kiri-mcp-server 0.2.0

package/dist/src/shared/security/config.js

@@ -0,0 +1,66 @@
+import { createHash } from "node:crypto";
+import { mkdirSync, readFileSync, writeFileSync } from "node:fs";
+import { dirname, join, resolve } from "node:path";
+import { fileURLToPath } from "node:url";
+import { z } from "zod";
+import { parseSimpleYaml } from "../utils/simpleYaml.js";
+/**
+ * セキュリティ設定のスキーマ定義（Zodによる型安全な検証）
+ */
+const SecurityConfigSchema = z.object({
+    allowed_paths: z.array(z.string()).min(1, "At least one allowed path required"),
+    allow_network_egress: z.boolean(),
+    allow_subprocess: z.boolean(),
+    sensitive_tokens: z.array(z.string()),
+});
+export function loadSecurityConfig(configPath) {
+    const path = configPath ?? join(fileURLToPath(import.meta.url), "../../../../config/security.yml");
+    const content = readFileSync(path, "utf8");
+    const parsed = parseSimpleYaml(content);
+    // Zodによるスキーマ検証（手動アサーションを置き換え）
+    const result = SecurityConfigSchema.safeParse(parsed);
+    if (!result.success) {
+        const errors = result.error.issues.map((i) => i.message).join(", ");
+        throw new Error(`Security configuration is invalid. Fix the following errors: ${errors}`);
+    }
+    const hash = createHash("sha256").update(content).digest("hex");
+    return { config: result.data, hash };
+}
+export function readSecurityLock(lockPath) {
+    try {
+        return readFileSync(resolve(lockPath ?? "var/security.lock"), "utf8").trim();
+    }
+    catch {
+        return null;
+    }
+}
+export function evaluateSecurityStatus(configPath, lockPath) {
+    const { config, hash } = loadSecurityConfig(configPath);
+    const stored = readSecurityLock(lockPath);
+    const defaultConfigPath = join(fileURLToPath(import.meta.url), "../../../../config/security.yml");
+    return {
+        config,
+        configPath: configPath ?? defaultConfigPath,
+        lockPath: resolve(lockPath ?? "var/security.lock"),
+        hash,
+        lockHash: stored,
+        matches: stored === null ? false : stored === hash,
+    };
+}
+export function assertSecurityBaseline(configPath, lockPath) {
+    const status = evaluateSecurityStatus(configPath, lockPath);
+    if (!status.lockHash) {
+        throw new Error(`Security lock is missing at ${status.lockPath}. Establish baseline by running 'pnpm exec tsx src/client/cli.ts security verify --write-lock'.`);
+    }
+    if (!status.matches) {
+        throw new Error(`Security configuration at ${status.configPath} does not match lock hash. Review configuration changes before proceeding.`);
+    }
+    return status;
+}
+export function updateSecurityLock(hash, lockPath) {
+    const path = resolve(lockPath ?? "var/security.lock");
+    mkdirSync(dirname(path), { recursive: true });
+    writeFileSync(path, `${hash}\n`, "utf8");
+    return path;
+}
+//# sourceMappingURL=config.js.map

