heyio 1.2.3 → 1.3.0

package/dist/copilot/skills.js

@@ -1,9 +1,9 @@
-import { existsSync, readdirSync, readFileSync, rmSync } from "node:fs";
-import { join, basename } from "node:path";
-import { exec } from "node:child_process";
+import { existsSync, mkdirSync, readdirSync, readFileSync, rmSync, writeFileSync } from "node:fs";
+import { join, basename, resolve, sep } from "node:path";
+import { execFile } from "node:child_process";
 import { promisify } from "node:util";
 import { PATHS } from "../paths.js";
-const execAsync = promisify(exec);
+const execFileAsync = promisify(execFile);
 export async function listSkills() {
     if (!existsSync(PATHS.skills))
         return [];
@@ -37,7 +37,7 @@ export async function addSkill(url) {
     if (existsSync(dest)) {
         throw new Error(`Skill "${slug}" is already installed.`);
     }
-    await execAsync(`git clone --depth 1 ${url} ${dest}`);
+    await execFileAsync("git", ["clone", "--depth", "1", "--", url, dest]);
     // Verify SKILL.md exists
     if (!existsSync(join(dest, "SKILL.md"))) {
         rmSync(dest, { recursive: true, force: true });
@@ -59,13 +59,35 @@ export async function getSkillContent(slug) {
     return readFileSync(skillMd, "utf-8");
 }
 export async function updateSkillContent(slug, content) {
-    const { writeFileSync } = await import("node:fs");
     const skillMd = join(PATHS.skills, slug, "SKILL.md");
     if (!existsSync(join(PATHS.skills, slug))) {
         throw new Error(`Skill "${slug}" not found.`);
     }
     writeFileSync(skillMd, content);
 }
+export async function createSkill(slug, content) {
+    const cleanSlug = slug
+        .trim()
+        .replace(/[^a-z0-9-]/gi, "-")
+        .toLowerCase()
+        .replace(/-+/g, "-")
+        .replace(/^-|-$/g, "");
+    if (!cleanSlug) {
+        throw new Error("Skill title must contain at least one alphanumeric character.");
+    }
+    // Guard against path traversal: the resolved destination must be a direct
+    // child of the skills directory (not above or beside it).
+    const skillsRoot = resolve(PATHS.skills);
+    const dest = resolve(skillsRoot, cleanSlug);
+    if (!dest.startsWith(skillsRoot + sep)) {
+        throw new Error("Invalid skill slug.");
+    }
+    if (existsSync(dest)) {
+        throw new Error(`Skill "${cleanSlug}" already exists.`);
+    }
+    mkdirSync(dest, { recursive: true });
+    writeFileSync(join(dest, "SKILL.md"), content);
+}
 export async function loadSkillDirectories() {
     if (!existsSync(PATHS.skills))
         return [];
@@ -74,4 +96,114 @@ export async function loadSkillDirectories() {
         .filter((e) => e.isDirectory() && existsSync(join(PATHS.skills, e.name, "SKILL.md")))
         .map((e) => join(PATHS.skills, e.name));
 }
+const DISCOVERY_CACHE = new Map();
+const CACHE_TTL_MS = 5 * 60 * 1000; // 5 minutes
+/** Validate and return a safe slug, throwing if it contains unsafe characters. */
+function validateSlug(slug) {
+    if (!slug || !/^[a-z0-9]([a-z0-9-]*[a-z0-9])?$/i.test(slug)) {
+        throw new Error("Invalid skill slug: must contain only letters, digits, and hyphens.");
+    }
+    return slug;
+}
+function parseAwesomeCopilotTable(markdown) {
+    const skills = [];
+    for (const line of markdown.split("\n")) {
+        if (!line.startsWith("|"))
+            continue;
+        const cells = line
+            .split("|")
+            .map((c) => c.trim())
+            .filter(Boolean);
+        if (cells.length < 2)
+            continue;
