npm - engrm - Versions diffs - 0.4.38 → 0.4.39 - Mend

engrm 0.4.38 → 0.4.39

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (15) hide show

package/README.md +53 -2
package/dist/cli.js +446 -62
package/dist/hooks/elicitation-result.js +57 -1
package/dist/hooks/post-tool-use.js +57 -1
package/dist/hooks/pre-compact.js +57 -1
package/dist/hooks/sentinel.js +20 -0
package/dist/hooks/session-start.js +82 -12
package/dist/hooks/stop.js +305 -186
package/dist/hooks/user-prompt-submit.js +57 -1
package/dist/server.js +339 -76
package/opencode/README.md +70 -0
package/opencode/install-or-update-opencode-plugin.sh +46 -0
package/opencode/opencode.example.json +14 -0
package/opencode/plugin/engrm-opencode.js +61 -0
package/package.json +10 -4

package/dist/hooks/stop.js CHANGED Viewed

@@ -389,6 +389,16 @@ function createDefaultConfig() {
     },
     transcript_analysis: {
       enabled: false
+    },
+    http: {
+      enabled: false,
+      port: 3767,
+      bearer_tokens: []
+    },
+    fleet: {
+      project_name: "shared-experience",
+      namespace: "",
+      api_key: ""
     }
   };
 }
@@ -450,6 +460,16 @@ function loadConfig() {
     },
     transcript_analysis: {
       enabled: asBool(config["transcript_analysis"]?.["enabled"], defaults.transcript_analysis.enabled)
+    },
+    http: {
+      enabled: asBool(config["http"]?.["enabled"], defaults.http.enabled),
+      port: asNumber(config["http"]?.["port"], defaults.http.port),
+      bearer_tokens: asStringArray(config["http"]?.["bearer_tokens"], defaults.http.bearer_tokens)
+    },
+    fleet: {
+      project_name: asString(config["fleet"]?.["project_name"], defaults.fleet.project_name),
+      namespace: asString(config["fleet"]?.["namespace"], defaults.fleet.namespace),
+      api_key: asString(config["fleet"]?.["api_key"], defaults.fleet.api_key)
     }
   };
 }
@@ -2251,16 +2271,16 @@ class VectorClient {
   apiKey;
   siteId;
   namespace;
-  constructor(config) {
+  constructor(config, overrides = {}) {
     const baseUrl = getBaseUrl(config);
-    const apiKey = getApiKey(config);
+    const apiKey = overrides.apiKey ?? getApiKey(config);
     if (!baseUrl || !apiKey) {
       throw new Error("VectorClient requires candengo_url and candengo_api_key");
     }
     this.baseUrl = baseUrl.replace(/\/$/, "");
     this.apiKey = apiKey;
-    this.siteId = config.site_id;
-    this.namespace = config.namespace;
+    this.siteId = overrides.siteId ?? config.site_id;
+    this.namespace = overrides.namespace ?? config.namespace;
   }
   static isConfigured(config) {
     return getApiKey(config) !== null && getBaseUrl(config) !== null;
@@ -2476,11 +2496,179 @@ function parseJsonArray2(value) {
   }
 }
-// src/sync/push.ts
-function buildChatVectorDocument(chat, config, project) {
+// src/capture/scrubber.ts
+var DEFAULT_PATTERNS = [
+  {
+    source: "sk-[a-zA-Z0-9]{20,}",
+    flags: "g",
+    replacement: "[REDACTED_API_KEY]",
+    description: "OpenAI API keys",
+    category: "api_key",
+    severity: "critical"
+  },
+  {
+    source: "Bearer [a-zA-Z0-9\\-._~+/]+=*",
+    flags: "g",
+    replacement: "[REDACTED_BEARER]",
+    description: "Bearer auth tokens",
+    category: "token",
+    severity: "medium"
+  },
+  {
+    source: "password[=:]\\s*\\S+",
+    flags: "gi",
+    replacement: "password=[REDACTED]",
+    description: "Passwords in config",
+    category: "password",
+    severity: "high"
+  },
+  {
+    source: "postgresql://[^\\s]+",
