token-pilot 0.19.2 → 0.23.0

package/dist/cli/uninstall-agents.d.ts

@@ -0,0 +1,36 @@
+/**
+ * Phase 5 subtask 5.5 — uninstall tp-* agents.
+ *
+ * Removes only files in the target scope's `.claude/agents/` that have
+ * `token_pilot_body_hash` in their frontmatter. Files without the marker
+ * are user-owned and are never touched. Scope is required — no global
+ * default — to prevent accidental deletion from the wrong location.
+ *
+ * Symmetric to install-agents: separation of core (uninstallAgents) and
+ * CLI wrapper (handleUninstallAgents) mirrors the Phase 3 bless/unbless
+ * split.
+ */
+export type Scope = "user" | "project";
+export interface UninstallOptions {
+    scope: Scope;
+    projectRoot: string;
+    homeDir: string;
+}
+export interface UninstallResult {
+    removed: string[];
+    skipped: Array<{
+        name: string;
+        reason: string;
+    }>;
+    targetDir: string;
+}
+export declare function uninstallAgents(opts: UninstallOptions): Promise<UninstallResult>;
+/**
+ * CLI entry: `token-pilot uninstall-agents --scope=user|project`.
+ * Returns the exit code (0 success, 1 error).
+ */
+export declare function handleUninstallAgents(argv: string[], opts?: {
+    homeDir?: string;
+    projectRoot?: string;
+}): Promise<number>;
+//# sourceMappingURL=uninstall-agents.d.ts.map

package/dist/cli/uninstall-agents.js

@@ -0,0 +1,117 @@
+/**
+ * Phase 5 subtask 5.5 — uninstall tp-* agents.
+ *
+ * Removes only files in the target scope's `.claude/agents/` that have
+ * `token_pilot_body_hash` in their frontmatter. Files without the marker
+ * are user-owned and are never touched. Scope is required — no global
+ * default — to prevent accidental deletion from the wrong location.
+ *
+ * Symmetric to install-agents: separation of core (uninstallAgents) and
+ * CLI wrapper (handleUninstallAgents) mirrors the Phase 3 bless/unbless
+ * split.
+ */
+import { readdir, readFile, unlink } from "node:fs/promises";
+import { homedir } from "node:os";
+import { join } from "node:path";
+import { parseFrontmatter } from "./agent-frontmatter.js";
+function targetDirFor(opts) {
+    const root = opts.scope === "user" ? opts.homeDir : opts.projectRoot;
+    return join(root, ".claude", "agents");
+}
+function hasTpHashMarker(meta) {
+    const h = meta.token_pilot_body_hash;
+    return typeof h === "string" && h.length > 0;
+}
+export async function uninstallAgents(opts) {
+    const target = targetDirFor(opts);
+    const result = {
+        removed: [],
+        skipped: [],
+        targetDir: target,
+    };
+    let entries;
+    try {
+        entries = await readdir(target);
+    }
+    catch {
+        // Target dir missing → nothing to do.
+        return result;
+    }
+    const tpFiles = entries.filter((f) => f.endsWith(".md") && f.startsWith("tp-"));
+    for (const entry of tpFiles) {
+        const name = entry.replace(/\.md$/, "");
+        const fullPath = join(target, entry);
+        let md;
+        try {
+            md = await readFile(fullPath, "utf-8");
+        }
+        catch {
+            result.skipped.push({ name, reason: "read failed" });
+            continue;
+        }
+        let meta;
+        try {
+            ({ meta } = parseFrontmatter(md));
+        }
+        catch {
+            result.skipped.push({ name, reason: "malformed frontmatter" });
+            continue;
+        }
+        if (!hasTpHashMarker(meta)) {
+            result.skipped.push({
+                name,
+                reason: "not installed by token-pilot (no token_pilot_body_hash)",
+            });
+            continue;
+        }
+        try {
+            await unlink(fullPath);
+            result.removed.push(name);
+        }
+        catch {
+            result.skipped.push({ name, reason: "delete failed" });
+        }
+    }
+    return result;
+}
+// ─── CLI wrapper ─────────────────────────────────────────────────────────────
+function parseFlag(argv, key) {
+    for (const a of argv) {
+        if (a === `--${key}`)
+            return "true";
+        if (a.startsWith(`--${key}=`))
+            return a.slice(key.length + 3);
+    }
+    return undefined;
+}
+/**
+ * CLI entry: `token-pilot uninstall-agents --scope=user|project`.
+ * Returns the exit code (0 success, 1 error).
+ */
+export async function handleUninstallAgents(argv, opts) {
+    const scopeArg = parseFlag(argv, "scope");
+    if (scopeArg !== "user" && scopeArg !== "project") {
+        process.stderr.write("Usage: token-pilot uninstall-agents --scope=user|project\n");
+        return 1;
+    }
+    const result = await uninstallAgents({
+        scope: scopeArg,
+        projectRoot: opts?.projectRoot ?? process.cwd(),
+        homeDir: opts?.homeDir ?? homedir(),
+    });
+    if (result.removed.length > 0) {
+        const plural = result.removed.length === 1 ? "agent" : "agents";
+        process.stderr.write(`[token-pilot] Removed ${result.removed.length} ${plural} from ${result.targetDir}.\n`);
+    }
+    if (result.skipped.length > 0) {
+        process.stderr.write(`[token-pilot] Skipped ${result.skipped.length}:\n`);
+        for (const s of result.skipped) {
+            process.stderr.write(`  - ${s.name}: ${s.reason}\n`);
+        }
+    }
+    if (result.removed.length === 0 && result.skipped.length === 0) {
+        process.stderr.write(`[token-pilot] No tp-* agents found in ${result.targetDir}.\n`);
+    }
+    return 0;
+}
+//# sourceMappingURL=uninstall-agents.js.map

