CHARS = 30;
+  const start = Math.max(0, matchStart - CONTEXT_CHARS);
+  const end = Math.min(text.length, matchStart + matchLength + CONTEXT_CHARS);
+  const before = text.slice(start, matchStart);
+  const after = text.slice(matchStart + matchLength, end);
+  let snippet = before + replacement + after;
+  if (start > 0)
+    snippet = "..." + snippet;
+  if (end < text.length)
+    snippet = snippet + "...";
+  return snippet;
+}
+function compileCustomScanPatterns(patterns) {
+  const compiled = [];
+  for (const pattern of patterns) {
+    try {
+      new RegExp(pattern);
+      compiled.push({
+        source: pattern,
+        flags: "g",
+        replacement: "[REDACTED_CUSTOM]",
+        description: `Custom pattern: ${pattern}`,
+        category: "custom",
+        severity: "medium"
+      });
+    } catch {}
+  }
+  return compiled;
+}
+
+// src/capture/dependency.ts
+var INSTALL_PATTERNS = [
+  {
+    regex: /\bnpm\s+(?:install|i|add)\s+([^\s-][\w@/.^~>=<*-]*(?:\s+[^\s-][\w@/.^~>=<*-]*)*)/gm,
+    manager: "npm",
+    packageExtractor: (m) => m[1].split(/\s+/).filter((p) => p && !p.startsWith("-"))
+  },
+  {
+    regex: /\byarn\s+add\s+([^\s-][\w@/.^~>=<*-]*(?:\s+[^\s-][\w@/.^~>=<*-]*)*)/gm,
+    manager: "yarn",
+    packageExtractor: (m) => m[1].split(/\s+/).filter((p) => p && !p.startsWith("-"))
+  },
+  {
+    regex: /\bpnpm\s+(?:add|install)\s+([^\s-][\w@/.^~>=<*-]*(?:\s+[^\s-][\w@/.^~>=<*-]*)*)/gm,
+    manager: "pnpm",
+    packageExtractor: (m) => m[1].split(/\s+/).filter((p) => p && !p.startsWith("-"))
+  },
+  {
+    regex: /\bbun\s+add\s+([^\s-][\w@/.^~>=<*-]*(?:\s+[^\s-][\w@/.^~>=<*-]*)*)/gm,
+    manager: "bun",
+    packageExtractor: (m) => m[1].split(/\s+/).filter((p) => p && !p.startsWith("-"))
+  },
+  {
+    regex: /\bpip3?\s+install\s+([^\s-][\w>=<.~!-]*(?:\s+[^\s-][\w>=<.~!-]*)*)/gm,
+    manager: "pip",
+    packageExtractor: (m) => m[1].split(/\s+/).filter((p) => p && !p.startsWith("-") && !p.startsWith("--"))
+  },
+  {
+    regex: /\bcargo\s+add\s+([^\s-][\w-]*(?:\s+[^\s-][\w-]*)*)/gm,
+    manager: "cargo",
+    packageExtractor: (m) => m[1].split(/\s+/).filter((p) => p && !p.startsWith("-"))
+  },
+  {
+    regex: /\bgo\s+get\s+([\w./\-@]+)/gm,
+    manager: "go",
+    packageExtractor: (m) => [m[1]]
+  },
+  {
+    regex: /\bgem\s+install\s+([\w-]+)/gm,
+    manager: "gem",
+    packageExtractor: (m) => [m[1]]
+  },
+  {
+    regex: /\bcomposer\s+require\s+([\w/.-]+)/gm,
+    manager: "composer",
+    packageExtractor: (m) => [m[1]]
+  }
+];
+function detectDependencyInstalls(command, output) {
+  const results = [];
+  const textToScan = command;
+  for (const pattern of INSTALL_PATTERNS) {
+    pattern.regex.lastIndex = 0;
+    let match;
+    while ((match = pattern.regex.exec(textToScan)) !== null) {
+      const packages = pattern.packageExtractor(match);
+      if (packages.length > 0) {
+        results.push({
+          manager: pattern.manager,
+          packages,
+          command: match[0].trim()
+        });
+      }
+    }
+  }
+  return results;
+}
+
+// src/observer/observe.ts
+import { existsSync as existsSync3, readFileSync as readFileSync3, writeFileSync as writeFileSync2, mkdirSync as mkdirSync2 } from "node:fs";
+import { join as join3 } from "node:path";
+import { homedir as homedir2 } from "node:os";
+
+// src/observer/prompts.ts
+var OBSERVER_SYSTEM_PROMPT = `You are Engrm Observer, a specialized memory agent that watches a Claude Code session and records what was accomplished.