+    flags: "g",
+    replacement: "[REDACTED_DB_URL]",
+    description: "PostgreSQL connection strings",
+    category: "db_url",
+    severity: "high"
+  },
+  {
+    source: "mongodb://[^\\s]+",
+    flags: "g",
+    replacement: "[REDACTED_DB_URL]",
+    description: "MongoDB connection strings",
+    category: "db_url",
+    severity: "high"
+  },
+  {
+    source: "mysql://[^\\s]+",
+    flags: "g",
+    replacement: "[REDACTED_DB_URL]",
+    description: "MySQL connection strings",
+    category: "db_url",
+    severity: "high"
+  },
+  {
+    source: "AKIA[A-Z0-9]{16}",
+    flags: "g",
+    replacement: "[REDACTED_AWS_KEY]",
+    description: "AWS access keys",
+    category: "api_key",
+    severity: "critical"
+  },
+  {
+    source: "ghp_[a-zA-Z0-9]{36}",
+    flags: "g",
+    replacement: "[REDACTED_GH_TOKEN]",
+    description: "GitHub personal access tokens",
+    category: "token",
+    severity: "high"
+  },
+  {
+    source: "gho_[a-zA-Z0-9]{36}",
+    flags: "g",
+    replacement: "[REDACTED_GH_TOKEN]",
+    description: "GitHub OAuth tokens",
+    category: "token",
+    severity: "high"
+  },
+  {
+    source: "github_pat_[a-zA-Z0-9_]{22,}",
+    flags: "g",
+    replacement: "[REDACTED_GH_TOKEN]",
+    description: "GitHub fine-grained PATs",
+    category: "token",
+    severity: "high"
+  },
+  {
+    source: "cvk_[a-f0-9]{64}",
+    flags: "g",
+    replacement: "[REDACTED_CANDENGO_KEY]",
+    description: "Candengo API keys",
+    category: "api_key",
+    severity: "critical"
+  },
+  {
+    source: "xox[bpras]-[a-zA-Z0-9\\-]+",
+    flags: "g",
+    replacement: "[REDACTED_SLACK_TOKEN]",
+    description: "Slack tokens",
+    category: "token",
+    severity: "high"
+  }
+];
+function compileCustomPatterns(patterns) {
+  const compiled = [];
+  for (const pattern of patterns) {
+    try {
+      new RegExp(pattern);
+      compiled.push({
+        source: pattern,
+        flags: "g",
+        replacement: "[REDACTED_CUSTOM]",
+        description: `Custom pattern: ${pattern}`,
+        category: "custom",
+        severity: "medium"
+      });
+    } catch {}
+  }
+  return compiled;
+}
+function scrubSecrets(text, customPatterns = []) {
+  let result = text;
+  const allPatterns = [...DEFAULT_PATTERNS, ...compileCustomPatterns(customPatterns)];
+  for (const pattern of allPatterns) {
+    result = result.replace(new RegExp(pattern.source, pattern.flags), pattern.replacement);
+  }
+  return result;
+}
+function containsSecrets(text, customPatterns = []) {
+  const allPatterns = [...DEFAULT_PATTERNS, ...compileCustomPatterns(customPatterns)];
+  for (const pattern of allPatterns) {
+    if (new RegExp(pattern.source, pattern.flags).test(text))
+      return true;
+  }
+  return false;
+}
+var FLEET_HOSTNAME_PATTERN = /\b(?=.{1,253}\b)(?!-)(?:[a-z0-9](?:[a-z0-9-]{0,61}[a-z0-9])?\.)+[a-z]{2,63}\b/gi;
+var FLEET_IP_PATTERN = /\b(?:\d{1,3}\.){3}\d{1,3}\b/g;
+var FLEET_MAC_PATTERN = /\b(?:[0-9a-f]{2}[:-]){5}[0-9a-f]{2}\b/gi;
+function scrubFleetIdentifiers(text) {
+  return text.replace(FLEET_MAC_PATTERN, "[REDACTED_MAC]").replace(FLEET_IP_PATTERN, "[REDACTED_IP]").replace(FLEET_HOSTNAME_PATTERN, "[REDACTED_HOSTNAME]");
+}
+// src/sync/targets.ts
+function isFleetProjectName(projectName, config) {
+  const fleetProjectName = config.fleet?.project_name ?? "shared-experience";
+  if (!projectName || !fleetProjectName)
+    return false;