package/dist/config/defaults.d.ts

@@ -1,3 +1,3 @@
-import type { TokenPilotConfig } from '../types.js';
+import type { TokenPilotConfig } from "../types.js";
 export declare const DEFAULT_CONFIG: TokenPilotConfig;
 //# sourceMappingURL=defaults.d.ts.map

package/dist/config/defaults.js

@@ -26,6 +26,9 @@ export const DEFAULT_CONFIG = {
         interceptRead: true,
         autoInstall: true,
         denyThreshold: 300,
+        mode: "deny-enhanced",
+        adaptiveThreshold: false,
+        adaptiveBudgetTokens: 100_000,
     },
     context: {
         estimateTokens: true,
@@ -40,7 +43,7 @@ export const DEFAULT_CONFIG = {
         actionableHints: true,
     },
     contextMode: {
-        enabled: 'auto',
+        enabled: "auto",
         adviseDelegation: true,
         largeNonCodeThreshold: 200,
     },
@@ -62,12 +65,15 @@ export const DEFAULT_CONFIG = {
         compactionCallThreshold: 15,
         compactionTokenThreshold: 8000,
     },
-    ignore: [
-        'node_modules/**',
-        'dist/**',
-        '.git/**',
-        '*.min.js',
-        '*.map',
-    ],
+    sessionStart: {
+        enabled: true,
+        showStats: false,
+        maxReminderTokens: 250,
+    },
+    agents: {
+        scope: null,
+        reminder: true,
+    },
+    ignore: ["node_modules/**", "dist/**", ".git/**", "*.min.js", "*.map"],
 };
 //# sourceMappingURL=defaults.js.map

package/dist/config/loader.d.ts

@@ -1,3 +1,3 @@
-import type { TokenPilotConfig } from '../types.js';
+import type { TokenPilotConfig } from "../types.js";
 export declare function loadConfig(projectRoot: string): Promise<TokenPilotConfig>;
 //# sourceMappingURL=loader.d.ts.map