+
+CRITICAL RULES:
+- You are NOT doing the work. You are ONLY observing and recording.
+- Record what was LEARNED, BUILT, FIXED, DEPLOYED, or DECIDED — not low-level file operations.
+- If an event is trivial (whitespace change, import reorder, config tweak), respond with <skip/>.
+- Never use tools. Only respond with XML.
+
+RESPONSE FORMAT — respond with EXACTLY ONE of:
+
+1. A meaningful observation:
+<observation>
+  <type>TYPE</type>
+  <title>Brief, meaningful title (what was accomplished, not what file changed)</title>
+  <narrative>2-3 sentences: what changed, why it matters, what it enables</narrative>
+  <facts>
+    <fact>Specific technical fact worth remembering</fact>
+  </facts>
+  <concepts>
+    <concept>relevant-tag</concept>
+  </concepts>
+</observation>
+
+2. Skip (trivial/noise):
+<skip/>
+
+TYPE must be one of:
+- bugfix: something was broken, now fixed
+- discovery: learning about existing system/codebase (reading a file to understand how something works)
+- decision: architectural or design choice with rationale
+- change: meaningful modification (new feature, config, docs)
+- feature: new capability or functionality added
+- refactor: code restructured without behavior change
+- pattern: recurring issue or technique observed across multiple events
+
+TITLE GUIDANCE:
+- BAD: "Modified auth.ts", "Extended dashboard.html", "Created file.ts"
+- GOOD: "Added OAuth2 PKCE flow to authentication", "Fixed heatmap color mismatch on dashboard", "Chose SQLite over PostgreSQL for offline-first storage"
+
+Use verbs like: implemented, fixed, added, configured, migrated, optimized, resolved, refactored, integrated.
+
+FACTS should capture things worth remembering for future sessions:
+- Technical choices and their rationale
+- Gotchas discovered during implementation
+- API contracts, schema decisions, config values
+- Performance characteristics or constraints
+
+CONCEPTS should be domain tags useful for search:
+- Technology names: "oauth", "sqlite", "react"
+- Patterns: "error-handling", "caching", "auth"
+- Domain: "dashboard", "api", "deployment"`;
+function formatToolEvent(event) {
+  const { tool_name, tool_input, tool_response } = event;
+  const parts = [
+    `<tool_event>`,
+    `  <tool>${tool_name}</tool>`,
+    `  <cwd>${event.cwd}</cwd>`
+  ];
+  switch (tool_name) {
+    case "Edit": {
+      const filePath = tool_input["file_path"] ?? "";
+      const oldStr = truncate2(String(tool_input["old_string"] ?? ""), 500);
+      const newStr = truncate2(String(tool_input["new_string"] ?? ""), 500);
+      parts.push(`  <file>${filePath}</file>`);
+      parts.push(`  <old_code>${oldStr}</old_code>`);
+      parts.push(`  <new_code>${newStr}</new_code>`);
+      break;
+    }
+    case "Write": {
+      const filePath = tool_input["file_path"] ?? "";
+      const content = truncate2(String(tool_input["content"] ?? ""), 800);
+      parts.push(`  <file>${filePath}</file>`);
+      parts.push(`  <content_preview>${content}</content_preview>`);
+      break;
+    }
+    case "Read": {
+      const filePath = tool_input["file_path"] ?? "";
+      const preview = truncate2(tool_response ?? "", 600);
+      parts.push(`  <file>${filePath}</file>`);
+      parts.push(`  <content_preview>${preview}</content_preview>`);
+      break;
+    }
+    case "Bash": {
+      const command = truncate2(String(tool_input["command"] ?? ""), 300);
+      const output = truncate2(tool_response ?? "", 500);
+      parts.push(`  <command>${command}</command>`);
+      parts.push(`  <output>${output}</output>`);
+      break;
+    }
+    default: {
+      parts.push(`  <input>${truncate2(JSON.stringify(tool_input), 400)}</input>`);
+      if (tool_response) {
+        parts.push(`  <response>${truncate2(tool_response, 400)}</response>`);
+      }
+      break;
+    }
+  }
+  parts.push(`</tool_event>`);
+  return parts.join(`
+`);
+}
+function truncate2(text, maxLen) {
+  if (text.length <= maxLen)
+    return text;
+  return text.slice(0, maxLen - 20) + `
+... [truncated]`;
+}
+
+// src/observer/parser.ts
+function parseObservationXml(text) {
+  if (/<skip\s*\/?>/i.test(text)) {
+    return null;
+  }
+  const obsMatch = text.match(/<observation>([\s\S]*?)<\/observation>/i);
+  if (!obsMatch)
+    return null;
+  const inner = obsMatch[1];