+        // First cell contains [slug](../skills/slug/SKILL.md)
+        const slugMatch = cells[0].match(/^\[([^\]]+)\]/);
+        if (!slugMatch)
+            continue;
+        const slug = slugMatch[1];
+        if (slug === "Name")
+            continue; // header row
+        // Second cell is the description (may contain <br /> markup)
+        const description = cells[1]
+            .replace(/<br\s*\/?>/gi, " ")
+            .replace(/\*\*([^*]+)\*\*/g, "$1")
+            .trim();
+        if (!description || description === "Description")
+            continue;
+        skills.push({ slug, name: slug, description, source: "awesome-copilot" });
+    }
+    return skills;
+}
+async function fetchAwesomeCopilotSkills() {
+    const url = "https://raw.githubusercontent.com/github/awesome-copilot/main/docs/README.skills.md";
+    const res = await fetch(url, { signal: AbortSignal.timeout(15_000) });
+    if (!res.ok)
+        throw new Error(`Failed to fetch awesome-copilot skills list: HTTP ${res.status}`);
+    const text = await res.text();
+    return parseAwesomeCopilotTable(text);
+}
+async function fetchSkillsShSkills() {
+    try {
+        const res = await fetch("https://skills.sh/api/skills", {
+            headers: { Accept: "application/json" },
+            signal: AbortSignal.timeout(10_000),
+        });
+        if (!res.ok)
+            return [];
+        const data = (await res.json());
+        return data.map((item) => ({
+            slug: item.slug ?? item.name ?? "",
+            name: item.name ?? item.slug ?? "",
+            description: item.description ?? "",
+            source: "skillssh",
+        }));
+    }
+    catch {
+        return [];
+    }
+}
+export async function discoverSkills(source, query) {
+    const cached = DISCOVERY_CACHE.get(source);
+    let skills;
+    if (cached && Date.now() - cached.fetchedAt < CACHE_TTL_MS) {
+        skills = cached.skills;
+    }
+    else {
+        skills =
+            source === "awesome-copilot"
+                ? await fetchAwesomeCopilotSkills()
+                : await fetchSkillsShSkills();
+        DISCOVERY_CACHE.set(source, { skills, fetchedAt: Date.now() });
+    }
+    if (query) {
+        const q = query.toLowerCase();
+        skills = skills.filter((s) => s.slug.toLowerCase().includes(q) || s.description.toLowerCase().includes(q));
+    }
+    return skills;
+}
+function remoteSkillMdUrl(source, safeSlug) {
+    const encodedSlug = encodeURIComponent(safeSlug);
+    if (source === "awesome-copilot") {
+        return `https://raw.githubusercontent.com/github/awesome-copilot/main/skills/${encodedSlug}/SKILL.md`;
+    }
+    return `https://skills.sh/skills/${encodedSlug}/SKILL.md`;
+}
+export async function fetchRemoteSkillPreview(source, slug) {
+    const safeSlug = validateSlug(slug);
+    const url = remoteSkillMdUrl(source, safeSlug);
+    const res = await fetch(url, { signal: AbortSignal.timeout(10_000) });
+    if (!res.ok)
+        throw new Error(`Failed to fetch preview for "${safeSlug}": HTTP ${res.status}`);
+    return res.text();
+}
+export async function installFromSource(source, slug) {
+    const safeSlug = validateSlug(slug);
+    const dest = join(PATHS.skills, safeSlug);
+    if (existsSync(dest)) {
+        throw new Error(`Skill "${safeSlug}" is already installed.`);
+    }
+    const content = await fetchRemoteSkillPreview(source, safeSlug);
+    mkdirSync(dest, { recursive: true });
+    writeFileSync(join(dest, "SKILL.md"), content);
+}
 //# sourceMappingURL=skills.js.map