+  return projectName.trim().toLowerCase() === fleetProjectName.trim().toLowerCase();
+}
+function hasFleetTarget(config) {
+  return Boolean(config.fleet?.namespace?.trim() && config.fleet?.api_key?.trim() && (config.fleet?.project_name ?? "shared-experience").trim());
+}
+function resolveSyncTarget(config, projectName) {
+  if (isFleetProjectName(projectName, config) && hasFleetTarget(config)) {
+    return {
+      key: `fleet:${config.fleet.namespace}`,
+      apiKey: config.fleet.api_key,
+      namespace: config.fleet.namespace,
+      siteId: config.site_id,
+      isFleet: true
+    };
+  }
   return {
-    site_id: config.site_id,
+    key: `default:${config.namespace}`,
+    apiKey: config.candengo_api_key,
     namespace: config.namespace,
+    siteId: config.site_id,
+    isFleet: false
+  };
+}
+// src/sync/push.ts
+function buildChatVectorDocument(chat, config, project, target = resolveSyncTarget(config, project.name)) {
+  return {
+    site_id: target.siteId,
+    namespace: target.namespace,
     source_type: "chat",
     source_id: buildSourceId(config, chat.id, "chat"),
     content: chat.content,
@@ -2501,7 +2689,7 @@ function buildChatVectorDocument(chat, config, project) {
     }
   };
 }
-function buildVectorDocument(obs, config, project) {
+function buildVectorDocument(obs, config, project, target = resolveSyncTarget(config, project.name)) {
   const parts = [obs.title];
   if (obs.narrative)
     parts.push(obs.narrative);
@@ -2518,8 +2706,8 @@ function buildVectorDocument(obs, config, project) {
     }
   }
   return {
-    site_id: config.site_id,
-    namespace: config.namespace,
+    site_id: target.siteId,
+    namespace: target.namespace,
     source_type: obs.type,
     source_id: buildSourceId(config, obs.id),
     content: parts.join(`
@@ -2550,7 +2738,10 @@ function buildVectorDocument(obs, config, project) {
     }
   };
 }
-function buildSummaryVectorDocument(summary, config, project, observations = [], captureContext) {
+function buildSummaryVectorDocument(summary, config, project, targetOrObservations = resolveSyncTarget(config, project.name), observationsOrCaptureContext = [], captureContext) {
+  const target = Array.isArray(targetOrObservations) ? resolveSyncTarget(config, project.name) : targetOrObservations;
+  const observations = Array.isArray(targetOrObservations) ? targetOrObservations : Array.isArray(observationsOrCaptureContext) ? observationsOrCaptureContext : [];
+  const resolvedCaptureContext = Array.isArray(observationsOrCaptureContext) ? captureContext : observationsOrCaptureContext;
   const parts = [];
   if (summary.request)
     parts.push(`Request: ${summary.request}`);
@@ -2563,9 +2754,17 @@ function buildSummaryVectorDocument(summary, config, project, observations = [],
   if (summary.next_steps)
     parts.push(`Next Steps: ${summary.next_steps}`);
   const valueSignals = computeSessionValueSignals(observations, []);
+  const observationSourceTools = resolvedCaptureContext?.observation_source_tools ?? summarizeObservationSourceTools(observations);
+  const latestObservationPromptNumber = resolvedCaptureContext?.latest_observation_prompt_number ?? observations.reduce((latest, obs) => {
+    if (typeof obs.source_prompt_number !== "number")
+      return latest;
+    if (latest === null || obs.source_prompt_number > latest)
+      return obs.source_prompt_number;
+    return latest;
+  }, null);
   return {
-    site_id: config.site_id,
-    namespace: config.namespace,
+    site_id: target.siteId,
