slashvibe-mcp 0.3.21 → 0.3.23

package/store/api.js

@@ -10,58 +10,14 @@ const https = require('https');
 const http = require('http');
 const config = require('../config');
 const crypto = require('../crypto');
-const authStore = require('../auth-store');
+const sqlite = require('./sqlite'); // V2 messaging - local persistence
 
 const API_URL = process.env.VIBE_API_URL || 'https://www.slashvibe.dev';
 
 // Default timeout for API requests (10 seconds)
 const REQUEST_TIMEOUT = 10000;
 
-// Retry configuration
-const MAX_RETRIES = 3;
-const INITIAL_RETRY_DELAY = 500; // 500ms
-const MAX_RETRY_DELAY = 5000; // 5 seconds
-
-/**
- * Calculate exponential backoff delay with jitter
- * @param {number} attempt - Current attempt number (0-based)
- * @returns {number} Delay in milliseconds
- */
-function getBackoffDelay(attempt) {
-  const exponentialDelay = INITIAL_RETRY_DELAY * Math.pow(2, attempt);
-  const jitter = Math.random() * 0.3 * exponentialDelay; // 0-30% jitter
-  return Math.min(exponentialDelay + jitter, MAX_RETRY_DELAY);
-}
-
-/**
- * Sleep for a given duration
- * @param {number} ms - Milliseconds to sleep
- */
-function sleep(ms) {
-  return new Promise(resolve => setTimeout(resolve, ms));
-}
-
-/**
- * Force reload of config module to pick up auth changes
- * This clears the require cache and reloads the config from disk
- */
-function reloadConfig() {
-  try {
-    // Clear the config module from require cache
-    const configPath = require.resolve('../config');
-    delete require.cache[configPath];
-    // Re-require to get fresh module
-    return require('../config');
-  } catch (e) {
-    console.error('[api] Failed to reload config:', e.message);
-    return config;
-  }
-}
-
-/**
- * Internal single request (no retries)
- */
-function requestOnce(method, path, data = null, options = {}) {
+function request(method, path, data = null, options = {}) {
   return new Promise((resolve, reject) => {
     const url = new URL(path, API_URL);
     const isHttps = url.protocol === 'https:';
@@ -73,9 +29,8 @@ function requestOnce(method, path, data = null, options = {}) {
       'User-Agent': 'vibe-mcp/1.0'
     };
 
-    // Add auth token: priority is explicit option > in-memory store > config file
-    // authStore is the SOURCE OF TRUTH during runtime (immediate updates from OAuth)
-    const token = options.token || authStore.getToken() || config.getAuthToken();
+    // Add auth token if provided or if we have one stored
+    const token = options.token || config.getAuthToken();
     if (token && options.auth !== false) {
       headers['Authorization'] = `Bearer ${token}`;
     }
@@ -89,48 +44,12 @@ function requestOnce(method, path, data = null, options = {}) {
       timeout
     };
 
-    const req = client.request(reqOptions, (res) => {
+    const req = client.request(reqOptions, res => {
       let body = '';
-      res.on('data', chunk => body += chunk);
-      res.on('end', async () => {
+      res.on('data', chunk => (body += chunk));
+      res.on('end', () => {
         // Handle non-2xx responses
         if (res.statusCode >= 400) {
-          // 401 REFRESH: If unauthorized and haven't retried, try to recover
-          if (res.statusCode === 401 && !options._retried && options.auth !== false) {
-            console.error('[api] 401 received, attempting token refresh...');
-
-            // First, reload config from disk (in case token was saved but not pushed to store)
-            const freshConfig = reloadConfig();
-            const diskToken = freshConfig.getAuthToken();
-
-            // If disk has a different token, sync it to the auth store
-            if (diskToken && diskToken !== authStore.getToken()) {
-              console.error('[api] Found newer token on disk, syncing to auth store...');
-              authStore.setToken(diskToken);
-            }
-
-            // Now check if we have a fresh token to retry with
-            const freshToken = authStore.getToken() || diskToken;
-
-            // Only retry if we got a different/new token
-            if (freshToken && freshToken !== token) {
-              console.error('[api] Found fresh token, retrying request...');
-              try {
-                const retryResult = await request(method, path, data, {
-                  ...options,
-                  token: freshToken,
-                  _retried: true
-                });
-                resolve(retryResult);
-                return;
-              } catch (retryError) {
-                console.error('[api] Retry failed:', retryError.message);
-              }
-            } else {
-              console.error('[api] No fresh token found, not retrying');
-            }
-          }
-
           try {
             const parsed = JSON.parse(body);
             resolve({ success: false, error: parsed.error || `HTTP ${res.statusCode}`, statusCode: res.statusCode });
@@ -151,59 +70,24 @@ function requestOnce(method, path, data = null, options = {}) {
     // Handle timeout
     req.on('timeout', () => {
       req.destroy();
-      resolve({ success: false, error: 'Request timeout', timeout: true, retryable: true });
+      resolve({ success: false, error: 'Request timeout', timeout: true });
     });
 
