sanook-cli 0.5.2 → 0.5.5

package/dist/mcp-registry.js

@@ -1,3 +1,4 @@
+import { inferRegistryServerRisk, formatMcpRiskLabel } from './mcp-risk.js';
 import { inlineValue, takeValue } from './cli-option-values.js';
 export const MCP_REGISTRY_BASE_URL = 'https://registry.modelcontextprotocol.io/v0';
 export const MCP_PRESETS = [
@@ -22,19 +23,45 @@ export const MCP_PRESETS = [
         servers: ['capital.hove/read-only-local-postgres-mcp-server', 'com.mcparmory/sentry', 'io.github.CSOAI-ORG/docker-helper-ai-mcp'],
     },
 ];
+const REGISTRY_CACHE_TTL_MS = 5 * 60 * 1000;
+const registryCache = new Map();
+export function clearMcpRegistryCache() {
+    registryCache.clear();
+}
+function cacheKey(url) {
+    return url;
+}
+function readRegistryCache(url) {
+    const entry = registryCache.get(cacheKey(url));
+    if (!entry)
+        return undefined;
+    if (Date.now() >= entry.expiresAt) {
+        registryCache.delete(cacheKey(url));
+        return undefined;
+    }
+    return entry.value;
+}
+function writeRegistryCache(url, value) {
+    registryCache.set(cacheKey(url), { expiresAt: Date.now() + REGISTRY_CACHE_TTL_MS, value });
+}
+export { REGISTRY_CACHE_TTL_MS };
 export function parseKeyValueList(values) {
     const out = {};
     for (const value of values) {
-        const idx = value.indexOf('=');
-        if (idx <= 0)
-            throw new Error(`ต้องใช้รูปแบบ KEY=value: ${value}`);
-        const key = value.slice(0, idx).trim();
-        if (!key)
-            throw new Error(`ต้องใช้รูปแบบ KEY=value: ${value}`);
-        out[key] = value.slice(idx + 1);
+        const parsed = parseKeyValueEntry(value);
+        out[parsed.key] = parsed.value;
     }
     return out;
 }
+function parseKeyValueEntry(value) {
+    const idx = value.indexOf('=');
+    if (idx <= 0)
+        throw new Error(`ต้องใช้รูปแบบ KEY=value: ${value}`);
+    const key = value.slice(0, idx).trim();
+    if (!key)
+        throw new Error(`ต้องใช้รูปแบบ KEY=value: ${value}`);
+    return { key, value: value.slice(idx + 1) };
+}
 function parseRegistrySearchLimit(raw) {
     if (!raw || !/^[1-9]\d*$/.test(raw))
         return undefined;
@@ -44,6 +71,7 @@ function parseRegistrySearchLimit(raw) {
 export function parseMcpRegistrySearchArgs(args) {
     const query = [];
     let limit = 10;
+    let limitSet = false;
     let cursor;
     for (let i = 0; i < args.length; i++) {
         const a = args[i];
@@ -59,7 +87,10 @@ export function parseMcpRegistrySearchArgs(args) {
             const parsed = parseRegistrySearchLimit(raw);
             if (parsed === undefined)
                 return { ok: false, message: '--limit ต้องเป็นจำนวนเต็ม 1-50' };
+            if (limitSet)
+                return { ok: false, message: 'ใช้ --limit เพียงครั้งเดียว' };
             limit = parsed;
+            limitSet = true;
         }
         else if (a === '--cursor' || a.startsWith('--cursor=')) {
             const next = a === '--cursor' ? takeValue(args, i) : undefined;
@@ -69,6 +100,8 @@ export function parseMcpRegistrySearchArgs(args) {
             const parsed = raw?.trim();
             if (!parsed)
                 return { ok: false, message: '--cursor ต้องระบุค่า' };
+            if (cursor !== undefined)
+                return { ok: false, message: 'ใช้ --cursor เพียงครั้งเดียว' };
             cursor = parsed;
         }
         else {
@@ -77,6 +110,111 @@ export function parseMcpRegistrySearchArgs(args) {
     }
     return { ok: true, value: { query: query.join(' ').trim(), limit, cursor } };
 }
+function parseInstallOptionValue(args, index, flag) {
+    const arg = args[index];
+    if (arg === flag)
+        return takeValue(args, index);
+    return { value: inlineValue(flag, arg), nextIndex: index };
