plasalid 0.2.0

package/dist/parser/pdf.js

@@ -0,0 +1,40 @@
+import { readFileSync, statSync } from "fs";
+import { createHash } from "crypto";
+import { basename, extname } from "path";
+const MIME_BY_EXT = {
+    ".pdf": "application/pdf",
+};
+const MAX_BYTES = 30 * 1024 * 1024;
+/**
+ * Read a local file, hash it, and produce a base64 document block ready to
+ * attach to an Anthropic user message. Hash is sha256 of the raw bytes; used as
+ * the idempotency key in `parsed_files`.
+ */
+export function loadDocument(path) {
+    const ext = extname(path).toLowerCase();
+    const mime = MIME_BY_EXT[ext];
+    if (!mime) {
+        throw new Error(`Unsupported file extension: ${ext}. Plasalid v1 only ingests PDFs.`);
+    }
+    const stat = statSync(path);
+    if (stat.size > MAX_BYTES) {
+        throw new Error(`File too large (${stat.size} bytes). Limit is ${MAX_BYTES} bytes.`);
+    }
+    const bytes = readFileSync(path);
+    const hash = createHash("sha256").update(bytes).digest("hex");
+    return {
+        block: {
+            type: "document",
+            source: {
+                type: "base64",
+                media_type: mime,
+                data: bytes.toString("base64"),
+            },
+            title: basename(path),
+        },
+        hash,
+        mime,
+        byteLength: stat.size,
+        fileName: basename(path),
+    };
+}

package/dist/parser/pipeline.d.ts

@@ -0,0 +1,44 @@
+import type Database from "libsql";
+export declare const PARSER_VERSION = "plasalid-parser-v1";
+export interface ParseFileResult {
+    fileId: string;
+    status: "parsed" | "needs_input" | "failed" | "skipped" | "replaced";
+    summary?: string;
+    error?: string;
+    pendingQuestions: number;
+}
+export interface ParseOptions {
+    interactive?: boolean;
+    force?: boolean;
+    onProgress?: (msg: string) => void;
+}
+export declare function parseFile(filePath: string, opts?: ParseOptions): Promise<ParseFileResult>;
+export interface ParseSummary {
+    total: number;
+    parsed: number;
+    replaced: number;
+    skipped: number;
+    needsInput: number;
+    failed: number;
+    details: {
+        name: string;
+        relPath: string;
+        result: ParseFileResult;
+    }[];
+}
+export interface RunParseOptions extends ParseOptions {
+    /** Optional regex (string). Matches partial, case-insensitive, against the relative path under the data dir. */
+    regex?: string;
+}
+export declare function compileMatcher(input: string): RegExp;
+export declare function runParse(opts?: RunParseOptions): Promise<ParseSummary>;
+export interface UndoMatch {
+    id: string;
+    path: string;
+    relPath: string;
+    parsedAt: string | null;
+}
+/** Find parsed_files rows whose relative-to-data-dir path matches the regex. */
+export declare function findUndoMatches(db: Database.Database, regex: string): UndoMatch[];
+/** Cascade-delete the supplied parsed_files rows. Returns the number deleted. */
+export declare function deleteMatches(db: Database.Database, ids: string[]): number;

