nexus-prime 7.2.0 → 7.3.0

package/dist/install/manifest.js

@@ -10,6 +10,18 @@ import * as fs from 'fs';
 import * as path from 'path';
 import { getInstallManifestPath } from './state-locator.js';
 export const MANIFEST_VERSION = 1;
+/**
+ * Architecture generation marker for the installed runtime. Bump this when
+ * the install layout changes (new dashboard, new MCP registrations, new
+ * hook surfaces, new state directories) so the install-wizard can detect
+ * older shapes and run migrations rather than silently leaving stale
+ * registrations alongside the new ones.
+ *
+ * Manifests written before this field was introduced have `undefined` here
+ * and are treated as the inferred legacy generation `v6` (matching the
+ * setup-marker-v6.json filename Nexus has used since the v6 release).
+ */
+export const INSTALL_ARCH_GENERATION = 'v7';
 function emptyManifest() {
     const now = Date.now();
     return {
@@ -19,6 +31,7 @@ function emptyManifest() {
         paths: [],
         registrations: [],
         setupMarkers: [],
+        architectureGeneration: INSTALL_ARCH_GENERATION,
     };
 }
 export function loadManifest(filePath = getInstallManifestPath()) {
@@ -37,12 +50,37 @@ export function loadManifest(filePath = getInstallManifestPath()) {
             paths: Array.isArray(m.paths) ? m.paths.filter(isPathEntry) : [],
             registrations: Array.isArray(m.registrations) ? m.registrations.filter(isRegistrationEntry) : [],
             setupMarkers: Array.isArray(m.setupMarkers) ? m.setupMarkers.filter((v) => typeof v === 'string') : [],
+            architectureGeneration: typeof m.architectureGeneration === 'string'
+                ? m.architectureGeneration
+                : undefined,
         };
     }
     catch {
         return emptyManifest();
     }
 }
+/** Stamp the manifest with the current architecture generation. Idempotent. */
+export function recordArchitectureGeneration(manifest, generation = INSTALL_ARCH_GENERATION) {
+    if (manifest.architectureGeneration === generation)
+        return manifest;
+    return { ...manifest, architectureGeneration: generation };
+}
+/**
+ * Inspect the manifest's recorded generation against the current build.
+ * `previousGeneration` is undefined for fresh installs, 'v6' for legacy
+ * manifests written before the field existed. `requiresMigration` is true
+ * when the manifest is older than INSTALL_ARCH_GENERATION.
+ */
+export function detectArchitectureUpgrade(manifest) {
+    const previousGeneration = manifest.architectureGeneration;
+    const requiresMigration = previousGeneration !== INSTALL_ARCH_GENERATION
+        && (manifest.paths.length > 0 || manifest.registrations.length > 0 || manifest.setupMarkers.length > 0);
+    return {
+        previousGeneration,
+        currentGeneration: INSTALL_ARCH_GENERATION,
+        requiresMigration,
+    };
+}
 function isPathEntry(value) {
     if (!value || typeof value !== 'object')
         return false;
@@ -58,7 +96,12 @@ function isRegistrationEntry(value) {
 export function saveManifest(manifest, filePath = getInstallManifestPath()) {
     const dir = path.dirname(filePath);
     fs.mkdirSync(dir, { recursive: true });
-    const next = { ...manifest, version: MANIFEST_VERSION, updatedAt: Date.now() };
+    const next = {
+        ...manifest,
+        version: MANIFEST_VERSION,
+        updatedAt: Date.now(),
+        architectureGeneration: manifest.architectureGeneration ?? INSTALL_ARCH_GENERATION,
+    };
     fs.writeFileSync(filePath, JSON.stringify(next, null, 2), 'utf8');
 }
 export function recordPath(manifest, entry) {