package/dist/copilot/system-message.js

@@ -31,6 +31,18 @@ You are IO, a personal AI assistant daemon. You run 24/7 on the user's machine,
 - If the user says "do this" for a complex task → use squad_meeting with execute_after=true
 - If the user says "just do it" or it's a simple task → use squad_delegate directly
 
+## HARD RULE: Squad Ownership Boundary
+If a project has a squad assigned to it, you (the orchestrator) must NEVER:
+- Research, analyze, or investigate the project's code, issues, or state yourself
+- Attempt any work — even preliminary analysis — before delegating
+- "Look into" or "check on" something before passing it to the squad
+
+When a request comes in about a squad-owned project, you IMMEDIATELY delegate to that squad's team lead with no pre-processing. The squad handles ALL work including research, analysis, planning, and execution.
+
+The ONLY thing you are allowed to do regarding a squad-owned project (without delegating) is:
+- Answer questions about what the squad has already done (using feed/task history)
+- Report squad status, task progress, or past deliverables
+
 ## Squad Coverage Requirements
 Every squad MUST have:
 1. A dedicated team lead (PM/Senior Engineer, coordination-only — **never writes code**)

package/dist/copilot/token-tracker.js

@@ -0,0 +1,89 @@
+import { loadConfig } from "../config.js";
+import { recordTokenUsage } from "../store/token-usage.js";
+import { postFeedItem } from "../store/feed.js";
+/**
+ * Default model pricing (USD per 1M tokens).
+ * Used when modelPricing is not configured.
+ */
+export const DEFAULT_MODEL_PRICING = {
+    "gpt-4.1": { inputPer1M: 2.0, outputPer1M: 8.0 },
+    "gpt-5.2": { inputPer1M: 2.5, outputPer1M: 10.0 },
+    "gpt-5.2-codex": { inputPer1M: 3.0, outputPer1M: 12.0 },
+    "gpt-5.3-codex": { inputPer1M: 3.0, outputPer1M: 12.0 },
+    "gpt-5.4": { inputPer1M: 5.0, outputPer1M: 20.0 },
+    "gpt-5.5": { inputPer1M: 7.5, outputPer1M: 30.0 },
+    "gpt-5-mini": { inputPer1M: 0.15, outputPer1M: 0.60 },
+    "gpt-5.4-mini": { inputPer1M: 0.15, outputPer1M: 0.60 },
+    "claude-haiku-4.5": { inputPer1M: 0.80, outputPer1M: 4.0 },
+    "claude-sonnet-4.5": { inputPer1M: 3.0, outputPer1M: 15.0 },
+    "claude-sonnet-4.6": { inputPer1M: 3.0, outputPer1M: 15.0 },
+    "claude-opus-4.5": { inputPer1M: 15.0, outputPer1M: 75.0 },
+    "claude-opus-4.6": { inputPer1M: 15.0, outputPer1M: 75.0 },
+    "claude-opus-4.7": { inputPer1M: 15.0, outputPer1M: 75.0 },
+};
+/**
+ * Compute estimated cost in USD for the given token counts and model.
+ */
+export function estimateCost(model, inputTokens, outputTokens) {
+    const config = loadConfig();
+    const pricing = config.modelPricing?.[model] ?? DEFAULT_MODEL_PRICING[model];
+    if (!pricing)
+        return 0;
+    return (inputTokens / 1_000_000) * pricing.inputPer1M + (outputTokens / 1_000_000) * pricing.outputPer1M;
+}
+/**
+ * Attach a token usage listener to a CopilotSession.
+ * Returns a `flush` function that, when called, persists accumulated
+ * token usage to the database and returns the totals.
+ *
+ * Call `flush` after the session ends (in a finally block).
+ */
+export function attachTokenTracker(session, context) {
+    const accumulator = {};
+    const unsubscribe = session.on("assistant.usage", (event) => {
+        const data = event?.data;
+        if (!data?.model)
+            return;
+        const model = data.model;
+        const input = data.inputTokens ?? 0;
+        const output = data.outputTokens ?? 0;
+        if (!accumulator[model])
+            accumulator[model] = { inputTokens: 0, outputTokens: 0 };
+        accumulator[model].inputTokens += input;
+        accumulator[model].outputTokens += output;
+    });
+    return () => {
+        unsubscribe();
+        let totalInputTokens = 0;
+        let totalOutputTokens = 0;
+        let totalCostUsd = 0;
+        for (const [model, usage] of Object.entries(accumulator)) {
+            if (usage.inputTokens === 0 && usage.outputTokens === 0)
+                continue;
+            const costUsd = estimateCost(model, usage.inputTokens, usage.outputTokens);
+            recordTokenUsage({
+                squadId: context.squadId,
+                agentId: context.agentId,
+                taskId: context.taskId,
+                model,
+                inputTokens: usage.inputTokens,
+                outputTokens: usage.outputTokens,
+                costUsd,
+            });
+            totalInputTokens += usage.inputTokens;
+            totalOutputTokens += usage.outputTokens;
+            totalCostUsd += costUsd;
+        }
+        // Alert on runaway agents
+        const config = loadConfig();
+        const threshold = config.tokenAlertThreshold;
+        if (threshold && (totalInputTokens + totalOutputTokens) > threshold) {
+            const source = context.squadId ? `squad-${context.squadId}` : "system";
+            postFeedItem(source, "⚠️ Token usage alert", `A task consumed ${totalInputTokens + totalOutputTokens} tokens (threshold: ${threshold}). ` +
+                `Estimated cost: $${totalCostUsd.toFixed(4)}. ` +
+                (context.taskId ? `Task ID: ${context.taskId}` : ""));
+        }
+        return { totalInputTokens, totalOutputTokens, totalCostUsd };
+    };
+}
+//# sourceMappingURL=token-tracker.js.map

