sessionmem 1.0.0

package/dist/core/retrieve/retrieveMemories.js

@@ -0,0 +1,83 @@
+import { deterministicEmbed } from "../embed/deterministicEmbed.js";
+import { scoreMemoryCandidate, } from "./score.js";
+import { searchMemoryCandidates, } from "../storage/memorySearchRepo.js";
+const DEFAULT_EMBEDDING_DIMENSION = 32;
+function resolveEmbeddingDimension(candidates) {
+    for (const candidate of candidates) {
+        if (Number.isInteger(candidate.embedding_dim) && (candidate.embedding_dim ?? 0) > 0) {
+            return candidate.embedding_dim;
+        }
+        if (candidate.embedding && candidate.embedding.length > 0) {
+            return candidate.embedding.length;
+        }
+    }
+    return DEFAULT_EMBEDDING_DIMENSION;
+}
+function cosineSimilarity(query, candidate) {
+    if (!candidate || candidate.length !== query.length) {
+        return 0;
+    }
+    let dot = 0;
+    let queryMagnitude = 0;
+    let candidateMagnitude = 0;
+    for (let i = 0; i < query.length; i += 1) {
+        const queryValue = query[i];
+        const candidateValue = candidate[i];
+        dot += queryValue * candidateValue;
+        queryMagnitude += queryValue * queryValue;
+        candidateMagnitude += candidateValue * candidateValue;
+    }
+    if (queryMagnitude === 0 || candidateMagnitude === 0) {
+        return 0;
+    }
+    const similarity = dot / (Math.sqrt(queryMagnitude) * Math.sqrt(candidateMagnitude));
+    return Math.max(-1, Math.min(1, similarity));
+}
+export function retrieveMemories(input) {
+    const queryText = input.queryText ?? input.query;
+    if (!queryText) {
+        throw new Error("queryText is required");
+    }
+    const topK = input.topK ?? input.limit ?? 20;
+    const now = input.now ?? new Date();
+    const candidates = searchMemoryCandidates(input.db, input.projectId);
+    const dimension = resolveEmbeddingDimension(candidates);
+    const queryVector = deterministicEmbed(queryText, dimension).vector;
+    const ranked = candidates
+        .map((candidate) => {
+        const semantic = cosineSimilarity(queryVector, candidate.embedding);
+        const score = scoreMemoryCandidate({
+            semantic,
+            updated_at: candidate.updated_at,
+            importance: candidate.importance,
+        }, now);
+        return {
+            id: candidate.id,
+            project_id: candidate.project_id,
+            session_id: candidate.session_id,
+            source_adapter: candidate.source_adapter,
+            kind: candidate.kind,
+            content: candidate.content,
+            normalized_content: candidate.normalized_content,
+            importance: candidate.importance,
+            author: candidate.author,
+            origin_project_id: candidate.origin_project_id,
+            created_at: candidate.created_at,
+            updated_at: candidate.updated_at,
+            embedding_dim: candidate.embedding_dim,
+            embedding_version: candidate.embedding_version,
+            semantic,
+            score,
+        };
+    })
+        .sort((left, right) => {
+        if (right.score.total !== left.score.total) {
+            return right.score.total - left.score.total;
+        }
+        if (right.updated_at !== left.updated_at) {
+            return right.updated_at.localeCompare(left.updated_at);
+        }
+        return left.id.localeCompare(right.id);
+    });
+    return ranked.slice(0, topK);
+}

package/dist/core/retrieve/score.js

@@ -0,0 +1,25 @@
+import { normalizeImportance } from "./importance.js";
+import { getRecencyBandScore } from "./recencyBands.js";
+export const SCORING_WEIGHTS = {
+    semantic: 0.60,
+    recency: 0.25,
+    importance: 0.15,
+};
+export function scoreMemoryCandidate(candidate, now = new Date()) {
+    const recency = getRecencyBandScore(candidate.updated_at, now);
+    const importance = normalizeImportance(candidate.importance);
+    const weighted = {
+        semantic: candidate.semantic * SCORING_WEIGHTS.semantic,
+        recency: recency * SCORING_WEIGHTS.recency,
+        importance: importance * SCORING_WEIGHTS.importance,
+    };
+    return {
+        raw: {
+            semantic: candidate.semantic,
+            recency,
+            importance,
+        },
+        weighted,
+        total: weighted.semantic + weighted.recency + weighted.importance,
+    };
+}