+}
+export function parseMcpRegistryInstallArgs(args) {
+    const positionals = [];
+    const env = [];
+    const headers = [];
+    let alias;
+    let transport;
+    let version;
+    let project = false;
+    for (let i = 0; i < args.length; i++) {
+        const a = args[i];
+        if (a === '--') {
+            positionals.push(...args.slice(i + 1));
+            break;
+        }
+        if (a === '--project') {
+            project = true;
+        }
+        else if (a === '--name' || a.startsWith('--name=')) {
+            const next = parseInstallOptionValue(args, i, '--name');
+            if (next.nextIndex !== i)
+                i = next.nextIndex;
+            const value = next.value?.trim();
+            if (!value)
+                return { ok: false, message: '--name ต้องระบุค่า' };
+            if (alias !== undefined)
+                return { ok: false, message: 'ใช้ --name เพียงครั้งเดียว' };
+            alias = value;
+        }
+        else if (a === '--transport' || a.startsWith('--transport=')) {
+            const next = parseInstallOptionValue(args, i, '--transport');
+            if (next.nextIndex !== i)
+                i = next.nextIndex;
+            const value = next.value?.trim();
+            if (!value)
+                return { ok: false, message: '--transport ต้องระบุค่า' };
+            if (!['auto', 'remote', 'stdio'].includes(value)) {
+                return { ok: false, message: '--transport ต้องเป็น auto, remote, หรือ stdio' };
+            }
+            if (transport !== undefined)
+                return { ok: false, message: 'ใช้ --transport เพียงครั้งเดียว' };
+            transport = value;
+        }
+        else if (a === '--version' || a.startsWith('--version=')) {
+            const next = parseInstallOptionValue(args, i, '--version');
+            if (next.nextIndex !== i)
+                i = next.nextIndex;
+            const value = next.value?.trim();
+            if (!value)
+                return { ok: false, message: '--version ต้องระบุค่า' };
+            if (version !== undefined)
+                return { ok: false, message: 'ใช้ --version เพียงครั้งเดียว' };
+            version = value;
+        }
+        else if (a === '--env' || a.startsWith('--env=')) {
+            const next = parseInstallOptionValue(args, i, '--env');
+            if (next.nextIndex !== i)
+                i = next.nextIndex;
+            const value = next.value;
+            if (!value?.trim())
+                return { ok: false, message: '--env ต้องระบุ KEY=value' };
+            try {
+                parseKeyValueEntry(value);
+            }
+            catch {
+                return { ok: false, message: `--env ต้องใช้รูปแบบ KEY=value: ${value}` };
+            }
+            env.push(value);
+        }
+        else if (a === '--header' || a.startsWith('--header=')) {
+            const next = parseInstallOptionValue(args, i, '--header');
+            if (next.nextIndex !== i)
+                i = next.nextIndex;
+            const value = next.value;
+            if (!value?.trim())
+                return { ok: false, message: '--header ต้องระบุ KEY=value' };
+            try {
+                parseKeyValueEntry(value);
+            }
+            catch {
+                return { ok: false, message: `--header ต้องใช้รูปแบบ KEY=value: ${value}` };
+            }
+            headers.push(value);
+        }
+        else if (a.startsWith('-')) {
+            return { ok: false, message: `ไม่รู้จัก option: ${a}` };
+        }
+        else if (!a.startsWith('-')) {
+            positionals.push(a);
+        }
+    }
+    const name = positionals[0];
+    if (!name) {
