metame-cli 1.6.2 → 1.6.3

package/scripts/daemon-engine-runtime.js

@@ -15,6 +15,8 @@ const CODEX_TOOL_MAP = Object.freeze({
   web_fetch: 'WebFetch',
 });
 
+const CODEX_AUTO_MODEL = 'auto';
+
 const ENGINE_TIMEOUT_DEFAULTS = Object.freeze({
   codex: Object.freeze({
     idleMs: 10 * 60 * 1000,
@@ -80,16 +82,19 @@ const ENGINE_MODEL_CONFIG = Object.freeze({
     hint:     null,
   },
   codex: {
-    main:     'gpt-5.4',           // recommended for most tasks (official default)
+    main:     CODEX_AUTO_MODEL,     // follow official Codex CLI default model
     distill:  'gpt-5.1-codex-mini', // cost-effective mini
     options:  [                     // quick-pick buttons (official model names)
-      { value: 'gpt-5.4',            label: 'gpt-5.4 · 推荐' },
-      { value: 'gpt-5.3-codex',      label: 'gpt-5.3-codex · 最新 Codex 专用' },
+      { value: CODEX_AUTO_MODEL,     label: 'auto · 跟随 Codex 官方默认' },
+      { value: 'gpt-5-codex',        label: 'gpt-5-codex · 官方滚动别名' },
+      { value: 'gpt-5.5',            label: 'gpt-5.5 · 固定版本' },
+      { value: 'gpt-5.4',            label: 'gpt-5.4 · 固定版本' },
+      { value: 'gpt-5.3-codex',      label: 'gpt-5.3-codex · 固定 Codex' },
       { value: 'gpt-5.1-codex-max',  label: 'gpt-5.1-codex-max · 长任务' },
       { value: 'gpt-5.1-codex-mini', label: 'gpt-5.1-codex-mini · 轻量' },
     ],
     provider: 'openai',
-    hint:     '或直接发送任意 OpenAI 模型名切换',
+    hint:     '推荐 `auto` 或 `gpt-5-codex`，也可直接发送任意 OpenAI 模型名切换',
   },
 });
 
@@ -121,7 +126,8 @@ function looksLikeCodexModel(model) {
   const raw = String(model || '').trim().toLowerCase();
   if (!raw) return false;
   return (
-    raw.startsWith('gpt-')
+    raw === CODEX_AUTO_MODEL
+    || raw.startsWith('gpt-')
     || raw.startsWith('o1')
     || raw.startsWith('o3')
     || raw.startsWith('o4')
@@ -129,6 +135,10 @@ function looksLikeCodexModel(model) {
   );
 }
 
+function isCodexAutoModel(model) {
+  return String(model || '').trim().toLowerCase() === CODEX_AUTO_MODEL;
+}
+
 function resolveEngineModel(engineName, daemonCfg = {}, overrideModel = '') {
   const engine = normalizeEngineName(engineName);
   const engineCfg = ENGINE_MODEL_CONFIG[engine] || ENGINE_MODEL_CONFIG.claude;
@@ -393,7 +403,7 @@ function buildCodexArgs(options = {}) {
     : ['exec'];
 
   args.push('--json', '--skip-git-repo-check');
-  if (model) args.push('-m', model);
+  if (model && !isCodexAutoModel(model)) args.push('-m', model);
   // -C (cwd) is only supported on fresh exec, not resume
   if (cwd && !isResume) args.push('-C', cwd);
 

package/scripts/daemon-user-acl.js

@@ -178,9 +178,15 @@ const ADMIN_ONLY_ACTIONS = new Set(['system', 'agent', 'config', 'admin_acl']);
  * 根据 senderId 解析用户上下文
  * @param {string|null} senderId  飞书 open_id
  * @param {object} config         daemon 配置（兼容旧 operator_ids）
+ * @param {object} [opts]
+ * @param {boolean} [opts.fromAllowedChat]  消息来自 allowed_chat_ids 命中的群。
+ *   当为 true 且 senderId 未在 users.yaml 显式登记时，直接判为 admin
+ *   （群级白名单已经做过准入控制，再叠用户级 operator_ids 是冗余）。
+ *   users.yaml 里显式登记的角色仍然受尊重。
  * @returns {object} userCtx { senderId, role, name, allowedActions, can(action) }
  */
-function resolveUserCtx(senderId, config) {
+function resolveUserCtx(senderId, config, opts = {}) {
+  const fromAllowedChat = !!(opts && opts.fromAllowedChat);
   const userData = loadUsers();
   // Per-platform bootstrap: Feishu open_id starts with "ou_", Telegram IDs are numeric.
   const allUsers = userData && userData.users ? userData.users : {};
@@ -194,6 +200,7 @@ function resolveUserCtx(senderId, config) {
   const hasConfiguredUsers = hasPlatformAdmin;
 
