npm - specmem-hardwicksoftware - Versions diffs - 3.7.44 → 3.7.46 - Mend

specmem-hardwicksoftware 3.7.44 → 3.7.46

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/README.md +18 -13
package/container/Dockerfile +110 -70
package/container/container-version.json +5 -0
package/embedding-sandbox/warm-start.sh +100 -12
package/package.json +1 -1
package/scripts/global-postinstall.cjs +53 -14
package/scripts/specmem-init.cjs +43 -11
package/specmem/supervisord.conf +1 -1
package/specmem/user-config.json +2 -2

package/README.md CHANGED Viewed

@@ -1,18 +1,13 @@
+## I am aware it currently only works for "root" users in it's full glory
+## Sorry, this was developed on a baremetal VPS with XFCE Desktop
+## Just sudo npm install -g specmem-hardwicksoftware && cd /yourprojectdir && specmem init
+## Sorry guys again working out numerous kinks, look for assistance getting this user ready
+## Hit up a new issue if you find any please, send me your logs on linkedin or smthn!
-## COMPACTION PROXY FIXED - AGENT BEHAVIOR IMPROVEMENT SOON!
 <!-- How to Install SVG -->
 <img src="./svg-sections/readme-how-to-install.svg" alt="How to Install SpecMem on Linux" width="800">
-<br/>
-<!-- Token Compaction Pipeline SVG -->
-<div align="center">
-<picture>
-  <img alt="Token Compaction Pipeline — ~60% Input Token Reduction" src="./svg-sections/readme-token-compaction.svg" width="800">
-</picture>
-</div>
-<br/>
 <!-- Hero Banner -->
 <picture>
@@ -133,6 +128,16 @@ Full technical deep-dive covering architecture, embeddings, database internals,
 </div>
+<br/>
+<!-- Token Compaction Pipeline SVG -->
+<div align="center">
+<picture>
+  <img alt="Token Compaction Pipeline — ~60% Input Token Reduction" src="./svg-sections/readme-token-compaction.svg" width="800">
+</picture>
+</div>
+<br/>
 ---
 ## ⚡ Quick Start
@@ -150,9 +155,9 @@ Full technical deep-dive covering architecture, embeddings, database internals,
 ## 🔓 Root Access (Optional)
 <div align="center">
-<picture>
-  <img alt="Root Access — Optional" src="./svg-sections/readme-why-root.svg" width="800">
-</picture>
+Hell nah, sorry, not a poweruser with control over their debian distro?
+Looks like you aren't intelligent enough to run this technology
+  (IIRC THIS ACTUALLY PREVENTS CORPORTATE FROM INSTALLING BUT IRDC Plus in MY BOOK )
 </div>
 ---

