engrm 0.4.0 → 0.4.3

package/dist/hooks/sentinel.js

@@ -2,6 +2,82 @@
 import { createRequire } from "node:module";
 var __require = /* @__PURE__ */ createRequire(import.meta.url);
 
+// src/sentinel/audit.ts
+async function auditCodeChange(config, _db, toolName, filePath, content) {
+  if (shouldSkip(filePath, config.sentinel.skip_patterns)) {
+    return { verdict: "PASS", reason: "File matches skip pattern" };
+  }
+  if (!config.candengo_url || !config.candengo_api_key) {
+    return { verdict: "PASS", reason: "Server not configured" };
+  }
+  const url = `${config.candengo_url.replace(/\/$/, "")}/v1/mem/check`;
+  try {
+    const response = await fetch(url, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        Authorization: `Bearer ${config.candengo_api_key}`
+      },
+      body: JSON.stringify({
+        tool_name: toolName,
+        file_path: filePath,
+        content: content.slice(0, 8000)
+      }),
+      signal: AbortSignal.timeout(15000)
+    });
+    if (!response.ok) {
+      return { verdict: "PASS", reason: "Review service unavailable" };
+    }
+    const data = await response.json();
+    return parseServerResponse(data);
+  } catch {
+    return { verdict: "PASS", reason: "Review service unreachable" };
+  }
+}
+function parseServerResponse(data) {
+  const verdict = data.verdict;
+  if (verdict !== "PASS" && verdict !== "WARN" && verdict !== "BLOCK" && verdict !== "DRIFT") {
+    return { verdict: "PASS", reason: "Invalid verdict from server" };
+  }
+  return {
+    verdict,
+    reason: data.reason ?? "No reason given",
+    rule: data.rule ?? undefined,
+    severity: parseSeverity(data.severity)
+  };
+}
+function parseSeverity(s) {
+  if (s === "critical" || s === "high" || s === "medium" || s === "low")
+    return s;
+  return;
+}
+function shouldSkip(filePath, patterns) {
+  for (const pattern of patterns) {
+    if (filePath.includes(pattern))
+      return true;
+    try {
+      if (new RegExp(pattern).test(filePath))
+        return true;
+    } catch {}
+  }
+  return false;
+}
+function checkDailyLimit(db, limit) {
+  const today = new Date().toISOString().split("T")[0];
+  const key = `sentinel_audit_count_${today}`;
+  try {
+    const current = db.db.query("SELECT value FROM sync_state WHERE key = ?").get(key);
+    const count = current ? parseInt(current.value, 10) : 0;
+    if (count >= limit)
+      return false;
+    db.db.query(`INSERT INTO sync_state (key, value) VALUES (?, ?)
+         ON CONFLICT(key) DO UPDATE SET value = ?`).run(key, String(count + 1), String(count + 1));
+    return true;
+  } catch {
+    return true;
+  }
+}
+
 // src/config.ts
 import { existsSync, mkdirSync, readFileSync, writeFileSync } from "node:fs";
 import { homedir, hostname, networkInterfaces } from "node:os";
@@ -699,8 +775,8 @@ class MemDatabase {
     return this.db.query("SELECT * FROM projects WHERE id = ?").get(id) ?? null;
   }
   insertObservation(obs) {
-    const now = Math.floor(Date.now() / 1000);
-    const createdAt = new Date().toISOString();
+    const now = obs.created_at_epoch ?? Math.floor(Date.now() / 1000);
+    const createdAt = obs.created_at ?? new Date(now * 1000).toISOString();
     const result = this.db.query(`INSERT INTO observations (
           session_id, project_id, type, title, narrative, facts, concepts,
           files_read, files_modified, quality, lifecycle, sensitivity,
@@ -717,11 +793,14 @@ class MemDatabase {
   getObservationById(id) {
     return this.db.query("SELECT * FROM observations WHERE id = ?").get(id) ?? null;