+        return { ok: false, message: 'ใช้: sanook mcp install <registry-server-name> [--name alias] [--transport auto|remote|stdio] [--env KEY=value] [--header KEY=value] [--project]' };
+    }
+    if (positionals.length > 1) {
+        return { ok: false, message: `ระบุ registry server ได้เพียงชื่อเดียว: ${positionals.slice(1).join(' ')}` };
+    }
+    return { ok: true, value: { name, alias, transport, version, env, headers, project } };
+}
 export function aliasFromRegistryName(name) {
     const [scope = '', rawLeaf = name] = name.split('/');
     const leaf = rawLeaf
@@ -162,7 +300,7 @@ export function formatRegistrySearch(result) {
         return `${lines[0]}\n(no matches)`;
     for (const server of result.servers) {
         lines.push(`${server.name}${server.version ? `@${server.version}` : ''} — ${server.description ?? '(no description)'}`);
-        lines.push(`  transport: ${transportSummary(server)}${server.repositoryUrl ? ` · repo: ${server.repositoryUrl}` : ''}`);
+        lines.push(`  transport: ${transportSummary(server)} · risk: ${formatMcpRiskLabel(inferRegistryServerRisk(server))}${server.repositoryUrl ? ` · repo: ${server.repositoryUrl}` : ''}`);
     }
     if (result.nextCursor)
         lines.push(`next: --cursor ${result.nextCursor}`);
@@ -175,6 +313,7 @@ export function formatRegistryInfo(server) {
     if (server.websiteUrl)
         lines.push(`website: ${server.websiteUrl}`);
     lines.push(`transport: ${transportSummary(server)}`);
+    lines.push(`risk: ${formatMcpRiskLabel(inferRegistryServerRisk(server))}`);
     if (server.remotes.length) {
         lines.push('remotes:');
         for (const remote of server.remotes) {
@@ -234,10 +373,15 @@ function latestOnly(servers) {
     return [...out.values()];
 }
 async function fetchRegistryJson(url, fetchImpl = fetch) {
+    const cached = readRegistryCache(url);
+    if (cached)
+        return cached;
     const res = await fetchImpl(url, { headers: { accept: 'application/json' } });
     if (!res.ok)
         throw new Error(`registry ${res.status} ${res.statusText}`);
-    return (await res.json());
+    const json = (await res.json());
+    writeRegistryCache(url, json);
+    return json;
 }
 function transportSummary(server) {
     const transports = [

package/dist/mcp-risk.js

@@ -0,0 +1,71 @@
+const RISK_PRIORITY = {
+    'read-only': 0,
+    'network-write': 1,
+    'file-write': 2,
+    'database-write': 3,
+    'infra/admin': 4,
+};
+const WRITE_TOOL = /\b(write|create|update|delete|insert|drop|push|post|send|execute|deploy|apply|modify|edit|remove|destroy|mutate|run_|upload|patch|merge|commit|publish|trigger|invoke|call|set_)\b/i;
+const READ_ONLY_TEXT = /\b(read[-_ ]?only|readonly|list|get|search|fetch|query|inspect|view|describe|lookup|recall)\b/i;
+const FILE_WRITE_TEXT = /\b(file|filesystem|fs[-_ ]?server|write_file|edit_file|directory)\b/i;
+const DB_WRITE_TEXT = /\b(postgres|postgresql|mysql|sqlite|mongodb|redis|database|sql|db[-_ ]?write)\b/i;
+const NETWORK_WRITE_TEXT = /\b(github|gitlab|slack|discord|linear|jira|notion|fetch|search|browser|playwright|http|web|api|issue|pull|release|message|chat|email|gmail|drive|obsidian|tavily|brave)\b/i;
+const INFRA_TEXT = /\b(docker|kubernetes|k8s|helm|terraform|aws|gcp|azure|infra|container|cluster|pod|deployment|kubectl)\b/i;
+function maxRisk(...labels) {
+    return labels.reduce((best, label) => (RISK_PRIORITY[label] > RISK_PRIORITY[best] ? label : best), 'read-only');
+}
+function riskFromText(text) {
+    const haystack = text.toLowerCase();
+    if (INFRA_TEXT.test(haystack))
+        return 'infra/admin';
+    if (DB_WRITE_TEXT.test(haystack))
+        return READ_ONLY_TEXT.test(haystack) ? 'read-only' : 'database-write';
+    if (FILE_WRITE_TEXT.test(haystack))