   let role, name, allowedActions;
+  let implicitAdmin = false;
 
   if (!senderId) {
     // 无 ID（Telegram 等）— 兼容旧逻辑，视为 admin
@@ -215,6 +222,16 @@ function resolveUserCtx(senderId, config) {
       } else {
         allowedActions = [];
       }
+    } else if (fromAllowedChat) {
+      // Group-whitelist trust: messages reaching us through allowed_chat_ids
+      // already passed chat-level access control. Anyone who can speak in the
+      // group is treated as admin without needing operator_ids or yaml entry.
+      // (Explicit users.yaml entries above still win — admins can demote
+      // someone by writing them in.)
+      role = 'admin';
+      name = senderId.slice(-6);
+      allowedActions = ROLE_DEFAULT_ACTIONS.admin;
+      implicitAdmin = true;
     } else {
       // 兼容旧 operator_ids：若 senderId 在 operator_ids 中，视为 admin
       const operatorIds = (config && config.feishu && config.feishu.operator_ids) || [];
@@ -254,6 +271,7 @@ function resolveUserCtx(senderId, config) {
     isAdmin: role === 'admin',
     isMember: role === 'member',
     isStranger: role === 'stranger',
+    implicitAdmin,
     can(action) { return allowedActions.includes(action); },
     readOnly: role !== 'admin',
   };

package/scripts/daemon-weixin-bridge.js

@@ -182,6 +182,8 @@ function createWeixinBridge(deps = {}) {
     let currentAccount = null;
     let currentBot = null;
     let missingAccountLogged = false;
+    let pollErrorDelay = 1000;        // exponential backoff on poll errors
+    const MAX_POLL_ERROR_DELAY = 30000;
 
     function sameAccount(a, b) {
       if (!a || !b) return false;
@@ -238,6 +240,7 @@ function createWeixinBridge(deps = {}) {
           getUpdatesBuf,
           timeoutMs: liveBridgeCfg.pollTimeoutMs,
         });
+        pollErrorDelay = 1000; // reset as soon as HTTP poll succeeds — downstream processMessage errors should not cause poll backoff
         if (resp && typeof resp.get_updates_buf === 'string' && resp.get_updates_buf) {
           getUpdatesBuf = resp.get_updates_buf;
         }
@@ -263,8 +266,9 @@ function createWeixinBridge(deps = {}) {
           });
         }
       } catch (err) {
-        log('WARN', `[WEIXIN] poll error: ${err.message}`);
-        nextDelayMs = 1000;
+        log('WARN', `[WEIXIN] poll error: ${err.message} — retrying in ${Math.round(pollErrorDelay / 1000)}s`);
+        nextDelayMs = pollErrorDelay;
+        pollErrorDelay = Math.min(pollErrorDelay * 2, MAX_POLL_ERROR_DELAY);
       } finally {
         processing = false;
         scheduleNext(nextDelayMs);

package/scripts/daemon.js

@@ -106,6 +106,9 @@ const SKILL_ROUTES = [
   { name: 'heartbeat-task-manager', pattern: /提醒|remind|闹钟|定时|每[天周月]/i },
   { name: 'skill-manager', pattern: /找技能|管理技能|更新技能|安装技能|skill manager|skill scout|(?:find|look for)\s+skills?/i },
   { name: 'skill-evolution-manager', pattern: /\/evolve\b|复盘一下|记录一下(这个)?经验|保存到\s*skill|skill evolution/i },
+  // (?<!转) excludes "转发" forwarding semantics (e.g. "把这条消息转发给我")
+  // which is conversation relay, not file delivery.
+  { name: 'send-to-user', pattern: /(?<!转)发(?:到|给|出)?\s*(?:我|手机|飞书)|发(?:个|条|份)?\s*(?:文件|附件|图(?:片)?|日志|压缩包|截图|csv|pdf|zip|excel|表格)|(?<!转)发我|给我(?:下载|发个|发份)|send\s+(?:me|file|attachment|to\s+me)|push\s+(?:to\s+)?(?:me|phone|file)|attach\s+file/i },
 ];
 
 function routeSkill(prompt) {
@@ -1959,9 +1962,49 @@ const pendingAgentFlows = new Map();
 const pendingTeamFlows = new Map();
 