package/container/Dockerfile CHANGED Viewed

@@ -1,30 +1,100 @@
 # ============================================
-# SPECMEM BRAIN CONTAINER
+# SPECMEM BRAIN CONTAINER — MINIMAL BUILD
 # ============================================
-# Everything SpecMem needs, in one rootless container:
+# Everything SpecMem needs, nothing it doesn't:
 #   - PostgreSQL 16 + pgvector
 #   - Python embedding server (frankenstein-embeddings.py)
 #   - Translation server (hardwick-translate.py)
 #   - Mini-COT service (Pythia-410M)
 #   - Supervisord (process manager)
 #
-# Zero root. Zero sudo. Zero system deps beyond Podman.
-# Talks to host Node.js MCP server via unix sockets in /data/run/
-#
-# Build:  podman build -t specmem-brain container/
-# Run:    podman run -d --name specmem-brain -v ./specmem:/data:Z specmem-brain
+# Target: ~3GB final image
 # ============================================
-FROM python:3.11-slim AS base
+# ============================================
+# Stage 1: Python deps builder
+# ============================================
+FROM python:3.11-slim AS python-builder
-# Avoid interactive prompts
-ENV DEBIAN_FRONTEND=noninteractive
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    build-essential \
+    && rm -rf /var/lib/apt/lists/*
+# Constraints file: block ALL nvidia/CUDA packages from ever being installed.
+# pip constraints are absolute — no transitive dep can override them.
+RUN cat > /tmp/constraints.txt <<'EOF'
+nvidia-cuda-runtime-cu12==0.0.0.invalid
+nvidia-cuda-cupti-cu12==0.0.0.invalid
+nvidia-cuda-nvrtc-cu12==0.0.0.invalid
+nvidia-cudnn-cu12==0.0.0.invalid
+nvidia-cufft-cu12==0.0.0.invalid
+nvidia-curand-cu12==0.0.0.invalid
+nvidia-cusolver-cu12==0.0.0.invalid
+nvidia-cusparse-cu12==0.0.0.invalid
+nvidia-nccl-cu12==0.0.0.invalid
+nvidia-nvjitlink-cu12==0.0.0.invalid
+nvidia-nvtx-cu12==0.0.0.invalid
+nvidia-cuda-runtime-cu11==0.0.0.invalid
+nvidia-cuda-cupti-cu11==0.0.0.invalid
+nvidia-cuda-nvrtc-cu11==0.0.0.invalid
+nvidia-cudnn-cu11==0.0.0.invalid
+nvidia-cufft-cu11==0.0.0.invalid
+nvidia-curand-cu11==0.0.0.invalid
+nvidia-cusolver-cu11==0.0.0.invalid
+nvidia-cusparse-cu11==0.0.0.invalid
+nvidia-nccl-cu11==0.0.0.invalid
+nvidia-nvjitlink-cu11==0.0.0.invalid
+nvidia-nvtx-cu11==0.0.0.invalid
+triton==0.0.0.invalid
+EOF
+# Step 1: Install torch CPU-only using --index-url (REPLACES PyPI as primary).
+# This is the ONLY way to guarantee pip doesn't pull CUDA torch from PyPI.
+RUN pip install --no-cache-dir \
+    --index-url https://download.pytorch.org/whl/cpu \
+    torch
+# Step 2: Install everything else from PyPI. torch is already satisfied
+# from step 1 so pip won't re-download it. Constraints block nvidia.
+RUN pip install --no-cache-dir \
+    -c /tmp/constraints.txt \
+    sentence-transformers \
+    onnxruntime \
+    psycopg2-binary \
+    numpy \
+    transformers \
+    argostranslate \
+    ctranslate2 \
+    sentencepiece \
+    emoji \
+    opencc-python-reimplemented
+# Verify no nvidia packages made it through
+RUN pip list | grep -i nvidia && echo "NVIDIA PACKAGES FOUND - BUILD SHOULD FAIL" && exit 1 || echo "Clean: no nvidia packages"
+# Strip bloat from installed packages
+RUN find /usr/local/lib/python3.11/site-packages -type d \
+    \( -name "test" -o -name "tests" -o -name "__pycache__" \) \
+    -exec rm -rf {} + 2>/dev/null; \
+    find /usr/local/lib/python3.11/site-packages -name "*.pyc" -delete 2>/dev/null; \
+    rm -rf /usr/local/lib/python3.11/site-packages/torch/testing 2>/dev/null; \
+    rm -rf /usr/local/lib/python3.11/site-packages/torch/utils/benchmark 2>/dev/null; \
+    rm -rf /usr/local/lib/python3.11/site-packages/torch/include 2>/dev/null; \
+    rm -rf /usr/local/lib/python3.11/site-packages/torch/share 2>/dev/null; \
+    rm -rf /usr/local/lib/python3.11/site-packages/caffe2 2>/dev/null; \
+    find /usr/local/lib/python3.11/site-packages -name "*.so" \
+    -exec strip --strip-unneeded {} \; 2>/dev/null; \
+    true
 # ============================================
-# Stage 1: System packages
+# Stage 2: Final minimal image
 # ============================================
+FROM python:3.11-slim
+ENV DEBIAN_FRONTEND=noninteractive
+# PostgreSQL 16 + pgvector + supervisor — single layer, full cleanup
 RUN apt-get update && apt-get install -y --no-install-recommends \
-    # PostgreSQL 16 + pgvector
     gnupg2 lsb-release curl ca-certificates \
     && echo "deb http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" \
        > /etc/apt/sources.list.d/pgdg.list \