package/dist/parser/pipeline.js

@@ -0,0 +1,160 @@
+import { randomUUID } from "crypto";
+import inquirer from "inquirer";
+import { getDb } from "../db/connection.js";
+import { runParseAgent } from "../ai/agent.js";
+import { loadDocument } from "./pdf.js";
+import { buildParseUserMessage } from "./prompts.js";
+import { scanDataDir } from "./walker.js";
+import { getDataDir } from "../config.js";
+import { relative, sep } from "path";
+export const PARSER_VERSION = "plasalid-parser-v1";
+function findParsedByHash(db, hash) {
+    return db
+        .prepare(`SELECT id, status FROM parsed_files WHERE file_hash = ?`)
+        .get(hash) ?? null;
+}
+function deleteParsedFile(db, id) {
+    db.prepare(`DELETE FROM parsed_files WHERE id = ?`).run(id);
+}
+function insertParsedFile(db, args) {
+    const id = `pf:${randomUUID()}`;
+    db.prepare(`INSERT INTO parsed_files (id, path, file_hash, mime, status, parser_version)
+     VALUES (?, ?, ?, ?, 'pending', ?)`).run(id, args.path, args.hash, args.mime, PARSER_VERSION);
+    return id;
+}
+function countPendingQuestions(db, fileId) {
+    const row = db
+        .prepare(`SELECT COUNT(*) as n FROM pending_questions WHERE file_id = ? AND resolved_at IS NULL`)
+        .get(fileId);
+    return row.n;
+}
+function setFileStatus(db, id, status, fields = {}) {
+    db.prepare(`UPDATE parsed_files
+     SET status = ?, parsed_at = datetime('now'), error = ?, raw_text = COALESCE(?, raw_text)
+     WHERE id = ?`).run(status, fields.error ?? null, fields.raw_text ?? null, id);
+}
+async function promptUserViaInquirer(prompt, options) {
+    if (options && options.length > 0) {
+        const { answer } = await inquirer.prompt([
+            { type: "list", name: "answer", message: prompt, choices: options },
+        ]);
+        return String(answer);
+    }
+    const { answer } = await inquirer.prompt([
+        { type: "input", name: "answer", message: prompt },
+    ]);
+    return String(answer);
+}
+export async function parseFile(filePath, opts = {}) {
+    const db = getDb();
+    const loaded = loadDocument(filePath);
+    const existing = findParsedByHash(db, loaded.hash);
+    if (existing) {
+        if (!opts.force) {
+            return {
+                fileId: existing.id,
+                status: "skipped",
+                pendingQuestions: countPendingQuestions(db, existing.id),
+            };
+        }
+        deleteParsedFile(db, existing.id);
+    }
+    const fileId = insertParsedFile(db, {
+        path: filePath,
+        hash: loaded.hash,
+        mime: loaded.mime,
+    });
+    let summary = "";
+    const messages = [
+        {
+            role: "user",
+            content: [
+                loaded.block,
+                { type: "text", text: buildParseUserMessage({ fileName: loaded.fileName }) },
+            ],
+        },
+    ];
+    try {
+        opts.onProgress?.(`Parsing ${loaded.fileName}...`);
+        const text = await runParseAgent({
+            db,
+            initialMessages: messages,
+            prompt: { fileName: loaded.fileName },
+            parseCtx: {
+                fileId,
+                parserVersion: PARSER_VERSION,
+                interactive: opts.interactive ?? true,
+                promptUser: opts.interactive === false ? undefined : promptUserViaInquirer,
+                onMarkParsed: (s) => { summary = s; },
+            },
+        });
+        const stillPending = countPendingQuestions(db, fileId);
+        if (stillPending > 0) {
+            setFileStatus(db, fileId, "needs_input", { raw_text: text });
+            return { fileId, status: "needs_input", summary: summary || text, pendingQuestions: stillPending };
+        }
+        setFileStatus(db, fileId, "parsed", { raw_text: text });
+        const status = existing ? "replaced" : "parsed";
+        return { fileId, status, summary: summary || text, pendingQuestions: 0 };
+    }
+    catch (err) {
+        setFileStatus(db, fileId, "failed", { error: err.message });
+        return { fileId, status: "failed", error: err.message, pendingQuestions: countPendingQuestions(db, fileId) };
+    }
+}
+export function compileMatcher(input) {
+    return new RegExp(input, "i");
+}
+export async function runParse(opts = {}) {
+    const matcher = opts.regex ? compileMatcher(opts.regex) : null;
+    const files = scanDataDir().filter(f => (matcher ? matcher.test(f.relPath) : true));
+    const summary = {
+        total: files.length,
+        parsed: 0,
+        replaced: 0,
+        skipped: 0,
+        needsInput: 0,
+        failed: 0,
+        details: [],
+    };
+    for (const f of files) {
+        const result = await parseFile(f.path, opts);
+        summary.details.push({ name: f.name, relPath: f.relPath, result });
+        if (result.status === "parsed")
+            summary.parsed++;
+        else if (result.status === "replaced")
+            summary.replaced++;
+        else if (result.status === "skipped")
+            summary.skipped++;
+        else if (result.status === "needs_input")
+            summary.needsInput++;
+        else if (result.status === "failed")
+            summary.failed++;
+    }
+    return summary;
+}
+function pathToRelPath(absolutePath) {
+    return relative(getDataDir(), absolutePath).split(sep).join("/");
+}
+/** Find parsed_files rows whose relative-to-data-dir path matches the regex. */
+export function findUndoMatches(db, regex) {
+    const matcher = compileMatcher(regex);
+    const rows = db
+        .prepare(`SELECT id, path, parsed_at FROM parsed_files ORDER BY parsed_at DESC, created_at DESC`)
+        .all();
+    return rows
+        .map(r => ({ id: r.id, path: r.path, relPath: pathToRelPath(r.path), parsedAt: r.parsed_at }))
+        .filter(r => matcher.test(r.relPath));
+}
+/** Cascade-delete the supplied parsed_files rows. Returns the number deleted. */
+export function deleteMatches(db, ids) {
+    if (ids.length === 0)
+        return 0;
+    const stmt = db.prepare(`DELETE FROM parsed_files WHERE id = ?`);
+    const tx = db.transaction(() => {
+        for (const id of ids)
+            stmt.run(id);
+    });
+    tx();
+    return ids.length;
+}