package/dist/src/shared/security/config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../../../../src/shared/security/config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,SAAS,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AACjE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACnD,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAEzC,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,OAAO,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AAkBzD;;GAEG;AACH,MAAM,oBAAoB,GAAG,CAAC,CAAC,MAAM,CAAC;IACpC,aAAa,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,oCAAoC,CAAC;IAC/E,oBAAoB,EAAE,CAAC,CAAC,OAAO,EAAE;IACjC,gBAAgB,EAAE,CAAC,CAAC,OAAO,EAAE;IAC7B,gBAAgB,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;CACtC,CAAC,CAAC;AAEH,MAAM,UAAU,kBAAkB,CAAC,UAAmB;IACpD,MAAM,IAAI,GACR,UAAU,IAAI,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,iCAAiC,CAAC,CAAC;IACxF,MAAM,OAAO,GAAG,YAAY,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;IAC3C,MAAM,MAAM,GAAG,eAAe,CAAC,OAAO,CAAC,CAAC;IAExC,8BAA8B;IAC9B,MAAM,MAAM,GAAG,oBAAoB,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;IACtD,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;QACpB,MAAM,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACpE,MAAM,IAAI,KAAK,CAAC,gEAAgE,MAAM,EAAE,CAAC,CAAC;IAC5F,CAAC;IAED,MAAM,IAAI,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAChE,OAAO,EAAE,MAAM,EAAE,MAAM,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC;AACvC,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,QAAiB;IAChD,IAAI,CAAC;QACH,OAAO,YAAY,CAAC,OAAO,CAAC,QAAQ,IAAI,mBAAmB,CAAC,EAAE,MAAM,CAAC,CAAC,IAAI,EAAE,CAAC;IAC/E,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,MAAM,UAAU,sBAAsB,CAAC,UAAmB,EAAE,QAAiB;IAC3E,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,GAAG,kBAAkB,CAAC,UAAU,CAAC,CAAC;IACxD,MAAM,MAAM,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;IAC1C,MAAM,iBAAiB,GAAG,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,iCAAiC,CAAC,CAAC;IAClG,OAAO;QACL,MAAM;QACN,UAAU,EAAE,UAAU,IAAI,iBAAiB;QAC3C,QAAQ,EAAE,OAAO,CAAC,QAAQ,IAAI,mBAAmB,CAAC;QAClD,IAAI;QACJ,QAAQ,EAAE,MAAM;QAChB,OAAO,EAAE,MAAM,KAAK,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,KAAK,IAAI;KACnD,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,sBAAsB,CAAC,UAAmB,EAAE,QAAiB;IAC3E,MAAM,MAAM,GAAG,sBAAsB,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;IAC5D,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;QACrB,MAAM,IAAI,KAAK,CACb,+BAA+B,MAAM,CAAC,QAAQ,iGAAiG,CAChJ,CAAC;IACJ,CAAC;IACD,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;QACpB,MAAM,IAAI,KAAK,CACb,6BAA6B,MAAM,CAAC,UAAU,4EAA4E,CAC3H,CAAC;IACJ,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,IAAY,EAAE,QAAiB;IAChE,MAAM,IAAI,GAAG,OAAO,CAAC,QAAQ,IAAI,mBAAmB,CAAC,CAAC;IACtD,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC9C,aAAa,CAAC,IAAI,EAAE,GAAG,IAAI,IAAI,EAAE,MAAM,CAAC,CAAC;IACzC,OAAO,IAAI,CAAC;AACd,CAAC"}

package/dist/src/shared/security/masker.d.ts

@@ -0,0 +1,10 @@
+export interface MaskingOptions {
+    tokens: string[];
+    replacement?: string;
+}
+export interface MaskResult<T> {
+    masked: T;
+    applied: number;
+}
+export declare function maskValue(value: unknown, options: MaskingOptions): MaskResult<unknown>;
+//# sourceMappingURL=masker.d.ts.map

package/dist/src/shared/security/masker.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"masker.d.ts","sourceRoot":"","sources":["../../../../src/shared/security/masker.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,cAAc;IAC7B,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,UAAU,CAAC,CAAC;IAC3B,MAAM,EAAE,CAAC,CAAC;IACV,OAAO,EAAE,MAAM,CAAC;CACjB;AAkCD,wBAAgB,SAAS,CAAC,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,cAAc,GAAG,UAAU,CAAC,OAAO,CAAC,CAuBtF"}

package/dist/src/shared/security/masker.js

@@ -0,0 +1,56 @@
+/**
+ * トークンパターンの妥当性を検証してReDoS攻撃を防ぐ
+ * @param token 検証対象のトークン文字列
+ * @throws パターンが長すぎる、またはネストした量指定子を含む場合
+ */
+function validateTokenPattern(token) {
+    if (token.length > 100) {
+        throw new Error("Token pattern exceeds maximum length. Use shorter patterns.");
+    }
+    // ネストした量指定子による壊滅的バックトラッキングを防ぐ
+    if (/(\*|\+|\{)\s*(\*|\+|\{)/.test(token)) {
+        throw new Error("Invalid pattern contains nested quantifiers. Simplify the pattern.");
+    }
+}
+function maskString(input, tokens, replacement) {
+    let applied = 0;
+    let output = input;
+    for (const token of tokens) {
+        if (!token)
+            continue;
+        validateTokenPattern(token); // ReDoS対策の検証を追加
+        const escaped = token.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+        const pattern = new RegExp(escaped, "g");
+        const matches = output.match(pattern);
+        if (matches && matches.length > 0) {
+            applied += matches.length;
+            output = output.replace(pattern, replacement);
+        }
+    }
+    return { masked: output, applied };
+}
+export function maskValue(value, options) {
+    if (typeof value === "string") {
+        return maskString(value, options.tokens, options.replacement ?? "***");
+    }
+    if (Array.isArray(value)) {
+        let applied = 0;
+        const maskedArray = value.map((item) => {
+            const result = maskValue(item, options);
+            applied += result.applied;
+            return result.masked;
+        });
+        return { masked: maskedArray, applied };
+    }
+    if (value && typeof value === "object") {
+        let applied = 0;
+        const entries = Object.entries(value).map(([key, item]) => {
+            const result = maskValue(item, options);
+            applied += result.applied;
+            return [key, result.masked];
+        });
+        return { masked: Object.fromEntries(entries), applied };
+    }
+    return { masked: value, applied: 0 };
+}
+//# sourceMappingURL=masker.js.map