+        return 'file-write';
+    if (NETWORK_WRITE_TEXT.test(haystack))
+        return READ_ONLY_TEXT.test(haystack) ? 'read-only' : 'network-write';
+    if (READ_ONLY_TEXT.test(haystack))
+        return 'read-only';
+    return undefined;
+}
+function riskFromTools(tools) {
+    const labels = [];
+    for (const tool of tools) {
+        const text = `${tool.name} ${tool.description ?? ''}`;
+        const base = riskFromText(text);
+        if (base)
+            labels.push(base);
+        if (WRITE_TOOL.test(text) && base !== 'read-only') {
+            if (DB_WRITE_TEXT.test(text))
+                labels.push('database-write');
+            else if (FILE_WRITE_TEXT.test(text))
+                labels.push('file-write');
+            else if (INFRA_TEXT.test(text))
+                labels.push('infra/admin');
+            else
+                labels.push('network-write');
+        }
+    }
+    return labels.length ? maxRisk(...labels) : undefined;
+}
+export function inferRegistryServerRisk(server) {
+    const parts = [
+        server.name,
+        server.title,
+        server.description,
+        ...server.packages.map((pkg) => `${pkg.registryType ?? ''} ${pkg.identifier ?? ''} ${pkg.runtimeHint ?? ''}`),
+        ...server.remotes.map((remote) => `${remote.type ?? ''} ${remote.url ?? ''}`),
+    ].filter((part) => Boolean(part));
+    const labels = parts.map((part) => riskFromText(part)).filter((label) => !!label);
+    return labels.length ? maxRisk(...labels) : 'read-only';
+}
+export function inferConfiguredServerRisk(name, cfg, tools = []) {
+    const commandLine = [cfg.command, ...(cfg.args ?? []), cfg.url].filter(Boolean).join(' ');
+    const labels = [riskFromText(name), riskFromText(commandLine), riskFromTools(tools)].filter((label) => !!label);
+    if (cfg.url)
+        labels.push('network-write');
+    return labels.length ? maxRisk(...labels) : 'read-only';
+}
+export function formatMcpRiskLabel(label) {
+    return label;
+}

package/dist/mcp.js

@@ -26,6 +26,27 @@ function safeEnv() {
     }
     return out;
 }
+export function isMcpServerEnabled(cfg) {
+    return cfg.enabled !== false;
+}
+/** auth hints for hosted MCP remotes that return HTTP 401 */
+export function mcpAuthHints(cfg, error) {
+    if (!cfg.url || !error || !/\b401\b/.test(error))
+        return [];
+    const hints = [];
+    const authHeader = cfg.headers?.Authorization ?? cfg.headers?.authorization;
+    if (!authHeader) {
+        hints.push('remote server ตอบ 401 — เพิ่ม Authorization header ใน ~/.sanook/mcp.json หรือตอน install: --header Authorization=\'Bearer <token>\'');
+    }
+    else {
+        hints.push('remote server ตอบ 401 แม้มี Authorization header — ตรวจว่า token หมดอายุ, scope ไม่พอ, หรือ header name/format ไม่ตรงที่ server ต้องการ');
+    }
+    if (!Object.keys(cfg.env ?? {}).length) {
+        hints.push('บาง hosted MCP ใช้ API key ผ่าน env แทน header — ดู requirements: sanook mcp info <registry-server-name>');
+    }
+    hints.push('ทดสอบหลังแก้: sanook mcp test <name>');
+    return hints;
+}
 export function isValidMcpServerName(name) {
     return (/^[a-zA-Z0-9][a-zA-Z0-9_-]{0,63}$/.test(name) &&
         !['__proto__', 'prototype', 'constructor'].includes(name));
@@ -52,6 +73,9 @@ class StdioTransport {
             // Windows: `npx`/`npm`/JS bins เป็น .cmd shim → spawn ตรงๆ = ENOENT. shell=true ให้ผ่าน PATHEXT.
             // (config นี้ user เป็นเจ้าของ/trust แล้ว — bare-name resolution เท่านั้น)
             shell: process.platform === 'win32',
+            // POSIX: own process group → close() can SIGTERM the whole tree (npx/uvx/docker wrappers
+            // spawn the real server as a grandchild; killing only the wrapper would orphan it).