-    req.on('error', (e) => {
-      resolve({ success: false, error: e.message, network: true, retryable: true });
+    req.on('error', e => {
+      resolve({ success: false, error: e.message, network: true });
     });
 
     if (data) {
-      req.write(JSON.stringify(data));
+      const payload = JSON.stringify(data);
+      req.setHeader('Content-Length', Buffer.byteLength(payload));
+      req.write(payload);
     }
     req.end();
   });
 }
 
-/**
- * Make HTTP request with exponential backoff retry for transient failures
- */
-async function request(method, path, data = null, options = {}) {
-  const maxRetries = options.maxRetries ?? MAX_RETRIES;
-  const skipRetry = options._skipRetry || false;
-
-  // Don't retry if explicitly disabled or already in a retry chain
-  if (skipRetry || maxRetries === 0) {
-    return requestOnce(method, path, data, options);
-  }
-
-  let lastResult;
-  for (let attempt = 0; attempt <= maxRetries; attempt++) {
-    lastResult = await requestOnce(method, path, data, { ...options, _skipRetry: true });
-
-    // Success or non-retryable error - return immediately
-    if (!lastResult.retryable) {
-      return lastResult;
-    }
-
-    // Don't retry on last attempt
-    if (attempt < maxRetries) {
-      const delay = getBackoffDelay(attempt);
-      console.error(`[api] Retrying ${method} ${path} in ${Math.round(delay)}ms (attempt ${attempt + 1}/${maxRetries})`);
-      await sleep(delay);
-    }
-  }
-
-  // All retries exhausted
-  console.error(`[api] All ${maxRetries} retries failed for ${method} ${path}`);
-  return lastResult;
-}
-
 // ============ PRESENCE ============
 
-// Use v2 API by default (Postgres-backed)
-const USE_V2_PRESENCE = process.env.VIBE_PRESENCE_V1 !== 'true';
-
 // Session ID for this MCP instance
 let currentSessionId = null;
 
@@ -227,14 +111,14 @@ async function registerSession(sessionId, handle, building = null, publicKey = n
       registrationData.publicKey = publicKey;
     }
 
-    const result = await request('POST', '/api/presence', registrationData, { auth: false });  // Don't send token for registration (we don't have one yet)
+    const result = await request('POST', '/api/presence', registrationData, { auth: false }); // Don't send token for registration (we don't have one yet)
 
     if (result.success && result.token) {
       // Use server-issued sessionId and token (not client-generated)
       currentSessionId = result.sessionId;
 
       // Save token for future authenticated requests (persist to shared config)
-      config.saveAuthToken(result.token);
+      config.savePrivyToken(result.token);
 
       console.error(`[vibe] Registered @${handle} with session ${result.sessionId}`);
     } else if (result.success) {
@@ -243,7 +127,7 @@ async function registerSession(sessionId, handle, building = null, publicKey = n
       console.error(`[vibe] Registered @${handle} (legacy mode)`);
     }
 
-    // Also register user in users DB (for @seth welcome tracking)
+    // Also register user in users DB (for @vibe welcome tracking)
     // AIRC: Include public key for identity
     try {
       const userData = {
@@ -253,7 +137,7 @@ async function registerSession(sessionId, handle, building = null, publicKey = n
       if (publicKey) {
         userData.publicKey = publicKey;
       }
-      await request('POST', '/api/users', userData, { auth: false });  // User registration doesn't need auth
+      await request('POST', '/api/users', userData, { auth: false }); // User registration doesn't need auth
     } catch (e) {
       // Non-fatal if user registration fails
     }
@@ -265,11 +149,10 @@ async function registerSession(sessionId, handle, building = null, publicKey = n
   }
 }
 
-async function heartbeat(handle, one_liner, context = null) {
+async function heartbeat(handle, one_liner, context = null, source = null) {
   try {
-    const endpoint = USE_V2_PRESENCE ? '/api/v2/presence' : '/api/presence';
-
-    // Build payload
+    // Token-based auth: server extracts handle from token
+    // Only need to send workingOn and context
     const payload = { workingOn: one_liner };
 
     // Fallback: if no token, send username (legacy support)
@@ -277,23 +160,18 @@ async function heartbeat(handle, one_liner, context = null) {
       payload.username = handle;
     }
 
-    // Add context fields (v2 flattens these)
+    // Add context (mood, file, etc.) if provided
     if (context) {
-      if (USE_V2_PRESENCE) {
-        // v2: flat structure
-        if (context.mood) payload.mood = context.mood;
-        if (context.file) payload.file = context.file;
-        if (context.project) payload.project = context.project;
-        if (context.awayMessage) payload.awayMessage = context.awayMessage;
-        if (context.sessionId) payload.sessionId = context.sessionId;
-        if (context.availableFor !== undefined) payload.availableFor = context.availableFor;
-      } else {
-        // v1: nested context
-        payload.context = context;
-      }
+      payload.context = context;
+    }
+
+    // Phase 1 Presence Bridge: track which surface is reporting
+    // See VIBE_CLAWDBOT_INTEGRATION_SPEC.md
+    if (source) {
+      payload.source = source;
     }
 