 // Pending activation: after creating an agent with skipChatBinding=true,
-// store here so any new unbound group can activate it with /activate
-// { agentKey, agentName, cwd, createdAt }
-const pendingActivations = new Map(); // key: agentKey -> activation record
+// store here so any new unbound group can activate it with /activate.
+// { agentKey, agentName, cwd, createdAt, preCreatedChatId?, preCreatedChatName? }
+//
+// Persisted to disk so an auto-update / lid-close / SIGUSR2 restart in the
+// 30-minute activation window doesn't strand a freshly created Feishu chat
+// that hadn't bound yet (esp. the orphan path: createChat ok + bind fail).
+// Stale entries (>30min) are dropped on load.
+const pendingActivations = new Map();
+const PENDING_ACTIVATIONS_FILE = path.join(HOME, '.metame', 'pending_activations.json');
+const PENDING_ACTIVATIONS_TTL_MS = 30 * 60 * 1000;
+function _persistPendingActivations() {
+  try {
+    const obj = Object.fromEntries(pendingActivations);
+    const tmp = PENDING_ACTIVATIONS_FILE + '.tmp';
+    fs.writeFileSync(tmp, JSON.stringify(obj), 'utf8');
+    fs.renameSync(tmp, PENDING_ACTIVATIONS_FILE);
+  } catch { /* best-effort, never throw from persistence */ }
+}
+function _restorePendingActivations() {
+  try {
+    if (!fs.existsSync(PENDING_ACTIVATIONS_FILE)) return;
+    const data = JSON.parse(fs.readFileSync(PENDING_ACTIVATIONS_FILE, 'utf8'));
+    const now = Date.now();
+    let restored = 0;
+    for (const [k, v] of Object.entries(data)) {
+      if (v && v.createdAt && now - v.createdAt < PENDING_ACTIVATIONS_TTL_MS) {
+        pendingActivations.set(k, v);
+        restored += 1;
+      }
+    }
+    if (restored > 0) log('INFO', `[pending] restored ${restored} pending activation(s) from disk`);
+  } catch { /* corrupt file → start fresh */ }
+}
+// Wrap Map.set/.delete so every mutation hits disk. Wrapping the prototype
+// methods (rather than reassigning) keeps the Map reference stable for callers
+// that stored it before the wrap (the daemon does not, but defensive).
+const _origPendingSet = pendingActivations.set.bind(pendingActivations);
+const _origPendingDelete = pendingActivations.delete.bind(pendingActivations);
+const _origPendingClear = pendingActivations.clear.bind(pendingActivations);
+pendingActivations.set = function (k, v) { const r = _origPendingSet(k, v); _persistPendingActivations(); return r; };
+pendingActivations.delete = function (k) { const r = _origPendingDelete(k); _persistPendingActivations(); return r; };
+pendingActivations.clear = function () { const r = _origPendingClear(); _persistPendingActivations(); return r; };
+_restorePendingActivations();
 