+    namespace: target.namespace,
     source_type: "summary",
     source_id: buildSourceId(config, summary.id, "summary"),
     content: parts.join(`
@@ -2587,18 +2786,18 @@ function buildSummaryVectorDocument(summary, config, project, observations = [],
       learned_items: extractSectionItems(summary.learned),
       completed_items: extractSectionItems(summary.completed),
       next_step_items: extractSectionItems(summary.next_steps),
-      prompt_count: captureContext?.prompt_count ?? 0,
-      tool_event_count: captureContext?.tool_event_count ?? 0,
-      capture_state: captureContext?.capture_state ?? "summary-only",
-      recent_request_prompts: captureContext?.recent_request_prompts ?? [],
-      latest_request: captureContext?.latest_request ?? null,
-      current_thread: captureContext?.current_thread ?? null,
-      recent_tool_names: captureContext?.recent_tool_names ?? [],
-      recent_tool_commands: captureContext?.recent_tool_commands ?? [],
-      hot_files: captureContext?.hot_files ?? [],
-      recent_outcomes: captureContext?.recent_outcomes ?? [],
-      observation_source_tools: captureContext?.observation_source_tools ?? [],
-      latest_observation_prompt_number: captureContext?.latest_observation_prompt_number ?? null,
+      prompt_count: resolvedCaptureContext?.prompt_count ?? 0,
+      tool_event_count: resolvedCaptureContext?.tool_event_count ?? 0,
+      capture_state: resolvedCaptureContext?.capture_state ?? "summary-only",
+      recent_request_prompts: resolvedCaptureContext?.recent_request_prompts ?? [],
+      latest_request: resolvedCaptureContext?.latest_request ?? null,
+      current_thread: resolvedCaptureContext?.current_thread ?? null,
+      recent_tool_names: resolvedCaptureContext?.recent_tool_names ?? [],
+      recent_tool_commands: resolvedCaptureContext?.recent_tool_commands ?? [],
+      hot_files: resolvedCaptureContext?.hot_files ?? [],
+      recent_outcomes: resolvedCaptureContext?.recent_outcomes ?? [],
+      observation_source_tools: observationSourceTools,
+      latest_observation_prompt_number: latestObservationPromptNumber,
       decisions_count: valueSignals.decisions_count,
       lessons_count: valueSignals.lessons_count,
       discoveries_count: valueSignals.discoveries_count,
@@ -2612,7 +2811,7 @@ function buildSummaryVectorDocument(summary, config, project, observations = [],
     }
   };
 }
-async function pushOutbox(db, client, config, batchSize = 50) {
+async function pushOutbox(db, config, batchSize = 50) {
   const entries = getPendingEntries(db, batchSize);
   let pushed = 0;
   let failed = 0;
@@ -2639,11 +2838,12 @@ async function pushOutbox(db, client, config, batchSize = 50) {
       const summaryObservations = db.getObservationsBySession(summary.session_id);
       const sessionPrompts = db.getSessionUserPrompts(summary.session_id, 20);
       const sessionToolEvents = db.getSessionToolEvents(summary.session_id, 20);
+      const target2 = resolveSyncTarget(config, project2.name);
       const doc2 = buildSummaryVectorDocument(summary, config, {
         canonical_id: project2.canonical_id,
         name: project2.name
-      }, summaryObservations, buildSessionHandoffMetadata(sessionPrompts, sessionToolEvents, summaryObservations));
-      batch.push({ entryId: entry.id, doc: doc2 });
+      }, target2, summaryObservations, buildSessionHandoffMetadata(sessionPrompts, sessionToolEvents, summaryObservations));