package/dist/install/state-locator.d.ts

@@ -23,6 +23,17 @@ export declare function getRuntimeTmpRoots(): string[];
  * directory names that engines create lazily, so missing entries are normal.
  */
 export declare function enumerateStatePaths(stateDir?: string): NexusPathEntry[];
+/**
+ * Enumerate ngram .oversize.* archive snapshots produced by the rotate path.
+ * Cleanup keeps at most one of these (the newest) so a runaway DB can't grow
+ * a multi-GB backlog of stale carcasses.
+ */
+export interface NgramArchiveEntry {
+    path: string;
+    bytes: number;
+    modifiedAt: number;
+}
+export declare function enumerateNgramArchives(stateDir?: string): NgramArchiveEntry[];
 /** Known IDE registration targets discovered in a workspace + home dir. */
 export interface RegistrationTarget {
     id: 'aider' | 'antigravity' | 'claude-desktop' | 'claude-home' | 'claude-workspace' | 'cline' | 'codex-json' | 'codex-toml' | 'continue' | 'cursor-home' | 'cursor-workspace' | 'opencode' | 'openclaw' | 'vscode-workspace' | 'windsurf';

package/dist/install/state-locator.js

@@ -12,6 +12,7 @@
  *   worktree — git worktrees used by phantom execution
  *   db       — sqlite databases (memory, synapse, architects)
  */
+import * as fs from 'fs';
 import * as os from 'os';
 import * as path from 'path';
 import { resolveNexusStateDir } from '../engines/runtime-registry.js';
@@ -71,6 +72,9 @@ export function enumerateStatePaths(stateDir = getNexusStateDir()) {
         { path: path.join(stateDir, 'memory.db'), scope: 'db', optional: true },
         { path: path.join(stateDir, 'memory.db-wal'), scope: 'db', optional: true },
         { path: path.join(stateDir, 'memory.db-shm'), scope: 'db', optional: true },
+        { path: path.join(stateDir, 'ngram-index.db'), scope: 'db', optional: true },
+        { path: path.join(stateDir, 'ngram-index.db-wal'), scope: 'db', optional: true },
+        { path: path.join(stateDir, 'ngram-index.db-shm'), scope: 'db', optional: true },
         { path: path.join(stateDir, '.synapse'), scope: 'db', optional: true },
         { path: path.join(stateDir, '.architects'), scope: 'db', optional: true },
         { path: path.join(stateDir, 'runs'), scope: 'runtime', optional: true },
@@ -87,6 +91,30 @@ export function enumerateStatePaths(stateDir = getNexusStateDir()) {
         { path: path.join(stateDir, 'nexus-daemon.lock.json'), scope: 'runtime', optional: true },
     ];
 }
+export function enumerateNgramArchives(stateDir = getNexusStateDir()) {
+    const out = [];
+    try {
+        if (!fs.existsSync(stateDir))
+            return out;
+        for (const entry of fs.readdirSync(stateDir)) {
+            if (!entry.startsWith('ngram-index.db.oversize.'))
+                continue;
+            const full = path.join(stateDir, entry);
+            try {
+                const st = fs.statSync(full);
+                if (st.isFile())
+                    out.push({ path: full, bytes: st.size, modifiedAt: st.mtimeMs });
+            }
+            catch {
+                // unreadable — skip
+            }
+        }
+    }
+    catch {
+        // unreadable state dir — return what we have
+    }
+    return out;
+}
 export function enumerateRegistrationTargets(workspaceRoot, home = os.homedir()) {
     const claudeDesktopConfig = process.platform === 'darwin'
         ? path.join(home, 'Library', 'Application Support', 'Claude', 'claude_desktop_config.json')

package/dist/licensing/enforcement.js

@@ -11,7 +11,7 @@
 // ─────────────────────────────────────────────────────────────────────────────
 import { getSharedLicenseManager } from './license-manager.js';
 import { getToolTier, isToolAllowed } from './tool-tiers.js';
-import { toolGateMessage, capWarningMessage, capExceededMessage, noLicenseMessage } from './upgrade-prompts.js';
+import { toolGateMessage, capWarningMessage, capExceededMessage, noLicenseMessage, trialActiveMessage, trialExpiredMessage, } from './upgrade-prompts.js';
 function getMode() {
     const val = (process.env.NEXUS_ENFORCEMENT_MODE ?? 'soft').toLowerCase();
     if (val === 'audit' || val === 'hard')
@@ -46,6 +46,18 @@ export const LicenseEnforcementMiddleware = {
             // In all modes: let the tool execute (soft gate during ramp)
             return;
         }
+        if (status.degradedReason === 'trial-expired') {
+            if (mode !== 'audit') {
+                ctx.meta.licenseUpgradeHint = trialExpiredMessage();
+            }
+            // Fall through to tier check — caps revert to free tier on trial expiry.
+        }
+        if (status.trial && mode !== 'audit') {
+            // Soft footer so users know the runtime is being kept alive by the
+            // auto-issued local trial. Doesn't gate execution — paid tiers behave
+            // exactly like a real license while the trial is active.
+            ctx.meta.licenseUpgradeHint = trialActiveMessage(status.expiresAt);
+        }
         // ── Tool tier check ───────────────────────────────────────────────
         if (!isToolAllowed(toolName, status.tier)) {
             const requiredTier = getToolTier(toolName);