+  const type = extractTag(inner, "type");
+  const title = extractTag(inner, "title");
+  const narrative = extractTag(inner, "narrative");
+  if (!type || !title)
+    return null;
+  const facts = extractTags(inner, "fact");
+  const concepts = extractTags(inner, "concept");
+  return {
+    type: type.toLowerCase().trim(),
+    title: title.trim(),
+    narrative: (narrative ?? "").trim(),
+    facts,
+    concepts
+  };
+}
+function extractTag(xml, tag) {
+  const match = xml.match(new RegExp(`<${tag}>([\\s\\S]*?)<\\/${tag}>`, "i"));
+  return match ? match[1].trim() : null;
+}
+function extractTags(xml, tag) {
+  const results = [];
+  const regex = new RegExp(`<${tag}>([\\s\\S]*?)<\\/${tag}>`, "gi");
+  let match;
+  while ((match = regex.exec(xml)) !== null) {
+    const value = match[1].trim();
+    if (value.length > 0) {
+      results.push(value);
+    }
+  }
+  return results;
+}
+
+// src/observer/observe.ts
+var ENGRM_DIR = join3(homedir2(), ".engrm");
+var OBSERVER_DIR = join3(ENGRM_DIR, "observer-sessions");
+function stateFilePath(sessionId) {
+  return join3(OBSERVER_DIR, `${sessionId}.json`);
+}
+function readState(sessionId) {
+  const path = stateFilePath(sessionId);
+  if (!existsSync3(path))
+    return null;
+  try {
+    return JSON.parse(readFileSync3(path, "utf-8"));
+  } catch {
+    return null;
+  }
+}
+function writeState(sessionId, state) {
+  if (!existsSync3(OBSERVER_DIR)) {
+    mkdirSync2(OBSERVER_DIR, { recursive: true });
+  }
+  writeFileSync2(stateFilePath(sessionId), JSON.stringify(state), "utf-8");
+}
+async function observeToolEvent(event, options) {
+  let query;
+  try {
+    const sdk = await import("@anthropic-ai/claude-agent-sdk");
+    query = sdk.query;
+  } catch {
+    return null;
+  }
+  const eventXml = formatToolEvent(event);
+  const state = readState(event.session_id);
+  const isFirst = !state;
+  const prompt = isFirst ? `${OBSERVER_SYSTEM_PROMPT}
+
+Observe this tool event from the coding session and respond with an <observation> or <skip/>:
+
+${eventXml}` : `Observe this next tool event and respond with an <observation> or <skip/>:
+
+${eventXml}`;
+  try {
+    let observerSessionId = state?.observerSessionId;
+    let responseText = "";
+    const queryOptions = {
+      model: options?.model ?? "haiku",
+      maxTurns: 1,
+      disallowedTools: [
+        "Bash",
+        "Read",
+        "Write",
+        "Edit",
+        "Grep",
+        "Glob",
+        "WebFetch",
+        "WebSearch",
+        "Agent"
+      ]
+    };
+    if (observerSessionId) {
+      queryOptions.resume = observerSessionId;
+    }
+    const result = query({
+      prompt,
+      options: queryOptions
+    });
+    for await (const message of result) {
+      if ("session_id" in message && message.session_id) {
+        observerSessionId = message.session_id;
+      }
+      if (message.type === "assistant" && "message" in message) {
+        const msg = message.message;
+        if (msg.content) {
+          for (const block of msg.content) {
+            if (block.type === "text" && block.text) {
+              responseText += block.text;
+            }
+          }
+        }
+      }
+      if (message.type === "result" && "result" in message) {
+        const resultMsg = message;
+        if (resultMsg.result && !responseText) {
+          responseText = resultMsg.result;
+        }
+      }
+    }
+    if (observerSessionId) {
+      writeState(event.session_id, {
+        observerSessionId,
+        eventCount: (state?.eventCount ?? 0) + 1
+      });
+    }
+    if (!responseText.trim())
+      return null;
+    const parsed = parseObservationXml(responseText);
+    if (!parsed)
+      return null;
+    const { files_read, files_modified } = extractFilesFromEvent(event);
+    return {
+      type: parsed.type,
+      title: parsed.title,
+      narrative: parsed.narrative || undefined,
+      facts: parsed.facts.length > 0 ? parsed.facts : undefined,
+      concepts: parsed.concepts.length > 0 ? parsed.concepts : undefined,
+      files_read,
+      files_modified,
+      session_id: event.session_id,
+      cwd: event.cwd
+    };
+  } catch {
+    return null;
+  }
+}
+function extractFilesFromEvent(event) {
+  const filePath = event.tool_input["file_path"];
+  if (!filePath)
+    return {};