package/dist/config/loader.js

@@ -1,30 +1,124 @@
-import { readFile } from 'node:fs/promises';
-import { resolve } from 'node:path';
-import { DEFAULT_CONFIG } from './defaults.js';
+import { readFile, writeFile } from "node:fs/promises";
+import { resolve } from "node:path";
+import { DEFAULT_CONFIG } from "./defaults.js";
+const VALID_HOOK_MODES = new Set([
+    "off",
+    "advisory",
+    "deny-enhanced",
+]);
 export async function loadConfig(projectRoot) {
-    const configPath = resolve(projectRoot, '.token-pilot.json');
+    const configPath = resolve(projectRoot, ".token-pilot.json");
+    let userConfig = null;
     try {
-        const raw = await readFile(configPath, 'utf-8');
-        const userConfig = JSON.parse(raw);
-        return deepMerge(structuredClone(DEFAULT_CONFIG), userConfig);
+        const raw = await readFile(configPath, "utf-8");
+        userConfig = JSON.parse(raw);
     }
     catch (err) {
-        if (err?.code !== 'ENOENT') {
+        if (err?.code !== "ENOENT") {
             console.error(`[token-pilot] Invalid config at ${configPath}: ${err?.message ?? err}. Using defaults.`);
         }
         return structuredClone(DEFAULT_CONFIG);
     }
+    // Phase 6 subtask 6.4 — rewrite legacy `mode:"deny"` to `"advisory"`
+    // before merge so downstream code (incl. applyHookModeMigration's
+    // unknown-mode warning) sees the migrated value.
+    await applyLegacyDenyMigration(configPath, userConfig ?? {});
+    const merged = deepMerge(structuredClone(DEFAULT_CONFIG), userConfig ?? {});
+    applyHookModeMigration(merged, userConfig ?? {});
+    applyEnvOverrides(merged);
+    return merged;
+}
+/**
+ * Env-var overrides that the user can set without editing the config
+ * file. Per TP-816 §7.3. Only integer-valued, positive numbers are
+ * accepted; malformed values are ignored silently.
+ */
+function applyEnvOverrides(merged) {
+    const raw = process.env.TOKEN_PILOT_DENY_THRESHOLD;
+    if (raw !== undefined) {
+        const n = Number.parseInt(raw, 10);
+        if (Number.isFinite(n) && n > 0) {
+            merged.hooks.denyThreshold = n;
+        }
+    }
+    const adaptive = process.env.TOKEN_PILOT_ADAPTIVE_THRESHOLD;
+    if (adaptive !== undefined) {
+        merged.hooks.adaptiveThreshold = /^(1|true|yes|on)$/i.test(adaptive.trim());
+    }
+    const budget = process.env.TOKEN_PILOT_ADAPTIVE_BUDGET;
+    if (budget !== undefined) {
+        const n = Number.parseInt(budget, 10);
+        if (Number.isFinite(n) && n > 0) {
+            merged.hooks.adaptiveBudgetTokens = n;
+        }
+    }
+}
+/**
+ * When a user's config still has `hooks.mode: "deny"` (the removed
+ * v0.19 legacy value), rewrite it on disk to `"advisory"` and stamp
+ * `hooks.migratedFrom: "deny"` so the stderr notice fires exactly once.
+ *
+ * Mutates `userConfig` in place so the caller's subsequent merge picks
+ * up the new mode. Failures are swallowed — a broken rewrite must not
+ * prevent the session from starting.
+ */
+async function applyLegacyDenyMigration(configPath, userConfig) {
+    const hooks = (userConfig.hooks ?? {});
+    if (hooks.mode !== "deny")
+        return;
+    if (hooks.migratedFrom === "deny") {
+        // Already migrated at some point; user reverted mode manually.
+        // Leave their choice alone — downstream unknown-mode path will
+        // handle it (falls back to default with a warning).
+        return;
+    }
+    hooks.mode = "advisory";
+    hooks.migratedFrom = "deny";
+    userConfig.hooks = hooks;
+    console.error(`[token-pilot] Config migrated: hooks.mode "deny" is no longer valid in v0.20. ` +
+        `Rewriting to "advisory" (strict superset of old behaviour is "deny-enhanced"; ` +
+        `switch there manually when ready). Stamped hooks.migratedFrom:"deny" to silence this notice.`);
+    try {
+        await writeFile(configPath, JSON.stringify(userConfig, null, 2) + "\n");
+    }
+    catch {
+        /* ignore — migration is best-effort */
+    }
+}
+/**
+ * Reconcile the new hooks.mode field with the legacy hooks.enabled boolean.
+ * - Explicit user-provided mode wins (after validation).
+ * - If user omitted mode but set enabled:false → migrate to mode:"off" with a
+ *   deprecation notice (preserves v0.19 behaviour for users who actively
+ *   turned the hook off).
+ * - Unknown mode values fall back to the default with a warning.
+ */
+function applyHookModeMigration(merged, userConfig) {
+    const userHooks = (userConfig.hooks ?? {});
+    const userProvidedMode = typeof userHooks.mode === "string";
+    const userSetEnabledFalse = userHooks.enabled === false;
+    if (userProvidedMode && !VALID_HOOK_MODES.has(merged.hooks.mode)) {
+        console.error(`[token-pilot] Unknown hooks.mode "${merged.hooks.mode}". ` +
+            `Valid values: off, advisory, deny-enhanced. Falling back to default "${DEFAULT_CONFIG.hooks.mode}".`);
+        merged.hooks.mode = DEFAULT_CONFIG.hooks.mode;
+        return;
+    }
+    if (!userProvidedMode && userSetEnabledFalse) {
+        console.error(`[token-pilot] hooks.enabled:false is deprecated — migrated to hooks.mode:"off". ` +
+            `Update your .token-pilot.json to use hooks.mode explicitly.`);
+        merged.hooks.mode = "off";
+    }
 }
 function deepMerge(target, source) {
     const result = { ...target };
     for (const key of Object.keys(source)) {
-        if (key === '__proto__' || key === 'constructor' || key === 'prototype')
+        if (key === "__proto__" || key === "constructor" || key === "prototype")
             continue;
         if (source[key] &&
-            typeof source[key] === 'object' &&
+            typeof source[key] === "object" &&
             !Array.isArray(source[key]) &&
             target[key] &&
-            typeof target[key] === 'object') {
+            typeof target[key] === "object") {
             result[key] = deepMerge(target[key], source[key]);
         }
         else {