-    await request('POST', endpoint, payload);
+    await request('POST', '/api/presence', payload);
   } catch (e) {
     console.error('Heartbeat failed:', e.message);
   }
@@ -301,21 +179,24 @@ async function heartbeat(handle, one_liner, context = null) {
 
 async function sendTypingIndicator(handle, toHandle) {
   try {
-    // Use dedicated typing API with 5s TTL
-    await request('POST', '/api/typing', {
-      from: handle,
-      to: toHandle,
-    });
+    // Token auth: server extracts sender from token
+    const payload = { typingTo: toHandle };
+
+    // Fallback for legacy
+    if (!config.getAuthToken()) {
+      payload.username = handle;
+    }
+
+    await request('POST', '/api/presence', payload);
   } catch (e) {
-    // Silent fail - typing is best-effort
+    console.error('Typing indicator failed:', e.message);
   }
 }
 
 async function getTypingUsers(forHandle) {
   try {
-    // Use dedicated typing API to get all users typing to forHandle
-    const result = await request('GET', `/api/typing?to=${forHandle}`);
-    return result.typing || [];
+    const result = await request('GET', `/api/presence?user=${forHandle}&typing=true`);
+    return result.typingUsers || [];
   } catch (e) {
     return [];
   }
@@ -323,55 +204,38 @@ async function getTypingUsers(forHandle) {
 
 async function getActiveUsers() {
   try {
-    const endpoint = USE_V2_PRESENCE ? '/api/v2/presence' : '/api/presence';
-    const result = await request('GET', endpoint);
-
+    const result = await request('GET', '/api/presence');
     // Combine active and away users
     const users = [...(result.active || []), ...(result.away || [])];
-
-    // Map to normalized format (v2 uses 'handle', v1 uses 'username')
-    const mappedUsers = users.map(u => ({
-      handle: u.handle || u.username,
+    return users.map(u => ({
+      handle: u.username,
       one_liner: u.workingOn,
       lastSeen: new Date(u.lastSeen).getTime(),
       firstSeen: u.firstSeen ? new Date(u.firstSeen).getTime() : null,
       status: u.status,
-      // Mood: v2 is flat, v1 is nested
-      mood: u.mood || u.context?.mood || null,
+      // Mood: explicit (context.mood) or inferred (u.mood)
+      mood: u.context?.mood || u.mood || null,
       mood_inferred: u.mood_inferred || false,
       mood_reason: u.mood_reason || null,
       builderMode: u.builderMode || null,
       // Context sharing fields
-      file: u.file || u.context?.file || null,
-      branch: u.branch || u.context?.branch || null,
-      repo: u.repo || u.context?.repo || null,
-      error: u.error || u.context?.error || null,
-      note: u.note || u.context?.note || null,
+      file: u.context?.file || null,
+      branch: u.context?.branch || null,
+      repo: u.context?.repo || null,
+      error: u.context?.error || null,
+      note: u.context?.note || null,
       // Away status
-      awayMessage: u.awayMessage || u.context?.awayMessage || null,
-      awayAt: u.awayAt || u.context?.awayAt || null,
-      // v2 additions
-      isLive: u.isLive || false,
-      isAgent: u.isAgent || false
+      awayMessage: u.context?.awayMessage || null,
+      awayAt: u.context?.awayAt || null,
+      // Agent fields (used by who.js for badges)
+      is_agent: u.isAgent || false,
+      operator: u.operator || null,
+      // GitHub activity (used by who.js heat detection)
+      github: u.github || null,
+      // Phase 1 Presence Bridge: multi-source tracking
+      sources: u.sources || null,
+      reach_via: u.reach_via || null
     }));
-
-    // Sync presence data to local profiles (non-blocking)
-    // This enables discovery to find users by what they're building
-    try {
-      const profiles = require('./profiles');
-      profiles.syncFromPresence(mappedUsers).then(synced => {
-        if (synced > 0) {
-          // Auto-infer interests for new/updated profiles
-          profiles.inferMissingInterests().catch(e =>
-            console.error('[presence] interest inference failed:', e.message)
-          );
-        }
-      }).catch(e => console.error('[presence] sync failed:', e.message));
-    } catch (e) {
-      // Non-fatal: profiles module may not be available in some contexts
-    }
-
-    return mappedUsers;
   } catch (e) {
     console.error('Who failed:', e.message);
     return [];
@@ -379,68 +243,57 @@ async function getActiveUsers() {
 }
 
 async function setVisibility(handle, visible) {
-  try {
-    const endpoint = USE_V2_PRESENCE ? '/api/v2/presence' : '/api/presence';
-    const result = await request('POST', endpoint, {
-      action: 'visibility',
-      visible: visible
-    });
-
-    if (result.success === false) {
-      console.error('[setVisibility] API error:', result.error);
-      return { success: false, error: result.error };
-    }
-
-    return { success: true, visible };
-  } catch (e) {
-    console.error('[setVisibility] Error:', e.message);
-    return { success: false, error: e.message };
-  }
+  // TODO: implement visibility toggle API
 }
 