package/dist/parser/prompts.d.ts

@@ -0,0 +1,8 @@
+/**
+ * The user-message prelude that accompanies the PDF document block. The persona
+ * and rules live in the parse system prompt (src/ai/system-prompt.ts); this
+ * message is a per-file instruction.
+ */
+export declare function buildParseUserMessage(opts: {
+    fileName: string;
+}): string;

package/dist/parser/prompts.js

@@ -0,0 +1,20 @@
+/**
+ * The user-message prelude that accompanies the PDF document block. The persona
+ * and rules live in the parse system prompt (src/ai/system-prompt.ts); this
+ * message is a per-file instruction.
+ */
+export function buildParseUserMessage(opts) {
+    return [
+        `Please parse the attached document.`,
+        `File: ${opts.fileName}`,
+        ``,
+        `Steps:`,
+        `1. Call list_accounts to see what already exists.`,
+        `2. Infer the primary account type (asset / liability / income / expense) from the document's header, account type field, and transaction patterns.`,
+        `3. If this document references an account that isn't yet in the chart, call create_account once. Mask the account number to the last 4 digits.`,
+        `4. Persist any document-level metadata you find (statement_day, due_day, points_balance, etc.) using update_account_metadata.`,
+        `5. For every transaction in the document, call record_journal_entry with balanced debit/credit lines. Use existing accounts where possible; create expense/income accounts as needed.`,
+        `6. If a row is ambiguous, call ask_user before guessing.`,
+        `7. When you are done, call mark_file_parsed with a short summary.`,
+    ].join("\n");
+}

package/dist/parser/walker.d.ts

@@ -0,0 +1,8 @@
+export interface ScannedFile {
+    path: string;
+    name: string;
+    /** Path relative to the data dir, forward-slashed. */
+    relPath: string;
+}
+/** Walk the data directory recursively and return every supported file found. */
+export declare function scanDataDir(): ScannedFile[];