package/dist/src/shared/security/masker.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"masker.js","sourceRoot":"","sources":["../../../../src/shared/security/masker.ts"],"names":[],"mappings":"AAUA;;;;GAIG;AACH,SAAS,oBAAoB,CAAC,KAAa;IACzC,IAAI,KAAK,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;QACvB,MAAM,IAAI,KAAK,CAAC,6DAA6D,CAAC,CAAC;IACjF,CAAC;IACD,8BAA8B;IAC9B,IAAI,yBAAyB,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QAC1C,MAAM,IAAI,KAAK,CAAC,oEAAoE,CAAC,CAAC;IACxF,CAAC;AACH,CAAC;AAED,SAAS,UAAU,CAAC,KAAa,EAAE,MAAgB,EAAE,WAAmB;IACtE,IAAI,OAAO,GAAG,CAAC,CAAC;IAChB,IAAI,MAAM,GAAG,KAAK,CAAC;IACnB,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,IAAI,CAAC,KAAK;YAAE,SAAS;QACrB,oBAAoB,CAAC,KAAK,CAAC,CAAC,CAAC,gBAAgB;QAC7C,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,qBAAqB,EAAE,MAAM,CAAC,CAAC;QAC7D,MAAM,OAAO,GAAG,IAAI,MAAM,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;QACzC,MAAM,OAAO,GAAG,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QACtC,IAAI,OAAO,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAClC,OAAO,IAAI,OAAO,CAAC,MAAM,CAAC;YAC1B,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;QAChD,CAAC;IACH,CAAC;IACD,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC;AACrC,CAAC;AAED,MAAM,UAAU,SAAS,CAAC,KAAc,EAAE,OAAuB;IAC/D,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,OAAO,UAAU,CAAC,KAAK,EAAE,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,WAAW,IAAI,KAAK,CAAC,CAAC;IACzE,CAAC;IACD,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,IAAI,OAAO,GAAG,CAAC,CAAC;QAChB,MAAM,WAAW,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE;YACrC,MAAM,MAAM,GAAG,SAAS,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;YACxC,OAAO,IAAI,MAAM,CAAC,OAAO,CAAC;YAC1B,OAAO,MAAM,CAAC,MAAM,CAAC;QACvB,CAAC,CAAC,CAAC;QACH,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,OAAO,EAAE,CAAC;IAC1C,CAAC;IACD,IAAI,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QACvC,IAAI,OAAO,GAAG,CAAC,CAAC;QAChB,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,KAAgC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,IAAI,CAAC,EAAE,EAAE;YACnF,MAAM,MAAM,GAAG,SAAS,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;YACxC,OAAO,IAAI,MAAM,CAAC,OAAO,CAAC;YAC1B,OAAO,CAAC,GAAG,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;QAC9B,CAAC,CAAC,CAAC;QACH,OAAO,EAAE,MAAM,EAAE,MAAM,CAAC,WAAW,CAAC,OAAO,CAAC,EAAE,OAAO,EAAE,CAAC;IAC1D,CAAC;IACD,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC;AACvC,CAAC"}

package/dist/src/shared/tokenizer.d.ts

@@ -0,0 +1,2 @@
+export declare function encode(text: string): number[];
+//# sourceMappingURL=tokenizer.d.ts.map

package/dist/src/shared/tokenizer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"tokenizer.d.ts","sourceRoot":"","sources":["../../../src/shared/tokenizer.ts"],"names":[],"mappings":"AAAA,wBAAgB,MAAM,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,EAAE,CAG7C"}

package/dist/src/shared/tokenizer.js

@@ -0,0 +1,5 @@
+export function encode(text) {
+    const codePoints = Array.from(text);
+    return codePoints.map((_, index) => index);
+}
+//# sourceMappingURL=tokenizer.js.map

package/dist/src/shared/tokenizer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"tokenizer.js","sourceRoot":"","sources":["../../../src/shared/tokenizer.ts"],"names":[],"mappings":"AAAA,MAAM,UAAU,MAAM,CAAC,IAAY;IACjC,MAAM,UAAU,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACpC,OAAO,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,CAAC;AAC7C,CAAC"}