 // ============ MESSAGES ============
 
-// Use v2 API by default (Postgres-backed, cross-client sync)
-const USE_V2_MESSAGES = process.env.VIBE_MESSAGES_V1 !== 'true';
+async function sendMessage(from, to, body, type = 'dm', payload = null) {
+  // V2 MESSAGING: Save to SQLite first (optimistic UI)
+  const local_id = require('crypto').randomUUID();
+  const created_at = new Date().toISOString();
+
+  try {
+    // 1. Save to local SQLite (optimistic - before API call)
+    sqlite.saveLocalMessage({
+      local_id,
+      from_handle: from,
+      to_handle: to,
+      content: body || '',
+      created_at,
+      status: 'pending'
+    });
+  } catch (sqliteError) {
+    // Don't fail message send if SQLite fails (just log)
+    console.warn('[SQLite] Failed to save message locally:', sqliteError.message);
+  }
 
-async function sendMessage(from, to, body, type = 'dm', payload = null, options = {}) {
   try {
     let data;
-    let endpoint = '/api/messages';
-
-    // V2 API: Uses Postgres, simpler payload
-    const hasAuth = config.hasOAuth();
-    console.error('[vibe] sendMessage check: USE_V2_MESSAGES=' + USE_V2_MESSAGES + ', hasOAuth=' + hasAuth);
-    if (USE_V2_MESSAGES && hasAuth) {
-      endpoint = '/api/v2/messages';
-      data = {
-        to,
-        body: body || '',
-        payload: payload || undefined,
-        reply_to: options.replyTo || undefined,  // Threaded reply support
-      };
-      console.error('[vibe] Sending message via v2 API (Postgres-backed) to:', to, 'body length:', (body || '').length);
-    }
-    // V1 with OAuth (server-side signing)
-    else if (config.hasOAuth()) {
-      // OAuth flow - server handles signing
+
+    // Check if using Privy auth (server-side signing)
+    if (config.hasPrivyAuth()) {
+      // NEW: Privy auth flow - server handles signing
       // Just send message data, server signs it
       data = { to, body: body || undefined, text: body };
       if (payload) data.payload = payload;
 
-      console.error('[vibe] Sending message via OAuth (server-side signing)');
+      console.error('[vibe] Sending message via Privy auth (server-side signing)');
     } else {
       // LEGACY: Create signed message if we have a keypair
       const keypair = config.getKeypair();
 
       if (keypair) {
         // Full AIRC-compliant signed message
-        data = crypto.createSignedMessage({
-          from,
-          to,
-          body: body || undefined,
-          payload: payload || undefined
-        }, keypair.privateKey);
+        data = crypto.createSignedMessage(
+          {
+            from,
+            to,
+            body: body || undefined,
+            payload: payload || undefined
+          },
+          keypair.privateKey
+        );
 
         // Also include 'text' for backward compat with current API
         if (body) data.text = body;
@@ -453,34 +306,61 @@ async function sendMessage(from, to, body, type = 'dm', payload = null, options
       }
     }
 
-    console.error('[vibe] Sending request to endpoint:', endpoint, 'with data:', JSON.stringify(data).substring(0, 200));
-    const result = await request('POST', endpoint, data);
-    console.error('[vibe] Got result:', JSON.stringify(result).substring(0, 300));
+    const result = await request('POST', '/api/messages', data);
 
     // Handle auth errors
     if (!result.success && result.error?.includes('Authentication')) {
+      // Mark as failed in SQLite
+      try {
+        sqlite.updateMessageStatus(local_id, 'failed');
+      } catch (e) {}
       console.error('[vibe] Auth failed for message. Try `vibe init` to re-register.');
       return { error: 'auth_failed', message: 'Authentication failed. Try `vibe init` to re-register.' };
     }
 
     // Handle expired token
     if (result.statusCode === 401) {
+      // Mark as failed in SQLite
+      try {
+        sqlite.updateMessageStatus(local_id, 'failed');
+      } catch (e) {}
       console.error('[vibe] Auth expired. Run browser auth to refresh token.');
       return { error: 'auth_expired', message: 'Auth expired. Run `vibe init` to refresh token.' };
     }
 
     // Handle storage errors (KV write failed)
     if (!result.success && result.error === 'storage_error') {
+      // Mark as failed in SQLite
+      try {
+        sqlite.updateMessageStatus(local_id, 'failed');
+      } catch (e) {}
       console.error('[vibe] Storage error:', result.details || result.message);
       return { error: 'storage_error', message: result.message || 'Failed to save message. Please try again.' };
     }
 
     // Handle other errors
     if (!result.success && result.error) {
+      // Mark as failed in SQLite
+      try {
+        sqlite.updateMessageStatus(local_id, 'failed');
+      } catch (e) {}
       console.error('[vibe] Send error:', result.error, result.message);
       return { error: result.error, message: result.message || 'Failed to send message.' };
     }
 