package/dist/copilot/tools.js

@@ -1,5 +1,6 @@
 import { z } from "zod";
 import { defineTool } from "@github/copilot-sdk";
+import { addAuditEntry } from "../store/audit-log.js";
 export function createTools() {
     return [
         // --- Wiki Tools ---
@@ -54,6 +55,16 @@ export function createTools() {
                 return `Page deleted: ${path}`;
             },
         }),
+        defineTool("wiki_backlinks", {
+            description: "Find all wiki pages that link to the given page",
+            parameters: z.object({
+                path: z.string().describe("Page path relative to pages/ (e.g., 'notes/todo.md')"),
+            }),
+            handler: async ({ path }) => {
+                const { getBacklinks } = await import("../wiki/backlinks.js");
+                return await getBacklinks(path);
+            },
+        }),
         // --- Squad Tools ---
         defineTool("squad_create", {
             description: "Create a new project squad. Research the chosen universe to assign character names — never hardcode.",
@@ -68,6 +79,9 @@ export function createTools() {
                 const { createSquad } = await import("../store/squads.js");
                 const squad = createSquad(name, universe, repo_url);
                 let cloneMsg = "";
+                // Copy squad wiki templates into the new squad's wiki directory
+                const { copySquadTemplates } = await import("../wiki/fs.js");
+                await copySquadTemplates(squad.slug);
                 if (repo_url) {
                     const { exec } = await import("node:child_process");
                     const { promisify } = await import("node:util");
@@ -99,7 +113,9 @@ export function createTools() {
                         }
                     }
                 }
-                return `Squad "${name}" created with universe "${universe}". ID: ${squad.id}, Slug: ${squad.slug}. Wiki path: ~/.io/wiki/squads/${squad.slug}/${cloneMsg}`;
+                const msg = `Squad "${name}" created with universe "${universe}". ID: ${squad.id}, Slug: ${squad.slug}. Wiki path: ~/.io/wiki/squads/${squad.slug}/${cloneMsg}`;
+                addAuditEntry("squad_created", `Squad "${name}" created (universe: ${universe})`, { squad_id: squad.id, name, universe, repo_url }, { squad_id: squad.id });
+                return msg;
             },
         }),
         defineTool("squad_add_agent", {
@@ -143,6 +159,7 @@ export function createTools() {
             }),
             handler: async ({ squad_id, task, instance_id }) => {
                 const { delegateTask } = await import("./agents.js");
+                addAuditEntry("task_delegated", `Task delegated to squad ${squad_id}: ${task.slice(0, 200)}`, { squad_id, task: task.slice(0, 1000), instance_id }, { squad_id });
                 const result = await delegateTask(squad_id, task, instance_id);
                 return result;
             },
@@ -158,6 +175,7 @@ export function createTools() {
             }),
             handler: async ({ squad_id, task, execute_after }) => {
                 const { squadMeeting } = await import("./ceremonies.js");
+                addAuditEntry("squad_meeting", `Planning meeting started for squad ${squad_id}: ${task.slice(0, 200)}`, { squad_id, task: task.slice(0, 1000), execute_after }, { squad_id });
                 return await squadMeeting(squad_id, task, execute_after);
             },
         }),
@@ -257,12 +275,12 @@ export function createTools() {
             parameters: z.object({
                 type: z.enum(["squad", "io"]).describe("Schedule type"),
                 cron: z.string().describe("Cron expression (e.g., '0 9 * * 1-5')"),
-                squad_id: z.string().optional().describe("Squad ID (required for squad schedules)"),
+                squad_id: z.string().describe("Target squad ID"),
                 agenda: z
                     .string()
                     .optional()
                     .describe("Agenda type for squad schedules (triage, prioritize, ideation, or custom)"),
-                prompt: z.string().optional().describe("Prompt text for IO schedules"),
+                prompt: z.string().optional().describe("Prompt text for the schedule"),
             }),
             handler: async ({ type, cron, squad_id, agenda, prompt }) => {
                 const { createSchedule } = await import("../store/schedules.js");
@@ -325,12 +343,16 @@ export function createTools() {
                         maxBuffer: 1024 * 1024,
                         env: { ...process.env, GH_PROMPT_DISABLED: "1" },
                     });
-                    return stdout.trim() || "(no output)";
+                    const output = stdout.trim() || "(no output)";
+                    addAuditEntry("shell_command", `Command: ${command.slice(0, 200)}`, { command, cwd, output: output.slice(0, 500), exit_code: 0 });
+                    return output;
                 }
                 catch (err) {
                     const stderr = err.stderr?.toString().trim() ?? "";
                     const stdout = err.stdout?.toString().trim() ?? "";
-                    return `Error (exit ${err.code}): ${stderr || stdout || err.message}`;
+                    const output = `Error (exit ${err.code}): ${stderr || stdout || err.message}`;
+                    addAuditEntry("shell_command", `Command: ${command.slice(0, 200)}`, { command, cwd, output: output.slice(0, 500), exit_code: err.code ?? 1 });
+                    return output;
                 }
             },
         }),