package/dist/licensing/index.d.ts

@@ -3,7 +3,7 @@ export { getCapsForTier, FREE_CAPS, PRO_CAPS, TEAM_CAPS, ENTERPRISE_CAPS } from
 export { getToolTier, isToolAllowed, tierLabel, TIER_RANK } from './tool-tiers.js';
 export { LicenseEnforcementMiddleware } from './enforcement.js';
 export { snapshotPCU, formatPCUStatus, type PCUSnapshot } from './pcu-meter.js';
-export { capWarningMessage, capExceededMessage, toolGateMessage, noLicenseMessage, } from './upgrade-prompts.js';
+export { capWarningMessage, capExceededMessage, toolGateMessage, noLicenseMessage, trialActiveMessage, trialExpiredMessage, } from './upgrade-prompts.js';
 export { syncLicense, requestUpgrade } from './license-sync.js';
 export { loginFromCLI, readAuthToken, readAuthInfo, isLoggedIn, logout } from './web-auth.js';
 export type { PlanTier, PlanCaps, LicenseClaims, LicenseStatus, CapType, CapCheckResult, SkillProfile, DarwinScope, } from './types.js';

package/dist/licensing/index.js

@@ -3,6 +3,6 @@ export { getCapsForTier, FREE_CAPS, PRO_CAPS, TEAM_CAPS, ENTERPRISE_CAPS } from
 export { getToolTier, isToolAllowed, tierLabel, TIER_RANK } from './tool-tiers.js';
 export { LicenseEnforcementMiddleware } from './enforcement.js';
 export { snapshotPCU, formatPCUStatus } from './pcu-meter.js';
-export { capWarningMessage, capExceededMessage, toolGateMessage, noLicenseMessage, } from './upgrade-prompts.js';
+export { capWarningMessage, capExceededMessage, toolGateMessage, noLicenseMessage, trialActiveMessage, trialExpiredMessage, } from './upgrade-prompts.js';
 export { syncLicense, requestUpgrade } from './license-sync.js';
 export { loginFromCLI, readAuthToken, readAuthInfo, isLoggedIn, logout } from './web-auth.js';

package/dist/licensing/license-manager.d.ts

@@ -1,6 +1,8 @@
 import type { CapCheckResult, CapType, LicenseStatus } from './types.js';
 export declare class LicenseManager {
     private readonly keyPath;
+    private readonly trialPath;
+    private readonly stateDir;
     private status;
     constructor(stateDir?: string);
     getStatus(): LicenseStatus;
@@ -12,6 +14,16 @@ export declare class LicenseManager {
      */
     checkCap(type: CapType, current: number): CapCheckResult | null;
     private loadAndValidate;
+    /**
+     * Auto-issued local trial. Every install gets 30 days of Pro caps the first
+     * time it boots without an activated key — this keeps the runtime usable
+     * while signup/activation flows run, and avoids "catalog degraded" surfaces
+     * dropping users into a broken-looking shell when the website is briefly
+     * unreachable. Set NEXUS_DISABLE_TRIAL=1 to opt out.
+     */
+    private resolveTrialStatus;
+    /** Returns the path of the trial marker (for tests + status surfaces). */
+    getTrialMarkerPath(): string;
     private parseAndVerify;
 }
 export declare function getSharedLicenseManager(): LicenseManager;

