engrm 0.4.6 → 0.4.8

package/dist/hooks/user-prompt-submit.js

@@ -0,0 +1,1387 @@
+#!/usr/bin/env node
+import { createRequire } from "node:module";
+var __require = /* @__PURE__ */ createRequire(import.meta.url);
+
+// src/storage/projects.ts
+import { execSync } from "node:child_process";
+import { existsSync, readFileSync } from "node:fs";
+import { basename, join } from "node:path";
+function normaliseGitRemoteUrl(remoteUrl) {
+  let url = remoteUrl.trim();
+  url = url.replace(/^(?:https?|ssh|git):\/\//, "");
+  url = url.replace(/^[^@]+@/, "");
+  url = url.replace(/^([^/:]+):(?!\d)/, "$1/");
+  url = url.replace(/\.git$/, "");
+  url = url.replace(/\/+$/, "");
+  const slashIndex = url.indexOf("/");
+  if (slashIndex !== -1) {
+    const host = url.substring(0, slashIndex).toLowerCase();
+    const path = url.substring(slashIndex);
+    url = host + path;
+  } else {
+    url = url.toLowerCase();
+  }
+  return url;
+}
+function projectNameFromCanonicalId(canonicalId) {
+  const parts = canonicalId.split("/");
+  return parts[parts.length - 1] ?? canonicalId;
+}
+function getGitRemoteUrl(directory) {
+  try {
+    const url = execSync("git remote get-url origin", {
+      cwd: directory,
+      encoding: "utf-8",
+      timeout: 5000,
+      stdio: ["pipe", "pipe", "pipe"]
+    }).trim();
+    return url || null;
+  } catch {
+    try {
+      const remotes = execSync("git remote", {
+        cwd: directory,
+        encoding: "utf-8",
+        timeout: 5000,
+        stdio: ["pipe", "pipe", "pipe"]
+      }).trim().split(`
+`).filter(Boolean);
+      if (remotes.length === 0)
+        return null;
+      const url = execSync(`git remote get-url ${remotes[0]}`, {
+        cwd: directory,
+        encoding: "utf-8",
+        timeout: 5000,
+        stdio: ["pipe", "pipe", "pipe"]
+      }).trim();
+      return url || null;
+    } catch {
+      return null;
+    }
+  }
+}
+function readProjectConfigFile(directory) {
+  const configPath = join(directory, ".engrm.json");
+  if (!existsSync(configPath))
+    return null;
+  try {
+    const raw = readFileSync(configPath, "utf-8");
+    const parsed = JSON.parse(raw);
+    if (typeof parsed["project_id"] !== "string" || !parsed["project_id"]) {
+      return null;
+    }
+    return {
+      project_id: parsed["project_id"],
+      name: typeof parsed["name"] === "string" ? parsed["name"] : undefined
+    };
+  } catch {
+    return null;
+  }
+}
+function detectProject(directory) {
+  const remoteUrl = getGitRemoteUrl(directory);
+  if (remoteUrl) {
+    const canonicalId = normaliseGitRemoteUrl(remoteUrl);
+    return {
+      canonical_id: canonicalId,
+      name: projectNameFromCanonicalId(canonicalId),
+      remote_url: remoteUrl,
+      local_path: directory
+    };
+  }
+  const configFile = readProjectConfigFile(directory);
+  if (configFile) {
+    return {
+      canonical_id: configFile.project_id,
+      name: configFile.name ?? projectNameFromCanonicalId(configFile.project_id),
+      remote_url: null,
+      local_path: directory
+    };
+  }
+  const dirName = basename(directory);
+  return {
+    canonical_id: `local/${dirName}`,
+    name: dirName,
+    remote_url: null,
+    local_path: directory
+  };
+}
+
+// src/config.ts
+import { existsSync as existsSync2, mkdirSync, readFileSync as readFileSync2, writeFileSync } from "node:fs";
+import { homedir, hostname, networkInterfaces } from "node:os";
+import { join as join2 } from "node:path";
+import { createHash } from "node:crypto";
+var CONFIG_DIR = join2(homedir(), ".engrm");
+var SETTINGS_PATH = join2(CONFIG_DIR, "settings.json");
+var DB_PATH = join2(CONFIG_DIR, "engrm.db");
+function getDbPath() {
+  return DB_PATH;
+}
+function generateDeviceId() {
+  const host = hostname().toLowerCase().replace(/[^a-z0-9-]/g, "");
+  let mac = "";
+  const ifaces = networkInterfaces();
+  for (const entries of Object.values(ifaces)) {
+    if (!entries)
+      continue;
+    for (const entry of entries) {
+      if (!entry.internal && entry.mac && entry.mac !== "00:00:00:00:00:00") {
+        mac = entry.mac;
+        break;
+      }
+    }
+    if (mac)
+      break;
+  }
+  const material = `${host}:${mac || "no-mac"}`;
+  const suffix = createHash("sha256").update(material).digest("hex").slice(0, 8);
+  return `${host}-${suffix}`;
+}
+function createDefaultConfig() {
+  return {
+    candengo_url: "",
+    candengo_api_key: "",
+    site_id: "",
+    namespace: "",
+    user_id: "",
+    user_email: "",
+    device_id: generateDeviceId(),
+    teams: [],
+    sync: {
+      enabled: true,
+      interval_seconds: 30,
+      batch_size: 50
+    },
+    search: {
+      default_limit: 10,
+      local_boost: 1.2,
+      scope: "all"
+    },
+    scrubbing: {
+      enabled: true,
+      custom_patterns: [],
+      default_sensitivity: "shared"
+    },
+    sentinel: {
+      enabled: false,
+      mode: "advisory",
+      provider: "openai",
+      model: "gpt-4o-mini",
+      api_key: "",
+      base_url: "",
+      skip_patterns: [],
+      daily_limit: 100,
+      tier: "free"
+    },
+    observer: {
+      enabled: true,
+      mode: "per_event",
+      model: "sonnet"
+    },
+    transcript_analysis: {
+      enabled: false
+    }
+  };
+}
+function loadConfig() {
+  if (!existsSync2(SETTINGS_PATH)) {
+    throw new Error(`Config not found at ${SETTINGS_PATH}. Run 'engrm init --manual' to configure.`);
+  }
+  const raw = readFileSync2(SETTINGS_PATH, "utf-8");
+  let parsed;
+  try {
+    parsed = JSON.parse(raw);
+  } catch {
+    throw new Error(`Invalid JSON in ${SETTINGS_PATH}`);
+  }
+  if (typeof parsed !== "object" || parsed === null) {
+    throw new Error(`Config at ${SETTINGS_PATH} is not a JSON object`);
+  }
+  const config = parsed;
+  const defaults = createDefaultConfig();
+  return {
+    candengo_url: asString(config["candengo_url"], defaults.candengo_url),
+    candengo_api_key: asString(config["candengo_api_key"], defaults.candengo_api_key),
+    site_id: asString(config["site_id"], defaults.site_id),
+    namespace: asString(config["namespace"], defaults.namespace),
+    user_id: asString(config["user_id"], defaults.user_id),
+    user_email: asString(config["user_email"], defaults.user_email),
+    device_id: asString(config["device_id"], defaults.device_id),
+    teams: asTeams(config["teams"], defaults.teams),
+    sync: {
+      enabled: asBool(config["sync"]?.["enabled"], defaults.sync.enabled),
+      interval_seconds: asNumber(config["sync"]?.["interval_seconds"], defaults.sync.interval_seconds),
+      batch_size: asNumber(config["sync"]?.["batch_size"], defaults.sync.batch_size)
+    },
+    search: {
+      default_limit: asNumber(config["search"]?.["default_limit"], defaults.search.default_limit),
+      local_boost: asNumber(config["search"]?.["local_boost"], defaults.search.local_boost),
+      scope: asScope(config["search"]?.["scope"], defaults.search.scope)
+    },
+    scrubbing: {
+      enabled: asBool(config["scrubbing"]?.["enabled"], defaults.scrubbing.enabled),
+      custom_patterns: asStringArray(config["scrubbing"]?.["custom_patterns"], defaults.scrubbing.custom_patterns),