package/dist/paths.js

@@ -7,6 +7,7 @@ export const PATHS = {
     db: join(IO_HOME, "io.db"),
     wiki: join(IO_HOME, "wiki"),
     wikiPages: join(IO_HOME, "wiki", "pages"),
+    wikiSquadTemplates: join(IO_HOME, "wiki", "templates", "squad"),
     skills: join(IO_HOME, "skills"),
     mcpConfig: join(IO_HOME, "mcp.json"),
     sessions: join(IO_HOME, "sessions"),

package/dist/store/agent-events.js

@@ -0,0 +1,19 @@
+import { randomUUID } from "node:crypto";
+import { getDb } from "./db.js";
+export function addAgentEvent(taskId, type, summary, payload) {
+    const db = getDb();
+    const id = randomUUID();
+    db.prepare("INSERT INTO agent_events (id, task_id, type, summary, payload) VALUES (?, ?, ?, ?, ?)").run(id, taskId, type, summary, JSON.stringify(payload));
+    return db.prepare("SELECT * FROM agent_events WHERE id = ?").get(id);
+}
+export function getAgentEvents(taskId) {
+    const db = getDb();
+    return db
+        .prepare("SELECT * FROM agent_events WHERE task_id = ? ORDER BY created_at ASC")
+        .all(taskId);
+}
+export function clearAgentEvents(taskId) {
+    const db = getDb();
+    db.prepare("DELETE FROM agent_events WHERE task_id = ?").run(taskId);
+}
+//# sourceMappingURL=agent-events.js.map