package/dist/licensing/license-manager.js

@@ -30,6 +30,45 @@ const NEXUS_PUBLIC_KEY_B64 = 'MCowBQYDK2VwAyEAbrBiMBqzIyatM/Q/plA0Dn2Y/TAu2UVmWG
 const UPGRADE_URL = 'https://nexus-prime.cfd/pricing';
 // Warn at this fraction of the cap (e.g. 0.8 = 80%)
 const WARN_THRESHOLD = 0.8;
+// Trial configuration. Every install gets a 30-day full-tier trial the first
+// time LicenseManager loads with no activated key — Synapse, Architects, all
+// paid tools available — so users can actually evaluate the product. The
+// trial marker (stateDir/trial.json) records issue + expiry, so subsequent
+// loads stay deterministic offline. NEXUS_DISABLE_TRIAL=1 opts out (tests).
+const TRIAL_DURATION_MS = 30 * 24 * 60 * 60 * 1000;
+const TRIAL_TIER = 'enterprise';
+const TRIAL_MARKER_FILENAME = 'trial.json';
+function readTrialMarker(markerPath) {
+    try {
+        if (!fs.existsSync(markerPath))
+            return null;
+        const raw = fs.readFileSync(markerPath, 'utf8');
+        const parsed = JSON.parse(raw);
+        if (typeof parsed.issuedAt !== 'number' || typeof parsed.expiresAt !== 'number')
+            return null;
+        const tier = parsed.tier === 'pro' || parsed.tier === 'team' || parsed.tier === 'enterprise'
+            ? parsed.tier
+            : TRIAL_TIER;
+        return {
+            issuedAt: parsed.issuedAt,
+            expiresAt: parsed.expiresAt,
+            tier,
+            orgId: typeof parsed.orgId === 'string' ? parsed.orgId : null,
+        };
+    }
+    catch {
+        return null;
+    }
+}
+function writeTrialMarker(markerPath, marker) {
+    try {
+        fs.mkdirSync(path.dirname(markerPath), { recursive: true });
+        fs.writeFileSync(markerPath, JSON.stringify(marker, null, 2), 'utf8');
+    }
+    catch {
+        // best-effort: trial still applies in memory even if we can't persist it.
+    }
+}
 // ── Helpers ──────────────────────────────────────────────────────────────────
 function base64urlDecode(s) {
     return Buffer.from(s.replace(/-/g, '+').replace(/_/g, '/'), 'base64');
@@ -62,6 +101,16 @@ function buildFreeStatus(degradedReason) {
         degradedReason,
     };
 }
+function buildTrialStatus(marker) {
+    return {
+        valid: true,
+        tier: marker.tier,
+        caps: getCapsForTier(marker.tier),
+        expiresAt: marker.expiresAt,
+        orgId: marker.orgId,
+        trial: true,
+    };
+}
 function validateClaims(claims) {
     if (!claims || typeof claims !== 'object')
         return false;
@@ -75,10 +124,14 @@ function validateClaims(claims) {
 // ── LicenseManager ───────────────────────────────────────────────────────────
 export class LicenseManager {
     keyPath;
+    trialPath;
+    stateDir;
     status;
     constructor(stateDir) {
         const dir = stateDir ?? resolveNexusStateDir();
+        this.stateDir = dir;
         this.keyPath = path.join(dir, 'license.key');
+        this.trialPath = path.join(dir, TRIAL_MARKER_FILENAME);
         this.status = this.loadAndValidate();
     }
     getStatus() {
@@ -112,9 +165,12 @@ export class LicenseManager {
         catch {
             // Best-effort
         }
-        this.status = buildFreeStatus();
-        if (prevTier !== 'free') {
-            void emitLicenseEvent('license.tierChanged', { from: prevTier, to: 'free', reason: 'deactivate' });
+        // Fall back to whichever local status applies — trial if still in window,
+        // free otherwise. Avoids dropping users into a broken-looking runtime
+        // simply because they removed an explicit license key mid-trial.
+        this.status = this.resolveTrialStatus();
+        if (prevTier !== this.status.tier) {
+            void emitLicenseEvent('license.tierChanged', { from: prevTier, to: this.status.tier, reason: 'deactivate' });
         }
     }
     /**
@@ -153,7 +209,7 @@ export class LicenseManager {
     loadAndValidate() {
         try {
             if (!fs.existsSync(this.keyPath)) {
-                return buildFreeStatus('not-activated');
+                return this.resolveTrialStatus();
             }
             const raw = fs.readFileSync(this.keyPath, 'utf8').trim();
             return this.parseAndVerify(raw);
@@ -162,6 +218,37 @@ export class LicenseManager {
             return buildFreeStatus('malformed');
         }
     }
+    /**
+     * Auto-issued local trial. Every install gets 30 days of Pro caps the first
+     * time it boots without an activated key — this keeps the runtime usable
+     * while signup/activation flows run, and avoids "catalog degraded" surfaces
+     * dropping users into a broken-looking shell when the website is briefly
+     * unreachable. Set NEXUS_DISABLE_TRIAL=1 to opt out.
+     */
+    resolveTrialStatus() {
+        if (process.env.NEXUS_DISABLE_TRIAL === '1') {
+            return buildFreeStatus('not-activated');
+        }
+        const now = Date.now();
+        let marker = readTrialMarker(this.trialPath);
+        if (!marker) {
+            marker = {
+                issuedAt: now,
+                expiresAt: now + TRIAL_DURATION_MS,
+                tier: TRIAL_TIER,
+                orgId: null,
+            };
+            writeTrialMarker(this.trialPath, marker);
+        }
+        if (marker.expiresAt <= now) {
+            return buildFreeStatus('trial-expired');
+        }
+        return buildTrialStatus(marker);
+    }
+    /** Returns the path of the trial marker (for tests + status surfaces). */
+    getTrialMarkerPath() {
+        return this.trialPath;
+    }
     parseAndVerify(token) {
         const decoded = decodeJwtPayload(token);
         if (!decoded)