package/dist/core/schema/migrations/001_initial.sql

@@ -0,0 +1,25 @@
+CREATE TABLE IF NOT EXISTS session_events (
+  id TEXT PRIMARY KEY,
+  project_id TEXT NOT NULL,
+  session_id TEXT NOT NULL,
+  event_index INTEGER NOT NULL,
+  event_type TEXT NOT NULL,
+  payload_json TEXT NOT NULL,
+  created_at TEXT NOT NULL DEFAULT (strftime('%Y-%m-%dT%H:%M:%fZ', 'now'))
+);
+
+CREATE TABLE IF NOT EXISTS memories (
+  id TEXT PRIMARY KEY,
+  project_id TEXT NOT NULL,
+  session_id TEXT NOT NULL,
+  source_adapter TEXT NOT NULL,
+  kind TEXT NOT NULL,
+  content TEXT NOT NULL,
+  normalized_content TEXT NOT NULL,
+  importance INTEGER NOT NULL CHECK (importance >= 1 AND importance <= 10),
+  embedding TEXT,
+  embedding_dim INTEGER,
+  embedding_version TEXT,
+  created_at TEXT NOT NULL DEFAULT (strftime('%Y-%m-%dT%H:%M:%fZ', 'now')),
+  updated_at TEXT NOT NULL DEFAULT (strftime('%Y-%m-%dT%H:%M:%fZ', 'now'))
+);

package/dist/core/schema/migrations/002_indexes.sql

@@ -0,0 +1,18 @@
+CREATE INDEX IF NOT EXISTS idx_memories_project_updated
+  ON memories(project_id, updated_at DESC);
+
+CREATE INDEX IF NOT EXISTS idx_memories_project_session
+  ON memories(project_id, session_id);
+
+CREATE INDEX IF NOT EXISTS idx_memories_project_importance
+  ON memories(project_id, importance DESC);
+
+CREATE INDEX IF NOT EXISTS idx_memories_project_created
+  ON memories(project_id, created_at DESC);
+
+CREATE INDEX IF NOT EXISTS idx_session_events_project_session_event_index
+  ON session_events(project_id, session_id, event_index);
+
+CREATE UNIQUE INDEX IF NOT EXISTS idx_memories_project_session_summary
+  ON memories(project_id, session_id, kind)
+  WHERE kind = 'summary';

package/dist/core/schema/migrations/003_summarization_failures.sql

@@ -0,0 +1,14 @@
+CREATE TABLE IF NOT EXISTS summarization_failures (
+  id TEXT PRIMARY KEY,
+  project_id TEXT NOT NULL,
+  session_id TEXT NOT NULL,
+  source_adapter TEXT NOT NULL,
+  reason TEXT NOT NULL,
+  attempt_count INTEGER NOT NULL,
+  last_error_json TEXT NOT NULL,
+  created_at TEXT NOT NULL DEFAULT (strftime('%Y-%m-%dT%H:%M:%fZ', 'now')),
+  updated_at TEXT NOT NULL DEFAULT (strftime('%Y-%m-%dT%H:%M:%fZ', 'now'))
+);
+
+CREATE INDEX IF NOT EXISTS idx_sum_fail_project_session
+ON summarization_failures(project_id, session_id, updated_at DESC);

package/dist/core/schema/migrations/004_memory_feedback.sql

@@ -0,0 +1,12 @@
+CREATE TABLE IF NOT EXISTS memory_feedback (
+  id TEXT PRIMARY KEY,
+  memory_id TEXT NOT NULL,
+  feedback_type TEXT NOT NULL CHECK (feedback_type IN ('auto_use', 'manual')),
+  previous_importance INTEGER NOT NULL CHECK (previous_importance >= 1 AND previous_importance <= 10),
+  new_importance INTEGER NOT NULL CHECK (new_importance >= 1 AND new_importance <= 10),
+  created_at TEXT NOT NULL DEFAULT (strftime('%Y-%m-%dT%H:%M:%fZ', 'now')),
+  FOREIGN KEY (memory_id) REFERENCES memories(id) ON DELETE CASCADE
+);
+
+CREATE INDEX IF NOT EXISTS idx_memory_feedback_memory_created
+ON memory_feedback(memory_id, created_at DESC);