package/dist/src/shared/utils/lockfile.d.ts

@@ -0,0 +1,46 @@
+/**
+ * Lockfile management for preventing concurrent indexing operations.
+ *
+ * Uses atomic file creation (wx flag) to ensure only one process acquires the lock.
+ * Lock files contain the PID of the owning process for debugging.
+ *
+ * Features stale lock detection: If a lock file exists but the owning process
+ * is no longer running, the lock is automatically removed and reacquired.
+ */
+export declare class LockfileError extends Error {
+    readonly lockfilePath: string;
+    readonly ownerPid?: number | undefined;
+    constructor(message: string, lockfilePath: string, ownerPid?: number | undefined);
+}
+/**
+ * Attempts to acquire a lock file atomically.
+ *
+ * If lock exists but owning process is dead, removes stale lock and retries.
+ *
+ * @param lockfilePath - Path to the lock file (e.g., "/path/to/db.duckdb.lock")
+ * @throws {LockfileError} If the lock is already held by another running process
+ */
+export declare function acquireLock(lockfilePath: string): void;
+/**
+ * Releases a previously acquired lock file.
+ *
+ * Silently succeeds if the lock file doesn't exist (idempotent).
+ *
+ * @param lockfilePath - Path to the lock file to release
+ */
+export declare function releaseLock(lockfilePath: string): void;
+/**
+ * Checks if a lock file currently exists.
+ *
+ * @param lockfilePath - Path to the lock file to check
+ * @returns true if lock file exists, false otherwise
+ */
+export declare function isLocked(lockfilePath: string): boolean;
+/**
+ * Gets the PID of the process that owns the lock file.
+ *
+ * @param lockfilePath - Path to the lock file to check
+ * @returns PID of the owning process, or null if file doesn't exist or can't be read
+ */
+export declare function getLockOwner(lockfilePath: string): number | null;
+//# sourceMappingURL=lockfile.d.ts.map

package/dist/src/shared/utils/lockfile.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"lockfile.d.ts","sourceRoot":"","sources":["../../../../src/shared/utils/lockfile.ts"],"names":[],"mappings":"AAEA;;;;;;;;GAQG;AAEH,qBAAa,aAAc,SAAQ,KAAK;aAGpB,YAAY,EAAE,MAAM;aACpB,QAAQ,CAAC,EAAE,MAAM;gBAFjC,OAAO,EAAE,MAAM,EACC,YAAY,EAAE,MAAM,EACpB,QAAQ,CAAC,EAAE,MAAM,YAAA;CAKpC;AAmBD;;;;;;;GAOG;AACH,wBAAgB,WAAW,CAAC,YAAY,EAAE,MAAM,GAAG,IAAI,CA0DtD;AAED;;;;;;GAMG;AACH,wBAAgB,WAAW,CAAC,YAAY,EAAE,MAAM,GAAG,IAAI,CAStD;AAED;;;;;GAKG;AACH,wBAAgB,QAAQ,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAEtD;AAED;;;;;GAKG;AACH,wBAAgB,YAAY,CAAC,YAAY,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAWhE"}