package/dist/licensing/types.d.ts

@@ -25,7 +25,11 @@ export interface LicenseStatus {
     caps: PlanCaps;
     expiresAt: number | null;
     orgId: string | null;
-    degradedReason?: 'expired' | 'signature-invalid' | 'malformed' | 'not-activated';
+    /** True when the active status is the auto-issued local trial. */
+    trial?: boolean;
+    /** Reason a license is degraded; absent when status is valid. Trials report
+     *  `trial-expired` after the auto-issued window has closed. */
+    degradedReason?: 'expired' | 'signature-invalid' | 'malformed' | 'not-activated' | 'trial-expired';
 }
 export type CapType = 'memory_entries' | 'projects' | 'operatives';
 export interface CapCheckResult {

package/dist/licensing/upgrade-prompts.d.ts

@@ -15,3 +15,13 @@ export declare function toolGateMessage(toolName: string, requiredTier: PlanTier
  * No license activated — prompt to sign up.
  */
 export declare function noLicenseMessage(): string;
+/**
+ * Trial is active. Soft hint that surfaces alongside paid tools so users
+ * know the auto-issued window is what's keeping their runtime alive.
+ */
+export declare function trialActiveMessage(expiresAt: number | null): string;
+/**
+ * Trial has expired — runtime drops to free caps. Tell the user clearly so
+ * the gap between trial-expired and a real license is obvious.
+ */
+export declare function trialExpiredMessage(): string;

package/dist/licensing/upgrade-prompts.js

@@ -60,3 +60,26 @@ export function noLicenseMessage() {
         `  Then: nexus-prime license activate <your-token>`,
     ].join('\n');
 }
+/**
+ * Trial is active. Soft hint that surfaces alongside paid tools so users
+ * know the auto-issued window is what's keeping their runtime alive.
+ */
+export function trialActiveMessage(expiresAt) {
+    const daysLeft = expiresAt ? Math.max(0, Math.ceil((expiresAt - Date.now()) / (24 * 60 * 60 * 1000))) : 0;
+    return [
+        `[Nexus Prime] Trial active (${daysLeft} day${daysLeft === 1 ? '' : 's'} remaining).`,
+        `  Activate a license: nexus-prime license activate <token>`,
+        `  Sign up: ${SIGNUP_URL}`,
+    ].join('\n');
+}
+/**
+ * Trial has expired — runtime drops to free caps. Tell the user clearly so
+ * the gap between trial-expired and a real license is obvious.
+ */
+export function trialExpiredMessage() {
+    return [
+        `[Nexus Prime] Trial expired — running on free caps.`,
+        `  Activate: nexus-prime license activate <token>`,
+        `  Pricing: ${UPGRADE_URL}`,
+    ].join('\n');
+}