+    // V2 MESSAGING: Update SQLite with server_id, thread_id and mark as sent
+    if (result.success || result.message) {
+      try {
+        // V2 Postgres: result.message.id, result.message.thread_id
+        const message = result.message || {};
+        const server_id = message.id || result.messageId || result.id || null;
+        const thread_id = message.thread_id || null;
+        sqlite.updateMessageStatus(local_id, 'sent', server_id, thread_id);
+      } catch (sqliteError) {
+        console.warn('[SQLite] Failed to update message status:', sqliteError.message);
+      }
+    }
+
     // Emit list_changed notification for successful message send
     // This allows other Claude Code instances to see the new message instantly
     if (result.success || result.message) {
@@ -492,96 +372,100 @@ async function sendMessage(from, to, body, type = 'dm', payload = null, options
     return result.message;
   } catch (e) {
     console.error('Send failed:', e.message);
+    // Mark as failed in SQLite
+    try {
+      sqlite.updateMessageStatus(local_id, 'failed');
+    } catch (sqliteErr) {}
     return null;
   }
 }
 
 async function getInbox(handle) {
   try {
-    // V2: Use threads endpoint (Postgres-backed, cross-client sync)
-    if (USE_V2_MESSAGES) {
-      const result = await request('GET', '/api/v2/threads');
-
-      if (result.success === false) {
-        console.error('[getInbox] V2 API error:', result.error);
-        // Fall back to v1
-        return getInboxV1(handle);
-      }
+    // V2 MESSAGING: Hybrid approach - SQLite (fast) + API (sync)
 
-      // Map v2 response to expected format
-      return (result.threads || []).map(t => ({
-        handle: t.with,
-        thread_id: t.id,
-        messages: [],  // Not loaded until thread is opened
-        unread: t.unread || 0,
-        lastMessage: t.last_message?.body,
-        lastTimestamp: t.last_message?.created_at ? new Date(t.last_message.created_at).getTime() : null
-      }));
+    // 1. Get from local SQLite first
+    let localInbox = [];
+    try {
+      localInbox = sqlite.getInboxThreads(handle);
+    } catch (sqliteError) {
+      console.warn('[SQLite] Failed to read inbox:', sqliteError.message);
     }
 
-    // V1 fallback
-    return getInboxV1(handle);
-  } catch (e) {
-    console.error('Inbox failed:', e.message);
-    return [];
-  }
-}
-
-// V1 inbox implementation (now handles V2 format since /api/messages returns V2)
-async function getInboxV1(handle) {
-  try {
-    // /api/messages now returns V2 format: { threads, total_unread }
+    // 2. Fetch from API (sync with backend)
     const result = await request('GET', `/api/messages?user=${handle}`);
 
-    // Check for API errors (auth failures, etc.)
-    if (result.success === false) {
-      console.error('[getInbox] API error:', result.error, result.message);
-      return [];
-    }
+    // V2 Postgres: result.threads[] with thread_id
+    const threads = result.threads || [];
 
-    // V2 format: map threads to expected format
-    if (result.threads) {
-      return result.threads.map(t => ({
-        handle: t.with,
-        thread_id: t.id,
-        messages: [],
-        unread: t.unread || 0,
-        lastMessage: t.last_message?.body,
-        lastTimestamp: t.last_message?.created_at ? new Date(t.last_message.created_at).getTime() : null
-      }));
+    // Merge threads into SQLite for persistence
+    if (threads.length > 0) {
+      try {
+        threads.forEach(thread => {
+          const msg = thread.last_message;
+          if (msg) {
+            sqlite.mergeServerMessages([
+              {
+                server_id: msg.id,
+                thread_id: thread.id, // V2 thread_id
+                from_handle: msg.from,
+                to_handle: handle === msg.from ? thread.with : handle,
+                content: msg.body,
+                created_at: msg.created_at,
+                status: 'delivered'
+              }
+            ]);
+          }
+        });
+      } catch (sqliteError) {
+        console.warn('[SQLite] Failed to merge inbox threads:', sqliteError.message);
+      }
     }
 
-    // Legacy V1 format (bySender) - kept for backwards compatibility
-    const bySender = result.bySender || {};
-    return Object.entries(bySender).map(([sender, messages]) => ({
-      handle: sender,
-      messages: messages.map(m => ({
-        from: m.from,
-        body: m.text,
-        timestamp: new Date(m.createdAt).getTime(),
-        read: m.read
-      })),
-      unread: messages.filter(m => !m.read).length,
-      lastMessage: messages[0]?.text,
-      lastTimestamp: new Date(messages[0]?.createdAt).getTime()
+    // Return V2 format
+    return threads.map(thread => ({
+      handle: thread.with,
+      messages: thread.last_message
+        ? [
+            {
+              from: thread.last_message.from,
+              body: thread.last_message.body,
+              timestamp: new Date(thread.last_message.created_at).getTime(),
+              read: thread.unread === 0
+            }
+          ]
+        : [],
+      unread: thread.unread,
+      lastMessage: thread.last_message?.body,
+      lastTimestamp: thread.last_message ? new Date(thread.last_message.created_at).getTime() : 0
     }));
   } catch (e) {
-    console.error('Inbox v1 failed:', e.message);
-    return [];
+    console.error('Inbox failed:', e.message);
+
+    // Fallback to SQLite if API fails
+    try {
+      const localInbox = sqlite.getInboxThreads(handle);
+      return localInbox.map(thread => ({
+        handle: thread.partner,
+        messages: [thread.latestMessage].map(m => ({
+          from: m.from_handle,
+          body: m.content,
+          timestamp: new Date(m.created_at).getTime(),
+          read: m.status === 'read'
+        })),
+        unread: thread.unreadCount,
+        lastMessage: thread.latestMessage.content,
+        lastTimestamp: new Date(thread.latestMessage.created_at).getTime()
+      }));
+    } catch (sqliteError) {
+      return [];
+    }
   }
 }
 
 async function getUnreadCount(handle) {
   try {
-    // V2: Get from threads endpoint
-    if (USE_V2_MESSAGES) {
-      const result = await request('GET', '/api/v2/threads');
-      if (result.success !== false) {
-        return result.total_unread || 0;
-      }
-    }
-
-    // V1 fallback
+    // Use unified messages endpoint - returns { inbox, unread, bySender }
     const result = await request('GET', `/api/messages?user=${handle}`);
     return result.unread || 0;
   } catch (e) {
@@ -589,196 +473,99 @@ async function getUnreadCount(handle) {
   }
 }
 