package/dist/parser/walker.js

@@ -0,0 +1,42 @@
+import { readdirSync, statSync } from "fs";
+import { resolve, basename, relative, sep } from "path";
+import { getDataDir } from "../config.js";
+const SUPPORTED_EXTS = new Set([".pdf"]);
+function walk(dir, root, out) {
+    let entries;
+    try {
+        entries = readdirSync(dir);
+    }
+    catch {
+        return;
+    }
+    for (const entry of entries) {
+        if (entry.startsWith("."))
+            continue;
+        const full = resolve(dir, entry);
+        let s;
+        try {
+            s = statSync(full);
+        }
+        catch {
+            continue;
+        }
+        if (s.isDirectory()) {
+            walk(full, root, out);
+        }
+        else if (s.isFile()) {
+            const ext = entry.slice(entry.lastIndexOf(".")).toLowerCase();
+            if (!SUPPORTED_EXTS.has(ext))
+                continue;
+            const rel = relative(root, full).split(sep).join("/");
+            out.push({ path: full, name: basename(full), relPath: rel });
+        }
+    }
+}
+/** Walk the data directory recursively and return every supported file found. */
+export function scanDataDir() {
+    const out = [];
+    const root = getDataDir();
+    walk(root, root, out);
+    return out;
+}

package/dist/reconciler/pipeline.d.ts

@@ -0,0 +1,17 @@
+export interface ReconcileOptions {
+    accountId?: string;
+    from?: string;
+    to?: string;
+    dryRun?: boolean;
+    interactive?: boolean;
+}
+export interface ReconcileSummary {
+    summary: string;
+    dryRun: boolean;
+}
+/**
+ * Walk the existing journal with the reconcile-profile agent: detect duplicate
+ * entries, similar accounts, and unused accounts; propose fixes; apply them
+ * (or print "would do X" stubs when dryRun is on) after the user confirms.
+ */
+export declare function runReconcile(opts?: ReconcileOptions): Promise<ReconcileSummary>;

package/dist/reconciler/pipeline.js

@@ -0,0 +1,45 @@
+import { getDb } from "../db/connection.js";
+import { runReconcileAgent } from "../ai/agent.js";
+import { statusSpinner, makePromptUser, makeAgentOnProgress, } from "../cli/ux.js";
+import { buildReconcileUserMessage } from "./prompts.js";
+/**
+ * Walk the existing journal with the reconcile-profile agent: detect duplicate
+ * entries, similar accounts, and unused accounts; propose fixes; apply them
+ * (or print "would do X" stubs when dryRun is on) after the user confirms.
+ */
+export async function runReconcile(opts = {}) {
+    const db = getDb();
+    const interactive = opts.interactive ?? true;
+    const dryRun = !!opts.dryRun;
+    const scope = {
+        accountId: opts.accountId,
+        from: opts.from,
+        to: opts.to,
+        dryRun,
+    };
+    const spinner = statusSpinner(`Reconciling${dryRun ? " (dry-run)" : ""}...`);
+    const promptUser = interactive ? makePromptUser(spinner) : undefined;
+    let summary = "";
+    try {
+        await runReconcileAgent({
+            db,
+            prompt: scope,
+            initialMessages: [
+                { role: "user", content: buildReconcileUserMessage(scope) },
+            ],
+            agentCtx: {
+                interactive,
+                dryRun,
+                promptUser,
+                onComplete: (s) => { summary = s; },
+            },
+            onProgress: makeAgentOnProgress(spinner),
+        });
+        spinner.succeed(dryRun ? "Reconcile complete (dry-run — no writes)." : "Reconcile complete.");
+    }
+    catch (err) {
+        spinner.fail(`Reconcile failed: ${err.message}`);
+        throw err;
+    }
+    return { summary, dryRun };
+}

package/dist/reconciler/prompts.d.ts

@@ -0,0 +1,12 @@
+export interface ReconcileScope {
+    accountId?: string;
+    from?: string;
+    to?: string;
+    dryRun: boolean;
+}
+/**
+ * Kickoff message the reconcile agent receives. The persona + chart-of-accounts
+ * snapshot live in the system prompt (`buildReconcileSystemPrompt`); this is
+ * the per-session instruction.
+ */
+export declare function buildReconcileUserMessage(scope: ReconcileScope): string;