package/dist/licensing/web-auth.d.ts

@@ -5,7 +5,10 @@ interface AuthTokens {
     updated_at: string;
 }
 /**
- * Login to nexus-prime.cfd and store auth tokens locally.
+ * Login to nexus-prime.cfd and store auth tokens locally. Errors are
+ * normalised so signup/signin failures don't surface raw HTTP codes —
+ * users get something actionable, plus a reminder that the local 30-day
+ * trial keeps the runtime working while they sort out account state.
  */
 export declare function loginFromCLI(email: string, password: string): Promise<{
     email: string;

package/dist/licensing/web-auth.js

@@ -10,22 +10,47 @@ import os from 'os';
 const AUTH_FILE = path.join(os.homedir(), '.nexus-prime', 'auth.json');
 const API_BASE = process.env.NEXUS_WEB_API_URL ?? 'https://nexus-prime.cfd';
 /**
- * Login to nexus-prime.cfd and store auth tokens locally.
+ * Login to nexus-prime.cfd and store auth tokens locally. Errors are
+ * normalised so signup/signin failures don't surface raw HTTP codes —
+ * users get something actionable, plus a reminder that the local 30-day
+ * trial keeps the runtime working while they sort out account state.
  */
 export async function loginFromCLI(email, password) {
-    const res = await fetch(`${API_BASE}/api/auth/login`, {
-        method: 'POST',
-        headers: { 'Content-Type': 'application/json' },
-        body: JSON.stringify({ email, password }),
-        signal: AbortSignal.timeout(15_000),
-    });
+    let res;
+    try {
+        res = await fetch(`${API_BASE}/api/auth/login`, {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/json' },
+            body: JSON.stringify({ email, password }),
+            signal: AbortSignal.timeout(15_000),
+        });
+    }
+    catch (err) {
+        const reason = err instanceof Error ? err.message : String(err);
+        throw new Error(`Could not reach ${API_BASE}: ${reason}. `
+            + `Your 30-day local trial remains active — run \`nexus-prime status\` to verify, `
+            + `then retry login when the network is back.`);
+    }
     if (!res.ok) {
         const body = await res.json().catch(() => ({}));
-        throw new Error(body.error ?? `Login failed (HTTP ${res.status})`);
+        const detail = body.error;
+        if (res.status === 401 || res.status === 403) {
+            throw new Error(detail
+                ? `Sign-in rejected: ${detail}`
+                : `Sign-in rejected: bad email or password. Reset at ${API_BASE}/account/reset.`);
+        }
+        if (res.status === 404) {
+            throw new Error(`No account for ${email}. Sign up at ${API_BASE}/signup, then retry. `
+                + `(Your 30-day local trial keeps the runtime active in the meantime.)`);
+        }
+        if (res.status >= 500) {
+            throw new Error(`Server error (${res.status}) at ${API_BASE}. Your 30-day local trial keeps the runtime active — try again shortly.`);
+        }
+        throw new Error(detail ?? `Login failed (HTTP ${res.status})`);
     }
     const data = await res.json();
     if (!data.session?.access_token) {
-        throw new Error('Invalid response: no access token returned');
+        throw new Error(`Sign-in succeeded but ${API_BASE} returned no access token. Contact support.`);
     }
     writeAuthToken(data.session.access_token, data.session.refresh_token, email);
     return { email, plan: data.plan };