+            detached: process.platform !== 'win32',
             stdio: ['pipe', 'pipe', 'pipe'],
         });
         this.proc.stdout?.on('data', (d) => this.onData(d.toString()));
@@ -125,11 +149,21 @@ class StdioTransport {
         this.proc.stdin?.write(`${JSON.stringify({ jsonrpc: '2.0', method, params })}\n`);
     }
     close() {
+        const pid = this.proc.pid;
         try {
-            this.proc.kill();
+            // POSIX: negative pid = the whole process group (kills npx/uvx/docker + the real server child).
+            if (pid && process.platform !== 'win32')
+                process.kill(-pid, 'SIGTERM');
+            else
+                this.proc.kill();
         }
         catch {
-            /* ตายแล้ว */
+            try {
+                this.proc.kill();
+            }
+            catch {
+                /* already dead */
+            }
         }
     }
 }
@@ -188,8 +222,11 @@ class HttpTransport {
         const sid = res.headers.get('mcp-session-id');
         if (sid)
             this.sessionId = sid;
-        if (!res.ok)
-            throw new Error(`mcp http ${res.status} ${res.statusText}`);
+        if (!res.ok) {
+            const err = new Error(`mcp http ${res.status} ${res.statusText}`);
+            err.status = res.status;
+            throw err;
+        }
         const ctype = res.headers.get('content-type') ?? '';
         if (ctype.includes('text/event-stream'))
             return this.parseSse(await res.text(), id);
@@ -262,7 +299,9 @@ export async function probeMcpServer(cfg, timeoutMs = REQUEST_TIMEOUT) {
         return { ok: true, transport, tools };
     }
     catch (e) {
-        return { ok: false, transport, tools: [], error: e.message };
+        const error = e.message;
+        const authHints = mcpAuthHints(cfg, error);
+        return { ok: false, transport, tools: [], error, ...(authHints.length ? { authHints } : {}) };
     }
     finally {
         client.close();
@@ -295,6 +334,10 @@ function sanitizeMcpServerConfig(raw) {
     const headers = stringRecord(r.headers);
     if (headers)
         cfg.headers = headers;
+    if (r.enabled === false)
+        cfg.enabled = false;
+    else if (r.enabled === true)
+        cfg.enabled = true;
     return cfg.command || cfg.url ? cfg : null;
 }
 async function readMcpFile(path, merged) {
@@ -332,6 +375,31 @@ export async function loadMcpConfig(onLog, cwd = process.cwd()) {
     }
     return merged;
 }
+/** หา path ของไฟล์ config ที่เก็บ server นี้ (global หรือ trusted project) */
+export async function findMcpServerConfigPath(name, cwd = process.cwd()) {
+    const globalPath = appHomePath('mcp.json');
+    try {
+        const cfg = JSON.parse(await readFile(globalPath, 'utf8'));
+        if (cfg.mcpServers && isValidMcpServerName(name) && name in cfg.mcpServers)
+            return globalPath;
+    }
+    catch {
+        /* no global config */
+    }
+    const root = await projectRoot(cwd);
+    const projectPath = await projectConfigPathIfTrusted('mcp.json', root);
+    if (!projectPath)
+        return undefined;
+    try {
+        const cfg = JSON.parse(await readFile(projectPath, 'utf8'));
+        if (cfg.mcpServers && isValidMcpServerName(name) && name in cfg.mcpServers)
+            return projectPath;
+    }
+    catch {
+        /* unreadable project config */
+    }
+    return undefined;
+}
 let cachePromise = null;
 let activeClients = []; // sync ref สำหรับ closeMcp ใน exit handler
 /** โหลด tools จาก MCP servers — in-flight promise singleton (concurrent call ไม่ spawn ซ้ำ/leak child) */
@@ -347,6 +415,10 @@ async function buildMcpTools(onLog) {
     const clients = [];
     activeClients = clients; // ref เดียวกัน → closeMcp kill client ที่ spawn ระหว่าง build ได้ด้วย
     for (const [serverName, cfg] of Object.entries(config)) {
+        if (!isMcpServerEnabled(cfg)) {
+            onLog?.(`MCP "${serverName}" disabled — ข้าม`);
+            continue;
+        }
         if (!cfg.url && !cfg.command) {
             onLog?.(`MCP "${serverName}" ข้าม: ต้องมี "command" (stdio) หรือ "url" (remote)`);
             continue;

package/dist/memory-log.js

@@ -0,0 +1,90 @@
+// `sanook memory log` — a read-only viewer over the BI-TEMPORAL memory store: see how a belief about
+// the project evolved over time (what was true, when it was superseded, and by what). The store keeps
+// superseded/archived facts with validFrom/invalidatedAt/supersededBy/supersedes edges — most coding
+// CLIs overwrite memory, so this "decision evolution" view is genuinely differentiated. Pure +
+// deterministic (no disk/clock of its own) → fully testable.