   }
-  getObservationsByIds(ids) {
+  getObservationsByIds(ids, userId) {
     if (ids.length === 0)
       return [];
     const placeholders = ids.map(() => "?").join(",");
-    return this.db.query(`SELECT * FROM observations WHERE id IN (${placeholders}) ORDER BY created_at_epoch DESC`).all(...ids);
+    const visibilityClause = userId ? " AND (sensitivity != 'personal' OR user_id = ?)" : "";
+    return this.db.query(`SELECT * FROM observations
+         WHERE id IN (${placeholders})${visibilityClause}
+         ORDER BY created_at_epoch DESC`).all(...ids, ...userId ? [userId] : []);
   }
   getRecentObservations(projectId, sincEpoch, limit = 50) {
     return this.db.query(`SELECT * FROM observations
@@ -729,8 +808,9 @@ class MemDatabase {
         ORDER BY created_at_epoch DESC
         LIMIT ?`).all(projectId, sincEpoch, limit);
   }
-  searchFts(query, projectId, lifecycles = ["active", "aging", "pinned"], limit = 20) {
+  searchFts(query, projectId, lifecycles = ["active", "aging", "pinned"], limit = 20, userId) {
     const lifecyclePlaceholders = lifecycles.map(() => "?").join(",");
+    const visibilityClause = userId ? " AND (o.sensitivity != 'personal' OR o.user_id = ?)" : "";
     if (projectId !== null) {
       return this.db.query(`SELECT o.id, observations_fts.rank
           FROM observations_fts
@@ -738,33 +818,39 @@ class MemDatabase {
           WHERE observations_fts MATCH ?
             AND o.project_id = ?
             AND o.lifecycle IN (${lifecyclePlaceholders})
+            ${visibilityClause}
           ORDER BY observations_fts.rank
-          LIMIT ?`).all(query, projectId, ...lifecycles, limit);
+          LIMIT ?`).all(query, projectId, ...lifecycles, ...userId ? [userId] : [], limit);
     }
     return this.db.query(`SELECT o.id, observations_fts.rank
         FROM observations_fts
         JOIN observations o ON o.id = observations_fts.rowid
         WHERE observations_fts MATCH ?
           AND o.lifecycle IN (${lifecyclePlaceholders})
+          ${visibilityClause}
         ORDER BY observations_fts.rank
-        LIMIT ?`).all(query, ...lifecycles, limit);
+        LIMIT ?`).all(query, ...lifecycles, ...userId ? [userId] : [], limit);
   }
-  getTimeline(anchorId, projectId, depthBefore = 3, depthAfter = 3) {
-    const anchor = this.getObservationById(anchorId);
+  getTimeline(anchorId, projectId, depthBefore = 3, depthAfter = 3, userId) {
+    const visibilityClause = userId ? " AND (sensitivity != 'personal' OR user_id = ?)" : "";
+    const anchor = this.db.query(`SELECT * FROM observations WHERE id = ?${visibilityClause}`).get(anchorId, ...userId ? [userId] : []) ?? null;
     if (!anchor)
       return [];
     const projectFilter = projectId !== null ? "AND project_id = ?" : "";
     const projectParams = projectId !== null ? [projectId] : [];
+    const visibilityParams = userId ? [userId] : [];
     const before = this.db.query(`SELECT * FROM observations
         WHERE created_at_epoch < ? ${projectFilter}
           AND lifecycle IN ('active', 'aging', 'pinned')
+          ${visibilityClause}
         ORDER BY created_at_epoch DESC
-        LIMIT ?`).all(anchor.created_at_epoch, ...projectParams, depthBefore);
+        LIMIT ?`).all(anchor.created_at_epoch, ...projectParams, ...visibilityParams, depthBefore);
     const after = this.db.query(`SELECT * FROM observations
         WHERE created_at_epoch > ? ${projectFilter}
           AND lifecycle IN ('active', 'aging', 'pinned')