package/dist/store/audit-log.js

@@ -0,0 +1,71 @@
+import { randomUUID } from "node:crypto";
+import { getDb } from "./db.js";
+export function addAuditEntry(action_type, summary, payload, opts) {
+    const db = getDb();
+    const id = randomUUID();
+    db.prepare(`INSERT INTO audit_log (id, squad_id, agent_id, task_id, action_type, summary, payload)
+     VALUES (?, ?, ?, ?, ?, ?, ?)`).run(id, opts?.squad_id ?? null, opts?.agent_id ?? null, opts?.task_id ?? null, action_type, summary, JSON.stringify(payload));
+    return db.prepare("SELECT * FROM audit_log WHERE id = ?").get(id);
+}
+export function getAuditLog(filters = {}) {
+    const db = getDb();
+    const conditions = [];
+    const params = [];
+    if (filters.squad_id) {
+        conditions.push("squad_id = ?");
+        params.push(filters.squad_id);
+    }
+    if (filters.agent_id) {
+        conditions.push("agent_id = ?");
+        params.push(filters.agent_id);
+    }
+    if (filters.action_type) {
+        conditions.push("action_type = ?");
+        params.push(filters.action_type);
+    }
+    if (filters.from) {
+        conditions.push("created_at >= ?");
+        params.push(filters.from);
+    }
+    if (filters.to) {
+        conditions.push("created_at <= ?");
+        params.push(filters.to);
+    }
+    const where = conditions.length > 0 ? `WHERE ${conditions.join(" AND ")}` : "";
+    const limit = filters.limit ?? 50;
+    const offset = filters.offset ?? 0;
+    return db
+        .prepare(`SELECT * FROM audit_log ${where} ORDER BY created_at DESC LIMIT ? OFFSET ?`)
+        .all(...params, limit, offset);
+}
+export function countAuditLog(filters = {}) {
+    const db = getDb();
+    const conditions = [];
+    const params = [];
+    if (filters.squad_id) {
+        conditions.push("squad_id = ?");
+        params.push(filters.squad_id);
+    }
+    if (filters.agent_id) {
+        conditions.push("agent_id = ?");
+        params.push(filters.agent_id);
+    }
+    if (filters.action_type) {
+        conditions.push("action_type = ?");
+        params.push(filters.action_type);
+    }
+    if (filters.from) {
+        conditions.push("created_at >= ?");
+        params.push(filters.from);
+    }
+    if (filters.to) {
+        conditions.push("created_at <= ?");
+        params.push(filters.to);
+    }
+    const where = conditions.length > 0 ? `WHERE ${conditions.join(" AND ")}` : "";
+    const row = db
+        .prepare(`SELECT COUNT(*) as count FROM audit_log ${where}`)
+        .get(...params);
+    return row.count;
+}
+//# sourceMappingURL=audit-log.js.map