 const { handleAdminCommand } = createAdminCommandHandler({
   fs,

package/scripts/docs/hermes-memory-upgrade-converged.md

@@ -0,0 +1,461 @@
+# MetaMe Hermes-Style Memory Upgrade: Converged Landing Plan
+
+Status: converged proposal for implementation review
+Principle: extend the existing memory pipeline; do not replace it
+
+## 0. Final Architecture Decision
+
+Do not build a parallel Hermes clone.
+
+MetaMe already has the right primitives:
+
+- `memory_items` in `scripts/memory.js` for facts, conventions, profiles, and episodes.
+- FTS5 over `memory_items`.
+- `wiki_pages`, `content_chunks`, and `embedding_queue` from `scripts/memory-wiki-schema.js`.
+- Hybrid wiki retrieval in `scripts/core/hybrid-search.js`.
+- Session skeleton/evidence extraction in `scripts/session-analytics.js`.
+- Atomic fact extraction in `scripts/memory-extract.js`.
+- Per-agent memory snapshot injection in `scripts/agent-layer.js`.
+
+The elegant landing is therefore:
+
+```
+raw transcript provenance table
+  + existing memory_items(kind='episode') as session note
+  + existing memory_items(kind='convention'|'insight') as extracted facts
+  + existing wiki_pages as compiled knowledge
+  + new recall-router for on-demand prompt injection
+```
+
+Only one new durable table is required in the first landing: `session_sources`.
+
+## 1. Why This Is the Converged Version
+
+The previous RFC suggested both `session_episodes` and `session_notes`. After reviewing current source, that is heavier than necessary:
+
+- `memory_items.kind='episode'` already represents session summaries and is consumed by `searchSessions()` and wiki export.
+- `wiki-reflect-export.js` already exports session summaries into `wiki/sessions/`.
+- `memory-extract.js` already calls `memory.saveSession()` after processing Claude and Codex sessions.
+- Adding a separate `session_notes` table would duplicate existing `episode` rows and force new export/search paths.
+
+So the minimum stable design is:
+
+- Add `session_sources` for L0 provenance.
+- Upgrade `saveSession()` content quality and metadata.
+- Add query-time recall routing.
+- Keep all existing public memory APIs backward compatible.
+
+## 2. Target Data Model
+
+### 2.1 New Table: `session_sources`
+
+Add in `scripts/memory-wiki-schema.js` or a new schema helper called by `memory.js`.
+
+Purpose: immutable-ish provenance index for raw session material.
+
+```sql
+CREATE TABLE IF NOT EXISTS session_sources (
+  id                TEXT PRIMARY KEY,
+  engine            TEXT NOT NULL DEFAULT 'unknown',
+  session_id        TEXT NOT NULL,
+  project           TEXT DEFAULT '*',
+  scope             TEXT,
+  agent_key         TEXT,
+  cwd               TEXT,
+  source_path       TEXT,
+  source_hash       TEXT,
+  source_size       INTEGER DEFAULT 0,
+  first_ts          TEXT,
+  last_ts           TEXT,
+  message_count     INTEGER DEFAULT 0,
+  tool_call_count   INTEGER DEFAULT 0,
+  tool_error_count  INTEGER DEFAULT 0,
+  status            TEXT DEFAULT 'indexed'
+                    CHECK (status IN ('indexed','summarized','extracted','error','archived')),
+  error_message     TEXT,
+  created_at        TEXT DEFAULT (datetime('now')),
+  updated_at        TEXT DEFAULT (datetime('now')),
+  UNIQUE(engine, session_id, source_hash)
+);
+```
+
+Indexes:
+
+```sql
+CREATE INDEX IF NOT EXISTS idx_session_sources_session ON session_sources(session_id);
+CREATE INDEX IF NOT EXISTS idx_session_sources_project ON session_sources(project, scope, last_ts);
+CREATE INDEX IF NOT EXISTS idx_session_sources_agent   ON session_sources(agent_key, last_ts);
+```
+
+### 2.2 Reuse Existing Table: `memory_items`
+
+Do not add `session_notes` table.
+
+Use:
+
+- `kind='episode'` for L1 session note.
+- `source_type='session' | 'codex'`.
+- `source_id=session_id`.
+- `session_id=session_id`.
+- `project`, `scope`, and `agent_key` as routing metadata.
+
+Add only these columns if reviewers agree they are worth it:
+
+```sql
+ALTER TABLE memory_items ADD COLUMN source_hash TEXT;
+ALTER TABLE memory_items ADD COLUMN review_state TEXT DEFAULT 'unreviewed';
+ALTER TABLE memory_items ADD COLUMN valid_from TEXT;
+ALTER TABLE memory_items ADD COLUMN valid_to TEXT;
+```
+
+Strict minimum: `source_hash` is enough for phase 1.
+
+## 3. Implementation Sequence
+
+### PR 1: Provenance Index Only
+