package/dist/synapse/config.js

@@ -11,22 +11,26 @@ function parseFloatNumber(value, fallback) {
     const parsed = Number.parseFloat(value ?? '');
     return Number.isFinite(parsed) ? parsed : fallback;
 }
-// Opt-in by default: Synapse creates no DB and registers no persistent state
-// unless the operator explicitly enables it via `SYNAPSE_ENABLED=1`. This keeps
-// `npm install nexus-prime` idempotent from a disk-usage perspective and makes
-// uninstall truly reversible for users who never touched the workforce pillar.
+function clampInteger(value, min, max) {
+    if (!Number.isFinite(value))
+        return min;
+    return Math.max(min, Math.min(max, Math.floor(value)));
+}
+// Investor-ready default: Synapse is available out of the box, but with small
+// safe limits so it does not spawn an unbounded workforce or create runaway disk
+// pressure. Operators can still disable it with SYNAPSE_ENABLED=0.
 export const SynapseConfig = {
-    enabled: parseBoolean(process.env.SYNAPSE_ENABLED, false),
-    maxOpsPerTeam: parseInteger(process.env.SYNAPSE_MAX_OPERATIVES_PER_TEAM, 5),
-    defaultBudgetUsd: parseFloatNumber(process.env.SYNAPSE_DEFAULT_BUDGET_USD, 50),
-    sortieIntervalMs: parseInteger(process.env.SYNAPSE_SORTIE_INTERVAL_MS, 30_000),
-    compactionBudgetTokens: parseInteger(process.env.SYNAPSE_COMPACTION_BUDGET_TOKENS, 100_000),
+    enabled: parseBoolean(process.env.SYNAPSE_ENABLED, true),
+    maxOpsPerTeam: clampInteger(parseInteger(process.env.SYNAPSE_MAX_OPERATIVES_PER_TEAM, 3), 1, 5),
+    defaultBudgetUsd: parseFloatNumber(process.env.SYNAPSE_DEFAULT_BUDGET_USD, 10),
+    sortieIntervalMs: parseInteger(process.env.SYNAPSE_SORTIE_INTERVAL_MS, 60_000),
+    compactionBudgetTokens: parseInteger(process.env.SYNAPSE_COMPACTION_BUDGET_TOKENS, 25_000),
     echoEnabled: parseBoolean(process.env.SYNAPSE_ECHO_ENABLED, true),
     echoMinSimilarity: parseFloatNumber(process.env.SYNAPSE_ECHO_MIN_SIMILARITY, 0.7),
     ledgerEnabled: parseBoolean(process.env.SYNAPSE_LEDGER_ENABLED, true),
-    ledgerCommitIntervalMs: parseInteger(process.env.SYNAPSE_LEDGER_COMMIT_INTERVAL_MS, 60_000),
+    ledgerCommitIntervalMs: parseInteger(process.env.SYNAPSE_LEDGER_COMMIT_INTERVAL_MS, 120_000),
     watchdogEnabled: parseBoolean(process.env.SYNAPSE_WATCHDOG_ENABLED, true),
-    watchdogPatrolIntervalMs: parseInteger(process.env.SYNAPSE_WATCHDOG_PATROL_INTERVAL_MS, 120_000),
+    watchdogPatrolIntervalMs: parseInteger(process.env.SYNAPSE_WATCHDOG_PATROL_INTERVAL_MS, 180_000),
     watchdogStallMs: parseInteger(process.env.SYNAPSE_WATCHDOG_STALL_MS, 300_000),
     watchdogZombieMs: parseInteger(process.env.SYNAPSE_WATCHDOG_ZOMBIE_MS, 900_000),
 };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nexus-prime",
-  "version": "7.2.0",
+  "version": "7.3.0",
   "description": "Local-first MCP control plane for coding agents with bootstrap-orchestrate execution, memory fabric, token budgeting, and worktree-backed swarms",
   "type": "module",
   "main": "dist/index.js",
@@ -49,7 +49,7 @@
     "test:public": "tsx test/public-surface.test.ts",
     "test:synapse": "tsx src/synapse/__tests__/run.ts",
     "test:architects": "tsx src/architects/__tests__/run.ts",