package/dist/core/schema/migrations/005_team_provenance.sql

@@ -0,0 +1,9 @@
+-- Team-mode provenance: record who authored each memory and, for
+-- synced/shared rows, which project they originated in. Both columns are added
+-- to the existing `memories` table without rewriting it so pre-existing rows
+-- survive. `author` is NOT NULL with a DEFAULT '' sentinel because a
+-- NOT NULL ADD COLUMN requires a default and the local OS username is not
+-- available inside static SQL. `origin_project_id` is nullable and
+-- only set on rows pulled in from another project's store.
+ALTER TABLE memories ADD COLUMN author TEXT NOT NULL DEFAULT '';
+ALTER TABLE memories ADD COLUMN origin_project_id TEXT;

package/dist/core/schema/runMigrations.js

@@ -0,0 +1,38 @@
+import fs from "node:fs";
+import path from "node:path";
+const DEFAULT_MIGRATIONS_DIR = path.resolve(process.cwd(), "src/core/schema/migrations");
+function ensureMigrationsTable(db) {
+    db.exec(`
+    CREATE TABLE IF NOT EXISTS _migrations (
+      name TEXT PRIMARY KEY,
+      applied_at TEXT NOT NULL DEFAULT (strftime('%Y-%m-%dT%H:%M:%fZ', 'now'))
+    );
+  `);
+}
+function listMigrationFiles(migrationsDir) {
+    if (!fs.existsSync(migrationsDir)) {
+        return [];
+    }
+    return fs
+        .readdirSync(migrationsDir)
+        .filter((fileName) => fileName.endsWith(".sql"))
+        .sort((left, right) => left.localeCompare(right));
+}
+export function runMigrations(db, migrationsDir = DEFAULT_MIGRATIONS_DIR) {
+    ensureMigrationsTable(db);
+    const files = listMigrationFiles(migrationsDir);
+    const hasMigrationStmt = db.prepare("SELECT name FROM _migrations WHERE name = ? LIMIT 1");
+    const insertMigrationStmt = db.prepare("INSERT INTO _migrations(name) VALUES (?)");
+    const runMigration = db.transaction((fileName) => {
+        const filePath = path.join(migrationsDir, fileName);
+        const sql = fs.readFileSync(filePath, "utf8");
+        db.exec(sql);
+        insertMigrationStmt.run(fileName);
+    });
+    for (const fileName of files) {
+        const existing = hasMigrationStmt.get(fileName);
+        if (!existing) {
+            runMigration(fileName);
+        }
+    }
+}

package/dist/core/session.js

@@ -0,0 +1,4 @@
+export function onSessionDisconnect(adapterName, error) {
+    const reason = error ? error.message : "unknown cause";
+    console.warn(`[sessionmem] ${adapterName} disconnected mid-session (${reason}). Continuing.`);
+}

package/dist/core/storage/db.js

@@ -0,0 +1,8 @@
+import BetterSqlite3 from "better-sqlite3";
+import { runMigrations } from "../schema/runMigrations.js";
+export function openDb(options = {}) {
+    const db = new BetterSqlite3(options.dbPath ?? ":memory:");
+    db.pragma("foreign_keys = ON");
+    runMigrations(db, options.migrationsDir);
+    return db;
+}

package/dist/core/storage/memoryFeedbackRepo.js

@@ -0,0 +1,16 @@
+import { randomUUID } from "node:crypto";
+export function insertMemoryFeedbackEvent(db, event) {
+    const stmt = db.prepare(`
+    INSERT INTO memory_feedback (
+      id, memory_id, feedback_type, previous_importance, new_importance, created_at
+    ) VALUES (
+      @id, @memory_id, @feedback_type, @previous_importance, @new_importance,
+      COALESCE(@created_at, strftime('%Y-%m-%dT%H:%M:%fZ', 'now'))
+    )
+  `);
+    stmt.run({
+        ...event,
+        id: event.id ?? randomUUID(),
+        created_at: event.created_at ?? null,
+    });
+}