+      default_sensitivity: asSensitivity(config["scrubbing"]?.["default_sensitivity"], defaults.scrubbing.default_sensitivity)
+    },
+    sentinel: {
+      enabled: asBool(config["sentinel"]?.["enabled"], defaults.sentinel.enabled),
+      mode: asSentinelMode(config["sentinel"]?.["mode"], defaults.sentinel.mode),
+      provider: asLlmProvider(config["sentinel"]?.["provider"], defaults.sentinel.provider),
+      model: asString(config["sentinel"]?.["model"], defaults.sentinel.model),
+      api_key: asString(config["sentinel"]?.["api_key"], defaults.sentinel.api_key),
+      base_url: asString(config["sentinel"]?.["base_url"], defaults.sentinel.base_url),
+      skip_patterns: asStringArray(config["sentinel"]?.["skip_patterns"], defaults.sentinel.skip_patterns),
+      daily_limit: asNumber(config["sentinel"]?.["daily_limit"], defaults.sentinel.daily_limit),
+      tier: asTier(config["sentinel"]?.["tier"], defaults.sentinel.tier)
+    },
+    observer: {
+      enabled: asBool(config["observer"]?.["enabled"], defaults.observer.enabled),
+      mode: asObserverMode(config["observer"]?.["mode"], defaults.observer.mode),
+      model: asString(config["observer"]?.["model"], defaults.observer.model)
+    },
+    transcript_analysis: {
+      enabled: asBool(config["transcript_analysis"]?.["enabled"], defaults.transcript_analysis.enabled)
+    }
+  };
+}
+function saveConfig(config) {
+  if (!existsSync2(CONFIG_DIR)) {
+    mkdirSync(CONFIG_DIR, { recursive: true });
+  }
+  writeFileSync(SETTINGS_PATH, JSON.stringify(config, null, 2) + `
+`, "utf-8");
+}
+function configExists() {
+  return existsSync2(SETTINGS_PATH);
+}
+function asString(value, fallback) {
+  return typeof value === "string" ? value : fallback;
+}
+function asNumber(value, fallback) {
+  return typeof value === "number" && !Number.isNaN(value) ? value : fallback;
+}
+function asBool(value, fallback) {
+  return typeof value === "boolean" ? value : fallback;
+}
+function asStringArray(value, fallback) {
+  return Array.isArray(value) && value.every((v) => typeof v === "string") ? value : fallback;
+}
+function asScope(value, fallback) {
+  if (value === "personal" || value === "team" || value === "all")
+    return value;
+  return fallback;
+}
+function asSensitivity(value, fallback) {
+  if (value === "shared" || value === "personal" || value === "secret")
+    return value;
+  return fallback;
+}
+function asSentinelMode(value, fallback) {
+  if (value === "advisory" || value === "blocking")
+    return value;
+  return fallback;
+}
+function asLlmProvider(value, fallback) {
+  if (value === "openai" || value === "anthropic" || value === "ollama" || value === "custom")
+    return value;
+  return fallback;
+}
+function asTier(value, fallback) {
+  if (value === "free" || value === "vibe" || value === "solo" || value === "pro" || value === "team" || value === "enterprise")
+    return value;
+  return fallback;
+}
+function asObserverMode(value, fallback) {
+  if (value === "per_event" || value === "per_session")
+    return value;
+  return fallback;
+}
+function asTeams(value, fallback) {
+  if (!Array.isArray(value))
+    return fallback;
+  return value.filter((t) => typeof t === "object" && t !== null && typeof t.id === "string" && typeof t.name === "string" && typeof t.namespace === "string");
+}
+
+// src/storage/migrations.ts
+var MIGRATIONS = [
+  {
+    version: 1,
+    description: "Initial schema: projects, observations, sessions, sync, FTS5",
+    sql: `
+      -- Projects (canonical identity across machines)
+      CREATE TABLE projects (
+          id              INTEGER PRIMARY KEY AUTOINCREMENT,
+          canonical_id    TEXT UNIQUE NOT NULL,
+          name            TEXT NOT NULL,
+          local_path      TEXT,
+          remote_url      TEXT,
+          first_seen_epoch INTEGER NOT NULL,
+          last_active_epoch INTEGER NOT NULL
+      );
+
+      -- Core observations table
+      CREATE TABLE observations (
+          id              INTEGER PRIMARY KEY AUTOINCREMENT,
+          session_id      TEXT,
+          project_id      INTEGER NOT NULL REFERENCES projects(id),
+          type            TEXT NOT NULL CHECK (type IN (
+              'bugfix', 'discovery', 'decision', 'pattern',
+              'change', 'feature', 'refactor', 'digest'
+          )),
+          title           TEXT NOT NULL,
+          narrative       TEXT,
+          facts           TEXT,
+          concepts        TEXT,
+          files_read      TEXT,
+          files_modified  TEXT,
+          quality         REAL DEFAULT 0.5 CHECK (quality BETWEEN 0.0 AND 1.0),
+          lifecycle       TEXT DEFAULT 'active' CHECK (lifecycle IN (
+              'active', 'aging', 'archived', 'purged', 'pinned'
+          )),
+          sensitivity     TEXT DEFAULT 'shared' CHECK (sensitivity IN (
+              'shared', 'personal', 'secret'
+          )),
+          user_id         TEXT NOT NULL,
+          device_id       TEXT NOT NULL,
+          agent           TEXT DEFAULT 'claude-code',
+          created_at      TEXT NOT NULL,
+          created_at_epoch INTEGER NOT NULL,
+          archived_at_epoch INTEGER,
+          compacted_into  INTEGER REFERENCES observations(id) ON DELETE SET NULL
+      );
+
+      -- Session tracking
+      CREATE TABLE sessions (
+          id              INTEGER PRIMARY KEY AUTOINCREMENT,
+          session_id      TEXT UNIQUE NOT NULL,
+          project_id      INTEGER REFERENCES projects(id),
+          user_id         TEXT NOT NULL,
+          device_id       TEXT NOT NULL,
+          agent           TEXT DEFAULT 'claude-code',
+          status          TEXT DEFAULT 'active' CHECK (status IN ('active', 'completed')),
+          observation_count INTEGER DEFAULT 0,
+          started_at_epoch INTEGER,
+          completed_at_epoch INTEGER
+      );
+
+      -- Session summaries (generated on Stop hook)
+      CREATE TABLE session_summaries (
+          id              INTEGER PRIMARY KEY AUTOINCREMENT,
+          session_id      TEXT UNIQUE NOT NULL,
+          project_id      INTEGER REFERENCES projects(id),
+          user_id         TEXT NOT NULL,
+          request         TEXT,
+          investigated    TEXT,
+          learned         TEXT,
+          completed       TEXT,
+          next_steps      TEXT,
+          created_at_epoch INTEGER
+      );
+
+      -- Sync outbox (offline-first queue)
+      CREATE TABLE sync_outbox (
+          id              INTEGER PRIMARY KEY AUTOINCREMENT,
+          record_type     TEXT NOT NULL CHECK (record_type IN ('observation', 'summary')),
+          record_id       INTEGER NOT NULL,
+          status          TEXT DEFAULT 'pending' CHECK (status IN (
+              'pending', 'syncing', 'synced', 'failed'
+          )),
+          retry_count     INTEGER DEFAULT 0,
+          max_retries     INTEGER DEFAULT 10,
+          last_error      TEXT,
+          created_at_epoch INTEGER NOT NULL,
+          synced_at_epoch  INTEGER,
+          next_retry_epoch INTEGER
+      );
+
+      -- Sync high-water mark and lifecycle job tracking