+Goal: make every processed Claude/Codex transcript traceable without changing behavior.
+
+Files:
+
+- Add `scripts/core/session-source-db.js`
+- Update `scripts/memory-wiki-schema.js`
+- Update `scripts/memory.js` DB init if schema is split
+- Add `scripts/core/session-source-db.test.js`
+
+`session-source-db.js` API:
+
+```js
+function upsertSessionSource(db, source) {}
+function getSessionSource(db, { engine, sessionId, sourceHash }) {}
+function findSessionSources(db, { project, scope, engine, limit }) {}
+function markSessionSourceStatus(db, id, status, errorMessage) {}
+```
+
+Rules:
+
+- The module is pure DB logic.
+- It does not read transcript files.
+- It does not call LLMs.
+- It does not know daemon state.
+
+Integration:
+
+- In `memory-extract.js`, after `extractSkeleton()` or `buildCodexInput()`, compute `source_hash` from the source file.
+- Upsert `session_sources`.
+- Continue existing fact/session extraction unchanged.
+
+Acceptance:
+
+- Re-running `memory-extract.js` on the same transcript does not duplicate rows.
+- Existing tests for `memory-extract` and wiki still pass.
+- `memory.searchSessions()` output is unchanged.
+
+### PR 2: Better Episode Notes, Same Storage
+
+Goal: make `memory_items.kind='episode'` useful as a session wiki source even when no atomic facts are extracted.
+
+Files:
+
+- Add `scripts/core/session-note.js`
+- Update `scripts/memory-extract.js`
+- Extend `scripts/memory.js saveSession()`
+- Add `scripts/core/session-note.test.js`
+
+`session-note.js` should be pure:
+
+```js
+function buildSessionNote({ skeleton, evidence, sessionName, facts }) {
+  return {
+    title,
+    summary,
+    keywords,
+    content,
+  };
+}
+```
+
+Recommended content format:
+
+```markdown
+## Task
+<from user snippets / inferred intent>
+
+## Outcome
+<facts or concise execution result>
+
+## Evidence
+- session_id: ...
+- project: ...
+- duration: ...
+- tools: ...
+- errors: ...
+```
+
+Use this content as the `summary` passed to `saveSession()`. Keep the API name for compatibility even if the content becomes richer than a one-line summary.
+
+Acceptance:
+
+- Sessions with zero extracted facts still produce a useful episode row.
+- `memory-search.js --sessions "<query>"` can find session notes by task words, file paths, and error terms.
+- `wiki-reflect-export.js` continues to export session summaries without a new path.
+
+### PR 3: Scope Resolver
+
+Goal: stop scattering project/scope/agent inference.
+
+Files:
+
+- Add `scripts/core/memory-scope.js`
+- Use it in `memory-extract.js`, `agent-layer.js`, later `daemon-claude-engine.js`
+- Add `scripts/core/memory-scope.test.js`
+
+API:
+
+```js
+function normalizeMemoryScope(input) {
+  return {
+    project,
+    scope,
+    agentKey,
+    sessionId,
+    engine,
+    cwd,
+  };
+}
+```
+
+Rules:
+
+- It is pure.
+- It accepts partial inputs.
+- It never reads `daemon.yaml`.
+- Callers that need daemon config resolve project before calling this helper.
+
+Acceptance:
+
+- Claude and Codex extraction produce consistent `project/scope/engine`.
+- Existing `project_id` behavior remains compatible.
+
+### PR 4: Recall Router in Observe-Only Mode
+
+Goal: decide when historical memory should be retrieved, but do not inject yet.
+
+Files:
+
+- Add `scripts/core/recall-router.js`
+- Add `scripts/core/recall-router.test.js`
+- Optionally log decisions from `daemon-claude-engine.js` without changing prompt
+
+API:
+
+```js
+function planRecall({ text, scope, hasActiveSession }) {
+  return {
+    shouldRecall,
+    reason,
+    queries,
+    modes,
+    maxChars,
+  };
+}
+```
+
+Initial trigger rules:
+
+- history words: `之前`, `上次`, `以前`, `记得`, `回忆`, `查历史`, `有没有踩过坑`
+- decision words: `为什么这么定`, `当时怎么决定`, `以前怎么处理`
+- bug recurrence: `又`, `再次`, `之前的 bug`, `同样的问题`
+- exact identifiers: file path, function name, config key, error code
+
+Initial non-triggers:
+
+- pure commands: `/status`, `/tasks`, `/agent`
+- obvious one-shot shell/math/date requests
+- messages shorter than 4 chars unless they are explicit history commands
+
+Acceptance:
+
+- Router is deterministic.
+- Unit tests cover Chinese triggers.
+- No prompt behavior changes in this PR.
+
+### PR 5: Recall Assembly API
+
+Goal: centralize query-conditioned recall.
+
+Files:
+
+- Extend `scripts/memory.js`
+- Possibly add `scripts/core/recall-format.js`
+- Add tests in `scripts/memory-wiki-integration.test.js` or new `scripts/memory-recall.test.js`