package/dist/reconciler/prompts.js

@@ -0,0 +1,22 @@
+/**
+ * Kickoff message the reconcile agent receives. The persona + chart-of-accounts
+ * snapshot live in the system prompt (`buildReconcileSystemPrompt`); this is
+ * the per-session instruction.
+ */
+export function buildReconcileUserMessage(scope) {
+    return [
+        `Reconcile the local Plasalid journal.`,
+        ``,
+        `Scope:`,
+        `- account: ${scope.accountId ?? "all"}`,
+        `- from: ${scope.from ?? "all time"}`,
+        `- to: ${scope.to ?? "now"}`,
+        `- dry run: ${scope.dryRun ? "yes — write tools are no-ops" : "no — writes commit after confirmation"}`,
+        ``,
+        `Steps:`,
+        `1. Survey: list_accounts, get_net_worth, find_duplicate_entries, find_similar_accounts, find_unused_accounts.`,
+        `2. For each candidate, call ask_user with concrete options ("merge X into Y", "delete entry Z", "leave as is").`,
+        `3. Apply the chosen action only after the user confirms.`,
+        `4. When you're done, call mark_reconcile_done with a short summary.`,
+    ].join("\n");
+}

package/dist/scanner/password-store.d.ts

@@ -0,0 +1,34 @@
+import type Database from "libsql";
+export interface StoredPassword {
+    id: string;
+    pattern: string;
+    password: string;
+    useCount: number;
+    lastUsedAt: string | null;
+}
+/**
+ * Derive a regex from a filename. Strategy: take the leading alphabetic-ish
+ * prefix (up to the first separator: underscore, hyphen, space, or dot) and
+ * wildcard everything after it. Looser than a literal match — `AcctSt_May26.pdf`
+ * and `AcctSt_Jun26.pdf` share the same pattern.
+ *
+ * Falls back to the older digit-collapse strategy when the prefix is too short
+ * (<3 chars) or doesn't start with a letter, so we don't end up with overly
+ * generic patterns like `^a.*` or `^\d+.*`.
+ *
+ * Examples:
+ *   `AcctSt_May26.pdf`          → `^acctst.*`
+ *   `KBank-Savings-2026-01.pdf` → `^kbank.*`
+ *   `statement.pdf`             → `^statement.*`
+ *   `1234567890.pdf`            → `^\d+\.pdf$`           (fallback)
+ *   `e-statement.pdf`           → `^e\-statement\.pdf$`  (fallback — prefix too short)
+ */
+export declare function suggestPattern(filename: string): string;
+/** Stored passwords whose pattern matches the basename of `filePath`. */
+export declare function findCandidates(db: Database.Database, filePath: string, dbKey: string): StoredPassword[];
+/**
+ * Upsert by pattern. If the pattern already exists the row is replaced — useful
+ * when the bank rotates the password for a recurring statement series.
+ */
+export declare function savePassword(db: Database.Database, pattern: string, password: string, dbKey: string): string;
+export declare function recordUse(db: Database.Database, id: string): void;