-/**
- * Get count of active live broadcasts
- * Used in presence footer to show "X live now"
- */
-async function getLiveBroadcastCount() {
-  try {
-    const result = await request('GET', '/api/watch', null, { auth: false });
-    if (result.broadcasts) {
-      return Object.keys(result.broadcasts).length;
-    }
-    return 0;
-  } catch (e) {
-    return 0;
-  }
-}
-
 // Get raw inbox messages (for notification checks)
-// V2: Fetches threads and constructs message objects from unread threads
-// Read state is synced via Postgres cursors, so if you read on iOS it's reflected here
 async function getRawInbox(handle) {
   try {
-    // V2: Get threads with unread counts (read state synced via Postgres)
+    // Use unified messages endpoint - returns { inbox, unread, bySender }
     const result = await request('GET', `/api/messages?user=${handle}`);
-
-    // V2 format: { threads, total_unread }
-    const threads = result.threads || [];
-
-    // Transform threads with unread messages into message-like objects
-    // for compatibility with notification system
-    const unreadMessages = [];
-
-    for (const thread of threads) {
-      if (thread.unread > 0 && thread.last_message) {
-        // Create message object from thread's last message
-        unreadMessages.push({
-          id: thread.last_message.id,
-          from: thread.last_message.from,
-          to: handle,
-          text: thread.last_message.body,
-          body: thread.last_message.body,
-          createdAt: thread.last_message.created_at,
-          read: false, // If it's in unread threads, it's unread
-          thread_id: thread.id,
-          unread_count: thread.unread,
-        });
-      }
-    }
-
-    return unreadMessages;
+    return result.inbox || [];
   } catch (e) {
-    console.error('[getRawInbox] Error:', e.message);
     return [];
   }
 }
 
 async function getThread(myHandle, theirHandle) {
   try {
-    // V2: Use threads endpoint with thread_id lookup
-    if (USE_V2_MESSAGES) {
-      // First, get threads to find thread_id
-      const threadsResult = await request('GET', '/api/v2/threads');
-
-      if (threadsResult.success !== false) {
-        const thread = (threadsResult.threads || []).find(t =>
-          t.with?.toLowerCase() === theirHandle.toLowerCase()
-        );
-
-        if (thread?.id) {
-          // Get messages in thread
-          const messagesResult = await request('GET', `/api/v2/threads/${thread.id}`);
-
-          if (messagesResult.success !== false) {
-            // Map messages with read receipt info
-            const messages = (messagesResult.messages || []).map(m => ({
-              from: m.from,
-              isAgent: false,
-              body: m.body,
-              payload: m.payload || null,
-              timestamp: new Date(m.created_at).getTime(),
-              direction: m.from === myHandle ? 'sent' : 'received',
-              // Read receipt: for sent messages, has recipient read it?
-              readByThem: m.read_by_them || false,
-            }));
-
-            // Attach their read cursor info to the result
-            messages._theirReadCursor = messagesResult.their_read_cursor;
-            return messages;
-          }
-        }
-      }
+    // V2 MESSAGING: Hybrid approach - SQLite (fast) + API (sync)
 
-      // Fall back to v1 if v2 fails or thread not found
-      console.error('[getThread] V2 failed, falling back to v1');
+    // 1. Get from local SQLite first (instant, works offline)
+    let localMessages = [];
+    try {
+      localMessages = sqlite.getThreadMessages(myHandle, theirHandle);
+    } catch (sqliteError) {
+      console.warn('[SQLite] Failed to read thread:', sqliteError.message);
     }
 