+
+API:
+
+```js
+async function assembleRecallContext({
+  query,
+  scope,
+  modes = ['facts', 'sessions', 'wiki'],
+  maxChars = 4000,
+  ftsOnly = false,
+}) {}
+```
+
+Output:
+
+```js
+{
+  text: "...bounded markdown block...",
+  sources: [
+    { type: 'fact', id: '...' },
+    { type: 'session', session_id: '...' },
+    { type: 'wiki', slug: '...' }
+  ],
+  truncated: false
+}
+```
+
+Rules:
+
+- Facts: active facts only by default.
+- Sessions: use `searchSessions()`.
+- Wiki: use existing `hybridSearchWiki()`.
+- Include provenance labels.
+- Never include raw transcripts.
+- Hard cap by characters.
+
+Acceptance:
+
+- Empty search returns empty text.
+- Relevance is stable under missing embeddings.
+- Works with FTS-only fallback.
+
+### PR 6: Prompt Injection Behind Feature Flag
+
+Goal: add Hermes-style on-demand memory without destabilizing normal chats.
+
+Files:
+
+- `scripts/daemon-claude-engine.js`
+- `scripts/daemon-prompt-context.js`
+- `scripts/daemon-prompt-context.test.js`
+- Maybe `scripts/daemon-claude-engine.test.js`
+
+Behavior:
+
+- Existing `memory-snapshot.md` injection remains unchanged.
+- Before composing the final prompt, call `planRecall()`.
+- If enabled and `shouldRecall`, call `memory.assembleRecallContext()`.
+- Inject as:
+
+```text
+[Relevant memory recall:
+...
+]
+```
+
+Feature flag:
+
+Do not require config in PR 1-5.
+
+For PR 6, read optional runtime config from `~/.metame/daemon.yaml`:
+
+```yaml
+daemon:
+  memory_recall_enabled: false
+  memory_recall_max_chars: 4000
+```
+
+Template changes in `scripts/daemon-default.yaml` are optional and must contain placeholders only.
+
+Acceptance:
+
+- Default behavior is unchanged because flag is false.
+- With flag true, recall block appears only for router-triggered messages.
+- No daemon prompt exceeds configured recall cap.
+- If DB/search fails, prompt proceeds without recall.
+
+## 4. What Not To Do
+
+Do not:
+
+- Create a second memory DB.
+- Create `session_notes` table in the first landing.
+- Copy full transcripts into `memory.db`.
+- Inject recent sessions into every prompt.
+- Let subagents write verified/global memory directly.
+- Change `plugin/scripts/` or deployed `~/.metame/` files directly.
+- Edit real user config in `~/.metame/daemon.yaml` as part of source changes.
+
+## 5. Review-Critical Invariants
+
+Experts should hold the implementation to these invariants:
+
+1. L0 provenance is immutable enough.
+   A raw transcript pointer + hash must survive all derived memory changes.
+
+2. Derived memory is rebuildable.
+   Episode notes and facts can be regenerated from source material.
+
+3. Recall is query-conditioned.
+   No broad "always inject history" behavior.
+
+4. Prompt cache is mostly preserved.
+   Normal messages should not receive dynamic recall blocks.
+
+5. Existing APIs stay compatible.
+   `saveFacts`, `saveSession`, `searchFacts`, `searchSessions`, `recentSessions`, and `hybridSearchWiki` keep working.
+
+6. Scope is explicit.
+   Project/agent/thread memory does not bleed into unrelated sessions.
+
+7. Failure is soft.
+   Memory extraction/search failures never block the user-facing task.
+
+## 6. Minimal Test Plan
+
+Run after PR 1-3:
+
+```bash
+node --test scripts/core/session-source-db.test.js
+node --test scripts/core/session-note.test.js
+node --test scripts/memory-wiki-integration.test.js
+node --test scripts/memory-extract-step4.test.js
+```
+
+Run after PR 4-5:
+
+```bash
+node --test scripts/core/recall-router.test.js
+node --test scripts/memory-wiki-integration.test.js
+node --test scripts/wiki-reflect-export.test.js
+```
+
+Run after PR 6:
+
+```bash
+npx eslint scripts/daemon*.js
+node --test scripts/daemon-prompt-context.test.js
+node --test scripts/daemon-claude-engine.test.js
+node --test scripts/daemon-*.test.js
+```
+
+## 7. First Implementation Patch Shape
+
+The first implementation patch should be this small:
+
+1. Add `session_sources` DDL.
+2. Add `scripts/core/session-source-db.js`.
+3. Add `scripts/core/session-source-db.test.js`.
+4. Call `upsertSessionSource()` from `memory-extract.js` for Claude and Codex paths.
+5. Do not add prompt recall.
+6. Do not add config.
+7. Do not alter wiki export behavior.
+
+Expected review outcome:
+
+- Easy to verify.
+- Easy to roll back.
+- Gives future PRs a provenance anchor.
+