package/dist/src/shared/utils/lockfile.js

@@ -0,0 +1,136 @@
+import { existsSync, readFileSync, unlinkSync, writeFileSync } from "node:fs";
+/**
+ * Lockfile management for preventing concurrent indexing operations.
+ *
+ * Uses atomic file creation (wx flag) to ensure only one process acquires the lock.
+ * Lock files contain the PID of the owning process for debugging.
+ *
+ * Features stale lock detection: If a lock file exists but the owning process
+ * is no longer running, the lock is automatically removed and reacquired.
+ */
+export class LockfileError extends Error {
+    lockfilePath;
+    ownerPid;
+    constructor(message, lockfilePath, ownerPid) {
+        super(message);
+        this.lockfilePath = lockfilePath;
+        this.ownerPid = ownerPid;
+        this.name = "LockfileError";
+    }
+}
+/**
+ * Checks if a process with the given PID is currently running.
+ *
+ * @param pid - Process ID to check
+ * @returns true if process exists, false otherwise
+ */
+function isProcessRunning(pid) {
+    try {
+        // Signal 0 doesn't kill the process, just checks if it exists
+        process.kill(pid, 0);
+        return true;
+    }
+    catch {
+        // ESRCH means process doesn't exist
+        return false;
+    }
+}
+/**
+ * Attempts to acquire a lock file atomically.
+ *
+ * If lock exists but owning process is dead, removes stale lock and retries.
+ *
+ * @param lockfilePath - Path to the lock file (e.g., "/path/to/db.duckdb.lock")
+ * @throws {LockfileError} If the lock is already held by another running process
+ */
+export function acquireLock(lockfilePath) {
+    try {
+        writeFileSync(lockfilePath, String(process.pid), { flag: "wx" });
+    }
+    catch (error) {
+        const err = error;
+        if (err.code === "EEXIST") {
+            // Check if lock is stale (owning process is dead)
+            try {
+                const existingPidStr = readFileSync(lockfilePath, "utf8");
+                const existingPid = parseInt(existingPidStr, 10);
+                if (!isNaN(existingPid) && !isProcessRunning(existingPid)) {
+                    // Stale lock detected - double-check before removing to prevent PID reuse race
+                    process.stderr.write(`⚠️  Removing stale lock file (PID ${existingPid} not running)\n`);
+                    // Re-verify PID hasn't been reused (TOCTOU mitigation)
+                    if (existsSync(lockfilePath)) {
+                        const recheckPidStr = readFileSync(lockfilePath, "utf8");
+                        const recheckPid = parseInt(recheckPidStr, 10);
+                        // Only remove if PID still matches and process still dead
+                        if (!isNaN(recheckPid) && recheckPid === existingPid && !isProcessRunning(recheckPid)) {
+                            unlinkSync(lockfilePath);
+                            // Retry acquisition (should succeed now)
+                            writeFileSync(lockfilePath, String(process.pid), { flag: "wx" });
+                            return;
+                        }
+                    }
+                    // Lock file changed or PID was reused - throw error
+                    throw new LockfileError(`Lock file changed during stale check. Another process may be active.`, lockfilePath, existingPid);
+                }
+                // Lock is held by a running process
+                throw new LockfileError(`Lock file already exists. Another process is indexing.`, lockfilePath, existingPid);
+            }
+            catch (lockError) {
+                // If it's already a LockfileError, rethrow it
+                if (lockError instanceof LockfileError) {
+                    throw lockError;
+                }
+                // If we can't read the PID, treat as active lock for safety
+                throw new LockfileError(`Lock file already exists. Another process may be indexing.`, lockfilePath);
+            }
+        }
+        throw err;
+    }
+}
+/**
+ * Releases a previously acquired lock file.
+ *
+ * Silently succeeds if the lock file doesn't exist (idempotent).
+ *
+ * @param lockfilePath - Path to the lock file to release
+ */
+export function releaseLock(lockfilePath) {
+    try {
+        if (existsSync(lockfilePath)) {
+            unlinkSync(lockfilePath);
+        }
+    }
+    catch {
+        // Ignore errors during cleanup - lock may have been manually removed
+        // or process killed before lock was created
+    }
+}
+/**
+ * Checks if a lock file currently exists.
+ *
+ * @param lockfilePath - Path to the lock file to check
+ * @returns true if lock file exists, false otherwise
+ */
+export function isLocked(lockfilePath) {
+    return existsSync(lockfilePath);
+}
+/**
+ * Gets the PID of the process that owns the lock file.
+ *
+ * @param lockfilePath - Path to the lock file to check
+ * @returns PID of the owning process, or null if file doesn't exist or can't be read
+ */
+export function getLockOwner(lockfilePath) {
+    try {
+        if (existsSync(lockfilePath)) {
+            const pidStr = readFileSync(lockfilePath, "utf8");
+            const pid = parseInt(pidStr, 10);
+            return isNaN(pid) ? null : pid;
+        }
+    }
+    catch {
+        return null;
+    }
+    return null;
+}
+//# sourceMappingURL=lockfile.js.map