+      batch.push({ entryId: entry.id, doc: maybeScrubFleetDocument(doc2, target2), target: target2 });
       continue;
     }
     if (entry.record_type === "chat_message") {
@@ -2665,11 +2865,12 @@ async function pushOutbox(db, client, config, batchSize = 50) {
         continue;
       }
       markSyncing(db, entry.id);
+      const target2 = resolveSyncTarget(config, project2.name);
       const doc2 = buildChatVectorDocument(chat, config, {
         canonical_id: project2.canonical_id,
         name: project2.name
-      });
-      batch.push({ entryId: entry.id, doc: doc2 });
+      }, target2);
+      batch.push({ entryId: entry.id, doc: maybeScrubFleetDocument(doc2, target2), target: target2 });
       continue;
     }
     if (entry.record_type !== "observation") {
@@ -2699,30 +2900,33 @@ async function pushOutbox(db, client, config, batchSize = 50) {
       continue;
     }
     markSyncing(db, entry.id);
+    const target = resolveSyncTarget(config, project.name);
     const doc = buildVectorDocument(obs, config, {
       canonical_id: project.canonical_id,
       name: project.name
-    });
-    batch.push({ entryId: entry.id, doc });
+    }, target);
+    batch.push({ entryId: entry.id, doc: maybeScrubFleetDocument(doc, target), target });
   }
   if (batch.length === 0)
     return { pushed, failed, skipped };
-  try {
-    await client.batchIngest(batch.map((b) => b.doc));
-    for (const { entryId, doc } of batch) {
-      if (doc.source_type === "chat") {
-        const localId = typeof doc.metadata?.local_id === "number" ? doc.metadata.local_id : null;
-        if (localId !== null) {
-          db.db.query("UPDATE chat_messages SET remote_source_id = ? WHERE id = ?").run(doc.source_id, localId);
-        }
-      }
-      markSynced(db, entryId);
-      pushed++;
+  const grouped = new Map;
+  for (const item of batch) {
+    const existing = grouped.get(item.target.key);
+    if (existing) {
+      existing.items.push(item);
+    } else {
+      grouped.set(item.target.key, { target: item.target, items: [item] });
     }
-  } catch {
-    for (const { entryId, doc } of batch) {
-      try {
-        await client.ingest(doc);
+  }
+  for (const { target, items } of grouped.values()) {
+    const client = new VectorClient(config, {
+      apiKey: target.apiKey,
+      namespace: target.namespace,
+      siteId: target.siteId
+    });
+    try {
+      await client.batchIngest(items.map((b) => b.doc));
+      for (const { entryId, doc } of items) {
         if (doc.source_type === "chat") {
           const localId = typeof doc.metadata?.local_id === "number" ? doc.metadata.local_id : null;
           if (localId !== null) {
@@ -2731,14 +2935,47 @@ async function pushOutbox(db, client, config, batchSize = 50) {
         }
         markSynced(db, entryId);
         pushed++;
-      } catch (err) {
-        markFailed(db, entryId, err instanceof Error ? err.message : String(err));
-        failed++;
+      }
+    } catch {
+      for (const { entryId, doc } of items) {
+        try {
+          await client.ingest(doc);
+          if (doc.source_type === "chat") {
+            const localId = typeof doc.metadata?.local_id === "number" ? doc.metadata.local_id : null;
+            if (localId !== null) {
+              db.db.query("UPDATE chat_messages SET remote_source_id = ? WHERE id = ?").run(doc.source_id, localId);
+            }
+          }
+          markSynced(db, entryId);
+          pushed++;