package/dist/core/context-registry.d.ts

@@ -1,4 +1,4 @@
-import type { ContextEntry, LoadedRegion, SymbolInfo } from '../types.js';
+import type { ContextEntry, LoadedRegion, SymbolInfo } from "../types.js";
 /**
  * Advisory Context Registry.
  * Tracks what was sent to the LLM but never blocks re-sends.
@@ -45,5 +45,20 @@ export declare class ContextRegistry {
     /** Get the timestamp when a file was last loaded into context. */
     getLoadedAt(path: string): number | undefined;
     invalidateByGitDiff(changedFiles: string[]): void;
+    /**
+     * Serialize registry state to a plain object (TP-69m persistence).
+     * Sets inside `entries[*].loaded[*]` lack `Set` fields; only `contentHash`
+     * etc. are simple scalars, so JSON round-trip works.
+     */
+    toSnapshot(): {
+        sessionStart: number;
+        entries: ContextEntry[];
+    };
+    /**
+     * Rehydrate registry state previously produced by `toSnapshot()`. Silent
+     * on malformed input — a broken snapshot file should degrade to an empty
+     * registry, not crash the MCP server.
+     */
+    loadSnapshot(snap: unknown): void;
 }
 //# sourceMappingURL=context-registry.d.ts.map

package/dist/core/context-registry.js

@@ -1,4 +1,4 @@
-import { formatDuration } from './format-duration.js';
+import { formatDuration } from "./format-duration.js";
 /**
  * Advisory Context Registry.
  * Tracks what was sent to the LLM but never blocks re-sends.
@@ -11,7 +11,7 @@ export class ContextRegistry {
         const existing = this.entries.get(path);
         if (existing) {
             // Replace region of same type/symbol, add new ones
-            const idx = existing.loaded.findIndex(r => r.type === region.type && r.symbolName === region.symbolName);
+            const idx = existing.loaded.findIndex((r) => r.type === region.type && r.symbolName === region.symbolName);
             if (idx >= 0) {
                 existing.loaded[idx] = region;
             }
@@ -25,7 +25,7 @@ export class ContextRegistry {
             this.entries.set(path, {
                 path,
                 loaded: [region],
-                contentHash: '',
+                contentHash: "",
                 tokenEstimate: region.tokens,
                 loadedAt: Date.now(),
             });
@@ -45,7 +45,7 @@ export class ContextRegistry {
         const entry = this.entries.get(path);
         if (!entry)
             return false;
-        return entry.loaded.some(r => r.symbolName === symbolName);
+        return entry.loaded.some((r) => r.symbolName === symbolName);
     }
     /** Check if any region of a file has been loaded into context. */
     hasAnyLoaded(path) {
@@ -68,14 +68,14 @@ export class ContextRegistry {
     compactReminder(path, symbols) {
         const entry = this.entries.get(path);
         if (!entry)
-            return '';
+            return "";
         const elapsed = formatDuration(Date.now() - entry.loadedAt);
         const lines = [
             `REMINDER: ${path} (previously loaded ${elapsed} ago, unchanged)`,
-            '',
+            "",
         ];
         for (const region of entry.loaded) {
-            if (region.type === 'structure') {
+            if (region.type === "structure") {
                 lines.push(`  Structure loaded (${region.tokens} tokens)`);
                 // Add brief symbol list
                 for (const sym of symbols.slice(0, 5)) {
@@ -85,23 +85,23 @@ export class ContextRegistry {
                     lines.push(`    ... (${symbols.length - 5} more symbols)`);
                 }
             }
-            else if (region.type === 'symbol' && region.symbolName) {
+            else if (region.type === "symbol" && region.symbolName) {
                 lines.push(`  ${region.symbolName} [L${region.startLine}-${region.endLine}] (${region.tokens} tokens)`);
             }
-            else if (region.type === 'full') {
+            else if (region.type === "full") {
                 lines.push(`  Full file loaded (${region.tokens} tokens)`);
             }
         }
-        lines.push('');
-        lines.push('HINT: File unchanged since last read. Use read_symbol() to reload specific parts, or read_diff() to see changes.');
-        return lines.join('\n');
+        lines.push("");
+        lines.push("HINT: File unchanged since last read. Use read_symbol() to reload specific parts, or read_diff() to see changes.");
+        return lines.join("\n");
     }
     /** Check if file was loaded in full (type='full' region exists). */
     isFullyLoaded(path) {
         const entry = this.entries.get(path);
         if (!entry)
             return false;
-        return entry.loaded.some(r => r.type === 'full');