package/dist/src/shared/utils/lockfile.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"lockfile.js","sourceRoot":"","sources":["../../../../src/shared/utils/lockfile.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,UAAU,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAE9E;;;;;;;;GAQG;AAEH,MAAM,OAAO,aAAc,SAAQ,KAAK;IAGpB;IACA;IAHlB,YACE,OAAe,EACC,YAAoB,EACpB,QAAiB;QAEjC,KAAK,CAAC,OAAO,CAAC,CAAC;QAHC,iBAAY,GAAZ,YAAY,CAAQ;QACpB,aAAQ,GAAR,QAAQ,CAAS;QAGjC,IAAI,CAAC,IAAI,GAAG,eAAe,CAAC;IAC9B,CAAC;CACF;AAED;;;;;GAKG;AACH,SAAS,gBAAgB,CAAC,GAAW;IACnC,IAAI,CAAC;QACH,8DAA8D;QAC9D,OAAO,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;QACrB,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,oCAAoC;QACpC,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,WAAW,CAAC,YAAoB;IAC9C,IAAI,CAAC;QACH,aAAa,CAAC,YAAY,EAAE,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;IACnE,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,GAAG,GAAG,KAA8B,CAAC;QAC3C,IAAI,GAAG,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YAC1B,kDAAkD;YAClD,IAAI,CAAC;gBACH,MAAM,cAAc,GAAG,YAAY,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;gBAC1D,MAAM,WAAW,GAAG,QAAQ,CAAC,cAAc,EAAE,EAAE,CAAC,CAAC;gBAEjD,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,IAAI,CAAC,gBAAgB,CAAC,WAAW,CAAC,EAAE,CAAC;oBAC1D,+EAA+E;oBAC/E,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,qCAAqC,WAAW,iBAAiB,CAAC,CAAC;oBAExF,uDAAuD;oBACvD,IAAI,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;wBAC7B,MAAM,aAAa,GAAG,YAAY,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;wBACzD,MAAM,UAAU,GAAG,QAAQ,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;wBAE/C,0DAA0D;wBAC1D,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,IAAI,UAAU,KAAK,WAAW,IAAI,CAAC,gBAAgB,CAAC,UAAU,CAAC,EAAE,CAAC;4BACtF,UAAU,CAAC,YAAY,CAAC,CAAC;4BAEzB,yCAAyC;4BACzC,aAAa,CAAC,YAAY,EAAE,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;4BACjE,OAAO;wBACT,CAAC;oBACH,CAAC;oBAED,oDAAoD;oBACpD,MAAM,IAAI,aAAa,CACrB,sEAAsE,EACtE,YAAY,EACZ,WAAW,CACZ,CAAC;gBACJ,CAAC;gBAED,oCAAoC;gBACpC,MAAM,IAAI,aAAa,CACrB,wDAAwD,EACxD,YAAY,EACZ,WAAW,CACZ,CAAC;YACJ,CAAC;YAAC,OAAO,SAAS,EAAE,CAAC;gBACnB,8CAA8C;gBAC9C,IAAI,SAAS,YAAY,aAAa,EAAE,CAAC;oBACvC,MAAM,SAAS,CAAC;gBAClB,CAAC;gBACD,4DAA4D;gBAC5D,MAAM,IAAI,aAAa,CACrB,4DAA4D,EAC5D,YAAY,CACb,CAAC;YACJ,CAAC;QACH,CAAC;QACD,MAAM,GAAG,CAAC;IACZ,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,WAAW,CAAC,YAAoB;IAC9C,IAAI,CAAC;QACH,IAAI,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;YAC7B,UAAU,CAAC,YAAY,CAAC,CAAC;QAC3B,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,qEAAqE;QACrE,4CAA4C;IAC9C,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,QAAQ,CAAC,YAAoB;IAC3C,OAAO,UAAU,CAAC,YAAY,CAAC,CAAC;AAClC,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,YAAY,CAAC,YAAoB;IAC/C,IAAI,CAAC;QACH,IAAI,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;YAC7B,MAAM,MAAM,GAAG,YAAY,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;YAClD,MAAM,GAAG,GAAG,QAAQ,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;YACjC,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC;QACjC,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC"}

package/dist/src/shared/utils/simpleYaml.d.ts

@@ -0,0 +1,6 @@
+export interface SimpleYamlObject {
+    [key: string]: SimpleYamlValue;
+}
+export type SimpleYamlValue = string | number | boolean | null | SimpleYamlValue[] | SimpleYamlObject;
+export declare function parseSimpleYaml(content: string): Record<string, SimpleYamlValue>;
+//# sourceMappingURL=simpleYaml.d.ts.map

package/dist/src/shared/utils/simpleYaml.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"simpleYaml.d.ts","sourceRoot":"","sources":["../../../../src/shared/utils/simpleYaml.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,gBAAgB;IAC/B,CAAC,GAAG,EAAE,MAAM,GAAG,eAAe,CAAC;CAChC;AAED,MAAM,MAAM,eAAe,GACvB,MAAM,GACN,MAAM,GACN,OAAO,GACP,IAAI,GACJ,eAAe,EAAE,GACjB,gBAAgB,CAAC;AAmCrB,wBAAgB,eAAe,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,CA6DhF"}