+      CREATE TABLE sync_state (
+          key   TEXT PRIMARY KEY,
+          value TEXT NOT NULL
+      );
+
+      -- FTS5 for local offline search (external content mode)
+      CREATE VIRTUAL TABLE observations_fts USING fts5(
+          title, narrative, facts, concepts,
+          content=observations,
+          content_rowid=id
+      );
+
+      -- Indexes: observations
+      CREATE INDEX idx_observations_project ON observations(project_id);
+      CREATE INDEX idx_observations_project_lifecycle ON observations(project_id, lifecycle);
+      CREATE INDEX idx_observations_type ON observations(type);
+      CREATE INDEX idx_observations_created ON observations(created_at_epoch);
+      CREATE INDEX idx_observations_session ON observations(session_id);
+      CREATE INDEX idx_observations_lifecycle ON observations(lifecycle);
+      CREATE INDEX idx_observations_quality ON observations(quality);
+      CREATE INDEX idx_observations_user ON observations(user_id);
+
+      -- Indexes: sessions
+      CREATE INDEX idx_sessions_project ON sessions(project_id);
+
+      -- Indexes: sync outbox
+      CREATE INDEX idx_outbox_status ON sync_outbox(status, next_retry_epoch);
+      CREATE INDEX idx_outbox_record ON sync_outbox(record_type, record_id);
+    `
+  },
+  {
+    version: 2,
+    description: "Add superseded_by for knowledge supersession",
+    sql: `
+      ALTER TABLE observations ADD COLUMN superseded_by INTEGER REFERENCES observations(id) ON DELETE SET NULL;
+      CREATE INDEX idx_observations_superseded ON observations(superseded_by);
+    `
+  },
+  {
+    version: 3,
+    description: "Add remote_source_id for pull deduplication",
+    sql: `
+      ALTER TABLE observations ADD COLUMN remote_source_id TEXT;
+      CREATE UNIQUE INDEX idx_observations_remote_source ON observations(remote_source_id) WHERE remote_source_id IS NOT NULL;
+    `
+  },
+  {
+    version: 4,
+    description: "Add sqlite-vec for local semantic search",
+    sql: `
+      CREATE VIRTUAL TABLE vec_observations USING vec0(
+        observation_id INTEGER PRIMARY KEY,
+        embedding float[384]
+      );
+    `,
+    condition: (db) => isVecExtensionLoaded(db)
+  },
+  {
+    version: 5,
+    description: "Session metrics and security findings",
+    sql: `
+      ALTER TABLE sessions ADD COLUMN files_touched_count INTEGER DEFAULT 0;
+      ALTER TABLE sessions ADD COLUMN searches_performed INTEGER DEFAULT 0;
+      ALTER TABLE sessions ADD COLUMN tool_calls_count INTEGER DEFAULT 0;
+
+      CREATE TABLE security_findings (
+          id              INTEGER PRIMARY KEY AUTOINCREMENT,
+          session_id      TEXT,
+          project_id      INTEGER NOT NULL REFERENCES projects(id),
+          finding_type    TEXT NOT NULL,
+          severity        TEXT NOT NULL DEFAULT 'medium' CHECK (severity IN ('critical', 'high', 'medium', 'low')),
+          pattern_name    TEXT NOT NULL,
+          file_path       TEXT,
+          snippet         TEXT,
+          tool_name       TEXT,
+          user_id         TEXT NOT NULL,
+          device_id       TEXT NOT NULL,
+          created_at_epoch INTEGER NOT NULL
+      );
+
+      CREATE INDEX idx_security_findings_session ON security_findings(session_id);
+      CREATE INDEX idx_security_findings_project ON security_findings(project_id, created_at_epoch);
+      CREATE INDEX idx_security_findings_severity ON security_findings(severity);
+    `
+  },
+  {
+    version: 6,
+    description: "Add risk_score, expand observation types to include standard",
+    sql: `
+      ALTER TABLE sessions ADD COLUMN risk_score INTEGER;
+
+      -- Recreate observations table with expanded type CHECK to include 'standard'
+      -- SQLite doesn't support ALTER CHECK, so we recreate the table
+      CREATE TABLE observations_new (
+          id              INTEGER PRIMARY KEY AUTOINCREMENT,
+          session_id      TEXT,
+          project_id      INTEGER NOT NULL REFERENCES projects(id),
+          type            TEXT NOT NULL CHECK (type IN (
+              'bugfix', 'discovery', 'decision', 'pattern',
+              'change', 'feature', 'refactor', 'digest', 'standard'
+          )),
+          title           TEXT NOT NULL,
+          narrative       TEXT,
+          facts           TEXT,
+          concepts        TEXT,
+          files_read      TEXT,
+          files_modified  TEXT,
+          quality         REAL DEFAULT 0.5 CHECK (quality BETWEEN 0.0 AND 1.0),
+          lifecycle       TEXT DEFAULT 'active' CHECK (lifecycle IN (
+              'active', 'aging', 'archived', 'purged', 'pinned'
+          )),
+          sensitivity     TEXT DEFAULT 'shared' CHECK (sensitivity IN (
+              'shared', 'personal', 'secret'
+          )),
+          user_id         TEXT NOT NULL,
+          device_id       TEXT NOT NULL,
+          agent           TEXT DEFAULT 'claude-code',
+          created_at      TEXT NOT NULL,
+          created_at_epoch INTEGER NOT NULL,
+          archived_at_epoch INTEGER,
+          compacted_into  INTEGER REFERENCES observations(id) ON DELETE SET NULL,
+          superseded_by   INTEGER REFERENCES observations(id) ON DELETE SET NULL,
+          remote_source_id TEXT
+      );
+
+      INSERT INTO observations_new SELECT * FROM observations;
+
+      DROP TABLE observations;
+      ALTER TABLE observations_new RENAME TO observations;
+
+      -- Recreate indexes
+      CREATE INDEX idx_observations_project ON observations(project_id);
+      CREATE INDEX idx_observations_project_lifecycle ON observations(project_id, lifecycle);
+      CREATE INDEX idx_observations_type ON observations(type);
+      CREATE INDEX idx_observations_created ON observations(created_at_epoch);
+      CREATE INDEX idx_observations_session ON observations(session_id);
+      CREATE INDEX idx_observations_lifecycle ON observations(lifecycle);
+      CREATE INDEX idx_observations_quality ON observations(quality);
+      CREATE INDEX idx_observations_user ON observations(user_id);
+      CREATE INDEX idx_observations_superseded ON observations(superseded_by);
+      CREATE UNIQUE INDEX idx_observations_remote_source ON observations(remote_source_id) WHERE remote_source_id IS NOT NULL;
+
+      -- Recreate FTS5 (external content mode — must rebuild after table recreation)
+      DROP TABLE IF EXISTS observations_fts;
+      CREATE VIRTUAL TABLE observations_fts USING fts5(
+          title, narrative, facts, concepts,
+          content=observations,
+          content_rowid=id
+      );
+      -- Rebuild FTS index
+      INSERT INTO observations_fts(observations_fts) VALUES('rebuild');
+    `
+  },
+  {
+    version: 7,
+    description: "Add packs_installed table for help pack tracking",
+    sql: `
+      CREATE TABLE IF NOT EXISTS packs_installed (
+          name            TEXT PRIMARY KEY,
+          installed_at    INTEGER NOT NULL,
+          observation_count INTEGER DEFAULT 0
+      );
+    `
+  },
+  {
+    version: 8,
+    description: "Add message type to observations CHECK constraint",
+    sql: `
+      CREATE TABLE IF NOT EXISTS observations_v8 (