+        } catch (err) {
+          markFailed(db, entryId, err instanceof Error ? err.message : String(err));
+          failed++;
+        }
       }
     }
   }
   return { pushed, failed, skipped };
 }
+function maybeScrubFleetDocument(doc, target) {
+  if (!target.isFleet)
+    return doc;
+  return {
+    ...doc,
+    content: scrubFleetIdentifiers(doc.content),
+    metadata: scrubFleetMetadata(doc.metadata)
+  };
+}
+function scrubFleetMetadata(value) {
+  if (typeof value === "string")
+    return scrubFleetIdentifiers(value);
+  if (Array.isArray(value))
+    return value.map((item) => scrubFleetMetadata(item));
+  if (value && typeof value === "object") {
+    return Object.fromEntries(Object.entries(value).map(([key, item]) => [key, scrubFleetMetadata(item)]));
+  }
+  return value;
+}
 function countPresentSections(summary) {
   return [
     summary.request,
@@ -2751,6 +2988,20 @@ function countPresentSections(summary) {
 function extractSectionItems(section) {
   return extractSummaryItems(section, 4);
 }
+function summarizeObservationSourceTools(observations) {
+  const counts = new Map;
+  for (const obs of observations) {
+    const tool = obs.source_tool;
+    if (!tool)
+      continue;
+    counts.set(tool, (counts.get(tool) ?? 0) + 1);
+  }
+  return Array.from(counts.entries()).map(([tool, count]) => ({ tool, count })).sort((a, b) => {
+    if (b.count !== a.count)
+      return b.count - a.count;
+    return a.tool.localeCompare(b.tool);
+  });
+}
 // src/embeddings/embedder.ts
 var _available = null;
@@ -2862,7 +3113,7 @@ async function pushOnce(db, config) {
     return 0;
   try {
     const client = new VectorClient(config);
-    const result = await pushOutbox(db, client, config, config.sync.batch_size);
+    const result = await pushOutbox(db, config, config.sync.batch_size);
     await pullSettings(client, config);
     return result.pushed;
   } catch {
@@ -3087,7 +3338,7 @@ function buildBeacon(db, config, sessionId, metrics) {
     sentinel_used: valueSignals.security_findings_count > 0,
     risk_score: riskScore,
     stacks_detected: stacks,
-    client_version: "0.4.38",
+    client_version: "0.4.39",
     context_observations_injected: metrics?.contextObsInjected ?? 0,
     context_total_available: metrics?.contextTotalAvailable ?? 0,
     recall_attempts: metrics?.recallAttempts ?? 0,
@@ -3283,139 +3534,6 @@ import { homedir as homedir3 } from "node:os";
 // src/tools/save.ts
 import { relative, isAbsolute } from "node:path";
-// src/capture/scrubber.ts
-var DEFAULT_PATTERNS = [
-  {
-    source: "sk-[a-zA-Z0-9]{20,}",
-    flags: "g",
-    replacement: "[REDACTED_API_KEY]",
-    description: "OpenAI API keys",
-    category: "api_key",
-    severity: "critical"
-  },
-  {
-    source: "Bearer [a-zA-Z0-9\\-._~+/]+=*",
-    flags: "g",
-    replacement: "[REDACTED_BEARER]",
-    description: "Bearer auth tokens",
-    category: "token",
-    severity: "medium"
-  },
-  {
-    source: "password[=:]\\s*\\S+",
-    flags: "gi",
-    replacement: "password=[REDACTED]",
-    description: "Passwords in config",
-    category: "password",
-    severity: "high"
-  },
-  {
-    source: "postgresql://[^\\s]+",
-    flags: "g",
-    replacement: "[REDACTED_DB_URL]",
-    description: "PostgreSQL connection strings",
-    category: "db_url",
-    severity: "high"
-  },
-  {
-    source: "mongodb://[^\\s]+",
-    flags: "g",
-    replacement: "[REDACTED_DB_URL]",