+  if (event.tool_name === "Read") {
+    return { files_read: [filePath] };
+  }
+  return { files_modified: [filePath] };
+}
+
+// hooks/post-tool-use.ts
+async function main() {
+  const chunks = [];
+  for await (const chunk of process.stdin) {
+    chunks.push(typeof chunk === "string" ? chunk : Buffer.from(chunk).toString());
+  }
+  const raw = chunks.join("");
+  if (!raw.trim())
+    process.exit(0);
+  let event;
+  try {
+    event = JSON.parse(raw);
+  } catch {
+    process.exit(0);
+  }
+  if (!configExists())
+    process.exit(0);
+  let config;
+  let db;
+  try {
+    config = loadConfig();
+    db = new MemDatabase(getDbPath());
+  } catch {
+    process.exit(0);
+  }
+  try {
+    if (event.session_id) {
+      const metricsIncrement = {
+        toolCalls: 1
+      };
+      if ((event.tool_name === "Edit" || event.tool_name === "Write") && event.tool_input["file_path"]) {
+        metricsIncrement.files = 1;
+      }
+      db.incrementSessionMetrics(event.session_id, metricsIncrement);
+    }
+    const textToScan = extractScanText(event);
+    if (textToScan) {
+      const findings = scanForSecrets(textToScan, config.scrubbing.custom_patterns);
+      if (findings.length > 0) {
+        const detected = detectProject(event.cwd);
+        const project = db.getProjectByCanonicalId(detected.canonical_id);
+        if (project) {
+          for (const finding of findings) {
+            db.insertSecurityFinding({
+              session_id: event.session_id,
+              project_id: project.id,
+              finding_type: finding.finding_type,
+              severity: finding.severity,
+              pattern_name: finding.pattern_name,
+              snippet: finding.snippet,
+              tool_name: event.tool_name,
+              user_id: config.user_id,
+              device_id: config.device_id
+            });
+          }
+        }
+      }
+    }
+    if (event.tool_name === "Bash" && event.tool_input["command"]) {
+      const command = String(event.tool_input["command"]);
+      const installs = detectDependencyInstalls(command, event.tool_response ?? undefined);
+      for (const install of installs) {
+        await saveObservation(db, config, {
+          type: "change",
+          title: `Added ${install.packages.length === 1 ? install.packages[0] : install.packages.length + " packages"} via ${install.manager}`,
+          narrative: `Dependency installed: ${install.command}`,
+          concepts: [install.manager, "dependency", ...install.packages],
+          session_id: event.session_id,
+          cwd: event.cwd
+        });
+      }
+    }
+    let saved = false;
+    if (config.observer?.enabled !== false) {
+      try {
+        const observed = await observeToolEvent(event, {
+          model: config.observer.model
+        });
+        if (observed) {
+          await saveObservation(db, config, observed);
+          saved = true;
+        }
+      } catch {}
+    }
+    if (!saved) {
+      const extracted = extractObservation(event);
+      if (extracted) {
+        await saveObservation(db, config, {
+          type: extracted.type,
+          title: extracted.title,
+          narrative: extracted.narrative,
+          files_read: extracted.files_read,
+          files_modified: extracted.files_modified,
+          session_id: event.session_id,
+          cwd: event.cwd
+        });
+      }
+    }
+  } finally {
+    db.close();
+  }
+}
+function extractScanText(event) {
+  const { tool_name, tool_input, tool_response } = event;
+  switch (tool_name) {
+    case "Edit": {
+      const parts = [];
+      if (tool_input["old_string"])
+        parts.push(String(tool_input["old_string"]));
+      if (tool_input["new_string"])
+        parts.push(String(tool_input["new_string"]));
+      return parts.length > 0 ? parts.join(`
+`) : null;
+    }
+    case "Write": {
+      const content = tool_input["content"];
+      return content ? String(content) : null;
+    }
+    case "Bash": {
+      const parts = [];
+      if (tool_input["command"])
+        parts.push(String(tool_input["command"]));
+      if (tool_response)
+        parts.push(tool_response);
+      return parts.length > 0 ? parts.join(`
+`) : null;
+    }
+    default:
+      return null;
+  }
+}
+main().catch(() => {
+  process.exit(0);
+});