-    // V1 fallback
+    // 2. Fetch from API (sync with backend)
     const result = await request('GET', `/api/messages?user=${myHandle}&with=${theirHandle}`);
-    return (result.thread || []).map(m => ({
+
+    // V2 Postgres: result.messages[] (not result.thread)
+    const apiMessages = result.messages || result.thread || [];
+
+    // 3. Merge API messages into SQLite (for future reads)
+    if (apiMessages.length > 0) {
+      try {
+        sqlite.mergeServerMessages(
+          apiMessages.map(m => ({
+            server_id: m.id || m.messageId,
+            thread_id: m.thread_id || null, // V2 thread_id (if present)
+            from_handle: m.from,
+            to_handle: m.to || (m.from === myHandle ? theirHandle : myHandle),
+            content: m.body || m.text || '', // V2 uses 'body'
+            created_at: m.created_at || m.createdAt || new Date().toISOString(),
+            status: 'delivered',
+            sent_at: m.sent_at || m.sentAt || m.created_at || m.createdAt,
+            delivered_at: m.delivered_at || m.deliveredAt || m.created_at || m.createdAt
+          }))
+        );
+      } catch (sqliteError) {
+        console.warn('[SQLite] Failed to merge messages:', sqliteError.message);
+      }
+    }
+
+    // 4. Return merged result (prefer API for latest, fallback to local)
+    const messages =
+      apiMessages.length > 0
+        ? apiMessages
+        : localMessages.map(m => ({
+            id: m.server_id,
+            from: m.from_handle,
+            to: m.to_handle,
+            body: m.content, // V2 uses 'body'
+            created_at: m.created_at
+          }));
+
+    return messages.map(m => ({
       from: m.from,
-      isAgent: m.isAgent || m.is_agent || false, // Support both naming conventions
-      body: m.text,
+      isAgent: m.isAgent || m.is_agent || false,
+      body: m.body || m.text || m.content || '', // V2: m.body, fallback to legacy
       payload: m.payload || null,
-      timestamp: new Date(m.createdAt).getTime(),
+      timestamp: new Date(m.created_at || m.createdAt).getTime(),
       direction: m.direction
     }));
   } catch (e) {
     console.error('Thread failed:', e.message);
-    return [];
-  }
-}
 
-async function markThreadRead(myHandle, theirHandle, lastMessageId = null) {
-  // V2: Explicit mark read via PATCH
-  if (USE_V2_MESSAGES && lastMessageId) {
+    // Fallback to SQLite if API fails
     try {
-      // Find thread ID
-      const threadsResult = await request('GET', '/api/v2/threads');
-      if (threadsResult.success !== false) {
-        const thread = (threadsResult.threads || []).find(t =>
-          t.with?.toLowerCase() === theirHandle.toLowerCase()
-        );
-
-        if (thread?.id) {
-          await request('PATCH', `/api/v2/threads/${thread.id}/read`, {
-            last_read_id: lastMessageId,
-            client: 'terminal'
-          });
-        }
-      }
-    } catch (e) {
-      console.error('[markThreadRead] V2 error:', e.message);
+      const localMessages = sqlite.getThreadMessages(myHandle, theirHandle);
+      return localMessages.map(m => ({
+        from: m.from_handle,
+        isAgent: false,
+        body: m.content,
+        payload: null,
+        timestamp: new Date(m.created_at).getTime(),
+        direction: m.from_handle === myHandle ? 'sent' : 'received'
+      }));
+    } catch (sqliteError) {
+      return [];
     }
   }
-
-  // V1: No-op - Backend automatically marks messages as read when getThread() is called
-  // See: api/messages.js thread endpoint (GET /api/messages?user=X&with=Y)
 }
 
-/**
- * Mark messages as delivered
- * Called when messages are received via SSE or poll
- * @param {string[]} messageIds - Array of message IDs to mark as delivered
- */
-async function markMessagesDelivered(messageIds) {
-  if (!messageIds || messageIds.length === 0) return { marked: 0 };
-
-  try {
-    const result = await request('POST', '/api/v2/messages/delivered', {
-      message_ids: messageIds
-    });
-
-    return result;
-  } catch (e) {
-    console.error('[markMessagesDelivered] Error:', e.message);
-    return { marked: 0, error: e.message };
-  }
-}
-
-/**
- * Search messages
- * @param {string} query - Search term
- * @param {object} options - Search options
- * @param {string} [options.with] - Filter to conversation with specific user
- * @param {number} [options.limit] - Max results (default 50)
- */
-async function searchMessages(query, options = {}) {
-  try {
-    let url = `/api/v2/messages/search?q=${encodeURIComponent(query)}`;
-
-    if (options.with) {
-      url += `&with=${encodeURIComponent(options.with)}`;
-    }
-    if (options.limit) {
-      url += `&limit=${options.limit}`;
-    }
-    if (options.offset) {
-      url += `&offset=${options.offset}`;
-    }
-
-    const result = await request('GET', url);
-
-    if (result.success === false) {
-      throw new Error(result.error || 'Search failed');
-    }
-
-    return result;
-  } catch (e) {
-    console.error('[searchMessages] Error:', e.message);
-    throw e;
-  }
+async function markThreadRead(myHandle, theirHandle) {
+  // No-op: Backend automatically marks messages as read when getThread() is called
+  // See: api/messages.js thread endpoint (GET /api/messages?user=X&with=Y)
 }
 
 // ============ CONSENT ============
@@ -889,11 +676,11 @@ async function checkInviteCode(code) {
 // ============ AUTH ============
 
 /**
- * Verify an auth token with the server
- * @param {string} token - JWT token from GitHub OAuth
+ * Verify a Privy token with the server
+ * @param {string} token - Privy JWT token
  * @returns {Promise<{valid: boolean, handle?: string, error?: string}>}
  */
-async function verifyAuthToken(token) {
+async function verifyPrivyToken(token) {
   try {
     const result = await request('POST', '/api/auth/verify', {}, { token, auth: true });
 