+          id              INTEGER PRIMARY KEY AUTOINCREMENT,
+          session_id      TEXT,
+          project_id      INTEGER NOT NULL REFERENCES projects(id),
+          type            TEXT NOT NULL CHECK (type IN (
+              'bugfix', 'discovery', 'decision', 'pattern',
+              'change', 'feature', 'refactor', 'digest', 'standard', 'message'
+          )),
+          title           TEXT NOT NULL,
+          narrative       TEXT,
+          facts           TEXT,
+          concepts        TEXT,
+          files_read      TEXT,
+          files_modified  TEXT,
+          quality         REAL DEFAULT 0.5 CHECK (quality BETWEEN 0.0 AND 1.0),
+          lifecycle       TEXT DEFAULT 'active' CHECK (lifecycle IN (
+              'active', 'aging', 'archived', 'purged', 'pinned'
+          )),
+          sensitivity     TEXT DEFAULT 'shared' CHECK (sensitivity IN (
+              'shared', 'personal', 'secret'
+          )),
+          user_id         TEXT NOT NULL,
+          device_id       TEXT NOT NULL,
+          agent           TEXT DEFAULT 'claude-code',
+          created_at      TEXT NOT NULL,
+          created_at_epoch INTEGER NOT NULL,
+          archived_at_epoch INTEGER,
+          compacted_into  INTEGER REFERENCES observations(id) ON DELETE SET NULL,
+          superseded_by   INTEGER REFERENCES observations(id) ON DELETE SET NULL,
+          remote_source_id TEXT
+      );
+      INSERT INTO observations_v8 SELECT * FROM observations;
+      DROP TABLE observations;
+      ALTER TABLE observations_v8 RENAME TO observations;
+      CREATE INDEX idx_observations_project ON observations(project_id);
+      CREATE INDEX idx_observations_project_lifecycle ON observations(project_id, lifecycle);
+      CREATE INDEX idx_observations_type ON observations(type);
+      CREATE INDEX idx_observations_created ON observations(created_at_epoch);
+      CREATE INDEX idx_observations_session ON observations(session_id);
+      CREATE INDEX idx_observations_lifecycle ON observations(lifecycle);
+      CREATE INDEX idx_observations_quality ON observations(quality);
+      CREATE INDEX idx_observations_user ON observations(user_id);
+      CREATE INDEX idx_observations_superseded ON observations(superseded_by);
+      CREATE UNIQUE INDEX idx_observations_remote_source ON observations(remote_source_id) WHERE remote_source_id IS NOT NULL;
+      DROP TABLE IF EXISTS observations_fts;
+      CREATE VIRTUAL TABLE observations_fts USING fts5(
+          title, narrative, facts, concepts,
+          content=observations,
+          content_rowid=id
+      );
+      INSERT INTO observations_fts(observations_fts) VALUES('rebuild');
+    `
+  },
+  {
+    version: 9,
+    description: "Add first-class user prompt capture",
+    sql: `
+      CREATE TABLE IF NOT EXISTS user_prompts (
+          id                INTEGER PRIMARY KEY AUTOINCREMENT,
+          session_id        TEXT NOT NULL,
+          project_id        INTEGER REFERENCES projects(id),
+          prompt_number     INTEGER NOT NULL,
+          prompt            TEXT NOT NULL,
+          prompt_hash       TEXT NOT NULL,
+          cwd               TEXT,
+          user_id           TEXT NOT NULL,
+          device_id         TEXT NOT NULL,
+          agent             TEXT DEFAULT 'claude-code',
+          created_at_epoch  INTEGER NOT NULL,
+          UNIQUE(session_id, prompt_number)
+      );
+
+      CREATE INDEX IF NOT EXISTS idx_user_prompts_session
+        ON user_prompts(session_id, prompt_number DESC);
+      CREATE INDEX IF NOT EXISTS idx_user_prompts_project
+        ON user_prompts(project_id, created_at_epoch DESC);
+      CREATE INDEX IF NOT EXISTS idx_user_prompts_created
+        ON user_prompts(created_at_epoch DESC);
+      CREATE INDEX IF NOT EXISTS idx_user_prompts_hash
+        ON user_prompts(prompt_hash);
+    `
+  },
+  {
+    version: 10,
+    description: "Add first-class tool event chronology",
+    sql: `
+      CREATE TABLE IF NOT EXISTS tool_events (
+          id                  INTEGER PRIMARY KEY AUTOINCREMENT,
+          session_id          TEXT NOT NULL,
+          project_id          INTEGER REFERENCES projects(id),
+          tool_name           TEXT NOT NULL,
+          tool_input_json     TEXT,
+          tool_response_preview TEXT,
+          file_path           TEXT,
+          command             TEXT,
+          user_id             TEXT NOT NULL,
+          device_id           TEXT NOT NULL,
+          agent               TEXT DEFAULT 'claude-code',
+          created_at_epoch    INTEGER NOT NULL
+      );
+
+      CREATE INDEX IF NOT EXISTS idx_tool_events_session
+        ON tool_events(session_id, created_at_epoch DESC, id DESC);
+      CREATE INDEX IF NOT EXISTS idx_tool_events_project
+        ON tool_events(project_id, created_at_epoch DESC, id DESC);
+      CREATE INDEX IF NOT EXISTS idx_tool_events_tool_name
+        ON tool_events(tool_name, created_at_epoch DESC);
+      CREATE INDEX IF NOT EXISTS idx_tool_events_created
+        ON tool_events(created_at_epoch DESC, id DESC);
+    `
+  }
+];
+function isVecExtensionLoaded(db) {
+  try {
+    db.exec("SELECT vec_version()");
+    return true;
+  } catch {
+    return false;
+  }
+}
+function runMigrations(db) {
+  const currentVersion = db.query("PRAGMA user_version").get();
+  let version = currentVersion.user_version;
+  for (const migration of MIGRATIONS) {
+    if (migration.version <= version)
+      continue;
+    if (migration.condition && !migration.condition(db)) {
+      continue;
+    }
+    db.exec("BEGIN TRANSACTION");
+    try {
+      db.exec(migration.sql);
+      db.exec(`PRAGMA user_version = ${migration.version}`);
+      db.exec("COMMIT");
+      version = migration.version;
+    } catch (error) {
+      db.exec("ROLLBACK");
+      throw new Error(`Migration ${migration.version} (${migration.description}) failed: ${error instanceof Error ? error.message : String(error)}`);
+    }
+  }
+}
+function ensureObservationTypes(db) {
+  try {
+    db.exec("INSERT INTO observations (session_id, project_id, type, title, user_id, device_id, agent, created_at, created_at_epoch) " + "VALUES ('_typecheck', 1, 'message', '_test', '_test', '_test', '_test', '2000-01-01', 0)");
+    db.exec("DELETE FROM observations WHERE session_id = '_typecheck'");
+  } catch {
+    db.exec("BEGIN TRANSACTION");
+    try {
+      db.exec(`
+        CREATE TABLE observations_repair (
+          id INTEGER PRIMARY KEY AUTOINCREMENT, session_id TEXT,
+          project_id INTEGER NOT NULL REFERENCES projects(id),
+          type TEXT NOT NULL CHECK (type IN (
+            'bugfix','discovery','decision','pattern','change','feature',
+            'refactor','digest','standard','message')),
+          title TEXT NOT NULL, narrative TEXT, facts TEXT, concepts TEXT,
+          files_read TEXT, files_modified TEXT,
+          quality REAL DEFAULT 0.5 CHECK (quality BETWEEN 0.0 AND 1.0),
+          lifecycle TEXT DEFAULT 'active' CHECK (lifecycle IN ('active','aging','archived','purged','pinned')),
+          sensitivity TEXT DEFAULT 'shared' CHECK (sensitivity IN ('shared','personal','secret')),