+          ${visibilityClause}
         ORDER BY created_at_epoch ASC
-        LIMIT ?`).all(anchor.created_at_epoch, ...projectParams, depthAfter);
+        LIMIT ?`).all(anchor.created_at_epoch, ...projectParams, ...visibilityParams, depthAfter);
     return [...before.reverse(), anchor, ...after];
   }
   pinObservation(id, pinned) {
@@ -878,11 +964,12 @@ class MemDatabase {
       return;
     this.db.query("DELETE FROM vec_observations WHERE observation_id = ?").run(observationId);
   }
-  searchVec(queryEmbedding, projectId, lifecycles = ["active", "aging", "pinned"], limit = 20) {
+  searchVec(queryEmbedding, projectId, lifecycles = ["active", "aging", "pinned"], limit = 20, userId) {
     if (!this.vecAvailable)
       return [];
     const lifecyclePlaceholders = lifecycles.map(() => "?").join(",");
     const embeddingBlob = new Uint8Array(queryEmbedding.buffer);
+    const visibilityClause = userId ? " AND (o.sensitivity != 'personal' OR o.user_id = ?)" : "";
     if (projectId !== null) {
       return this.db.query(`SELECT v.observation_id, v.distance
            FROM vec_observations v
@@ -891,7 +978,7 @@ class MemDatabase {
              AND k = ?
              AND o.project_id = ?
              AND o.lifecycle IN (${lifecyclePlaceholders})
-             AND o.superseded_by IS NULL`).all(embeddingBlob, limit, projectId, ...lifecycles);
+             AND o.superseded_by IS NULL` + visibilityClause).all(embeddingBlob, limit, projectId, ...lifecycles, ...userId ? [userId] : []);
     }
     return this.db.query(`SELECT v.observation_id, v.distance
          FROM vec_observations v
@@ -899,7 +986,7 @@ class MemDatabase {
          WHERE v.embedding MATCH ?
            AND k = ?
            AND o.lifecycle IN (${lifecyclePlaceholders})
-           AND o.superseded_by IS NULL`).all(embeddingBlob, limit, ...lifecycles);
+           AND o.superseded_by IS NULL` + visibilityClause).all(embeddingBlob, limit, ...lifecycles, ...userId ? [userId] : []);
   }
   getUnembeddedCount() {
     if (!this.vecAvailable)
@@ -1018,80 +1105,58 @@ class MemDatabase {
   }
 }
 
-// src/sentinel/audit.ts
-async function auditCodeChange(config, _db, toolName, filePath, content) {
-  if (shouldSkip(filePath, config.sentinel.skip_patterns)) {
-    return { verdict: "PASS", reason: "File matches skip pattern" };
-  }
-  if (!config.candengo_url || !config.candengo_api_key) {
-    return { verdict: "PASS", reason: "Server not configured" };
+// src/hooks/common.ts
+var c = {
+  dim: "\x1B[2m",
+  yellow: "\x1B[33m",
+  reset: "\x1B[0m"
+};
+async function readStdin() {
+  const chunks = [];
+  for await (const chunk of process.stdin) {
+    chunks.push(typeof chunk === "string" ? chunk : Buffer.from(chunk).toString());
   }
-  const url = `${config.candengo_url.replace(/\/$/, "")}/v1/mem/check`;
+  return chunks.join("");
+}
+async function parseStdinJson() {
+  const raw = await readStdin();
+  if (!raw.trim())
+    return null;
   try {
-    const response = await fetch(url, {
-      method: "POST",
-      headers: {
-        "Content-Type": "application/json",
-        Authorization: `Bearer ${config.candengo_api_key}`
-      },
-      body: JSON.stringify({
-        tool_name: toolName,
-        file_path: filePath,
-        content: content.slice(0, 8000)
-      }),
-      signal: AbortSignal.timeout(15000)
-    });
-    if (!response.ok) {
-      return { verdict: "PASS", reason: "Review service unavailable" };
-    }
-    const data = await response.json();