+import { tokens } from './memory-store.js';
+function relevance(query, fact) {
+    const q = [...tokens(query)];
+    if (!q.length)
+        return 0;
+    const ft = [...tokens(fact.text)];
+    // forgiving match for a human-facing viewer: exact OR a shared prefix (deploy↔deploys↔deployment)
+    const matches = (t) => ft.some((w) => w === t || (t.length >= 3 && (w.startsWith(t) || t.startsWith(w))));
+    let overlap = 0;
+    for (const t of q)
+        if (matches(t))
+            overlap++;
+    return overlap;
+}
+/**
+ * Facts matching `query` across ALL statuses (active + superseded + archived), each with its
+ * evolution edges resolved. Empty query → the most recently CHANGED facts (superseded/archived first)
+ * so `sanook memory log` with no args surfaces "what beliefs changed recently".
+ */
+export function memoryLog(store, query = '', limit = 12) {
+    const byId = new Map(store.facts.map((f) => [f.id, f]));
+    const q = query.trim();
+    const ranked = q
+        ? store.facts
+            .map((f) => ({ f, score: relevance(q, f) }))
+            .filter((x) => x.score > 0)
+            .sort((a, b) => b.score - a.score || b.f.updated - a.f.updated)
+            .map((x) => x.f)
+        : [...store.facts]
+            .filter((f) => f.status !== 'active') // no query → highlight what CHANGED
+            .sort((a, b) => (b.invalidatedAt ?? b.updated) - (a.invalidatedAt ?? a.updated));
+    return ranked.slice(0, limit).map((f) => ({
+        fact: f,
+        supersededBy: f.supersededBy ? byId.get(f.supersededBy) : undefined,
+        supersedes: f.supersedes.map((id) => byId.get(id)).filter((x) => !!x),
+    }));
+}
+export function memoryStats(store) {
+    const byTier = {};
+    let active = 0, superseded = 0, archived = 0;
+    for (const f of store.facts) {
+        byTier[f.tier] = (byTier[f.tier] ?? 0) + 1;
+        if (f.status === 'active')
+            active++;
+        else if (f.status === 'superseded')
+            superseded++;
+        else if (f.status === 'archived')
+            archived++;
+    }
+    return { total: store.facts.length, active, superseded, archived, byTier };
+}
+function day(ms) {
+    try {
+        return new Date(ms).toISOString().slice(0, 10);
+    }
+    catch {
+        return '?';
+    }
+}
+const BADGE = { active: '● active', superseded: '↻ superseded', archived: '⌁ archived' };
+export function renderMemoryLog(entries, query = '') {
+    if (!entries.length) {
+        return query ? `ไม่เจอ fact ที่ตรงกับ "${query}" ใน memory (รวม superseded/archived)` : 'ยังไม่มี belief ที่เปลี่ยน (superseded/archived) — memory ยังนิ่ง';
+    }
+    const lines = [query ? `memory log — "${query}" (${entries.length})` : `memory log — recent changes (${entries.length})`];
+    for (const e of entries) {
+        const f = e.fact;
+        const when = f.invalidatedAt ? `${day(f.validFrom)} → ${day(f.invalidatedAt)}` : `since ${day(f.validFrom)}`;
+        lines.push('', `${BADGE[f.status] ?? f.status}  [${f.noteType}/${f.tier}]  ${when}`);
+        lines.push(`  ${f.text}`);
+        if (e.supersededBy)
+            lines.push(`  ↳ superseded by: ${e.supersededBy.text} (${day(e.supersededBy.validFrom)})`);
+        for (const s of e.supersedes)
+            lines.push(`  ↳ supersedes: ${s.text}`);
+    }
+    return lines.join('\n');
+}
+export function renderMemoryStats(s) {
+    const tiers = Object.entries(s.byTier).map(([t, n]) => `${t}:${n}`).join(' · ') || '(none)';
+    return [