package/dist/scanner/password-store.js

@@ -0,0 +1,83 @@
+import { randomUUID } from "crypto";
+import { basename } from "path";
+import { encryptSecret, decryptSecret } from "../db/encryption.js";
+const REGEX_META = /[.*+?^${}()|[\]\\]/g;
+const SEPARATORS = /[_\-\s.]/;
+const MIN_PREFIX_LEN = 3;
+/**
+ * Derive a regex from a filename. Strategy: take the leading alphabetic-ish
+ * prefix (up to the first separator: underscore, hyphen, space, or dot) and
+ * wildcard everything after it. Looser than a literal match — `AcctSt_May26.pdf`
+ * and `AcctSt_Jun26.pdf` share the same pattern.
+ *
+ * Falls back to the older digit-collapse strategy when the prefix is too short
+ * (<3 chars) or doesn't start with a letter, so we don't end up with overly
+ * generic patterns like `^a.*` or `^\d+.*`.
+ *
+ * Examples:
+ *   `AcctSt_May26.pdf`          → `^acctst.*`
+ *   `KBank-Savings-2026-01.pdf` → `^kbank.*`
+ *   `statement.pdf`             → `^statement.*`
+ *   `1234567890.pdf`            → `^\d+\.pdf$`           (fallback)
+ *   `e-statement.pdf`           → `^e\-statement\.pdf$`  (fallback — prefix too short)
+ */
+export function suggestPattern(filename) {
+    const name = basename(filename).toLowerCase();
+    const prefix = name.split(SEPARATORS)[0];
+    if (prefix.length >= MIN_PREFIX_LEN && /^[a-z]/.test(prefix)) {
+        return `^${prefix.replace(REGEX_META, "\\$&")}.*`;
+    }
+    const escaped = name.replace(REGEX_META, "\\$&");
+    const collapsed = escaped.replace(/\d+/g, "\\d+");
+    return `^${collapsed}$`;
+}
+/** Stored passwords whose pattern matches the basename of `filePath`. */
+export function findCandidates(db, filePath, dbKey) {
+    const target = basename(filePath);
+    const rows = db
+        .prepare(`SELECT id, pattern, password_encrypted, use_count, last_used_at
+       FROM file_passwords
+       ORDER BY use_count DESC, last_used_at DESC NULLS LAST, created_at ASC`)
+        .all();
+    return rows
+        .filter(r => safeTest(r.pattern, target))
+        .map(r => ({
+        id: r.id,
+        pattern: r.pattern,
+        password: decryptSecret(r.password_encrypted, dbKey),
+        useCount: r.use_count,
+        lastUsedAt: r.last_used_at,
+    }));
+}
+function safeTest(pattern, target) {
+    try {
+        return new RegExp(pattern, "i").test(target);
+    }
+    catch {
+        return false;
+    }
+}
+/**
+ * Upsert by pattern. If the pattern already exists the row is replaced — useful
+ * when the bank rotates the password for a recurring statement series.
+ */
+export function savePassword(db, pattern, password, dbKey) {
+    const encrypted = encryptSecret(password, dbKey);
+    const existing = db
+        .prepare(`SELECT id FROM file_passwords WHERE pattern = ?`)
+        .get(pattern);
+    if (existing) {
+        db.prepare(`UPDATE file_passwords
+       SET password_encrypted = ?, use_count = 0, last_used_at = NULL
+       WHERE id = ?`).run(encrypted, existing.id);
+        return existing.id;
+    }
+    const id = `fp:${randomUUID()}`;
+    db.prepare(`INSERT INTO file_passwords (id, pattern, password_encrypted) VALUES (?, ?, ?)`).run(id, pattern, encrypted);
+    return id;
+}
+export function recordUse(db, id) {
+    db.prepare(`UPDATE file_passwords
+     SET use_count = use_count + 1, last_used_at = datetime('now')
+     WHERE id = ?`).run(id);
+}

package/dist/scanner/pdf-unlock.d.ts

@@ -0,0 +1,17 @@
+/**
+ * Thin wrapper around the mupdf WASM library. Lazy-imported on first call so
+ * the WASM module isn't loaded for data dirs that contain only plaintext PDFs.
+ */
+export declare function isEncrypted(bytes: Buffer): Promise<boolean>;
+export interface UnlockResult {
+    ok: boolean;
+    /** Set when `ok === true`. Plaintext (decrypted) PDF bytes ready to forward. */
+    decrypted?: Buffer;
+}
+/**
+ * Attempt to unlock and re-save `bytes` as an unencrypted PDF using `password`.
+ * Returns `{ ok: false }` on wrong password or non-PDF input. Returns
+ * `{ ok: true, decrypted }` on success. If the input wasn't encrypted to begin
+ * with, returns `{ ok: true, decrypted: bytes }` unchanged.
+ */
+export declare function unlock(bytes: Buffer, password: string): Promise<UnlockResult>;