package/dist/core/storage/memoryRepo.js

@@ -0,0 +1,179 @@
+import { insertMemoryFeedbackEvent, } from "./memoryFeedbackRepo.js";
+function assertImportance(importance) {
+    if (importance < 1 || importance > 10) {
+        throw new Error("importance must be between 1 and 10");
+    }
+}
+function toParams(input) {
+    return {
+        ...input,
+        embedding: input.embedding ?? null,
+        embedding_dim: input.embedding_dim ?? null,
+        embedding_version: input.embedding_version ?? null,
+        author: input.author ?? "",
+        origin_project_id: input.origin_project_id ?? null,
+        created_at: input.created_at ?? null,
+        updated_at: input.updated_at ?? null,
+    };
+}
+export function insertMemory(db, input) {
+    assertImportance(input.importance);
+    const stmt = db.prepare(`
+    INSERT INTO memories (
+      id, project_id, session_id, source_adapter, kind, content, normalized_content,
+      importance, embedding, embedding_dim, embedding_version, author, origin_project_id,
+      created_at, updated_at
+    ) VALUES (
+      @id, @project_id, @session_id, @source_adapter, @kind, @content, @normalized_content,
+      @importance, @embedding, @embedding_dim, @embedding_version, @author, @origin_project_id,
+      COALESCE(@created_at, strftime('%Y-%m-%dT%H:%M:%fZ', 'now')),
+      COALESCE(@updated_at, strftime('%Y-%m-%dT%H:%M:%fZ', 'now'))
+    )
+  `);
+    stmt.run(toParams(input));
+}
+export function upsertSessionSummaryMemory(db, input) {
+    assertImportance(input.importance);
+    const stmt = db.prepare(`
+    INSERT INTO memories (
+      id, project_id, session_id, source_adapter, kind, content, normalized_content,
+      importance, embedding, embedding_dim, embedding_version, author, origin_project_id,
+      created_at, updated_at
+    ) VALUES (
+      @id, @project_id, @session_id, @source_adapter, 'summary', @content, @normalized_content,
+      @importance, @embedding, @embedding_dim, @embedding_version, @author, @origin_project_id,
+      COALESCE(@created_at, strftime('%Y-%m-%dT%H:%M:%fZ', 'now')),
+      COALESCE(@updated_at, strftime('%Y-%m-%dT%H:%M:%fZ', 'now'))
+    )
+    ON CONFLICT(project_id, session_id, kind) WHERE kind = 'summary'
+    DO UPDATE SET
+      id = excluded.id,
+      source_adapter = excluded.source_adapter,
+      content = excluded.content,
+      normalized_content = excluded.normalized_content,
+      importance = excluded.importance,
+      embedding = excluded.embedding,
+      embedding_dim = excluded.embedding_dim,
+      embedding_version = excluded.embedding_version,
+      author = excluded.author,
+      origin_project_id = excluded.origin_project_id,
+      updated_at = COALESCE(excluded.updated_at, strftime('%Y-%m-%dT%H:%M:%fZ', 'now'))
+  `);
+    stmt.run(toParams({ ...input, kind: "summary" }));
+}
+export function listMemoriesByProject(db, projectId) {
+    const stmt = db.prepare(`
+    SELECT
+      id, project_id, session_id, source_adapter, kind, content, normalized_content,
+      importance, embedding, embedding_dim, embedding_version, author, origin_project_id,
+      created_at, updated_at
+    FROM memories
+    WHERE project_id = ?
+    ORDER BY updated_at DESC
+  `);
+    return stmt.all(projectId);
+}
+/**
+ * All memory ids across every project. `id` is a globally-unique
+ * PRIMARY KEY, so duplicate-skip checks in `import` must consider every
+ * project's ids, not just the current project's, to surface cross-project id
+ * collisions as "skipped" rather than silently importing them.
+ */
+export function listAllMemoryIds(db) {
+    const rows = db.prepare("SELECT id FROM memories").all();
+    return new Set(rows.map((r) => r.id));
+}
+export function countMemoriesOlderThan(db, projectId, cutoffIso) {
+    // created_at is stored as strftime('%Y-%m-%dT%H:%M:%fZ') text; lexicographic
+    // comparison against an ISO-8601 UTC cutoff is correct for this fixed format.
+    const row = db
+        .prepare(`
+      SELECT COUNT(*) AS count
+      FROM memories
+      WHERE project_id = ? AND created_at < ?
+    `)
+        .get(projectId, cutoffIso);
+    return row.count;
+}
+export function deleteMemoriesOlderThan(db, projectId, cutoffIso) {
+    // Hard-delete scoped to the memories table only; never touches
+    // session_events or memory_feedback. project_id and cutoff are bound, never
+    // string-concatenated, to prevent SQL injection.
+    const result = db
+        .prepare(`
+      DELETE FROM memories
+      WHERE project_id = ? AND created_at < ?
+    `)
+        .run(projectId, cutoffIso);
+    return result.changes;
+}
+export function updateMemoryImportance(db, projectId, memoryId, nextImportance, usedAt) {
+    assertImportance(nextImportance);
+    const result = db
+        .prepare(`
+      UPDATE memories
+      SET
+        importance = ?,
+        updated_at = COALESCE(?, strftime('%Y-%m-%dT%H:%M:%fZ', 'now'))
+      WHERE project_id = ? AND id = ?
+    `)
+        .run(nextImportance, usedAt ?? null, projectId, memoryId);
+    if (result.changes === 0) {
+        throw new Error(`Memory not found: ${memoryId}`);
+    }
+}
+export function updateMemoryContent(db, projectId, memoryId, newContent, newNormalizedContent) {
+    // In-place content rewrite for the one-time redaction scrub. All
+    // values are bound parameters — projectId, memoryId, and content are never
+    // string-concatenated — mirroring updateMemoryImportance to prevent SQL
+    // injection. normalized_content is only overwritten when a new
+    // value is supplied so embeddings stay consistent with the redacted text.
+    const result = db
+        .prepare(`
+      UPDATE memories
+      SET
+        content = ?,
+        normalized_content = COALESCE(?, normalized_content),
+        updated_at = strftime('%Y-%m-%dT%H:%M:%fZ', 'now')
+      WHERE project_id = ? AND id = ?
+    `)
+        .run(newContent, newNormalizedContent ?? null, projectId, memoryId);
+    if (result.changes === 0) {
+        throw new Error(`Memory not found: ${memoryId}`);
+    }
+}
+export function recordUse(db, input) {
+    const transaction = db.transaction((txInput) => {
+        const memory = db
+            .prepare(`
+        SELECT id, importance
+        FROM memories
+        WHERE project_id = ? AND id = ?
+        LIMIT 1
+      `)
+            .get(txInput.project_id, txInput.memory_id);
+        if (!memory) {
+            throw new Error(`Memory not found: ${txInput.memory_id}`);
+        }
+        const feedbackType = txInput.feedback_type ?? "auto_use";
+        const nextImportance = txInput.next_importance ??
+            (feedbackType === "auto_use"
+                ? Math.min(memory.importance + 1, 9)
+                : memory.importance);
+        updateMemoryImportance(db, txInput.project_id, txInput.memory_id, nextImportance, txInput.used_at);
+        insertMemoryFeedbackEvent(db, {
+            id: txInput.feedback_id,
+            memory_id: txInput.memory_id,
+            feedback_type: feedbackType,
+            previous_importance: memory.importance,
+            new_importance: nextImportance,
+            created_at: txInput.used_at,
+        });
+        return {
+            memory_id: txInput.memory_id,
+            previous_importance: memory.importance,
+            new_importance: nextImportance,
+        };
+    });
+    return transaction(input);
+}

package/dist/core/storage/memorySearchRepo.js

@@ -0,0 +1,30 @@
+function parseEmbedding(value) {
+    if (!value) {
+        return null;
+    }
+    try {
+        const parsed = JSON.parse(value);
+        if (!Array.isArray(parsed) || !parsed.every((item) => Number.isFinite(item))) {
+            return null;
+        }
+        return parsed;
+    }
+    catch {
+        return null;
+    }
+}
+export function searchMemoryCandidates(db, projectId) {
+    const stmt = db.prepare(`
+    SELECT
+      id, project_id, session_id, source_adapter, kind, content, normalized_content,
+      importance, author, origin_project_id, created_at, updated_at, embedding,
+      embedding_dim, embedding_version
+    FROM memories
+    WHERE project_id = ?
+  `);
+    const rows = stmt.all(projectId);
+    return rows.map((row) => ({
+        ...row,
+        embedding: parseEmbedding(row.embedding),
+    }));
+}

package/dist/core/storage/sessionEventsRepo.js

@@ -0,0 +1,20 @@
+export function insertSessionEvent(db, input) {
+    const stmt = db.prepare(`
+    INSERT INTO session_events (
+      id, project_id, session_id, event_index, event_type, payload_json, created_at
+    ) VALUES (
+      @id, @project_id, @session_id, @event_index, @event_type, @payload_json,
+      COALESCE(@created_at, strftime('%Y-%m-%dT%H:%M:%fZ', 'now'))
+    )
+  `);
+    stmt.run(input);
+}
+export function listSessionEventsBySession(db, projectId, sessionId) {
+    const stmt = db.prepare(`
+    SELECT id, project_id, session_id, event_index, event_type, payload_json, created_at
+    FROM session_events
+    WHERE project_id = ? AND session_id = ?
+    ORDER BY event_index ASC
+  `);
+    return stmt.all(projectId, sessionId);
+}

package/dist/core/storage/summarizationFailuresRepo.js

@@ -0,0 +1,39 @@
+function toParams(input) {
+    return {
+        ...input,
+        created_at: input.created_at ?? null,
+        updated_at: input.updated_at ?? null,
+    };
+}
+export function insertSummarizationFailure(db, input) {
+    const stmt = db.prepare(`
+    INSERT INTO summarization_failures (
+      id, project_id, session_id, source_adapter, reason, attempt_count, last_error_json, created_at, updated_at
+    ) VALUES (
+      @id, @project_id, @session_id, @source_adapter, @reason, @attempt_count, @last_error_json,
+      COALESCE(@created_at, strftime('%Y-%m-%dT%H:%M:%fZ', 'now')),
+      COALESCE(@updated_at, strftime('%Y-%m-%dT%H:%M:%fZ', 'now'))
+    )
+  `);
+    stmt.run(toParams(input));
+}
+export function listSummarizationFailures(db, projectId, sessionId) {
+    if (sessionId) {
+        const stmt = db.prepare(`
+      SELECT
+        id, project_id, session_id, source_adapter, reason, attempt_count, last_error_json, created_at, updated_at
+      FROM summarization_failures
+      WHERE project_id = ? AND session_id = ?
+      ORDER BY updated_at DESC
+    `);
+        return stmt.all(projectId, sessionId);
+    }
+    const stmt = db.prepare(`
+    SELECT
+      id, project_id, session_id, source_adapter, reason, attempt_count, last_error_json, created_at, updated_at
+    FROM summarization_failures
+    WHERE project_id = ?
+    ORDER BY updated_at DESC
+  `);
+    return stmt.all(projectId);
+}

package/dist/core/storage/types.js

@@ -0,0 +1 @@
+export {};

package/dist/core/summarize/cloudSummarizer.js

@@ -0,0 +1,19 @@
+import { summarizeLocalSessionEvents } from "./localSummarizer.js";
+const DEFAULT_CLOUD_MODEL = "claude-sonnet-4-20250514";
+export async function summarizeWithCloud(input) {
+    if (!input.anthropicApiKey.trim()) {
+        throw new Error("Missing anthropicApiKey");
+    }
+    const result = await summarizeLocalSessionEvents({
+        events: input.events,
+        summaryTokenCap: input.summaryTokenCap,
+        redactionEnabled: input.redactionEnabled,
+        factMode: input.factMode,
+        redactionRules: input.redactionRules,
+    });
+    const modelTag = input.model ?? DEFAULT_CLOUD_MODEL;
+    return {
+        summary: `[model:${modelTag}] ${result.summary}`,
+        warningCodes: result.warningCodes,
+    };
+}

package/dist/core/summarize/localSummarizer.js

@@ -0,0 +1,31 @@
+import { normalizeEmbeddingText } from "../embed/textNormalize.js";
+import { applyRedaction } from "./redaction.js";
+import { buildStructuredSummary } from "./summaryShape.js";
+function countTokens(text) {
+    return text.trim().split(/\s+/).filter(Boolean).length;
+}
+function capTokens(text, cap) {
+    const tokens = text.trim().split(/\s+/).filter(Boolean);
+    if (tokens.length <= cap) {
+        return text;
+    }
+    return `${tokens.slice(0, cap).join(" ")} ...`;
+}
+export async function summarizeLocalSessionEvents(input) {
+    const structured = buildStructuredSummary(input.events, {
+        factMode: input.factMode,
+    });
+    const redactionResult = applyRedaction(structured, {
+        redactionEnabled: input.redactionEnabled,
+        rules: input.redactionRules,
+    });
+    const normalized = normalizeEmbeddingText(redactionResult.text);
+    const capped = capTokens(normalized, input.summaryTokenCap);
+    if (countTokens(capped) > input.summaryTokenCap) {
+        throw new Error("summary exceeds summaryTokenCap");
+    }
+    return {
+        summary: capped,
+        warningCodes: redactionResult.warningCodes,
+    };
+}

package/dist/core/summarize/redaction.js

@@ -0,0 +1,48 @@
+// Rule ordering note: structural multi-segment secrets (PEM private-key blocks,
+// JWTs) run BEFORE the narrower single-token rules so a broad rule cannot redact
+// a fragment of a larger secret and leave a partial body behind. All patterns are
+// anchored with explicit literal prefixes/markers and use bounded quantifiers to
+// avoid catastrophic backtracking (ReDoS).
+function defaultRules() {
+    return [
+        // Email (original rule — unchanged).
+        (input) => input.replace(/\b[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,}\b/gi, "[REDACTED_EMAIL]"),
+        // PEM private key block: ----BEGIN <type> PRIVATE KEY---- ... ----END ... ----.
+        // Run before per-token rules so the whole block collapses to one placeholder.
+        (input) => input.replace(/-----BEGIN [A-Z0-9 ]{0,40}PRIVATE KEY-----[\s\S]*?-----END [A-Z0-9 ]{0,40}PRIVATE KEY-----/g, "[REDACTED_PRIVATE_KEY]"),
+        // JWT: three base64url segments separated by dots, header begins with "eyJ".
+        (input) => input.replace(/\beyJ[A-Za-z0-9_-]{5,}\.[A-Za-z0-9_-]{5,}\.[A-Za-z0-9_-]{5,}\b/g, "[REDACTED_JWT]"),
+        // AWS access key id: AKIA + 16 uppercase alphanumerics.
+        (input) => input.replace(/\bAKIA[A-Z0-9]{16}\b/g, "[REDACTED_AWS_KEY]"),
+        // GitHub tokens: ghp_/gho_/ghu_/ghs_/ghr_ + 36 alphanumerics.
+        (input) => input.replace(/\bgh[poushr]_[A-Za-z0-9]{36}\b/g, "[REDACTED_GITHUB_TOKEN]"),
+        // OpenAI-style API key (original rule — unchanged).
+        (input) => input.replace(/sk-[a-zA-Z0-9]{12,}/g, "[REDACTED_API_KEY]"),
+        // Bearer token header value: "Bearer <token>" (case-insensitive), token redacted.
+        (input) => input.replace(/\bBearer\s+[A-Za-z0-9._~+/-]{8,}=*/gi, "Bearer [REDACTED_BEARER_TOKEN]"),
+        // Connection-string assignment: password=/secret= value -> key kept, value redacted.
+        (input) => input.replace(/\b(password|secret)=([^\s"'&;]+)/gi, "$1=[REDACTED]"),
+    ];
+}
+export function applyRedaction(input, options) {
+    if (!options.redactionEnabled) {
+        return {
+            text: input,
+            warningCodes: [],
+        };
+    }
+    let text = input;
+    const warningCodes = [];
+    for (const rule of options.rules ?? defaultRules()) {
+        try {
+            text = rule(text);
+        }
+        catch {
+            warningCodes.push("redaction_partial_failure");
+        }
+    }
+    return {
+        text,
+        warningCodes,
+    };
+}

package/dist/core/summarize/strategySelector.js

@@ -0,0 +1,7 @@
+export function resolveSummarizerMode(config) {
+    if (config.allowCloudSummarization === true &&
+        Boolean(config.anthropicApiKey)) {
+        return "cloud";
+    }
+    return "local";
+}