+          user_id TEXT NOT NULL, device_id TEXT NOT NULL, agent TEXT DEFAULT 'claude-code',
+          created_at TEXT NOT NULL, created_at_epoch INTEGER NOT NULL,
+          archived_at_epoch INTEGER,
+          compacted_into INTEGER REFERENCES observations(id) ON DELETE SET NULL,
+          superseded_by INTEGER REFERENCES observations(id) ON DELETE SET NULL,
+          remote_source_id TEXT
+        );
+        INSERT INTO observations_repair SELECT * FROM observations;
+        DROP TABLE observations;
+        ALTER TABLE observations_repair RENAME TO observations;
+        CREATE INDEX IF NOT EXISTS idx_observations_project ON observations(project_id);
+        CREATE INDEX IF NOT EXISTS idx_observations_type ON observations(type);
+        CREATE INDEX IF NOT EXISTS idx_observations_created ON observations(created_at_epoch);
+        CREATE INDEX IF NOT EXISTS idx_observations_session ON observations(session_id);
+        CREATE INDEX IF NOT EXISTS idx_observations_lifecycle ON observations(lifecycle);
+        CREATE INDEX IF NOT EXISTS idx_observations_quality ON observations(quality);
+        CREATE INDEX IF NOT EXISTS idx_observations_user ON observations(user_id);
+        CREATE INDEX IF NOT EXISTS idx_observations_superseded ON observations(superseded_by);
+        CREATE UNIQUE INDEX IF NOT EXISTS idx_observations_remote_source ON observations(remote_source_id) WHERE remote_source_id IS NOT NULL;
+        DROP TABLE IF EXISTS observations_fts;
+        CREATE VIRTUAL TABLE observations_fts USING fts5(
+          title, narrative, facts, concepts, content=observations, content_rowid=id
+        );
+        INSERT INTO observations_fts(observations_fts) VALUES('rebuild');
+      `);
+      db.exec("COMMIT");
+    } catch (err) {
+      db.exec("ROLLBACK");
+    }
+  }
+}
+var LATEST_SCHEMA_VERSION = MIGRATIONS.filter((m) => !m.condition).reduce((max, m) => Math.max(max, m.version), 0);
+
+// src/storage/sqlite.ts
+import { createHash as createHash2 } from "node:crypto";
+var IS_BUN = typeof globalThis.Bun !== "undefined";
+function openDatabase(dbPath) {
+  if (IS_BUN) {
+    return openBunDatabase(dbPath);
+  }
+  return openNodeDatabase(dbPath);
+}
+function openBunDatabase(dbPath) {
+  const { Database } = __require("bun:sqlite");
+  if (process.platform === "darwin") {
+    const { existsSync: existsSync3 } = __require("node:fs");
+    const paths = [
+      "/opt/homebrew/opt/sqlite/lib/libsqlite3.dylib",
+      "/usr/local/opt/sqlite3/lib/libsqlite3.dylib"
+    ];
+    for (const p of paths) {
+      if (existsSync3(p)) {
+        try {
+          Database.setCustomSQLite(p);
+        } catch {}
+        break;
+      }
+    }
+  }
+  const db = new Database(dbPath);
+  return db;
+}
+function openNodeDatabase(dbPath) {
+  const BetterSqlite3 = __require("better-sqlite3");
+  const raw = new BetterSqlite3(dbPath);
+  return {
+    query(sql) {
+      const stmt = raw.prepare(sql);
+      return {
+        get(...params) {
+          return stmt.get(...params);
+        },
+        all(...params) {
+          return stmt.all(...params);
+        },
+        run(...params) {
+          return stmt.run(...params);
+        }
+      };
+    },
+    exec(sql) {
+      raw.exec(sql);
+    },
+    close() {
+      raw.close();
+    }
+  };
+}
+
+class MemDatabase {
+  db;
+  vecAvailable;
+  constructor(dbPath) {
+    this.db = openDatabase(dbPath);
+    this.db.exec("PRAGMA journal_mode = WAL");
+    this.db.exec("PRAGMA foreign_keys = ON");
+    this.vecAvailable = this.loadVecExtension();
+    runMigrations(this.db);
+    ensureObservationTypes(this.db);
+  }
+  loadVecExtension() {
+    try {
+      const sqliteVec = __require("sqlite-vec");
+      sqliteVec.load(this.db);
+      return true;
+    } catch {
+      return false;
+    }
+  }
+  close() {
+    this.db.close();
+  }
+  upsertProject(project) {
+    const now = Math.floor(Date.now() / 1000);
+    const existing = this.db.query("SELECT * FROM projects WHERE canonical_id = ?").get(project.canonical_id);
+    if (existing) {
+      this.db.query(`UPDATE projects SET
+            local_path = COALESCE(?, local_path),
+            remote_url = COALESCE(?, remote_url),
+            last_active_epoch = ?
+          WHERE id = ?`).run(project.local_path ?? null, project.remote_url ?? null, now, existing.id);
+      return {
+        ...existing,
+        local_path: project.local_path ?? existing.local_path,
+        remote_url: project.remote_url ?? existing.remote_url,
+        last_active_epoch: now
+      };
+    }
+    const result = this.db.query(`INSERT INTO projects (canonical_id, name, local_path, remote_url, first_seen_epoch, last_active_epoch)
+        VALUES (?, ?, ?, ?, ?, ?)`).run(project.canonical_id, project.name, project.local_path ?? null, project.remote_url ?? null, now, now);
+    return this.db.query("SELECT * FROM projects WHERE id = ?").get(Number(result.lastInsertRowid));
+  }
+  getProjectByCanonicalId(canonicalId) {
+    return this.db.query("SELECT * FROM projects WHERE canonical_id = ?").get(canonicalId) ?? null;
+  }
+  getProjectById(id) {
+    return this.db.query("SELECT * FROM projects WHERE id = ?").get(id) ?? null;
+  }
+  insertObservation(obs) {
+    const now = obs.created_at_epoch ?? Math.floor(Date.now() / 1000);
+    const createdAt = obs.created_at ?? new Date(now * 1000).toISOString();
+    const result = this.db.query(`INSERT INTO observations (
+          session_id, project_id, type, title, narrative, facts, concepts,
+          files_read, files_modified, quality, lifecycle, sensitivity,
+          user_id, device_id, agent, created_at, created_at_epoch
+        ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`).run(obs.session_id ?? null, obs.project_id, obs.type, obs.title, obs.narrative ?? null, obs.facts ?? null, obs.concepts ?? null, obs.files_read ?? null, obs.files_modified ?? null, obs.quality, obs.lifecycle ?? "active", obs.sensitivity ?? "shared", obs.user_id, obs.device_id, obs.agent ?? "claude-code", createdAt, now);
+    const id = Number(result.lastInsertRowid);
+    const row = this.getObservationById(id);
+    this.ftsInsert(row);
+    if (obs.session_id) {
+      this.db.query("UPDATE sessions SET observation_count = observation_count + 1 WHERE session_id = ?").run(obs.session_id);
+    }
+    return row;
+  }
+  getObservationById(id) {
+    return this.db.query("SELECT * FROM observations WHERE id = ?").get(id) ?? null;
+  }
+  getObservationsByIds(ids, userId) {
+    if (ids.length === 0)
+      return [];
+    const placeholders = ids.map(() => "?").join(",");
+    const visibilityClause = userId ? " AND (sensitivity != 'personal' OR user_id = ?)" : "";
+    return this.db.query(`SELECT * FROM observations
+         WHERE id IN (${placeholders})${visibilityClause}
+         ORDER BY created_at_epoch DESC`).all(...ids, ...userId ? [userId] : []);
+  }
+  getRecentObservations(projectId, sincEpoch, limit = 50) {
+    return this.db.query(`SELECT * FROM observations
+        WHERE project_id = ? AND created_at_epoch > ?