+        `memory: ${s.total} fact(s)`,
+        `  ● active ${s.active} · ↻ superseded ${s.superseded} · ⌁ archived ${s.archived}`,
+        `  tiers: ${tiers}`,
+    ].join('\n');
+}

package/dist/memory-store.js

@@ -503,6 +503,8 @@ export async function loadStore(now = Date.now()) {
         const parsed = StoreSchema.safeParse(JSON.parse(await readFile(MEMORY_JSON, 'utf8')));
         if (parsed.success)
             return parsed.data;
+        // parseable but schema-invalid (version bump / partial write): DON'T lose it — saveStore
+        // preserves the original to a .corrupt backup before the next overwrite (loadStore stays pure).
     }
     catch {
         /* no json yet, or malformed → fall through */
@@ -536,12 +538,46 @@ async function writeSecure(path, content) {
  * Both files are 0o600. On the very first json write, the legacy MEMORY.md is backed up
  * to MEMORY.md.bak so raw legacy text is never destroyed. No-op when persistence is disabled.
  */
+/**
+ * If an existing memory.json cannot be validated (schema bump / corruption / partial write),
+ * copy it verbatim to memory.json.<ts>.corrupt before it gets overwritten — so a single schema
+ * mismatch never silently destroys the entire auto-memory. Best-effort, idempotent per `now`.
+ */
+async function preserveUnvalidatableStore(now) {
+    let raw;
+    try {
+        raw = await readFile(MEMORY_JSON, 'utf8');
+    }
+    catch {
+        return;
+    }
+    try {
+        if (StoreSchema.safeParse(JSON.parse(raw)).success)
+            return; // valid → nothing to rescue
+    }
+    catch {
+        /* unparseable → preserve below */
+    }
+    const backup = `${MEMORY_JSON}.${now}.corrupt`;
+    if (await exists(backup))
+        return;
+    try {
+        await writeFile(backup, raw, { mode: 0o600 });
+        await chmod(backup, 0o600).catch(() => { });
+    }
+    catch {
+        /* best-effort */
+    }
+}
 export async function saveStore(store, now = Date.now()) {
     if (!persistenceEnabled())
         return;
     await mkdir(MEMORY_DIR, { recursive: true });
     const firstJson = !(await exists(MEMORY_JSON));
-    if (firstJson && (await exists(AUTO_MEMORY_FILE))) {
+    if (!firstJson) {
+        await preserveUnvalidatableStore(now); // data-loss guard before overwriting an unvalidatable store
+    }
+    else if (await exists(AUTO_MEMORY_FILE)) {
         await copyFile(AUTO_MEMORY_FILE, MEMORY_BAK).catch(() => { });
         await chmod(MEMORY_BAK, 0o600).catch(() => { });
     }

package/dist/memory.js

@@ -1,5 +1,7 @@
 import { readFile, writeFile, stat } from 'node:fs/promises';
 import { join, dirname, resolve } from 'node:path';
+import { buildContextPackBlock, listContextPacks, readContextPackExcerpt, selectContextPack } from './context-pack.js';
+import { buildProjectContextBlock, resolveVaultProject } from './project-registry.js';
 import { appHomePath, BRAND, persistenceEnabled, worklogEnabled } from './brand.js';
 import { redactKey } from './providers/keys.js';
 import { loadStore, saveStore, mergeFact, maybeConsolidate, consolidate, renderPromptBlock } from './memory-store.js';
@@ -77,12 +79,12 @@ export async function loadAutoMemory() {
  * "รู้จัก" vault: inject Shared/AI-Context-Index.md (ไฟล์ที่ vault บอกให้อ่านก่อน) เข้า system prompt
  * brainPath มาจาก ~/.sanook/config.json · ไม่มี/ไฟล์หาย → คืน '' (เงียบ)
  */
-export async function loadBrainContext() {
+export async function loadBrainContext(cwd = process.cwd()) {
     const brainPath = await getBrainPath();