-    return parseServerResponse(data);
+    return JSON.parse(raw);
   } catch {
-    return { verdict: "PASS", reason: "Review service unreachable" };
+    return null;
   }
 }
-function parseServerResponse(data) {
-  const verdict = data.verdict;
-  if (verdict !== "PASS" && verdict !== "WARN" && verdict !== "BLOCK" && verdict !== "DRIFT") {
-    return { verdict: "PASS", reason: "Invalid verdict from server" };
+function bootstrapHook(hookName) {
+  if (!configExists()) {
+    warnUser(hookName, "Engrm not configured. Run: npx engrm init");
+    return null;
   }
-  return {
-    verdict,
-    reason: data.reason ?? "No reason given",
-    rule: data.rule ?? undefined,
-    severity: parseSeverity(data.severity)
-  };
-}
-function parseSeverity(s) {
-  if (s === "critical" || s === "high" || s === "medium" || s === "low")
-    return s;
-  return;
-}
-function shouldSkip(filePath, patterns) {
-  for (const pattern of patterns) {
-    if (filePath.includes(pattern))
-      return true;
-    try {
-      if (new RegExp(pattern).test(filePath))
-        return true;
-    } catch {}
+  let config;
+  try {
+    config = loadConfig();
+  } catch (err) {
+    warnUser(hookName, `Config error: ${err instanceof Error ? err.message : String(err)}`);
+    return null;
   }
-  return false;
-}
-function checkDailyLimit(db, limit) {
-  const today = new Date().toISOString().split("T")[0];
-  const key = `sentinel_audit_count_${today}`;
+  let db;
   try {
-    const current = db.db.query("SELECT value FROM sync_state WHERE key = ?").get(key);
-    const count = current ? parseInt(current.value, 10) : 0;
-    if (count >= limit)
-      return false;
-    db.db.query(`INSERT INTO sync_state (key, value) VALUES (?, ?)
-         ON CONFLICT(key) DO UPDATE SET value = ?`).run(key, String(count + 1), String(count + 1));
-    return true;
-  } catch {
-    return true;
+    db = new MemDatabase(getDbPath());
+  } catch (err) {
+    warnUser(hookName, `Database error: ${err instanceof Error ? err.message : String(err)}`);
+    return null;
   }
+  return { config, db };
+}
+function warnUser(hookName, message) {
+  console.error(`${c.yellow}engrm ${hookName}:${c.reset} ${c.dim}${message}${c.reset}`);
+}
+function runHook(hookName, fn) {
+  fn().catch((err) => {
+    warnUser(hookName, `Unexpected error: ${err instanceof Error ? err.message : String(err)}`);
+    process.exit(0);
+  });
 }
 
 // src/storage/projects.ts
@@ -1200,32 +1265,16 @@ function detectProject(directory) {
 
 // hooks/sentinel.ts
 async function main() {
-  const chunks = [];
-  for await (const chunk of process.stdin) {
-    chunks.push(typeof chunk === "string" ? chunk : Buffer.from(chunk).toString());
-  }
-  const raw = chunks.join("");
-  if (!raw.trim())
-    process.exit(0);
-  let event;
-  try {
-    event = JSON.parse(raw);
-  } catch {
+  const event = await parseStdinJson();
+  if (!event)
     process.exit(0);
-  }
   if (event.tool_name !== "Write" && event.tool_name !== "Edit") {
     process.exit(0);
   }
-  if (!configExists())
+  const boot = bootstrapHook("sentinel");
+  if (!boot)
     process.exit(0);
-  let config;
-  let db;
-  try {
-    config = loadConfig();
-    db = new MemDatabase(getDbPath());
-  } catch {
-    process.exit(0);
-  }
+  const { config, db } = boot;
   if (!config.sentinel.enabled) {
     db.close();
     process.exit(0);
@@ -1306,6 +1355,4 @@ async function main() {
   }
   process.exit(0);
 }
-main().catch(() => {
-  process.exit(0);
-});
+runHook("sentinel", main);