+        return entry.loaded.some((r) => r.type === "full");
     }
     /**
      * Generate a compact dedup reminder for read_symbol.
@@ -110,24 +110,26 @@ export class ContextRegistry {
     symbolReminder(path, symbolName) {
         const entry = this.entries.get(path);
         if (!entry)
-            return '';
+            return "";
         const elapsed = formatDuration(Date.now() - entry.loadedAt);
-        const symbolRegion = entry.loaded.find(r => r.symbolName === symbolName);
-        const fullRegion = entry.loaded.find(r => r.type === 'full');
+        const symbolRegion = entry.loaded.find((r) => r.symbolName === symbolName);
+        const fullRegion = entry.loaded.find((r) => r.type === "full");
         if (fullRegion) {
-            const loc = symbolRegion ? ` Symbol at [L${symbolRegion.startLine}-${symbolRegion.endLine}].` : '';
+            const loc = symbolRegion
+                ? ` Symbol at [L${symbolRegion.startLine}-${symbolRegion.endLine}].`
+                : "";
             return [
                 `DEDUP: "${symbolName}" in ${path} — full file already in context (loaded ${elapsed} ago, ${fullRegion.tokens} tokens, unchanged).${loc}`,
-                'HINT: File unchanged. No need to re-read. Use read_for_edit() if you need exact code for editing.',
-            ].join('\n');
+                "HINT: File unchanged. No need to re-read. Use read_for_edit() if you need exact code for editing.",
+            ].join("\n");
         }
         if (symbolRegion) {
             return [
                 `DEDUP: "${symbolName}" in ${path} — already loaded ${elapsed} ago [L${symbolRegion.startLine}-${symbolRegion.endLine}] (${symbolRegion.tokens} tokens, unchanged).`,
-                'HINT: Symbol unchanged since last read. No need to re-read.',
-            ].join('\n');
+                "HINT: Symbol unchanged since last read. No need to re-read.",
+            ].join("\n");
         }
-        return '';
+        return "";
     }
     /**
      * Generate a compact dedup reminder for read_range.
@@ -136,21 +138,21 @@ export class ContextRegistry {
     rangeReminder(path, startLine, endLine) {
         const entry = this.entries.get(path);
         if (!entry)
-            return '';
-        const fullRegion = entry.loaded.find(r => r.type === 'full');
+            return "";
+        const fullRegion = entry.loaded.find((r) => r.type === "full");
         if (!fullRegion)
-            return '';
+            return "";
         const elapsed = formatDuration(Date.now() - entry.loadedAt);
         return [
             `DEDUP: ${path} [L${startLine}-${endLine}] — full file already in context (loaded ${elapsed} ago, ${fullRegion.tokens} tokens, unchanged).`,
-            'HINT: File unchanged. No need to re-read. Use read_for_edit() if you need exact code for editing.',
-        ].join('\n');
+            "HINT: File unchanged. No need to re-read. Use read_for_edit() if you need exact code for editing.",
+        ].join("\n");
     }
     forget(path, symbolName) {
         if (symbolName) {
             const entry = this.entries.get(path);
             if (entry) {
-                entry.loaded = entry.loaded.filter(r => r.symbolName !== symbolName);
+                entry.loaded = entry.loaded.filter((r) => r.symbolName !== symbolName);
                 if (entry.loaded.length === 0) {
                     this.entries.delete(path);
                 }
@@ -200,5 +202,35 @@ export class ContextRegistry {
             this.entries.delete(file);
         }
     }
+    /**
+     * Serialize registry state to a plain object (TP-69m persistence).
+     * Sets inside `entries[*].loaded[*]` lack `Set` fields; only `contentHash`
+     * etc. are simple scalars, so JSON round-trip works.
+     */
+    toSnapshot() {
+        return {
+            sessionStart: this.sessionStart,
+            entries: Array.from(this.entries.values()),
+        };
+    }
+    /**
+     * Rehydrate registry state previously produced by `toSnapshot()`. Silent
+     * on malformed input — a broken snapshot file should degrade to an empty
+     * registry, not crash the MCP server.
+     */
+    loadSnapshot(snap) {
+        if (!snap || typeof snap !== "object")
+            return;
+        const s = snap;
+        if (typeof s.sessionStart === "number")
+            this.sessionStart = s.sessionStart;
+        if (Array.isArray(s.entries)) {
+            for (const e of s.entries) {
+                if (e && typeof e.path === "string" && Array.isArray(e.loaded)) {
+                    this.entries.set(e.path, e);
+                }
+            }
+        }
+    }
 }
 //# sourceMappingURL=context-registry.js.map

package/dist/core/event-log.d.ts

@@ -0,0 +1,79 @@
+/**
+ * Phase 6 subtasks 6.1 + 6.2 — hook-events JSONL log.
+ *
+ * Writes to `<projectRoot>/.token-pilot/hook-events.jsonl` with the
+ * schema specified in TP-c2a acceptance:
+ *
+ *   { ts, session_id, agent_type, agent_id, event, file, lines,
+ *     estTokens, summaryTokens, savedTokens }
+ *
+ * Rotation: when the current file grows past `ROTATION_THRESHOLD_BYTES`
+ * (10 MB), it is renamed to `hook-events.<unix-ms>.jsonl` and a new
+ * empty file begins.
+ *
+ * Retention: `applyRetention` deletes rotated files older than
+ * `RETENTION_MAX_AGE_DAYS` (30 days) and trims the directory down to
+ * `RETENTION_MAX_TOTAL_BYTES` (100 MB) by removing the oldest archives
+ * first. The current file is never deleted.
+ *
+ * Legacy coexistence: the old `.token-pilot/hook-denied.jsonl` is left
+ * in place — this module writes only to the new file.
+ */
+export declare const ROTATION_THRESHOLD_BYTES = 10000000;
+export declare const RETENTION_MAX_AGE_DAYS = 30;
+export declare const RETENTION_MAX_TOTAL_BYTES = 100000000;
+export interface HookEvent {
+    ts: number;
+    session_id: string;
+    /** null for top-level session; agent_type string inside a subagent. */
+    agent_type: string | null;
+    agent_id: string | null;
+    event: "denied" | "allowed" | "bypass" | "pass-through" | string;
+    file: string;
+    lines: number;
+    estTokens: number;
+    /** Tokens delivered back to the agent as the summary; 0 for allow/bypass. */
+    summaryTokens: number;
+    /** estTokens - summaryTokens; 0 for allow/bypass. */
+    savedTokens: number;
+}
+export declare function eventLogDir(projectRoot: string): string;
+export declare function currentLogPath(projectRoot: string): string;
+/**
+ * Decide whether the current log file has grown past the rotation
+ * threshold and should be archived before the next append.
+ */
+export declare function shouldRotate(stat: {
+    size: number;
+}, thresholdBytes?: number): boolean;
+/**
+ * Given the full list of archive files with their mtime + size, return
+ * the subset whose paths should be deleted to satisfy:
+ *   (a) maxAgeDays — delete anything older
+ *   (b) maxTotalBytes — delete oldest first until total fits
+ *
+ * `now` is passed in to keep the function deterministic for tests.
+ */
+export declare function retentionDeletions(files: Array<{
+    path: string;
+    mtime: Date;
+    size: number;
+}>, now: Date, maxAgeDays?: number, maxTotalBytes?: number): string[];
+/**
+ * Append one event to the current log file. Rotates first if the
+ * current file has reached the threshold. Never throws — a failure
+ * here must not break hook dispatch.
+ */
+export declare function appendEvent(projectRoot: string, event: HookEvent): Promise<void>;
+/**
+ * Read all events from the current log file. Malformed JSONL lines are
+ * skipped silently (a corrupted line should not poison the whole
+ * dataset). Returns [] if the file is missing.
+ */
+export declare function loadEvents(projectRoot: string): Promise<HookEvent[]>;
+/**
+ * Apply age + size retention. Safe to call on startup; no-op when the
+ * directory does not exist.
+ */
+export declare function applyRetention(projectRoot: string, now?: Date): Promise<void>;
+//# sourceMappingURL=event-log.d.ts.map