-    return brainPath ? buildBrainContext(brainPath) : '';
+    return brainPath ? buildBrainContext(brainPath, { cwd }) : '';
 }
 /** ประกอบ source parts ชุดเดียวกับที่ inject เข้า prompt จริง — ให้ CLI inspect ได้โดยไม่ drift */
-export async function buildBrainContextParts(brainPath) {
+export async function buildBrainContextParts(brainPath, options = {}) {
     const idx = await readTrimmedPart({
         id: 'ai-context-index',
         label: 'AI Context Index',
@@ -99,7 +101,47 @@ export async function buildBrainContextParts(brainPath) {
         wrap: (content) => `## current-state\n${content}`,
     });
     const inbox = await readInboxPart(brainPath, 'Shared/Memory-Inbox/memory-inbox.md', 1200);
-    return [idx, currentState, inbox];
+    const parts = [idx, currentState, inbox];
+    const project = await resolveVaultProject({
+        brainPath,
+        cwd: options.cwd,
+        slug: options.projectSlug,
+    });
+    if (project) {
+        const block = await buildProjectContextBlock(brainPath, project);
+        parts.push({
+            id: 'project-workspace',
+            label: `Project (${project.slug})`,
+            relPath: `${project.relDir}/`,
+            path: join(brainPath, project.relDir),
+            content: block,
+            chars: block.length,
+            maxChars: 3500,
+            status: block ? 'present' : 'empty',
+        });
+    }
+    const taskQuery = options.taskQuery?.trim();
+    if (taskQuery) {
+        const packs = await listContextPacks(brainPath);
+        const selected = selectContextPack(taskQuery, packs);
+        if (selected) {
+            const relPath = selected.pack.relPath;
+            const path = join(brainPath, relPath);
+            const maxChars = 1200;
+            const excerpt = await readContextPackExcerpt(brainPath, selected.pack, maxChars);
+            parts.push({
+                id: 'context-pack',
+                label: `Context Pack (${selected.pack.slug})`,
+                relPath,
+                path,
+                content: excerpt,
+                chars: excerpt.length,
+                maxChars,
+                status: excerpt ? 'present' : 'empty',
+            });
+        }
+    }
+    return parts;
 }
 export function renderBrainContext(brainPath, parts) {
     const content = parts.map((part) => part.content).filter(Boolean);
@@ -107,10 +149,12 @@ export function renderBrainContext(brainPath, parts) {
         return '';
     return `<brain_vault path="${brainPath}" note="second-brain ของ user — สิ่งที่จำไว้/state ปัจจุบันอยู่ใน block นี้; route โน้ตตาม Vault Structure Map; อ่าน/เขียนไฟล์ใน vault ด้วย absolute path ได้">\n${content.join('\n\n')}\n</brain_vault>`;
 }
-/** ประกอบ brain context จาก vault path (pure → testable) — entry + current-state + remembered facts */
-export async function buildBrainContext(brainPath) {
-    return renderBrainContext(brainPath, await buildBrainContextParts(brainPath));
+/** ประกอบ brain context จาก vault path (pure → testable) — entry + current-state + remembered facts + optional context pack */
+export async function buildBrainContext(brainPath, options = {}) {
+    return renderBrainContext(brainPath, await buildBrainContextParts(brainPath, options));
 }
+/** Build a standalone context-pack block for per-turn injection (turn-retrieval path). */
+export { buildContextPackBlock };
 async function readTrimmedPart(input) {
     const p = join(input.brainPath, input.relPath);
     try {