-    "test": "npm run build && tsx test/basic.test.ts && tsx test/memory.test.ts && tsx test/memory-regressions.test.ts && tsx test/memory-bridge.test.ts && tsx test/automation-runtime.test.ts && tsx test/session-dna-search.test.ts && tsx test/channel-gateway.test.ts && tsx test/semantic-ranking.test.ts && tsx test/storage-maintenance.test.ts && tsx test/security-shield.test.ts && tsx test/compaction-sentinel.test.ts && tsx test/context-compressor.test.ts && tsx test/embedder.test.ts && tsx test/skill-learner.test.ts && tsx test/skill-distribution.test.ts && tsx test/darwin-integration.test.ts && tsx test/github-bridge.test.ts && tsx test/telemetry-remote.test.ts && tsx test/orchestrator-engine.test.ts && tsx test/phase9.test.ts && tsx test/work-ledger.test.ts && tsx src/verify-token-scoring.ts && tsx test/phantom.test.ts && tsx test/rag-collections.test.ts && tsx test/dashboard.test.ts && tsx test/docs.test.ts && tsx test/competitive-landscape.test.ts && tsx test/runtime-upgrade-path.test.ts && tsx test/runtime-setup.test.ts && tsx test/control-plane-integration.test.ts && tsx test/runtime-timeout.test.ts && tsx test/mcp-dashboard-contract.test.ts && tsx test/dashboard-surfaces.test.ts && tsx test/startup-and-runtime-regressions.test.ts && tsx test/mcp-readiness-truth.test.ts && tsx test/mcp-stdio-session.test.ts && tsx test/kernel-context.test.ts && tsx test/kernel-execution.test.ts && tsx test/kernel-runtime.test.ts && tsx test/adapter-boundary.test.ts && tsx test/mcp-deprecation.test.ts && tsx test/dashboard-mutations.test.ts && tsx test/hooks-adapter.test.ts && tsx test/admin-adapter.test.ts && tsx test/pkg-subexport.test.ts && tsx test/dashboard-sse-only.test.ts && tsx test/license-sync-offline.test.ts && tsx test/mcp-killlist-v2.test.ts && tsx test/uninstall.test.ts && tsx test/uninstall-lifecycle.test.ts && tsx test/unregister-configs.test.ts && tsx test/cleanup-storage.test.ts && tsx test/dashboard-memory-truthfulness.test.ts && npm run test:synapse && npm run test:architects && npm run test:public",
+    "test": "npm run build && tsx test/basic.test.ts && tsx test/memory.test.ts && tsx test/memory-regressions.test.ts && tsx test/memory-bridge.test.ts && tsx test/automation-runtime.test.ts && tsx test/session-dna-search.test.ts && tsx test/channel-gateway.test.ts && tsx test/semantic-ranking.test.ts && tsx test/storage-maintenance.test.ts && tsx test/ngram-index.test.ts && tsx test/security-shield.test.ts && tsx test/compaction-sentinel.test.ts && tsx test/context-compressor.test.ts && tsx test/embedder.test.ts && tsx test/skill-learner.test.ts && tsx test/skill-distribution.test.ts && tsx test/darwin-integration.test.ts && tsx test/github-bridge.test.ts && tsx test/telemetry-remote.test.ts && tsx test/orchestrator-engine.test.ts && tsx test/phase9.test.ts && tsx test/work-ledger.test.ts && tsx src/verify-token-scoring.ts && tsx test/phantom.test.ts && tsx test/rag-collections.test.ts && tsx test/dashboard.test.ts && tsx test/docs.test.ts && tsx test/competitive-landscape.test.ts && tsx test/runtime-upgrade-path.test.ts && tsx test/runtime-setup.test.ts && tsx test/control-plane-integration.test.ts && tsx test/runtime-timeout.test.ts && tsx test/mcp-dashboard-contract.test.ts && tsx test/dashboard-surfaces.test.ts && tsx test/startup-and-runtime-regressions.test.ts && tsx test/mcp-readiness-truth.test.ts && tsx test/mcp-stdio-session.test.ts && tsx test/kernel-context.test.ts && tsx test/kernel-execution.test.ts && tsx test/kernel-runtime.test.ts && tsx test/adapter-boundary.test.ts && tsx test/mcp-deprecation.test.ts && tsx test/dashboard-mutations.test.ts && tsx test/hooks-adapter.test.ts && tsx test/admin-adapter.test.ts && tsx test/pkg-subexport.test.ts && tsx test/dashboard-sse-only.test.ts && tsx test/license-sync-offline.test.ts && tsx test/mcp-killlist-v2.test.ts && tsx test/uninstall.test.ts && tsx test/uninstall-lifecycle.test.ts && tsx test/install-arch-upgrade.test.ts && tsx test/unregister-configs.test.ts && tsx test/cleanup-storage.test.ts && tsx test/dashboard-memory-truthfulness.test.ts && npm run test:synapse && npm run test:architects && npm run test:public",
     "lint": "eslint src --ext .ts",
     "audit:prod": "npm audit --omit=dev",
     "smoke:release": "tsx scripts/release-smoke.ts",