-    description: "MongoDB connection strings",
-    category: "db_url",
-    severity: "high"
-  },
-  {
-    source: "mysql://[^\\s]+",
-    flags: "g",
-    replacement: "[REDACTED_DB_URL]",
-    description: "MySQL connection strings",
-    category: "db_url",
-    severity: "high"
-  },
-  {
-    source: "AKIA[A-Z0-9]{16}",
-    flags: "g",
-    replacement: "[REDACTED_AWS_KEY]",
-    description: "AWS access keys",
-    category: "api_key",
-    severity: "critical"
-  },
-  {
-    source: "ghp_[a-zA-Z0-9]{36}",
-    flags: "g",
-    replacement: "[REDACTED_GH_TOKEN]",
-    description: "GitHub personal access tokens",
-    category: "token",
-    severity: "high"
-  },
-  {
-    source: "gho_[a-zA-Z0-9]{36}",
-    flags: "g",
-    replacement: "[REDACTED_GH_TOKEN]",
-    description: "GitHub OAuth tokens",
-    category: "token",
-    severity: "high"
-  },
-  {
-    source: "github_pat_[a-zA-Z0-9_]{22,}",
-    flags: "g",
-    replacement: "[REDACTED_GH_TOKEN]",
-    description: "GitHub fine-grained PATs",
-    category: "token",
-    severity: "high"
-  },
-  {
-    source: "cvk_[a-f0-9]{64}",
-    flags: "g",
-    replacement: "[REDACTED_CANDENGO_KEY]",
-    description: "Candengo API keys",
-    category: "api_key",
-    severity: "critical"
-  },
-  {
-    source: "xox[bpras]-[a-zA-Z0-9\\-]+",
-    flags: "g",
-    replacement: "[REDACTED_SLACK_TOKEN]",
-    description: "Slack tokens",
-    category: "token",
-    severity: "high"
-  }
-];
-function compileCustomPatterns(patterns) {
-  const compiled = [];
-  for (const pattern of patterns) {
-    try {
-      new RegExp(pattern);
-      compiled.push({
-        source: pattern,
-        flags: "g",
-        replacement: "[REDACTED_CUSTOM]",
-        description: `Custom pattern: ${pattern}`,
-        category: "custom",
-        severity: "medium"
-      });
-    } catch {}
-  }
-  return compiled;
-}
-function scrubSecrets(text, customPatterns = []) {
-  let result = text;
-  const allPatterns = [...DEFAULT_PATTERNS, ...compileCustomPatterns(customPatterns)];
-  for (const pattern of allPatterns) {
-    result = result.replace(new RegExp(pattern.source, pattern.flags), pattern.replacement);
-  }
-  return result;
-}
-function containsSecrets(text, customPatterns = []) {
-  const allPatterns = [...DEFAULT_PATTERNS, ...compileCustomPatterns(customPatterns)];
-  for (const pattern of allPatterns) {
-    if (new RegExp(pattern.source, pattern.flags).test(text))
-      return true;
-  }
-  return false;
-}
 // src/capture/quality.ts
 var QUALITY_THRESHOLD = 0.1;
 function scoreQuality(input) {
@@ -3833,7 +3951,8 @@ async function saveObservation(db, config, input) {
   const factsJson = structuredFacts.length > 0 ? config.scrubbing.enabled ? scrubSecrets(JSON.stringify(structuredFacts), customPatterns) : JSON.stringify(structuredFacts) : null;
   const filesReadJson = filesRead ? JSON.stringify(filesRead) : null;
   const filesModifiedJson = filesModified ? JSON.stringify(filesModified) : null;
-  let sensitivity = input.sensitivity ?? config.scrubbing.default_sensitivity;
+  const fleetProject = isFleetProjectName(project.name, config);
+  let sensitivity = input.sensitivity ?? (fleetProject ? "shared" : config.scrubbing.default_sensitivity);
   if (config.scrubbing.enabled && containsSecrets([input.title, input.narrative, JSON.stringify(input.facts)].filter(Boolean).join(" "), customPatterns)) {
     if (sensitivity === "shared") {
       sensitivity = "personal";