@@ -1010,38 +797,101 @@ async function getChecklistStatus(handle) {
   }
 }
 
+// ============ FOLLOW ============
+
 /**
- * Track completion of an onboarding task
+ * Follow a user
+ * @param {string} follower - Handle of the follower
+ * @param {string} following - Handle of the user to follow
+ */
+async function followUser(follower, following) {
+  try {
+    const result = await request('POST', '/api/follow', { follower, following });
+    return result;
+  } catch (e) {
+    return { success: false, error: e.message };
+  }
+}
+
+/**
+ * Unfollow a user
+ * @param {string} follower - Handle of the follower
+ * @param {string} following - Handle of the user to unfollow
+ */
+async function unfollowUser(follower, following) {
+  try {
+    const result = await request('DELETE', '/api/follow', { follower, following });
+    return result;
+  } catch (e) {
+    return { success: false, error: e.message };
+  }
+}
+
+/**
+ * Get list of users someone is following
  * @param {string} handle - User handle
- * @param {string} taskId - Task ID (e.g., 'read_welcome', 'reply_seth')
- * @param {Object} metadata - Optional metadata about the completion
- * @returns {Promise<{success: boolean, taskId: string, completedAt: string}>}
  */
-async function trackChecklistCompletion(handle, taskId, metadata = {}) {
+async function getFollowing(handle) {
   try {
-    const result = await request('POST', '/api/onboarding/checklist', {
-      handle,
-      taskId,
-      metadata
-    });
+    const result = await request('GET', `/api/following?handle=${encodeURIComponent(handle)}`);
     return result;
   } catch (e) {
-    console.error('Track checklist completion failed:', e.message);
     return { success: false, error: e.message };
   }
 }
 
 /**
- * Get onboarding data for a user (includes recommended builders)
+ * Get list of followers for a user
  * @param {string} handle - User handle
- * @returns {Promise<{success: boolean, recommendedUsers: Array, ...}>}
  */
-async function getOnboardingData(handle) {
+async function getFollowers(handle) {
+  try {
+    const result = await request('GET', `/api/followers?handle=${encodeURIComponent(handle)}`);
+    return result;
+  } catch (e) {
+    return { success: false, error: e.message };
+  }
+}
+
+// ============ WATCH / LIVE ============
+
+/**
+ * Get all active broadcasts
+ * @returns {Object} { success, broadcasts, upcoming, count }
+ */
+async function getLiveBroadcasts() {
+  try {
+    const result = await request('GET', '/api/live?format=json');
+    return result;
+  } catch (e) {
+    return { success: false, error: e.message };
+  }
+}
+
+/**
+ * Get broadcast info for a specific room
+ * @param {string} roomId - Broadcast room ID
+ * @returns {Object} { success, broadcast }
+ */
+async function getBroadcast(roomId) {
   try {
-    const result = await request('GET', `/api/onboarding/data?handle=${encodeURIComponent(handle)}`);
+    const result = await request('GET', `/api/watch?room=${encodeURIComponent(roomId)}`);
+    return result;
+  } catch (e) {
+    return { success: false, error: e.message };
+  }
+}
+
+/**
+ * Get engagement metrics for a broadcast
+ * @param {string} roomId - Broadcast room ID
+ * @returns {Object} { success, viewers, chat, reactions, engagement }
+ */
+async function getBroadcastMetrics(roomId) {
+  try {
+    const result = await request('GET', `/api/watch/metrics?room=${encodeURIComponent(roomId)}`);
     return result;
   } catch (e) {
-    console.error('Get onboarding data failed:', e.message);
     return { success: false, error: e.message };
   }
 }
@@ -1098,29 +948,6 @@ async function getArtifact(slug) {
   }
 }
 
-/**
- * Update an artifact by ID or slug
- * @param {string} idOrSlug - Artifact ID or slug
- * @param {Object} artifact - Updated artifact data
- */
-async function updateArtifact(idOrSlug, artifact) {
-  try {
-    const result = await request('PUT', `/api/artifacts/${idOrSlug}`, artifact);
-
-    if (result.success === false) {
-      return { success: false, error: result.error || 'Update failed' };
-    }
-
-    return {
-      success: true,
-      artifact: result.artifact
-    };
-  } catch (e) {
-    console.error('Update artifact failed:', e.message);
-    return { success: false, error: e.message };
-  }
-}
-
 /**
  * List artifacts
  * @param {Object} options - { scope: 'mine'|'for-me'|'network', handle, limit }
@@ -1186,11 +1013,6 @@ module.exports = {
   getUnreadCount,
   getThread,
   markThreadRead,
-  markMessagesDelivered,
-  searchMessages,
-
-  // Watch Me Code
-  getLiveBroadcastCount,
 
   // Consent
   getConsentStatus,
@@ -1220,16 +1042,23 @@ module.exports = {
   // Artifacts
   createArtifact,
   getArtifact,
-  updateArtifact,
   listArtifacts,
   sendArtifactCard,
 
   // Onboarding
   getChecklistStatus,
-  trackChecklistCompletion,
-  getOnboardingData,
+
+  // Follow
+  followUser,
+  unfollowUser,
+  getFollowing,
+  getFollowers,
+
+  // Watch / Live
+  getLiveBroadcasts,
+  getBroadcast,
+  getBroadcastMetrics,
 
   // Auth
-  verifyAuthToken,
-  verifyPrivyToken: verifyAuthToken  // Backwards compat alias
+  verifyPrivyToken
 };