package/dist/scanner/pdf-unlock.js

@@ -0,0 +1,48 @@
+/**
+ * Thin wrapper around the mupdf WASM library. Lazy-imported on first call so
+ * the WASM module isn't loaded for data dirs that contain only plaintext PDFs.
+ */
+let mupdfPromise = null;
+function getMupdf() {
+    if (!mupdfPromise) {
+        mupdfPromise = import("mupdf");
+    }
+    return mupdfPromise;
+}
+export async function isEncrypted(bytes) {
+    const mupdf = await getMupdf();
+    const doc = mupdf.Document.openDocument(bytes, "application/pdf");
+    try {
+        return doc.needsPassword();
+    }
+    finally {
+        doc.destroy();
+    }
+}
+/**
+ * Attempt to unlock and re-save `bytes` as an unencrypted PDF using `password`.
+ * Returns `{ ok: false }` on wrong password or non-PDF input. Returns
+ * `{ ok: true, decrypted }` on success. If the input wasn't encrypted to begin
+ * with, returns `{ ok: true, decrypted: bytes }` unchanged.
+ */
+export async function unlock(bytes, password) {
+    const mupdf = await getMupdf();
+    const doc = mupdf.Document.openDocument(bytes, "application/pdf");
+    try {
+        if (!(doc instanceof mupdf.PDFDocument)) {
+            return { ok: false };
+        }
+        if (!doc.needsPassword()) {
+            return { ok: true, decrypted: bytes };
+        }
+        const result = doc.authenticatePassword(password);
+        if (result === 0) {
+            return { ok: false };
+        }
+        const out = doc.saveToBuffer("decrypt");
+        return { ok: true, decrypted: Buffer.from(out.asUint8Array()) };
+    }
+    finally {
+        doc.destroy();
+    }
+}

package/dist/scanner/pdf.d.ts

@@ -0,0 +1,17 @@
+import type { DocumentBlock } from "../ai/provider.js";
+export interface LoadedFile {
+    bytes: Buffer;
+    hash: string;
+    mime: string;
+    fileName: string;
+}
+/**
+ * Read a local PDF, hash its bytes, and return everything the scan pipeline
+ * needs to decide whether to skip / re-scan / unlock the file. The hash is
+ * sha256 of the original on-disk bytes (still encrypted if the PDF is
+ * password-protected) — that's what the dedup contract relies on, so we can
+ * recognize the same file across re-scans regardless of unlock state.
+ */
+export declare function readPdf(path: string): LoadedFile;
+/** Build an Anthropic-compatible document content block from PDF bytes. */
+export declare function buildDocumentBlock(bytes: Buffer, fileName: string, mime?: string): DocumentBlock;

package/dist/scanner/pdf.js

@@ -0,0 +1,36 @@
+import { readFileSync, statSync } from "fs";
+import { createHash } from "crypto";
+import { basename, extname } from "path";
+const MIME_BY_EXT = {
+    ".pdf": "application/pdf",
+};
+const MAX_BYTES = 30 * 1024 * 1024;
+/**
+ * Read a local PDF, hash its bytes, and return everything the scan pipeline
+ * needs to decide whether to skip / re-scan / unlock the file. The hash is
+ * sha256 of the original on-disk bytes (still encrypted if the PDF is
+ * password-protected) — that's what the dedup contract relies on, so we can
+ * recognize the same file across re-scans regardless of unlock state.
+ */
+export function readPdf(path) {
+    const ext = extname(path).toLowerCase();
+    const mime = MIME_BY_EXT[ext];
+    if (!mime) {
+        throw new Error(`Unsupported file extension: ${ext}. Plasalid v1 only ingests PDFs.`);
+    }
+    const stat = statSync(path);
+    if (stat.size > MAX_BYTES) {
+        throw new Error(`File too large (${stat.size} bytes). Limit is ${MAX_BYTES} bytes.`);
+    }
+    const bytes = readFileSync(path);
+    const hash = createHash("sha256").update(bytes).digest("hex");
+    return { bytes, hash, mime, fileName: basename(path) };
+}
+/** Build an Anthropic-compatible document content block from PDF bytes. */
+export function buildDocumentBlock(bytes, fileName, mime = "application/pdf") {
+    return {
+        type: "document",
+        source: { type: "base64", media_type: mime, data: bytes.toString("base64") },
+        title: fileName,
+    };
+}