+        ORDER BY created_at_epoch DESC
+        LIMIT ?`).all(projectId, sincEpoch, limit);
+  }
+  searchFts(query, projectId, lifecycles = ["active", "aging", "pinned"], limit = 20, userId) {
+    const lifecyclePlaceholders = lifecycles.map(() => "?").join(",");
+    const visibilityClause = userId ? " AND (o.sensitivity != 'personal' OR o.user_id = ?)" : "";
+    if (projectId !== null) {
+      return this.db.query(`SELECT o.id, observations_fts.rank
+          FROM observations_fts
+          JOIN observations o ON o.id = observations_fts.rowid
+          WHERE observations_fts MATCH ?
+            AND o.project_id = ?
+            AND o.lifecycle IN (${lifecyclePlaceholders})
+            ${visibilityClause}
+          ORDER BY observations_fts.rank
+          LIMIT ?`).all(query, projectId, ...lifecycles, ...userId ? [userId] : [], limit);
+    }
+    return this.db.query(`SELECT o.id, observations_fts.rank
+        FROM observations_fts
+        JOIN observations o ON o.id = observations_fts.rowid
+        WHERE observations_fts MATCH ?
+          AND o.lifecycle IN (${lifecyclePlaceholders})
+          ${visibilityClause}
+        ORDER BY observations_fts.rank
+        LIMIT ?`).all(query, ...lifecycles, ...userId ? [userId] : [], limit);
+  }
+  getTimeline(anchorId, projectId, depthBefore = 3, depthAfter = 3, userId) {
+    const visibilityClause = userId ? " AND (sensitivity != 'personal' OR user_id = ?)" : "";
+    const anchor = this.db.query(`SELECT * FROM observations WHERE id = ?${visibilityClause}`).get(anchorId, ...userId ? [userId] : []) ?? null;
+    if (!anchor)
+      return [];
+    const projectFilter = projectId !== null ? "AND project_id = ?" : "";
+    const projectParams = projectId !== null ? [projectId] : [];
+    const visibilityParams = userId ? [userId] : [];
+    const before = this.db.query(`SELECT * FROM observations
+        WHERE created_at_epoch < ? ${projectFilter}
+          AND lifecycle IN ('active', 'aging', 'pinned')
+          ${visibilityClause}
+        ORDER BY created_at_epoch DESC
+        LIMIT ?`).all(anchor.created_at_epoch, ...projectParams, ...visibilityParams, depthBefore);
+    const after = this.db.query(`SELECT * FROM observations
+        WHERE created_at_epoch > ? ${projectFilter}
+          AND lifecycle IN ('active', 'aging', 'pinned')
+          ${visibilityClause}
+        ORDER BY created_at_epoch ASC
+        LIMIT ?`).all(anchor.created_at_epoch, ...projectParams, ...visibilityParams, depthAfter);
+    return [...before.reverse(), anchor, ...after];
+  }
+  pinObservation(id, pinned) {
+    const obs = this.getObservationById(id);
+    if (!obs)
+      return false;
+    if (pinned) {
+      if (obs.lifecycle !== "active" && obs.lifecycle !== "aging")
+        return false;
+      this.db.query("UPDATE observations SET lifecycle = 'pinned' WHERE id = ?").run(id);
+    } else {
+      if (obs.lifecycle !== "pinned")
+        return false;
+      this.db.query("UPDATE observations SET lifecycle = 'active' WHERE id = ?").run(id);
+    }
+    return true;
+  }
+  getActiveObservationCount(userId) {
+    if (userId) {
+      const result2 = this.db.query(`SELECT COUNT(*) as count FROM observations
+          WHERE lifecycle IN ('active', 'aging')
+            AND sensitivity != 'secret'
+            AND user_id = ?`).get(userId);
+      return result2?.count ?? 0;
+    }
+    const result = this.db.query(`SELECT COUNT(*) as count FROM observations
+        WHERE lifecycle IN ('active', 'aging')
+          AND sensitivity != 'secret'`).get();
+    return result?.count ?? 0;
+  }
+  supersedeObservation(oldId, newId) {
+    if (oldId === newId)
+      return false;
+    const replacement = this.getObservationById(newId);
+    if (!replacement)
+      return false;
+    let targetId = oldId;
+    const visited = new Set;
+    for (let depth = 0;depth < 10; depth++) {
+      const target2 = this.getObservationById(targetId);
+      if (!target2)
+        return false;
+      if (target2.superseded_by === null)
+        break;
+      if (target2.superseded_by === newId)
+        return true;
+      visited.add(targetId);
+      targetId = target2.superseded_by;
+      if (visited.has(targetId))
+        return false;
+    }
+    const target = this.getObservationById(targetId);
+    if (!target)
+      return false;
+    if (target.superseded_by !== null)
+      return false;
+    if (targetId === newId)
+      return false;
+    const now = Math.floor(Date.now() / 1000);
+    this.db.query(`UPDATE observations
+         SET superseded_by = ?, lifecycle = 'archived', archived_at_epoch = ?
+         WHERE id = ?`).run(newId, now, targetId);
+    this.ftsDelete(target);
+    this.vecDelete(targetId);
+    return true;
+  }
+  isSuperseded(id) {
+    const obs = this.getObservationById(id);
+    return obs !== null && obs.superseded_by !== null;
+  }
+  upsertSession(sessionId, projectId, userId, deviceId, agent = "claude-code") {
+    const existing = this.db.query("SELECT * FROM sessions WHERE session_id = ?").get(sessionId);
+    if (existing)
+      return existing;
+    const now = Math.floor(Date.now() / 1000);
+    this.db.query(`INSERT INTO sessions (session_id, project_id, user_id, device_id, agent, started_at_epoch)
+        VALUES (?, ?, ?, ?, ?, ?)`).run(sessionId, projectId, userId, deviceId, agent, now);
+    return this.db.query("SELECT * FROM sessions WHERE session_id = ?").get(sessionId);
+  }
+  completeSession(sessionId) {
+    const now = Math.floor(Date.now() / 1000);
+    this.db.query("UPDATE sessions SET status = 'completed', completed_at_epoch = ? WHERE session_id = ?").run(now, sessionId);
+  }
+  getSessionById(sessionId) {
+    return this.db.query("SELECT * FROM sessions WHERE session_id = ?").get(sessionId) ?? null;
+  }
+  getRecentSessions(projectId, limit = 10, userId) {
+    const visibilityClause = userId ? " AND s.user_id = ?" : "";
+    if (projectId !== null) {
+      return this.db.query(`SELECT
+             s.*,
+             p.name AS project_name,
+             ss.request AS request,
+             ss.completed AS completed,
+             (SELECT COUNT(*) FROM user_prompts up WHERE up.session_id = s.session_id) AS prompt_count,
+             (SELECT COUNT(*) FROM tool_events te WHERE te.session_id = s.session_id) AS tool_event_count
+           FROM sessions s
+           LEFT JOIN projects p ON p.id = s.project_id
+           LEFT JOIN session_summaries ss ON ss.session_id = s.session_id
+           WHERE s.project_id = ?${visibilityClause}
+           ORDER BY COALESCE(s.completed_at_epoch, s.started_at_epoch, 0) DESC, s.id DESC
+           LIMIT ?`).all(projectId, ...userId ? [userId] : [], limit);
+    }
+    return this.db.query(`SELECT
+           s.*,
+           p.name AS project_name,
+           ss.request AS request,
+           ss.completed AS completed,
+           (SELECT COUNT(*) FROM user_prompts up WHERE up.session_id = s.session_id) AS prompt_count,
+           (SELECT COUNT(*) FROM tool_events te WHERE te.session_id = s.session_id) AS tool_event_count
+         FROM sessions s
+         LEFT JOIN projects p ON p.id = s.project_id
+         LEFT JOIN session_summaries ss ON ss.session_id = s.session_id
+         WHERE 1 = 1${visibilityClause}
+         ORDER BY COALESCE(s.completed_at_epoch, s.started_at_epoch, 0) DESC, s.id DESC
+         LIMIT ?`).all(...userId ? [userId] : [], limit);
+  }
+  insertUserPrompt(input) {
+    const createdAt = input.created_at_epoch ?? Math.floor(Date.now() / 1000);
+    const normalizedPrompt = input.prompt.trim();
+    const promptHash = hashPrompt(normalizedPrompt);
+    const latest = this.db.query(`SELECT * FROM user_prompts
+         WHERE session_id = ?
