wyrm-mcp 7.2.0 → 7.2.2

package/dist/constellation.js

@@ -1,193 +1,37 @@
-/**
- * wyrm_constellation — cross-project memory query (spec 018 phase 3).
- *
- * Asks one FTS5 question across *every* registered Wyrm project — not just
- * the current one. The killer founder-grade query: "have I solved this
- * before in any project?" Returns candidates grouped by project; the
- * calling AI does semantic ranking on its side (per spec 018 decision #2 —
- * no embedding dependency).
- *
- * Privacy: respects the `cross_project_visibility` flag (added by
- * migration 14, default `'within'`). Only artifacts explicitly flagged
- * `'org'` or `'public'` leak across the project boundary.
- *
- * @copyright 2026 Ghost Protocol (Pvt) Ltd.
- * @license AGPL-3.0-or-later — dual-licensed; commercial terms: ghosts.lk@proton.me. See LICENSE.
- */
-const SAFE_KINDS = new Set(['truth', 'artifact', 'quest', 'decision', 'reference']);
-const SAFE_VIS = new Set(['within', 'org', 'public']);
-function sanitizeFtsQuery(q) {
-    // FTS5 syntax allows `"`, `*`, `AND`, `OR`, `NOT`. We strip anything that
-    // could close out into raw SQL — only allow word chars, spaces, quotes,
-    // asterisk, +/-. This is defense-in-depth; we already use parameterized
-    // bind, but the query also drives string-concat in some paths.
-    return q.replace(/[^\w\s"\*\-\+]/g, ' ').trim().slice(0, 200);
-}
-/**
- * Query a single project's FTS5 indexes for matching artifacts.
- * Pre-filtered to honour visibility; returns up to `limit` hits.
- */
-function queryProject(db, project, query, kinds, visibility, limit) {
-    const hits = [];
-    const visList = `(${[...visibility].map((v) => `'${v}'`).join(',')})`;
-    const safeQ = sanitizeFtsQuery(query);
-    if (!safeQ)
-        return [];
-    // truths
-    if (kinds.has('truth')) {
-        try {
-            const rows = db.prepare(`
+const p=new Set(["truth","artifact","quest","decision","reference"]),u=new Set(["within","org","public"]);function f(s){return s.replace(/[^\w\s"\*\-\+]/g," ").trim().slice(0,200)}function _(s,i,l,c,n,a){const r=[],d=`(${[...n].map(o=>`'${o}'`).join(",")})`,e=f(l);if(!e)return[];if(c.has("truth"))try{const o=s.prepare(`
         SELECT id, key, value, cross_project_visibility AS visibility, created_at
         FROM ground_truths
         WHERE project_id = ?
-          AND cross_project_visibility IN ${visList}
+          AND cross_project_visibility IN ${d}
           AND (key LIKE '%' || ? || '%' OR value LIKE '%' || ? || '%')
         ORDER BY created_at DESC
         LIMIT ?
-      `).all(project.id, safeQ, safeQ, limit);
-            for (const r of rows) {
-                hits.push({
-                    projectId: project.id,
-                    projectName: project.name,
-                    kind: 'truth',
-                    id: r.id,
-                    title: r.key,
-                    snippet: r.value.slice(0, 200),
-                    visibility: r.visibility,
-                    capturedAt: r.created_at,
-                });
-            }
-        }
-        catch { /* table or column may not exist on older schema */ }
-    }
-    // memory artifacts
-    if (kinds.has('artifact')) {
-        try {
-            const rows = db.prepare(`
+      `).all(i.id,e,e,a);for(const t of o)r.push({projectId:i.id,projectName:i.name,kind:"truth",id:t.id,title:t.key,snippet:t.value.slice(0,200),visibility:t.visibility,capturedAt:t.created_at})}catch{}if(c.has("artifact"))try{const o=s.prepare(`
         SELECT ma.id, ma.problem AS title, ma.validated_fix AS snippet,
                ma.cross_project_visibility AS visibility, ma.created_at
         FROM memory_artifacts ma
         WHERE ma.project_id = ?
-          AND ma.cross_project_visibility IN ${visList}
+          AND ma.cross_project_visibility IN ${d}
           AND (ma.problem LIKE '%' || ? || '%' OR ma.validated_fix LIKE '%' || ? || '%')
         ORDER BY ma.created_at DESC
         LIMIT ?
-      `).all(project.id, safeQ, safeQ, limit);
-            for (const r of rows) {
-                hits.push({
-                    projectId: project.id,
-                    projectName: project.name,
-                    kind: 'artifact',
-                    id: r.id,
-                    title: r.title.slice(0, 100),
-                    snippet: (r.snippet || '').slice(0, 200),
-                    visibility: r.visibility,
-                    capturedAt: r.created_at,
-                });
-            }
-        }
-        catch { /* tolerant */ }
-    }
-    // quests
-    if (kinds.has('quest')) {
-        try {
-            const rows = db.prepare(`
+      `).all(i.id,e,e,a);for(const t of o)r.push({projectId:i.id,projectName:i.name,kind:"artifact",id:t.id,title:t.title.slice(0,100),snippet:(t.snippet||"").slice(0,200),visibility:t.visibility,capturedAt:t.created_at})}catch{}if(c.has("quest"))try{const o=s.prepare(`
         SELECT id, title, description, cross_project_visibility AS visibility, created_at
         FROM quests
         WHERE project_id = ?
-          AND cross_project_visibility IN ${visList}
+          AND cross_project_visibility IN ${d}
           AND (title LIKE '%' || ? || '%' OR description LIKE '%' || ? || '%')
         ORDER BY created_at DESC
         LIMIT ?
-      `).all(project.id, safeQ, safeQ, limit);
-            for (const r of rows) {
-                hits.push({
-                    projectId: project.id,
-                    projectName: project.name,
-                    kind: 'quest',
-                    id: r.id,
-                    title: r.title,
-                    snippet: (r.description || '').slice(0, 200),
-                    visibility: r.visibility,
-                    capturedAt: r.created_at,
-                });
-            }
-        }
-        catch { /* tolerant */ }
-    }
-    // design references (using existing FTS5 index)
-    if (kinds.has('reference')) {
-        try {
-            const rows = db.prepare(`
+      `).all(i.id,e,e,a);for(const t of o)r.push({projectId:i.id,projectName:i.name,kind:"quest",id:t.id,title:t.title,snippet:(t.description||"").slice(0,200),visibility:t.visibility,capturedAt:t.created_at})}catch{}if(c.has("reference"))try{const o=s.prepare(`
         SELECT dr.id, dr.title, dr.notes, dr.tags, dr.cross_project_visibility AS visibility, dr.captured_at
         FROM design_references dr
         WHERE dr.project_id = ?
-          AND dr.cross_project_visibility IN ${visList}
+          AND dr.cross_project_visibility IN ${d}
           AND (dr.title LIKE '%' || ? || '%' OR dr.notes LIKE '%' || ? || '%' OR dr.tags LIKE '%' || ? || '%')
         ORDER BY dr.captured_at DESC
         LIMIT ?
-      `).all(project.id, safeQ, safeQ, safeQ, limit);
-            for (const r of rows) {
-                hits.push({
-                    projectId: project.id,
-                    projectName: project.name,
-                    kind: 'reference',
-                    id: r.id,
-                    title: r.title || `(reference #${r.id})`,
-                    snippet: [r.notes, r.tags].filter(Boolean).join(' · ').slice(0, 200),
-                    visibility: r.visibility,
-                    capturedAt: r.captured_at,
-                });
-            }
-        }
-        catch { /* tolerant */ }
-    }
-    return hits;
-}
-/**
- * