shieldcortex 3.0.4 → 3.2.0

package/dist/cloud/config.d.ts

@@ -3,12 +3,22 @@ export interface CloudConfig {
     cloudBaseUrl: string;
     cloudEnabled: boolean;
 }
+export interface CloudSyncControls {
+    projectMode: 'all' | 'include' | 'exclude';
+    projects: string[];
+    contentMode: 'full' | 'metadata';
+    excludeSensitive: boolean;
+}
 /** Returns true if config file tampering was detected. */
 export declare function isConfigTampered(): boolean;
 export declare function getCloudConfig(): CloudConfig;
 export declare function setCloudConfig(updates: Partial<CloudConfig>): void;
 /** Reset the in-memory cache (useful for testing) */
 export declare function clearCloudConfigCache(): void;
+export declare function getCloudSyncControls(): CloudSyncControls;
+export declare function setCloudSyncControls(updates: Partial<CloudSyncControls>): void;
+export declare function shouldSyncProject(project: string | null | undefined, controls?: CloudSyncControls): boolean;
+export declare function isSensitiveLevel(level: string | null | undefined): boolean;
 export declare function readRawConfig(): Record<string, unknown>;
 export declare function getTrustedSkills(): string[];
 export declare function addTrustedSkill(path: string): void;

package/dist/cloud/config.js

@@ -7,6 +7,12 @@ const CONFIG_FILE = join(CONFIG_DIR, 'config.json');
 const SIG_FILE = join(CONFIG_DIR, '.config-sig');
 const INTEGRITY_KEY_FILE = join(CONFIG_DIR, '.integrity-key');
 const DEFAULT_BASE_URL = 'https://api.shieldcortex.ai';
+const DEFAULT_SYNC_CONTROLS = {
+    projectMode: 'all',
+    projects: [],
+    contentMode: 'full',
+    excludeSensitive: false,
+};
 // Cache to avoid repeated file reads
 let cachedConfig = null;
 // ── Config Integrity (HMAC) ──────────────────────────────
@@ -114,6 +120,54 @@ export function setCloudConfig(updates) {
 export function clearCloudConfigCache() {
     cachedConfig = null;
 }
+function normalizeProjectList(value) {
+    if (!Array.isArray(value))
+        return [];
+    return [...new Set(value
+            .filter((entry) => typeof entry === 'string')
+            .map((entry) => entry.trim())
+            .filter(Boolean))].sort((a, b) => a.localeCompare(b));
+}
+export function getCloudSyncControls() {
+    const raw = readRawConfig();
+    const projectMode = raw.cloudSyncProjectMode;
+    const contentMode = raw.cloudSyncContentMode;
+    return {
+        projectMode: projectMode === 'include' || projectMode === 'exclude'
+            ? projectMode
+            : DEFAULT_SYNC_CONTROLS.projectMode,
+        projects: normalizeProjectList(raw.cloudSyncProjects),
+        contentMode: contentMode === 'metadata' ? 'metadata' : DEFAULT_SYNC_CONTROLS.contentMode,
+        excludeSensitive: typeof raw.cloudSyncExcludeSensitive === 'boolean'
+            ? raw.cloudSyncExcludeSensitive
+            : DEFAULT_SYNC_CONTROLS.excludeSensitive,
+    };
+}
+export function setCloudSyncControls(updates) {
+    const raw = readRawConfig();
+    if (updates.projectMode !== undefined)
+        raw.cloudSyncProjectMode = updates.projectMode;
+    if (updates.projects !== undefined)
+        raw.cloudSyncProjects = normalizeProjectList(updates.projects);
+    if (updates.contentMode !== undefined)
+        raw.cloudSyncContentMode = updates.contentMode;
+    if (updates.excludeSensitive !== undefined)
+        raw.cloudSyncExcludeSensitive = updates.excludeSensitive;
+    writeRawConfig(raw);
+}
+export function shouldSyncProject(project, controls = getCloudSyncControls()) {
+    const normalized = (project ?? '').trim();
+    if (controls.projectMode === 'all')
+        return true;
+    const included = controls.projects.includes(normalized);
+    return controls.projectMode === 'include' ? included : !included;
+}
+export function isSensitiveLevel(level) {
+    if (!level)
+        return false;
+    const normalized = level.trim().toUpperCase();
+    return normalized.length > 0 && normalized !== 'PUBLIC' && normalized !== 'INTERNAL';
+}
 // ── Trusted Skills ──────────────────────────────────────
 export function readRawConfig() {
     try {

package/dist/cloud/graph-sync.d.ts

@@ -0,0 +1,45 @@
+import type { Memory } from '../memory/types.js';
+export interface SyncedGraphEntityRecord {
+    external_id: string;
+    local_id: number;
+    name: string;
+    type: string;
+    aliases: string[];
+    first_seen: string | null;
+    memory_count: number;
+}
+export interface SyncedGraphTripleRecord {
+    external_id: string;
+    local_id: number;
+    subject_external_id: string;
+    predicate: string;
+    object_external_id: string;
+    source_memory_external_id: string | null;
+    confidence: number | null;
+    created_at: string | null;
+}
+export interface SyncedGraphMemoryEntityRecord {
+    memory_external_id: string;
+    entity_external_id: string;
+    role: string;
+}
+export interface GraphSyncEnvelope {
+    device: {
+        device_id: string;
+        device_name: string;
+        platform: string;
+    };
+    entities: SyncedGraphEntityRecord[];
+    triples: SyncedGraphTripleRecord[];
+    memory_entities: SyncedGraphMemoryEntityRecord[];
+    prune_memory_external_ids?: string[];
+}
+export declare function syncGraphForMemoryToCloud(memoryId: number): void;
+export declare function syncGraphDeleteForMemoryToCloud(memory: Memory): void;
+export declare function syncAllGraphToCloud(): Promise<{
+    entities: number;
+    triples: number;
+    memoryEntities: number;
+    syncedBatches: number;
+    failedBatches: number;
+}>;

package/dist/cloud/graph-sync.js

@@ -0,0 +1,260 @@
+import { getDatabase } from '../database/init.js';
+import { getCloudConfig, getCloudSyncControls, getDeviceId, getDeviceName, isSensitiveLevel, shouldSyncProject, updateLastSyncAt, } from './config.js';
+import { enqueueFailedGraphSync } from './sync-queue.js';
+function safeJsonParse(value, fallback) {
+    if (!value)
+        return fallback;
+    try {
+        return JSON.parse(value);
+    }
+    catch {
+        return fallback;
+    }
+}
+function entityExternalId(id) {
+    return `entity:${id}`;
+}
+function tripleExternalId(id) {
+    return `triple:${id}`;
+}
+function getAllowedMemoryExternalIds() {
+    const db = getDatabase();
+    const rows = db.prepare('SELECT uuid, project, sensitivity_level, cloud_excluded FROM memories').all();
+    return buildAllowedMemoryExternalIdSet(rows);
+}
+function buildAllowedMemoryExternalIdSet(rows) {
+    const controls = getCloudSyncControls();
+    return new Set(rows
+        .filter((row) => {
+        if (row.cloud_excluded)
+            return false;
+        if (!shouldSyncProject(row.project, controls))
+            return false;
+        if (controls.excludeSensitive && isSensitiveLevel(row.sensitivity_level))
+            return false;
+        return true;
+    })
+        .map((row) => row.uuid));
+}
+function buildEnvelope(entities, triples, memoryEntities, pruneMemoryExternalIds = []) {
+    return {
+        device: {
+            device_id: getDeviceId(),
+            device_name: getDeviceName(),
+            platform: `${process.platform}/${process.arch}`,
+        },
+        entities,
+        triples,
+        memory_entities: memoryEntities,
+        ...(pruneMemoryExternalIds.length > 0 ? { prune_memory_external_ids: pruneMemoryExternalIds } : {}),
+    };
+}
+async function postGraphEnvelope(envelope) {
+    const config = getCloudConfig();
+    if (!config.cloudEnabled ||
+        !config.cloudApiKey ||
+        (envelope.entities.length === 0 &&
+            envelope.triples.length === 0 &&
+            envelope.memory_entities.length === 0 &&
+            (!envelope.prune_memory_external_ids || envelope.prune_memory_external_ids.length === 0))) {
+        return false;
+    }
+    const controller = new AbortController();
+    const timeoutId = setTimeout(() => controller.abort(), 15_000);
+    try {
+        const res = await fetch(`${config.cloudBaseUrl}/v1/sync/graph`, {
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/json',
+                Authorization: `Bearer ${config.cloudApiKey}`,
+            },
+            body: JSON.stringify(envelope),
+            signal: controller.signal,
+        });
+        if (!res.ok) {
+            return false;
+        }
+        updateLastSyncAt();
+        return true;
+    }
+    catch {
+        return false;
+    }
+    finally {
+        clearTimeout(timeoutId);
+    }
+}
+function mapEntityRow(row) {
+    return {
+        external_id: entityExternalId(row.id),
+        local_id: row.id,
+        name: row.name,
+        type: row.type,
+        aliases: safeJsonParse(row.aliases, []),
+        first_seen: row.first_seen ? new Date(row.first_seen).toISOString() : null,
+        memory_count: Number(row.memory_count ?? 0),
+    };
+}
+function mapTripleRow(row) {
+    return {
+        external_id: tripleExternalId(row.id),
+        local_id: row.id,
+        subject_external_id: entityExternalId(row.subject_id),
+        predicate: row.predicate,
+        object_external_id: entityExternalId(row.object_id),
+        source_memory_external_id: row.source_memory_uuid ?? null,
+        confidence: row.confidence === undefined ? null : Number(row.confidence),
+        created_at: row.created_at ? new Date(row.created_at).toISOString() : null,
+    };
+}
+function mapMemoryEntityRow(row) {
+    return {
+        memory_external_id: row.memory_uuid,
+        entity_external_id: entityExternalId(row.entity_id),
+        role: row.role ?? 'mention',
+    };
+}
+function getMemoryScopedEnvelope(memoryId) {
+    const db = getDatabase();
+    const memory = db.prepare('SELECT id, uuid, project, sensitivity_level, cloud_excluded FROM memories WHERE id = ?').get(memoryId);
+    if (!memory)
+        return null;
+    const controls = getCloudSyncControls();
+    const memoryAllowed = !memory.cloud_excluded &&
+        shouldSyncProject(memory.project, controls) &&
+        !(controls.excludeSensitive && isSensitiveLevel(memory.sensitivity_level));
+    if (!memoryAllowed) {
+        return buildEnvelope([], [], [], [memory.uuid]);
+    }
+    const entityRows = db.prepare(`
+    SELECT DISTINCT e.*
+    FROM entities e
+    JOIN memory_entities me ON me.entity_id = e.id
+    WHERE me.memory_id = ?
+    ORDER BY e.memory_count DESC, e.name ASC
+  `).all(memoryId);
+    const tripleRows = db.prepare(`
+    SELECT t.*, m.uuid as source_memory_uuid
+    FROM triples t
+    LEFT JOIN memories m ON m.id = t.source_memory_id
+    WHERE t.source_memory_id = ?
+    ORDER BY t.id ASC
+  `).all(memoryId);
+    const memoryEntityRows = db.prepare(`
+    SELECT me.entity_id, me.role, m.uuid as memory_uuid
+    FROM memory_entities me
+    JOIN memories m ON m.id = me.memory_id
+    WHERE me.memory_id = ?
+    ORDER BY me.entity_id ASC
+  `).all(memoryId);
+    return buildEnvelope(entityRows.map(mapEntityRow), tripleRows.map(mapTripleRow), memoryEntityRows.map(mapMemoryEntityRow), [memory.uuid]);
+}
+export function syncGraphForMemoryToCloud(memoryId) {
+    const config = getCloudConfig();
+    if (!config.cloudEnabled || !config.cloudApiKey)
+        return;
+    const envelope = getMemoryScopedEnvelope(memoryId);
+    if (!envelope)
+        return;
+    postGraphEnvelope(envelope).then((ok) => {
+        if (!ok)
+            enqueueFailedGraphSync(envelope);
+    }).catch(() => {
+        enqueueFailedGraphSync(envelope);
+    });
+}
+export function syncGraphDeleteForMemoryToCloud(memory) {
+    const config = getCloudConfig();
+    if (!config.cloudEnabled || !config.cloudApiKey)
+        return;
+    const envelope = buildEnvelope([], [], [], [memory.uuid]);
+    postGraphEnvelope(envelope).then((ok) => {
+        if (!ok)
+            enqueueFailedGraphSync(envelope);
+    }).catch(() => {
+        enqueueFailedGraphSync(envelope);
+    });
+}
+export async function syncAllGraphToCloud() {
+    const db = getDatabase();
+    const memoryRows = db.prepare('SELECT uuid, project, sensitivity_level FROM memories ORDER BY id ASC').all();
+    const allowedMemoryExternalIds = buildAllowedMemoryExternalIdSet(memoryRows);
+    const entityRows = db.prepare('SELECT * FROM entities ORDER BY id ASC').all();
+    const tripleRows = db.prepare(`
+    SELECT t.*, m.uuid as source_memory_uuid
+    FROM triples t
+    LEFT JOIN memories m ON m.id = t.source_memory_id
+    ORDER BY t.id ASC
+  `).all();
+    const memoryEntityRows = db.prepare(`
+    SELECT me.entity_id, me.role, m.uuid as memory_uuid
+    FROM memory_entities me
+    JOIN memories m ON m.id = me.memory_id
+    ORDER BY me.memory_id ASC, me.entity_id ASC
+  `).all();
+    const filteredMemoryEntityRows = memoryEntityRows.filter((row) => allowedMemoryExternalIds.has(row.memory_uuid));
+    const allowedEntityIds = new Set(filteredMemoryEntityRows.map((row) => row.entity_id));
+    const filteredTripleRows = tripleRows.filter((row) => {
+        const sourceMemoryUuid = row.source_memory_uuid;
+        if (sourceMemoryUuid && !allowedMemoryExternalIds.has(sourceMemoryUuid))
+            return false;
+        const subjectId = row.subject_id;
+        const objectId = row.object_id;
+        return allowedEntityIds.has(subjectId) || allowedEntityIds.has(objectId);
+    });
+    for (const row of filteredTripleRows) {
+        allowedEntityIds.add(row.subject_id);
+        allowedEntityIds.add(row.object_id);
+    }
+    const filteredEntityRows = entityRows.filter((row) => allowedEntityIds.has(row.id));
+    const entities = filteredEntityRows.map(mapEntityRow);
+    const triples = filteredTripleRows.map(mapTripleRow);
+    const memoryEntities = filteredMemoryEntityRows.map(mapMemoryEntityRow);
+    const activeGraphMemoryExternalIds = new Set([
+        ...filteredMemoryEntityRows.map((row) => row.memory_uuid),
+        ...filteredTripleRows
+            .map((row) => row.source_memory_uuid)
+            .filter((value) => Boolean(value)),
+    ]);
+    const pruneMemoryExternalIds = memoryRows
+        .map((row) => row.uuid)
+        .filter((uuid) => !activeGraphMemoryExternalIds.has(uuid));
+    const batchSize = 200;
+    let syncedBatches = 0;
+    let failedBatches = 0;
+    for (let pruneIndex = 0; pruneIndex < pruneMemoryExternalIds.length; pruneIndex += batchSize) {
+        const pruneEnvelope = buildEnvelope([], [], [], pruneMemoryExternalIds.slice(pruneIndex, pruneIndex + batchSize));
+        const ok = await postGraphEnvelope(pruneEnvelope);
+        if (ok) {
+            syncedBatches++;
+        }
+        else {
+            failedBatches++;
+            enqueueFailedGraphSync(pruneEnvelope);
+        }
+    }
+    const totalBatches = Math.max(Math.ceil(entities.length / batchSize), Math.ceil(triples.length / batchSize), Math.ceil(memoryEntities.length / batchSize), 1);
+    for (let batchIndex = 0; batchIndex < totalBatches; batchIndex++) {
+        const envelope = buildEnvelope(entities.slice(batchIndex * batchSize, (batchIndex + 1) * batchSize), triples.slice(batchIndex * batchSize, (batchIndex + 1) * batchSize), memoryEntities.slice(batchIndex * batchSize, (batchIndex + 1) * batchSize));
+        const hasPayload = envelope.entities.length > 0 ||
+            envelope.triples.length > 0 ||
+            envelope.memory_entities.length > 0;
+        if (!hasPayload)
+            continue;
+        const ok = await postGraphEnvelope(envelope);
+        if (ok) {
+            syncedBatches++;
+        }
+        else {
+            failedBatches++;
+            enqueueFailedGraphSync(envelope);
+        }
+    }
+    return {
+        entities: entities.length,
+        triples: triples.length,
+        memoryEntities: memoryEntities.length,
+        syncedBatches,
+        failedBatches,
+    };
+}

package/dist/cloud/memory-sync.d.ts

@@ -0,0 +1,37 @@
+import type { Memory } from '../memory/types.js';
+export interface SyncedMemoryRecord {
+    external_id: string;
+    local_id: number;
+    type: string;
+    category: string;
+    title: string;
+    content: string;
+    project: string | null;
+    tags: string[];
+    salience: number;
+    scope: string;
+    transferable: boolean;
+    trust_score: number | null;
+    sensitivity_level: string | null;
+    source: string | null;
+    metadata: Record<string, unknown>;
+    cloud_excluded?: boolean;
+    created_at: string;
+    updated_at: string;
+    deleted_at?: string | null;
+}
+export interface MemorySyncEnvelope {
+    memories: SyncedMemoryRecord[];
+    device: {
+        device_id: string;
+        device_name: string;
+        platform: string;
+    };
+}
+export declare function syncMemoryUpsertToCloud(memory: Memory): void;
+export declare function syncMemoryDeleteToCloud(memory: Memory): void;
+export declare function syncAllMemoriesToCloud(): Promise<{
+    total: number;
+    synced: number;
+    failed: number;
+}>;

package/dist/cloud/memory-sync.js

@@ -0,0 +1,186 @@
+import { getDatabase } from '../database/init.js';
+import { getCloudConfig, getCloudSyncControls, getDeviceId, getDeviceName, isSensitiveLevel, shouldSyncProject, updateLastSyncAt, } from './config.js';
+import { enqueueFailedMemorySync } from './sync-queue.js';
+function safeJsonParse(value, fallback) {
+    if (!value)
+        return fallback;
+    try {
+        return JSON.parse(value);
+    }
+    catch {
+        return fallback;
+    }
+}
+function rowToSyncRecord(row) {
+    return {
+        external_id: row.uuid,
+        local_id: row.id,
+        type: row.type,
+        category: row.category,
+        title: row.title,
+        content: row.content,
+        project: row.project ?? null,
+        tags: safeJsonParse(row.tags, []),
+        salience: Number(row.salience ?? 0),
+        scope: row.scope ?? 'project',
+        transferable: Boolean(row.transferable),
+        trust_score: row.trust_score === undefined ? null : Number(row.trust_score),
+        sensitivity_level: row.sensitivity_level ?? null,
+        source: row.source ?? null,
+        metadata: safeJsonParse(row.metadata, {}),
+        cloud_excluded: Boolean(row.cloud_excluded),
+        created_at: new Date(row.created_at ?? Date.now()).toISOString(),
+        updated_at: new Date(row.updated_at ?? row.created_at ?? Date.now()).toISOString(),
+        deleted_at: null,
+    };
+}
+function buildEnvelope(records) {
+    return {
+        memories: records,
+        device: {
+            device_id: getDeviceId(),
+            device_name: getDeviceName(),
+            platform: `${process.platform}/${process.arch}`,
+        },
+    };
+}
+function shouldSyncRecord(record) {
+    if (record.cloud_excluded)
+        return false;
+    const controls = getCloudSyncControls();
+    if (!shouldSyncProject(record.project, controls))
+        return false;
+    if (controls.excludeSensitive && isSensitiveLevel(record.sensitivity_level))
+        return false;
+    return true;
+}
+function applyContentMode(record) {
+    const controls = getCloudSyncControls();
+    if (controls.contentMode !== 'metadata')
+        return record;
+    return {
+        ...record,
+        title: `[Metadata only] ${record.category}`,
+        content: `[ShieldCortex] Memory content redacted by local sync policy.`,
+        metadata: {
+            ...record.metadata,
+            _shieldcortex_sync: {
+                ...(typeof record.metadata?._shieldcortex_sync === 'object' && record.metadata._shieldcortex_sync !== null
+                    ? record.metadata._shieldcortex_sync
+                    : {}),
+                content_redacted: true,
+                mode: 'metadata',
+            },
+        },
+    };
+}
+function hydrateMemoryRecord(memoryId) {
+    const db = getDatabase();
+    const row = db.prepare('SELECT * FROM memories WHERE id = ?').get(memoryId);
+    if (!row)
+        return null;
+    return rowToSyncRecord(row);
+}
+async function postEnvelope(envelope) {
+    const config = getCloudConfig();
+    if (!config.cloudEnabled || !config.cloudApiKey || envelope.memories.length === 0) {
+        return false;
+    }
+    const controller = new AbortController();
+    const timeoutId = setTimeout(() => controller.abort(), 15_000);
+    try {
+        const res = await fetch(`${config.cloudBaseUrl}/v1/sync/memories`, {
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/json',
+                Authorization: `Bearer ${config.cloudApiKey}`,
+            },
+            body: JSON.stringify(envelope),
+            signal: controller.signal,
+        });
+        if (!res.ok) {
+            return false;
+        }
+        updateLastSyncAt();
+        return true;
+    }
+    catch {
+        return false;
+    }
+    finally {
+        clearTimeout(timeoutId);
+    }
+}
+export function syncMemoryUpsertToCloud(memory) {
+    const config = getCloudConfig();
+    if (!config.cloudEnabled || !config.cloudApiKey)
+        return;
+    const record = hydrateMemoryRecord(memory.id);
+    if (!record)
+        return;
+    if (!shouldSyncRecord(record))
+        return;
+    const envelope = buildEnvelope([applyContentMode(record)]);
+    postEnvelope(envelope).then((ok) => {
+        if (!ok) {
+            enqueueFailedMemorySync(envelope.memories[0]);
+        }
+    }).catch(() => {
+        enqueueFailedMemorySync(envelope.memories[0]);
+    });
+}
+export function syncMemoryDeleteToCloud(memory) {
+    const config = getCloudConfig();
+    if (!config.cloudEnabled || !config.cloudApiKey)
+        return;
+    const record = {
+        external_id: memory.uuid,
+        local_id: memory.id,
+        type: memory.type,
+        category: memory.category,
+        title: memory.title,
+        content: memory.content,
+        project: memory.project ?? null,
+        tags: memory.tags,
+        salience: memory.salience,
+        scope: memory.scope,
+        transferable: memory.transferable,
+        trust_score: null,
+        sensitivity_level: null,
+        source: null,
+        metadata: memory.metadata,
+        created_at: memory.createdAt.toISOString(),
+        updated_at: memory.updatedAt.toISOString(),
+        deleted_at: new Date().toISOString(),
+    };
+    const envelope = buildEnvelope([record]);
+    postEnvelope(envelope).then((ok) => {
+        if (!ok) {
+            enqueueFailedMemorySync(record);
+        }
+    }).catch(() => {
+        enqueueFailedMemorySync(record);
+    });
+}
+export async function syncAllMemoriesToCloud() {
+    const db = getDatabase();
+    const rows = db.prepare('SELECT * FROM memories ORDER BY id ASC').all();
+    const records = rows.map(rowToSyncRecord).filter(shouldSyncRecord).map(applyContentMode);
+    let synced = 0;
+    let failed = 0;
+    const batchSize = 50;
+    for (let i = 0; i < records.length; i += batchSize) {
+        const batch = records.slice(i, i + batchSize);
+        const ok = await postEnvelope(buildEnvelope(batch));
+        if (ok) {
+            synced += batch.length;
+        }
+        else {
+            failed += batch.length;
+            for (const record of batch) {
+                enqueueFailedMemorySync(record);
+            }
+        }
+    }
+    return { total: records.length, synced, failed };
+}

package/dist/cloud/sync-queue.d.ts

@@ -5,6 +5,8 @@
  * Supports both audit metadata sync and quarantine content sync payloads.
  * Uses SQLite sync_queue table with exponential backoff.
  */
+import type { SyncedMemoryRecord } from './memory-sync.js';
+import type { GraphSyncEnvelope } from './graph-sync.js';
 export interface SyncEntry {
     source_type: string;
     source_identifier: string;
@@ -37,6 +39,15 @@ export interface QueueStats {
     pending: number;
     failed: number;
     synced: number;
+    byKind: Record<'audit' | 'quarantine' | 'memory' | 'graph' | 'unknown', {
+        pending: number;
+        failed: number;
+        synced: number;
+    }>;
+    oldestPendingAt: string | null;
+    nextRetryAt: string | null;
+    lastError: string | null;
+    lastErrorKind: 'audit' | 'quarantine' | 'memory' | 'graph' | 'unknown' | null;
 }
 export interface SyncQueueResult {
     processed: number;
@@ -44,6 +55,9 @@ export interface SyncQueueResult {
     failed: number;
     permanentlyFailed: number;
 }
+export interface ReconcileQueueResult {
+    removed: number;
+}
 /**
  * Enqueue a failed sync entry for later retry.
  * INSERT into sync_queue with exponential backoff schedule.
@@ -53,6 +67,11 @@ export declare function enqueueFailedSync(entry: SyncEntry): void;
  * Enqueue a failed quarantine sync entry for later retry.
  */
 export declare function enqueueFailedQuarantineSync(entry: QuarantineSyncEntry): void;
+/**
+ * Enqueue a failed memory sync entry for later retry.
+ */
+export declare function enqueueFailedMemorySync(entry: SyncedMemoryRecord): void;
+export declare function enqueueFailedGraphSync(entry: GraphSyncEnvelope): void;
 /**
  * Process pending items in the retry queue.
  * SELECT pending WHERE next_retry_at <= now, retry each (up to 10 per tick).
@@ -63,6 +82,11 @@ export declare function processRetryQueue(): Promise<SyncQueueResult>;
  * Get queue statistics by status.
  */
 export declare function getQueueStats(): QueueStats;
+export declare function reconcileSyncQueue(options?: {
+    kinds?: Array<'memory' | 'graph' | 'audit' | 'quarantine'>;
+    statuses?: Array<'pending' | 'failed'>;
+    maxCreatedAt?: string | null;
+}): ReconcileQueueResult;
 /**
  * Purge old entries from the queue.
  * DELETE WHERE created_at < 7 days ago.