+         ORDER BY prompt_number DESC
+         LIMIT 1`).get(input.session_id);
+    if (latest && latest.prompt_hash === promptHash) {
+      return latest;
+    }
+    const promptNumber = (latest?.prompt_number ?? 0) + 1;
+    const result = this.db.query(`INSERT INTO user_prompts (
+          session_id, project_id, prompt_number, prompt, prompt_hash, cwd,
+          user_id, device_id, agent, created_at_epoch
+        ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`).run(input.session_id, input.project_id, promptNumber, normalizedPrompt, promptHash, input.cwd ?? null, input.user_id, input.device_id, input.agent ?? "claude-code", createdAt);
+    return this.getUserPromptById(Number(result.lastInsertRowid));
+  }
+  getUserPromptById(id) {
+    return this.db.query("SELECT * FROM user_prompts WHERE id = ?").get(id) ?? null;
+  }
+  getRecentUserPrompts(projectId, limit = 10, userId) {
+    const visibilityClause = userId ? " AND user_id = ?" : "";
+    if (projectId !== null) {
+      return this.db.query(`SELECT * FROM user_prompts
+           WHERE project_id = ?${visibilityClause}
+           ORDER BY created_at_epoch DESC, prompt_number DESC
+           LIMIT ?`).all(projectId, ...userId ? [userId] : [], limit);
+    }
+    return this.db.query(`SELECT * FROM user_prompts
+         WHERE 1 = 1${visibilityClause}
+         ORDER BY created_at_epoch DESC, prompt_number DESC
+         LIMIT ?`).all(...userId ? [userId] : [], limit);
+  }
+  getSessionUserPrompts(sessionId, limit = 20) {
+    return this.db.query(`SELECT * FROM user_prompts
+         WHERE session_id = ?
+         ORDER BY prompt_number ASC
+         LIMIT ?`).all(sessionId, limit);
+  }
+  insertToolEvent(input) {
+    const createdAt = input.created_at_epoch ?? Math.floor(Date.now() / 1000);
+    const result = this.db.query(`INSERT INTO tool_events (
+          session_id, project_id, tool_name, tool_input_json, tool_response_preview,
+          file_path, command, user_id, device_id, agent, created_at_epoch
+        ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`).run(input.session_id, input.project_id, input.tool_name, input.tool_input_json ?? null, input.tool_response_preview ?? null, input.file_path ?? null, input.command ?? null, input.user_id, input.device_id, input.agent ?? "claude-code", createdAt);
+    return this.getToolEventById(Number(result.lastInsertRowid));
+  }
+  getToolEventById(id) {
+    return this.db.query("SELECT * FROM tool_events WHERE id = ?").get(id) ?? null;
+  }
+  getSessionToolEvents(sessionId, limit = 20) {
+    return this.db.query(`SELECT * FROM tool_events
+         WHERE session_id = ?
+         ORDER BY created_at_epoch ASC, id ASC
+         LIMIT ?`).all(sessionId, limit);
+  }
+  getRecentToolEvents(projectId, limit = 20, userId) {
+    const visibilityClause = userId ? " AND user_id = ?" : "";
+    if (projectId !== null) {
+      return this.db.query(`SELECT * FROM tool_events
+           WHERE project_id = ?${visibilityClause}
+           ORDER BY created_at_epoch DESC, id DESC
+           LIMIT ?`).all(projectId, ...userId ? [userId] : [], limit);
+    }
+    return this.db.query(`SELECT * FROM tool_events
+         WHERE 1 = 1${visibilityClause}
+         ORDER BY created_at_epoch DESC, id DESC
+         LIMIT ?`).all(...userId ? [userId] : [], limit);
+  }
+  addToOutbox(recordType, recordId) {
+    const now = Math.floor(Date.now() / 1000);
+    this.db.query(`INSERT INTO sync_outbox (record_type, record_id, created_at_epoch)
+        VALUES (?, ?, ?)`).run(recordType, recordId, now);
+  }
+  getSyncState(key) {
+    const row = this.db.query("SELECT value FROM sync_state WHERE key = ?").get(key);
+    return row?.value ?? null;
+  }
+  setSyncState(key, value) {
+    this.db.query("INSERT INTO sync_state (key, value) VALUES (?, ?) ON CONFLICT(key) DO UPDATE SET value = ?").run(key, value, value);
+  }
+  ftsInsert(obs) {
+    this.db.query(`INSERT INTO observations_fts (rowid, title, narrative, facts, concepts)
+        VALUES (?, ?, ?, ?, ?)`).run(obs.id, obs.title, obs.narrative, obs.facts, obs.concepts);
+  }
+  ftsDelete(obs) {
+    this.db.query(`INSERT INTO observations_fts (observations_fts, rowid, title, narrative, facts, concepts)
+        VALUES ('delete', ?, ?, ?, ?, ?)`).run(obs.id, obs.title, obs.narrative, obs.facts, obs.concepts);
+  }
+  vecInsert(observationId, embedding) {
+    if (!this.vecAvailable)
+      return;
+    this.db.query("INSERT OR REPLACE INTO vec_observations (observation_id, embedding) VALUES (?, ?)").run(observationId, new Uint8Array(embedding.buffer));
+  }
+  vecDelete(observationId) {
+    if (!this.vecAvailable)
+      return;
+    this.db.query("DELETE FROM vec_observations WHERE observation_id = ?").run(observationId);
+  }
+  searchVec(queryEmbedding, projectId, lifecycles = ["active", "aging", "pinned"], limit = 20, userId) {
+    if (!this.vecAvailable)
+      return [];
+    const lifecyclePlaceholders = lifecycles.map(() => "?").join(",");
+    const embeddingBlob = new Uint8Array(queryEmbedding.buffer);
+    const visibilityClause = userId ? " AND (o.sensitivity != 'personal' OR o.user_id = ?)" : "";
+    if (projectId !== null) {
+      return this.db.query(`SELECT v.observation_id, v.distance
+           FROM vec_observations v
+           JOIN observations o ON o.id = v.observation_id
+           WHERE v.embedding MATCH ?
+             AND k = ?
+             AND o.project_id = ?
+             AND o.lifecycle IN (${lifecyclePlaceholders})
+             AND o.superseded_by IS NULL` + visibilityClause).all(embeddingBlob, limit, projectId, ...lifecycles, ...userId ? [userId] : []);
+    }
+    return this.db.query(`SELECT v.observation_id, v.distance
+         FROM vec_observations v
+         JOIN observations o ON o.id = v.observation_id
+         WHERE v.embedding MATCH ?
+           AND k = ?