package/dist/src/shared/utils/simpleYaml.js

@@ -0,0 +1,90 @@
+function parseScalar(value) {
+    let trimmed = value.trim();
+    const commentIndex = trimmed.indexOf(" #");
+    if (commentIndex >= 0) {
+        trimmed = trimmed.slice(0, commentIndex).trim();
+    }
+    if (trimmed === "true")
+        return true;
+    if (trimmed === "false")
+        return false;
+    if (trimmed === "null")
+        return null;
+    if (/^-?\d+(\.\d+)?$/.test(trimmed)) {
+        return Number(trimmed);
+    }
+    if (trimmed.startsWith('"') && trimmed.endsWith('"')) {
+        return trimmed.slice(1, -1);
+    }
+    if (trimmed.startsWith("'") && trimmed.endsWith("'")) {
+        return trimmed.slice(1, -1);
+    }
+    return trimmed;
+}
+function ensureObject(value) {
+    if (!value || typeof value !== "object" || Array.isArray(value)) {
+        throw new Error("Expected mapping");
+    }
+    return value;
+}
+export function parseSimpleYaml(content) {
+    const root = {};
+    const lines = content.split(/\r?\n/);
+    const stack = [{ indent: -1, value: root }];
+    for (let index = 0; index < lines.length; index++) {
+        const rawLine = lines[index];
+        if (!rawLine || /^\s*$/.test(rawLine) || /^\s*#/.test(rawLine)) {
+            continue;
+        }
+        const indentMatch = rawLine.match(/^\s*/);
+        const indent = indentMatch?.[0]?.length ?? 0;
+        const line = rawLine.trim();
+        while (stack.length > 0) {
+            const last = stack[stack.length - 1];
+            if (!last || indent <= last.indent) {
+                stack.pop();
+            }
+            else {
+                break;
+            }
+        }
+        const parent = stack[stack.length - 1];
+        if (!parent) {
+            throw new Error("Invalid YAML structure: no parent context");
+        }
+        const container = parent.value;
+        if (line.startsWith("- ")) {
+            if (!Array.isArray(container)) {
+                throw new Error("List item without array context");
+            }
+            container.push(parseScalar(line.slice(2)));
+            continue;
+        }
+        const separatorIndex = line.indexOf(":");
+        if (separatorIndex === -1) {
+            throw new Error(`Invalid YAML line: ${line}`);
+        }
+        const key = line.slice(0, separatorIndex).trim();
+        const remainder = line.slice(separatorIndex + 1);
+        const target = ensureObject(container);
+        if (remainder.trim().length === 0) {
+            const nextLine = lines[index + 1];
+            const isList = nextLine ? nextLine.trim().startsWith("- ") : false;
+            if (isList) {
+                const arr = [];
+                target[key] = arr;
+                stack.push({ indent, value: arr });
+            }
+            else {
+                const obj = {};
+                target[key] = obj;
+                stack.push({ indent, value: obj });
+            }
+        }
+        else {
+            target[key] = parseScalar(remainder);
+        }
+    }
+    return root;
+}
+//# sourceMappingURL=simpleYaml.js.map

package/dist/src/shared/utils/simpleYaml.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"simpleYaml.js","sourceRoot":"","sources":["../../../../src/shared/utils/simpleYaml.ts"],"names":[],"mappings":"AAYA,SAAS,WAAW,CAAC,KAAa;IAChC,IAAI,OAAO,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;IAC3B,MAAM,YAAY,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IAC3C,IAAI,YAAY,IAAI,CAAC,EAAE,CAAC;QACtB,OAAO,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC,IAAI,EAAE,CAAC;IAClD,CAAC;IACD,IAAI,OAAO,KAAK,MAAM;QAAE,OAAO,IAAI,CAAC;IACpC,IAAI,OAAO,KAAK,OAAO;QAAE,OAAO,KAAK,CAAC;IACtC,IAAI,OAAO,KAAK,MAAM;QAAE,OAAO,IAAI,CAAC;IACpC,IAAI,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;QACpC,OAAO,MAAM,CAAC,OAAO,CAAC,CAAC;IACzB,CAAC;IACD,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACrD,OAAO,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;IAC9B,CAAC;IACD,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACrD,OAAO,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;IAC9B,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAOD,SAAS,YAAY,CAAC,KAAsB;IAC1C,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QAChE,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAC;IACtC,CAAC;IACD,OAAO,KAAwC,CAAC;AAClD,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,OAAe;IAC7C,MAAM,IAAI,GAAoC,EAAE,CAAC;IACjD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IACrC,MAAM,KAAK,GAAiB,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IAE1D,KAAK,IAAI,KAAK,GAAG,CAAC,EAAE,KAAK,GAAG,KAAK,CAAC,MAAM,EAAE,KAAK,EAAE,EAAE,CAAC;QAClD,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC;QAC7B,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YAC/D,SAAS;QACX,CAAC;QACD,MAAM,WAAW,GAAG,OAAO,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAC1C,MAAM,MAAM,GAAG,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,MAAM,IAAI,CAAC,CAAC;QAC7C,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC;QAE5B,OAAO,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACxB,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;YACrC,IAAI,CAAC,IAAI,IAAI,MAAM,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;gBACnC,KAAK,CAAC,GAAG,EAAE,CAAC;YACd,CAAC;iBAAM,CAAC;gBACN,MAAM;YACR,CAAC;QACH,CAAC;QACD,MAAM,MAAM,GAAG,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QACvC,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;QAC/D,CAAC;QACD,MAAM,SAAS,GAAG,MAAM,CAAC,KAAK,CAAC;QAE/B,IAAI,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YAC1B,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,CAAC;gBAC9B,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;YACrD,CAAC;YACA,SAA+B,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YAClE,SAAS;QACX,CAAC;QAED,MAAM,cAAc,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACzC,IAAI,cAAc,KAAK,CAAC,CAAC,EAAE,CAAC;YAC1B,MAAM,IAAI,KAAK,CAAC,sBAAsB,IAAI,EAAE,CAAC,CAAC;QAChD,CAAC;QACD,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC,IAAI,EAAE,CAAC;QACjD,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,cAAc,GAAG,CAAC,CAAC,CAAC;QACjD,MAAM,MAAM,GAAG,YAAY,CAAC,SAAS,CAAC,CAAC;QACvC,IAAI,SAAS,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAClC,MAAM,QAAQ,GAAG,KAAK,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC;YAClC,MAAM,MAAM,GAAG,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;YACnE,IAAI,MAAM,EAAE,CAAC;gBACX,MAAM,GAAG,GAAsB,EAAE,CAAC;gBAClC,MAAM,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;gBAClB,KAAK,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC;YACrC,CAAC;iBAAM,CAAC;gBACN,MAAM,GAAG,GAAoC,EAAE,CAAC;gBAChD,MAAM,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;gBAClB,KAAK,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC;YACrC,CAAC;QACH,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,GAAG,CAAC,GAAG,WAAW,CAAC,SAAS,CAAC,CAAC;QACvC,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC"}