package/dist/store/conversations.js

@@ -0,0 +1,150 @@
+import { randomUUID } from "node:crypto";
+import { getDb } from "./db.js";
+function toMessage(row) {
+    return {
+        id: row.id,
+        conversationId: row.conversation_id,
+        role: row.role,
+        content: row.content,
+        source: row.source,
+        createdAt: row.created_at,
+    };
+}
+function toSummary(row) {
+    return {
+        id: row.id,
+        preview: row.preview,
+        messageCount: row.message_count,
+        startedAt: row.started_at,
+        updatedAt: row.updated_at,
+    };
+}
+export function saveMessage(conversationId, role, content, source) {
+    const db = getDb();
+    const id = randomUUID();
+    db.prepare("INSERT INTO conversation_messages (id, conversation_id, role, content, source) VALUES (?, ?, ?, ?, ?)").run(id, conversationId, role, content, source);
+    const row = db
+        .prepare("SELECT * FROM conversation_messages WHERE id = ?")
+        .get(id);
+    return toMessage(row);
+}
+export function getConversation(conversationId) {
+    const db = getDb();
+    const rows = db
+        .prepare("SELECT * FROM conversation_messages WHERE conversation_id = ? ORDER BY created_at ASC")
+        .all(conversationId);
+    return rows.map(toMessage);
+}
+export function listConversations(opts = {}) {
+    const db = getDb();
+    const limit = opts.limit ?? 50;
+    const offset = opts.offset ?? 0;
+    let where = "WHERE 1=1";
+    const params = [];
+    if (opts.from) {
+        where += " AND started_at >= ?";
+        params.push(opts.from);
+    }
+    if (opts.to) {
+        where += " AND updated_at <= ?";
+        params.push(opts.to);
+    }
+    const countRow = db
+        .prepare(`SELECT COUNT(*) as cnt FROM (
+        SELECT conversation_id as id,
+               MIN(created_at) as started_at,
+               MAX(created_at) as updated_at
+        FROM conversation_messages
+        GROUP BY conversation_id
+      ) ${where}`)
+        .get(...params);
+    const total = countRow.cnt;
+    const rows = db
+        .prepare(`SELECT
+         sub.id,
+         sub.started_at,
+         sub.updated_at,
+         sub.message_count,
+         first_msg.content as preview
+       FROM (
+         SELECT conversation_id as id,
+                MIN(created_at) as started_at,
+                MAX(created_at) as updated_at,
+                COUNT(*) as message_count
+         FROM conversation_messages
+         GROUP BY conversation_id
+       ) sub
+       JOIN conversation_messages first_msg
+         ON first_msg.conversation_id = sub.id
+        AND first_msg.role = 'user'
+        AND first_msg.created_at = (
+          SELECT MIN(created_at) FROM conversation_messages
+          WHERE conversation_id = sub.id AND role = 'user'
+        )
+       ${where}
+       ORDER BY sub.updated_at DESC
+       LIMIT ? OFFSET ?`)
+        .all(...params, limit, offset);
+    return { items: rows.map(toSummary), total };
+}
+export function searchConversations(query, opts = {}) {
+    const db = getDb();
+    const limit = opts.limit ?? 50;
+    const offset = opts.offset ?? 0;
+    let dateWhere = "";
+    const dateParams = [];
+    if (opts.from) {
+        dateWhere += " AND cm.created_at >= ?";
+        dateParams.push(opts.from);
+    }
+    if (opts.to) {
+        dateWhere += " AND cm.created_at <= ?";
+        dateParams.push(opts.to);
+    }
+    // Find distinct conversation IDs matching FTS query
+    const matchingIds = db
+        .prepare(`SELECT DISTINCT cm.conversation_id
+       FROM conversation_messages cm
+       JOIN conversation_messages_fts fts ON fts.rowid = cm.rowid
+       WHERE conversation_messages_fts MATCH ?${dateWhere}
+       LIMIT 500`)
+        .all(query, ...dateParams);
+    if (matchingIds.length === 0) {
+        return { items: [], total: 0 };
+    }
+    const idList = matchingIds.map((r) => r.conversation_id);
+    const placeholders = idList.map(() => "?").join(",");
+    const total = idList.length;
+    const rows = db
+        .prepare(`SELECT
+         sub.id,
+         sub.started_at,
+         sub.updated_at,
+         sub.message_count,
+         first_msg.content as preview
+       FROM (
+         SELECT conversation_id as id,
+                MIN(created_at) as started_at,
+                MAX(created_at) as updated_at,
+                COUNT(*) as message_count
+         FROM conversation_messages
+         WHERE conversation_id IN (${placeholders})
+         GROUP BY conversation_id
+       ) sub
+       JOIN conversation_messages first_msg
+         ON first_msg.conversation_id = sub.id
+        AND first_msg.role = 'user'
+        AND first_msg.created_at = (
+          SELECT MIN(created_at) FROM conversation_messages
+          WHERE conversation_id = sub.id AND role = 'user'
+        )
+       ORDER BY sub.updated_at DESC
+       LIMIT ? OFFSET ?`)
+        .all(...idList, limit, offset);
+    return { items: rows.map(toSummary), total };
+}
+export function deleteConversation(conversationId) {
+    const db = getDb();
+    db.prepare("DELETE FROM conversation_messages WHERE conversation_id = ?").run(conversationId);
+}
+//# sourceMappingURL=conversations.js.map