+           AND o.lifecycle IN (${lifecyclePlaceholders})
+           AND o.superseded_by IS NULL` + visibilityClause).all(embeddingBlob, limit, ...lifecycles, ...userId ? [userId] : []);
+  }
+  getUnembeddedCount() {
+    if (!this.vecAvailable)
+      return 0;
+    const result = this.db.query(`SELECT COUNT(*) as count FROM observations o
+         WHERE o.lifecycle IN ('active', 'aging', 'pinned')
+         AND o.superseded_by IS NULL
+         AND NOT EXISTS (
+           SELECT 1 FROM vec_observations v WHERE v.observation_id = o.id
+         )`).get();
+    return result?.count ?? 0;
+  }
+  getUnembeddedObservations(limit = 100) {
+    if (!this.vecAvailable)
+      return [];
+    return this.db.query(`SELECT o.* FROM observations o
+         WHERE o.lifecycle IN ('active', 'aging', 'pinned')
+         AND o.superseded_by IS NULL
+         AND NOT EXISTS (
+           SELECT 1 FROM vec_observations v WHERE v.observation_id = o.id
+         )
+         ORDER BY o.created_at_epoch DESC
+         LIMIT ?`).all(limit);
+  }
+  insertSessionSummary(summary) {
+    const now = Math.floor(Date.now() / 1000);
+    const result = this.db.query(`INSERT INTO session_summaries (session_id, project_id, user_id, request, investigated, learned, completed, next_steps, created_at_epoch)
+        VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)`).run(summary.session_id, summary.project_id, summary.user_id, summary.request, summary.investigated, summary.learned, summary.completed, summary.next_steps, now);
+    const id = Number(result.lastInsertRowid);
+    return this.db.query("SELECT * FROM session_summaries WHERE id = ?").get(id);
+  }
+  getSessionSummary(sessionId) {
+    return this.db.query("SELECT * FROM session_summaries WHERE session_id = ?").get(sessionId) ?? null;
+  }
+  getRecentSummaries(projectId, limit = 5) {
+    return this.db.query(`SELECT * FROM session_summaries
+         WHERE project_id = ?
+         ORDER BY created_at_epoch DESC, id DESC
+         LIMIT ?`).all(projectId, limit);
+  }
+  incrementSessionMetrics(sessionId, increments) {
+    const sets = [];
+    const params = [];
+    if (increments.files) {
+      sets.push("files_touched_count = files_touched_count + ?");
+      params.push(increments.files);
+    }
+    if (increments.searches) {
+      sets.push("searches_performed = searches_performed + ?");
+      params.push(increments.searches);
+    }
+    if (increments.toolCalls) {
+      sets.push("tool_calls_count = tool_calls_count + ?");
+      params.push(increments.toolCalls);
+    }
+    if (sets.length === 0)
+      return;
+    params.push(sessionId);
+    this.db.query(`UPDATE sessions SET ${sets.join(", ")} WHERE session_id = ?`).run(...params);
+  }
+  getSessionMetrics(sessionId) {
+    return this.db.query("SELECT * FROM sessions WHERE session_id = ?").get(sessionId) ?? null;
+  }
+  insertSecurityFinding(finding) {
+    const now = Math.floor(Date.now() / 1000);
+    const result = this.db.query(`INSERT INTO security_findings (session_id, project_id, finding_type, severity, pattern_name, file_path, snippet, tool_name, user_id, device_id, created_at_epoch)
+        VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`).run(finding.session_id ?? null, finding.project_id, finding.finding_type, finding.severity, finding.pattern_name, finding.file_path ?? null, finding.snippet ?? null, finding.tool_name ?? null, finding.user_id, finding.device_id, now);
+    const id = Number(result.lastInsertRowid);
+    return this.db.query("SELECT * FROM security_findings WHERE id = ?").get(id);
+  }
+  getSecurityFindings(projectId, options = {}) {
+    const limit = options.limit ?? 50;
+    if (options.severity) {
+      return this.db.query(`SELECT * FROM security_findings
+           WHERE project_id = ? AND severity = ?
+           ORDER BY created_at_epoch DESC
+           LIMIT ?`).all(projectId, options.severity, limit);
+    }
+    return this.db.query(`SELECT * FROM security_findings
+         WHERE project_id = ?
+         ORDER BY created_at_epoch DESC
+         LIMIT ?`).all(projectId, limit);
+  }
+  getSecurityFindingsCount(projectId) {
+    const rows = this.db.query(`SELECT severity, COUNT(*) as count FROM security_findings
+         WHERE project_id = ?
+         GROUP BY severity`).all(projectId);
+    const counts = {
+      critical: 0,
+      high: 0,
+      medium: 0,
+      low: 0
+    };
+    for (const row of rows) {
+      counts[row.severity] = row.count;
+    }
+    return counts;
+  }
+  setSessionRiskScore(sessionId, score) {
+    this.db.query("UPDATE sessions SET risk_score = ? WHERE session_id = ?").run(score, sessionId);
+  }
+  getObservationsBySession(sessionId) {
+    return this.db.query(`SELECT * FROM observations WHERE session_id = ? ORDER BY created_at_epoch ASC`).all(sessionId);
+  }
+  getInstalledPacks() {
+    try {
+      const rows = this.db.query("SELECT name FROM packs_installed").all();
+      return rows.map((r) => r.name);
+    } catch {
+      return [];
+    }
+  }
+  markPackInstalled(name, observationCount) {
+    const now = Math.floor(Date.now() / 1000);
+    this.db.query("INSERT OR REPLACE INTO packs_installed (name, installed_at, observation_count) VALUES (?, ?, ?)").run(name, now, observationCount);
+  }
+}
+function hashPrompt(prompt) {
+  return createHash2("sha256").update(prompt).digest("hex");
+}
+
+// src/hooks/common.ts
+var c = {
+  dim: "\x1B[2m",
+  yellow: "\x1B[33m",
+  reset: "\x1B[0m"
+};
+async function readStdin() {
+  const chunks = [];
+  for await (const chunk of process.stdin) {
+    chunks.push(typeof chunk === "string" ? chunk : Buffer.from(chunk).toString());
+  }
+  return chunks.join("");
+}
+async function parseStdinJson() {
+  const raw = await readStdin();
+  if (!raw.trim())
+    return null;
+  try {
+    return JSON.parse(raw);
+  } catch {
+    return null;
+  }
+}
+function bootstrapHook(hookName) {
+  if (!configExists()) {
+    warnUser(hookName, "Engrm not configured. Run: npx engrm init");
+    return null;
+  }
+  let config;
+  try {
+    config = loadConfig();
+  } catch (err) {
+    warnUser(hookName, `Config error: ${err instanceof Error ? err.message : String(err)}`);
+    return null;
+  }
+  let db;
+  try {
+    db = new MemDatabase(getDbPath());
+  } catch (err) {
+    warnUser(hookName, `Database error: ${err instanceof Error ? err.message : String(err)}`);
+    return null;
+  }
+  return { config, db };
+}
+function warnUser(hookName, message) {
+  console.error(`${c.yellow}engrm ${hookName}:${c.reset} ${c.dim}${message}${c.reset}`);
+}
+function runHook(hookName, fn) {
+  fn().catch((err) => {
+    warnUser(hookName, `Unexpected error: ${err instanceof Error ? err.message : String(err)}`);
+    process.exit(0);
+  });
+}
+
+// hooks/user-prompt-submit.ts
+async function main() {
+  const event = await parseStdinJson();
+  if (!event?.prompt?.trim())
+    process.exit(0);
+  const boot = bootstrapHook("user-prompt-submit");
+  if (!boot)
+    process.exit(0);
+  const { config, db } = boot;
+  try {
+    const detected = detectProject(event.cwd);
+    const project = db.upsertProject({
+      canonical_id: detected.canonical_id,
+      name: detected.name,
+      local_path: event.cwd,
+      remote_url: detected.remote_url ?? null
+    });
+    db.upsertSession(event.session_id, project.id, config.user_id, config.device_id, "claude-code");
+    db.insertUserPrompt({
+      session_id: event.session_id,
+      project_id: project.id,
+      prompt: event.prompt,
+      cwd: event.cwd,
+      user_id: config.user_id,
+      device_id: config.device_id,
+      agent: "claude-code"
+    });
+  } finally {
+    db.close();
+  }
+}
+runHook("user-prompt-submit", main);