package/package.json

@@ -0,0 +1,91 @@
+{
+  "name": "kiri-mcp-server",
+  "version": "0.2.0",
+  "description": "KIRI context extraction platform",
+  "type": "module",
+  "main": "./dist/src/index.js",
+  "module": "./dist/src/index.js",
+  "types": "./dist/src/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/src/index.d.ts",
+      "import": "./dist/src/index.js"
+    },
+    "./package.json": "./package.json"
+  },
+  "bin": {
+    "kiri": "./dist/src/client/proxy.js",
+    "kiri-server": "./dist/src/server/main.js",
+    "kiri-daemon": "./dist/src/daemon/daemon.js"
+  },
+  "files": [
+    "dist/",
+    "config/",
+    "sql/"
+  ],
+  "keywords": [
+    "mcp",
+    "duckdb",
+    "context",
+    "llm",
+    "code-search",
+    "indexer"
+  ],
+  "license": "MIT",
+  "author": "CAPHTECH",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/CAPHTECH/kiri.git"
+  },
+  "bugs": {
+    "url": "https://github.com/CAPHTECH/kiri/issues"
+  },
+  "homepage": "https://github.com/CAPHTECH/kiri#readme",
+  "engines": {
+    "node": ">=20.0.0"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "dependencies": {
+    "chokidar": "^4.0.3",
+    "duckdb": "^1.1.0",
+    "gpt-tokenizer": "^3.2.0",
+    "tree-sitter": "^0.22.0",
+    "tree-sitter-swift": "0.7.1",
+    "typescript": "^5.6.3",
+    "yaml": "^2.8.1",
+    "zod": "^4.1.12"
+  },
+  "devDependencies": {
+    "@types/node": "^22.7.4",
+    "@typescript-eslint/eslint-plugin": "^8.0.0",
+    "@typescript-eslint/parser": "^8.0.0",
+    "@vitest/coverage-v8": "^2.0.0",
+    "eslint": "^9.9.0",
+    "eslint-config-prettier": "^9.1.0",
+    "eslint-plugin-import": "^2.29.1",
+    "prettier": "^3.3.3",
+    "lint-staged": "^15.2.10",
+    "simple-git-hooks": "^2.10.0",
+    "tsx": "^4.16.5",
+    "vitest": "^2.0.5"
+  },
+  "simple-git-hooks": {
+    "pre-commit": "pnpm exec lint-staged"
+  },
+  "lint-staged": {
+    "*.{ts,tsx,json,md,yml}": [
+      "pnpm exec prettier --write"
+    ]
+  },
+  "scripts": {
+    "bootstrap": "pnpm install",
+    "build": "tsc --project tsconfig.build.json && pnpm run build:copy-assets",
+    "build:copy-assets": "tsx scripts/build/copy-assets.ts",
+    "dev": "tsx src/server/main.ts --port 8765",
+    "lint": "eslint \"{src,tests,scripts}/**/*.{ts,tsx}\" && prettier --check \"**/*.{ts,tsx,json,md,yml}\"",
+    "test": "vitest run --coverage",
+    "check": "pnpm run lint && pnpm run test"
+  }
+}

package/sql/schema.sql

@@ -0,0 +1,6 @@
+-- DuckDB schema placeholder for KIRI
+CREATE TABLE IF NOT EXISTS repo (
+  id INTEGER,
+  root TEXT,
+  indexed_at TIMESTAMP
+);