@@ -33,85 +103,55 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
     && apt-get update && apt-get install -y --no-install-recommends \
     postgresql-16 \
     postgresql-16-pgvector \
-    # Process manager
     supervisor \
-    # Cleanup
     && apt-get purge -y gnupg2 lsb-release curl \
-    && apt-get autoremove -y \
-    && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
+    && apt-get autoremove -y --purge \
+    && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* \
+    /usr/share/doc /usr/share/man /usr/share/locale \
+    /var/log/* /var/cache/*
-# ============================================
-# Stage 2: Python dependencies (CPU-only torch)
-# ============================================
-RUN pip install --no-cache-dir \
-    torch --index-url https://download.pytorch.org/whl/cpu \
-    && pip install --no-cache-dir \
-    sentence-transformers[onnx] \
-    onnxruntime \
-    psycopg2-binary \
-    numpy \
-    transformers
-# Argos Translate + deps (for hardwick-translate.py)
-RUN pip install --no-cache-dir \
-    argostranslate \
-    ctranslate2 \
-    sentencepiece \
-    emoji \
-    opencc-python-reimplemented
+# Copy Python packages from builder (no --prefix, just site-packages)
+COPY --from=python-builder /usr/local/lib/python3.11/site-packages /usr/local/lib/python3.11/site-packages
+COPY --from=python-builder /usr/local/bin /usr/local/bin
-# ============================================
-# Stage 3: Copy pre-optimized models from package
-# ============================================
-# Models are already in the npm package — no download needed!
-# - all-MiniLM-L6-v2 (ONNX quantized) — embedding model
-# - argos-translate models — translation models
 WORKDIR /app
-COPY embedding-sandbox/models/ /app/models/
-# ============================================
-# Stage 4: Copy application files
-# ============================================
-COPY embedding-sandbox/frankenstein-embeddings.py /app/frankenstein-embeddings.py
-COPY embedding-sandbox/hardwick-translate.py /app/hardwick-translate.py
-COPY embedding-sandbox/mini-cot-service.py /app/mini-cot-service.py
-# Pythia-410M pre-optimized model (ONNX int8 quantized)
-# Pre-built by optimize-pythia.py and shipped with npm package — no download needed!
-# If model dir doesn't exist in models/ yet, it will be built on first `npm run optimize-pythia`
-COPY container/supervisord.conf /etc/supervisor/conf.d/specmem.conf
-COPY container/entrypoint.sh /app/entrypoint.sh
-COPY container/healthcheck.sh /app/healthcheck.sh
-COPY container/sock_check.py /app/sock_check.py
+# Create non-root user BEFORE copying files so COPY --chown works
+# without creating a duplicate chown layer
+RUN useradd -r -m -s /bin/bash specmem && \
+    mkdir -p /data && chown specmem:specmem /data
+# Models
+COPY --chown=specmem:specmem embedding-sandbox/models/ /app/models/
+# Application files
+COPY --chown=specmem:specmem embedding-sandbox/frankenstein-embeddings.py /app/frankenstein-embeddings.py
+COPY --chown=specmem:specmem embedding-sandbox/hardwick-translate.py /app/hardwick-translate.py
+COPY --chown=specmem:specmem embedding-sandbox/mini-cot-service.py /app/mini-cot-service.py
+# Container config
+COPY --chown=specmem:specmem container/supervisord.conf /etc/supervisor/conf.d/specmem.conf
+COPY --chown=specmem:specmem container/entrypoint.sh /app/entrypoint.sh
+COPY --chown=specmem:specmem container/healthcheck.sh /app/healthcheck.sh
+COPY --chown=specmem:specmem container/sock_check.py /app/sock_check.py
 RUN chmod +x /app/entrypoint.sh /app/healthcheck.sh
-# ============================================
-# Stage 5: Configure PostgreSQL for container
-# ============================================
-# PostgreSQL data and sockets live in /data/ (volume mount)
-# No systemd - we manage postgres directly via pg_ctl
+# PostgreSQL config
 ENV PGDATA=/data/pgdata
 ENV PGHOST=/data/run
 ENV PGPORT=5432
 ENV PGUSER=specmem
 ENV PGDATABASE=specmem
-# Embedding model path (pre-downloaded)
+# Model paths
 ENV SPECMEM_MODEL_PATH=/app/models/all-MiniLM-L6-v2
 ENV SENTENCE_TRANSFORMERS_HOME=/app/models
-# Resource defaults (overridable) — crawl mode: 1 thread
+# CPU-only resource limits
 ENV OMP_NUM_THREADS=1
 ENV MKL_NUM_THREADS=1
 ENV OPENBLAS_NUM_THREADS=1
-# Create specmem user to run services (postgres won't run as root)
-RUN useradd -r -m -s /bin/bash specmem && \
-    mkdir -p /data && chown -R specmem:specmem /data /app
-# Volume mount point
 VOLUME /data
 USER specmem
 ENTRYPOINT ["/app/entrypoint.sh"]

package/container/container-version.json ADDED Viewed

@@ -0,0 +1,5 @@
+{
+  "version": "1.0.0",
+  "image": "ghcr.io/jonhardwick-spec/specmem-brain",
+  "minSpecmemVersion": "3.7.0"
+}

package/embedding-sandbox/warm-start.sh CHANGED Viewed

@@ -8,8 +8,8 @@
 #   4. No container -> create & run + COLD START (slow, ~20-30s + full feed)
 #
 # VERSION SAFETY:
-#   - Every container gets specmem.version label
-#   - Before using ANY container, check version label
+#   - Every container gets specmem.container_version label (decoupled from npm version)
+#   - Before using ANY container, check container_version label
 #   - Missing/mismatched version = KILL & REBUILD (old code!)
 #
 # On idle: Container is PAUSED (not stopped) - stays in RAM, 0% CPU
@@ -22,9 +22,19 @@ set -e
 # Get specmem installation directory
 SPECMEM_DIR="$(cd "$(dirname "$0")/.." && pwd)"
-# Get specmem version from package.json
+# Get specmem version from package.json (informational only)
 SPECMEM_VERSION=$(node -p "require('$SPECMEM_DIR/package.json').version" 2>/dev/null || echo "0.0.0")
+# Get CONTAINER version from container-version.json (used for rebuild decisions)
+CONTAINER_VERSION_FILE="$SPECMEM_DIR/container/container-version.json"
+if [ -f "$CONTAINER_VERSION_FILE" ]; then
+    CONTAINER_VERSION=$(node -p "require('$CONTAINER_VERSION_FILE').version" 2>/dev/null || echo "1.0.0")
+    REGISTRY_IMAGE=$(node -p "require('$CONTAINER_VERSION_FILE').image" 2>/dev/null || echo "ghcr.io/hardwicksoftware/specmem-brain")
+else
+    CONTAINER_VERSION="1.0.0"
+    REGISTRY_IMAGE="ghcr.io/hardwicksoftware/specmem-brain"
+fi
 # SOCKET PATH RESOLUTION (in priority order):
 # 1. SPECMEM_EMBEDDING_SOCKET env var (per-project, set by hooks)
 # 2. SPECMEM_SOCKET_DIR env var + embeddings.sock
@@ -93,9 +103,16 @@ CPU_LIMIT="${SPECMEM_EMBEDDING_CPU_LIMIT:-0.5}"
 # Warm start feeder script
 FEEDER_SCRIPT="$SPECMEM_DIR/embedding-sandbox/warm_start_feeder.py"
-# Check container version label
+# Check container version label (uses container_version for rebuild decisions)
 get_container_version() {
-    docker inspect --format='{{index .Config.Labels "specmem.version"}}' "$CONTAINER_NAME" 2>/dev/null || echo ""
+    # First try new label, fall back to legacy label
+    local ver
+    ver=$(docker inspect --format='{{index .Config.Labels "specmem.container_version"}}' "$CONTAINER_NAME" 2>/dev/null || echo "")
+    if [ -z "$ver" ] || [ "$ver" = "<no value>" ]; then
+        # Fall back to legacy specmem.version label for old containers
+        ver=$(docker inspect --format='{{index .Config.Labels "specmem.version"}}' "$CONTAINER_NAME" 2>/dev/null || echo "")
+    fi
+    echo "$ver"
 }
 # Check if version matches current specmem
@@ -105,18 +122,18 @@ version_matches() {
         log "VERSION CHECK: No version label (old code!)"
         return 1
     fi
-    if [ "$container_version" != "$SPECMEM_VERSION" ]; then
-        log "VERSION CHECK: Mismatch - container=$container_version, specmem=$SPECMEM_VERSION (old code!)"
+    if [ "$container_version" != "$CONTAINER_VERSION" ]; then
+        log "VERSION CHECK: Mismatch - container=$container_version, expected=$CONTAINER_VERSION"
         return 1
     fi
-    log "VERSION CHECK: OK - $container_version"
+    log "VERSION CHECK: OK - container_version=$container_version"
     return 0
 }
 # Kill container due to version mismatch
 kill_old_version() {
     local old_version=$(get_container_version)
-    log "KILLING OLD VERSION: $old_version != $SPECMEM_VERSION"
+    log "KILLING OLD VERSION: $old_version != $CONTAINER_VERSION"
     docker rm -f "$CONTAINER_NAME" 2>/dev/null || true
     rm -f "$SOCKET_PATH"
 }
@@ -175,6 +192,43 @@ get_container_state() {
     docker inspect --format='{{.State.Status}}' "$CONTAINER_NAME" 2>/dev/null || true
 }
+# Background container auto-update check
+# Compares ~/.specmem/container-state.json vs container-version.json
+# If newer version available, pulls in background for next cold start
+check_container_update() {
+    local STATE_FILE="${HOME}/.specmem/container-state.json"
+    if [ ! -f "$STATE_FILE" ]; then
+        return  # No state file = first run, skip update check
+    fi
+    local CURRENT_CV
+    CURRENT_CV=$(node -p "try{JSON.parse(require('fs').readFileSync('$STATE_FILE','utf8')).currentVersion}catch(e){''}" 2>/dev/null || echo "")
+    if [ -n "$CURRENT_CV" ] && [ "$CURRENT_CV" != "$CONTAINER_VERSION" ]; then
+        log "UPDATE CHECK: Container update available: $CURRENT_CV -> $CONTAINER_VERSION"
+        local REGISTRY_FULL_IMAGE="${REGISTRY_IMAGE}:${CONTAINER_VERSION}"
+        # Background pull — don't block the user
+        (
+            if docker pull "$REGISTRY_FULL_IMAGE" 2>/dev/null; then
+                docker tag "$REGISTRY_FULL_IMAGE" "$IMAGE_NAME" 2>/dev/null
+                # Update state file
+                mkdir -p "${HOME}/.specmem"
+                cat > "$STATE_FILE" <<UPDATEJSON
+{
+  "currentVersion": "$CONTAINER_VERSION",
+  "lastPulled": "$(date -u +%Y-%m-%dT%H:%M:%SZ)",
+  "imageId": "$(docker inspect --format='{{.Id}}' "$IMAGE_NAME" 2>/dev/null || echo "")",
+  "source": "registry-update"
+}
+UPDATEJSON
+                log "UPDATE CHECK: Pull complete. New image ready for next cold start."
+            else
+                log "UPDATE CHECK: Pull failed, will retry next time."
+            fi
+        ) &
+    fi
+}
 # Feed overflow queue after warm start
 feed_overflow() {
     if [ -f "$FEEDER_SCRIPT" ]; then
@@ -208,9 +262,12 @@ main() {
     ensure_socket_dir
     log "=========================================="
-    log "WARM START v$SPECMEM_VERSION"
+    log "WARM START v$SPECMEM_VERSION (container_version=$CONTAINER_VERSION)"
     log "=========================================="
+    # Check for container updates in background (non-blocking)
+    check_container_update
     # Quick check - already running and responsive?
     if socket_alive; then
         # But check version first!
@@ -280,15 +337,45 @@ main() {
         *)
             # No container - cold start (only happens once per version)
-            log "Creating new container (cold start) with version $SPECMEM_VERSION..."
+            log "Creating new container (cold start) with container_version=$CONTAINER_VERSION..."
             rm -f "$SOCKET_PATH"
             # Remove any old container with same name
             docker rm -f "$CONTAINER_NAME" 2>/dev/null || true
+            # Pull-first: try registry image before falling back to local
+            REGISTRY_FULL_IMAGE="${REGISTRY_IMAGE}:${CONTAINER_VERSION}"
+            if ! docker image inspect "$IMAGE_NAME" &>/dev/null; then
+                log "No local image found, trying registry pull: $REGISTRY_FULL_IMAGE"
+                if docker pull "$REGISTRY_FULL_IMAGE" 2>/dev/null; then
+                    docker tag "$REGISTRY_FULL_IMAGE" "$IMAGE_NAME"
+                    log "Pulled and tagged registry image as $IMAGE_NAME"
+                    # Store container state
+                    SPECMEM_STATE_DIR="${HOME}/.specmem"
+                    mkdir -p "$SPECMEM_STATE_DIR"
+                    cat > "$SPECMEM_STATE_DIR/container-state.json" <<STATEJSON
+{
+  "currentVersion": "$CONTAINER_VERSION",
+  "lastPulled": "$(date -u +%Y-%m-%dT%H:%M:%SZ)",
+  "imageId": "$(docker inspect --format='{{.Id}}' "$IMAGE_NAME" 2>/dev/null || echo "")",
+  "source": "registry"
+}
+STATEJSON
+                else
+                    log "Registry pull failed, will use local image if available"
+                fi
+            fi
+            # If still no image, build locally (air-gapped fallback)
+            if ! docker image inspect "$IMAGE_NAME" &>/dev/null; then
+                log "Building image locally from $SPECMEM_DIR/container/"
+                docker build -t "$IMAGE_NAME" "$SPECMEM_DIR/container/"
+            fi
             # Create and run with network disabled (air-gapped security)
             # Mount socket directory for access (per-project or /tmp for machine-shared)
-            # CRITICAL: Add specmem.version label!
+            # CRITICAL: Add specmem.container_version label!
             # Determine mount strategy
             if [ "$SOCKET_DIR" = "/tmp" ]; then
@@ -315,6 +402,7 @@ main() {
                 -e "SPECMEM_CPU_THREADS=1" \
                 -e "SPECMEM_EMBEDDING_MAX_WORKERS=4" \
                 -l "specmem.user=$USER_ID" \
+                -l "specmem.container_version=$CONTAINER_VERSION" \
                 -l "specmem.version=$SPECMEM_VERSION" \
                 -l "specmem.created=$(date +%s)" \
                 -l "specmem.socket=$SOCKET_PATH" \

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "specmem-hardwicksoftware",
-  "version": "3.7.44",
+  "version": "3.7.46",
   "type": "module",
   "description": "Your Claude Code sessions don't have to start from scratch anymore — SpecMem gives your AI real memory. It won't forget your conversations, your code, or your architecture decisions between sessions. That's the whole point. Semantic code indexing that actually works: TypeScript, JavaScript, Python, Go, Rust, Java, Kotlin, C, C++, HTML and more. It doesn't just track functions — it gets classes, methods, fields, constants, enums, macros, imports, structs, the whole codebase graph. There's chat memory too, powered by pgvector embeddings. You've also got token compression, team coordination, multi-agent comms, and file watching built in. 74+ MCP tools. Runs on PostgreSQL + Docker. It's kind of a big deal. justcalljon.pro",
   "main": "dist/index.js",

package/scripts/global-postinstall.cjs CHANGED Viewed

@@ -76,20 +76,51 @@ if (currentPlatform === 'darwin') {
 }
 if (!isGlobalInstall) {
-  console.log('\n\x1b[33m╔════════════════════════════════════════════════════════════╗\x1b[0m');
-  console.log('\x1b[33m║\x1b[0m  \x1b[1m\x1b[31m⚠ SPECMEM MUST BE INSTALLED GLOBALLY\x1b[0m                      \x1b[33m║\x1b[0m');
-  console.log('\x1b[33m╠════════════════════════════════════════════════════════════╣\x1b[0m');
-  console.log('\x1b[33m║\x1b[0m                                                            \x1b[33m║\x1b[0m');
-  console.log('\x1b[33m║\x1b[0m  You ran:  npm install specmem-hardwicksoftware           \x1b[33m║\x1b[0m');
-  console.log('\x1b[33m║\x1b[0m                                                            \x1b[33m║\x1b[0m');
-  console.log('\x1b[33m║\x1b[0m  \x1b[1m\x1b[32mCorrect command:\x1b[0m                                         \x1b[33m║\x1b[0m');
-  console.log('\x1b[33m║\x1b[0m  \x1b[1m\x1b[36m  npm install -g specmem-hardwicksoftware\x1b[0m                 \x1b[33m║\x1b[0m');
-  console.log('\x1b[33m║\x1b[0m                                                            \x1b[33m║\x1b[0m');
-  console.log('\x1b[33m║\x1b[0m  SpecMem is a CLI tool that integrates with Claude Code.  \x1b[33m║\x1b[0m');
-  console.log('\x1b[33m║\x1b[0m  It must be installed globally to work properly.          \x1b[33m║\x1b[0m');
-  console.log('\x1b[33m║\x1b[0m                                                            \x1b[33m║\x1b[0m');
-  console.log('\x1b[33m╚════════════════════════════════════════════════════════════╝\x1b[0m\n');
-  process.exit(0); // Exit cleanly so npm doesn't show error
+  // LOCAL INSTALL: Create wrapper scripts in ~/.local/bin/
+  const LOCAL_BIN = path.join(os.homedir(), '.local', 'bin');
+  const SPECMEM_PKG = path.dirname(__dirname);
+  console.log('\n\x1b[36m╔════════════════════════════════════════════════════════════╗\x1b[0m');
+  console.log('\x1b[36m║\x1b[0m  \x1b[1mSpecMem: Local install detected\x1b[0m                          \x1b[36m║\x1b[0m');
+  console.log('\x1b[36m╠════════════════════════════════════════════════════════════╣\x1b[0m');
+  console.log('\x1b[36m║\x1b[0m  Setting up CLI wrappers in ~/.local/bin/                 \x1b[36m║\x1b[0m');
+  console.log('\x1b[36m║\x1b[0m  Using container mode (no root needed)                    \x1b[36m║\x1b[0m');
+  console.log('\x1b[36m╚════════════════════════════════════════════════════════════╝\x1b[0m');
+  try {
+    fs.mkdirSync(LOCAL_BIN, { recursive: true });
+    // Create wrapper scripts for each CLI entry point
+    const wrappers = {
+      'specmem': 'bin/specmem-cli.cjs',
+      'specmem-init': 'scripts/specmem-init.cjs',
+      'specmem-console': 'bin/specmem-console.cjs',
+    };
+    for (const [cmd, relPath] of Object.entries(wrappers)) {
+      const targetScript = path.join(SPECMEM_PKG, relPath);
+      const wrapperPath = path.join(LOCAL_BIN, cmd);
+      const wrapperContent = `#!/bin/sh\nexec node "${targetScript}" "$@"\n`;
+      fs.writeFileSync(wrapperPath, wrapperContent, { mode: 0o755 });
+      console.log(`  \x1b[32m✓\x1b[0m Created ${wrapperPath}`);
+    }
+    // Check if ~/.local/bin is in PATH
+    const userPath = process.env.PATH || '';
+    if (!userPath.includes(LOCAL_BIN)) {
+      console.log(`\n  \x1b[33m⚠\x1b[0m Add ~/.local/bin to your PATH:`);
+      console.log(`    \x1b[36mexport PATH="$HOME/.local/bin:$PATH"\x1b[0m`);
+      console.log(`    Add this to your ~/.bashrc or ~/.zshrc\n`);
+    } else {
+      console.log(`\n  \x1b[32m✓\x1b[0m ~/.local/bin is already in PATH`);
+    }
+    console.log(`  \x1b[32m✓\x1b[0m Run \x1b[1mspecmem-init\x1b[0m to complete setup\n`);
+  } catch (e) {
+    console.log(`  \x1b[31m✗\x1b[0m Failed to create wrappers: ${e.message}`);
+    console.log(`  \x1b[33m⚠\x1b[0m You can still use: npx specmem-hardwicksoftware\n`);
+  }
+  process.exit(0);
 }
 // Colors for terminal output
@@ -2221,6 +2252,14 @@ ${c.red}${c.bright}╠═══════════════════
     if (canInstallSystem) {
       // Step 0: Install ALL core system deps FIRST
       installCoreDeps();
+    } else if (needsSudo.length > 0) {
+      // Non-root: skip system deps, use container-only mode
+      log.warn('No root access — using container-only mode (no system PG/Python needed)');
+      log.info(`Container bundles everything. You only need Docker or Podman.`);
+      if (!dockerAvailable) {
+        log.warn('Docker not found! Install Docker (or rootless Podman) for container mode.');
+        log.info('  See: https://docs.docker.com/engine/install/');
+      }
     }
     // Step 0a: Claude Code (REQUIRED) - no sudo needed

package/scripts/specmem-init.cjs CHANGED Viewed

@@ -2860,14 +2860,14 @@ const qoms = {
 //   DEAD     → Clean immediately (broken garbage)
 //
 // VERSION SAFETY:
-//   - Every container gets labeled with specmem.version on creation
-//   - Before using ANY container, check specmem.version label
+//   - Every container gets labeled with specmem.container_version on creation
+//   - Before using ANY container, check container_version label (NOT npm version)
 //   - Missing label = old code = KILL IT
 //   - Version mismatch = old code = KILL IT
 //   - Only exact version match = safe to use
 // ============================================================================
-// Get current specmem version from package.json
+// Get current specmem version from package.json (informational only)
 function getSpecmemVersion() {
   try {
     const pkgPath = path.join(__dirname, '..', 'package.json');
@@ -2878,7 +2878,19 @@ function getSpecmemVersion() {
   }
 }
+// Get container version from container-version.json (used for rebuild decisions)
+function getContainerVersionInfo() {
+  try {
+    const cvPath = path.join(__dirname, '..', 'container', 'container-version.json');
+    return JSON.parse(fs.readFileSync(cvPath, 'utf8'));
+  } catch (e) {
+    return { version: '1.0.0', image: 'ghcr.io/jonhardwick-spec/specmem-brain', minSpecmemVersion: '3.7.0' };
+  }
+}
 const SPECMEM_VERSION = getSpecmemVersion();
+const CONTAINER_VERSION_INFO = getContainerVersionInfo();
+const CONTAINER_VERSION = CONTAINER_VERSION_INFO.version;
 /**
  * Check if a container has the correct specmem version
@@ -2894,16 +2906,24 @@ function checkContainerVersion(containerId) {
   };
   try {
-    // Get the specmem.version label
-    const labelOutput = execSync(
-      `docker inspect --format='{{index .Config.Labels "specmem.version"}}' ${containerId} 2>/dev/null`,
+    // Try new container_version label first, fall back to legacy specmem.version
+    let labelOutput = execSync(
+      `docker inspect --format='{{index .Config.Labels "specmem.container_version"}}' ${containerId} 2>/dev/null`,
       { encoding: 'utf8' }
     ).trim();
+    if (!labelOutput || labelOutput === '<no value>' || labelOutput === '') {
+      // Fall back to legacy label for old containers
+      labelOutput = execSync(
+        `docker inspect --format='{{index .Config.Labels "specmem.version"}}' ${containerId} 2>/dev/null`,
+        { encoding: 'utf8' }
+      ).trim();
+    }
     if (labelOutput && labelOutput !== '<no value>' && labelOutput !== '') {
       result.hasVersion = true;
       result.version = labelOutput;
-      result.matches = labelOutput === SPECMEM_VERSION;
+      result.matches = labelOutput === CONTAINER_VERSION;
       result.needsRebuild = !result.matches;
     }
   } catch (e) {
@@ -2946,6 +2966,7 @@ async function cleanupDockerContainers() {
     errors: [],
     dockerAvailable: false,
     currentVersion: SPECMEM_VERSION,
+    containerVersion: CONTAINER_VERSION,
   };
   try {
@@ -3000,14 +3021,14 @@ async function cleanupDockerContainers() {
         // Kill containers with version mismatch (OLD CODE!) - ONLY for THIS project
         if (versionCheck.needsRebuild && status !== 'Dead') {
           const oldVersion = versionCheck.version || 'MISSING';
-          if (killOutdatedContainer(id, `version mismatch: ${oldVersion} != ${SPECMEM_VERSION}`)) {
+          if (killOutdatedContainer(id, `container version mismatch: ${oldVersion} != ${CONTAINER_VERSION}`)) {
             results.versionMismatch++;
             results.cleaned.push({
               id,
               name,
               type: 'version_mismatch',
               oldVersion,
-              newVersion: SPECMEM_VERSION,
+              newVersion: CONTAINER_VERSION,
               wasState: status?.includes('Paused') ? 'paused' : (status?.startsWith('Up') ? 'running' : 'exited'),
             });
           }
@@ -10066,9 +10087,19 @@ ${lastOutput}
     // ==========================================================================
     // STAGE 1: MODEL DOWNLOAD — auto-fetch any missing ML models
+    // SKIP if container mode (models are in the brain container image)
     // ==========================================================================
     ui.setStage(1, 'MODEL DOWNLOAD');
-    await ensureModels(ui);
+    // Check if container runtime is available - if so, models are in container, skip download
+    const rtForModels = (() => {
+      try { execSync('which podman 2>/dev/null', { stdio: 'pipe' }); return 'podman'; } catch { try { execSync('which docker 2>/dev/null', { stdio: 'pipe' }); return 'docker'; } catch { return null; } }
+    })();
+    if (rtForModels) {
+      initLog('[MODELS] Container runtime detected — models are in container image, skipping host download');
+      if (ui) ui.setSubStatus('✓ Models in container (skipping host download)');
+    } else {
+      await ensureModels(ui);
+    }
     // ==========================================================================
     // CONTAINER FAST-PATH: If podman/docker is available, use container mode
@@ -10164,7 +10195,8 @@ ${lastOutput}
       // Stage 3: Container engine — pull image if needed
       ui.setStage(3, 'CONTAINER ENGINE');
       ui.setStatus('Pulling specmem-brain image...');
-      const containerImage = process.env.SPECMEM_CONTAINER_IMAGE || 'ghcr.io/hardwicksoftware/specmem-brain:latest';
+      const cvInfo = getContainerVersionInfo();
+      const containerImage = process.env.SPECMEM_CONTAINER_IMAGE || `${cvInfo.image}:${cvInfo.version}`;
       const rtCmd = (() => {
         try { execSync('which podman 2>/dev/null', { stdio: 'pipe' }); return 'podman'; } catch { return 'docker'; }
       })();

package/specmem/supervisord.conf CHANGED Viewed

@@ -1,6 +1,6 @@
 ; ============================================
 ; SPECMEM BRAIN CONTAINER - DYNAMIC SUPERVISORD CONFIG
-; Generated by specmem-init at 2026-03-09T18:56:25.444Z
+; Generated by specmem-init at 2026-03-10T03:09:08.421Z
 ; Thread counts from model-config.json resourcePool
 ; ============================================

package/specmem/user-config.json CHANGED Viewed

@@ -5,8 +5,8 @@
   "cpuMin": 25,
   "ramMinMb": 4000,
   "serviceMode": {
-    "enabled": false,
-    "disabledAt": "2026-02-18T21:38:50.526Z"
+    "enabled": true,
+    "enabledAt": "2026-03-10T02:21:32.753Z"
   },
   "powerMode": {
     "level": "high",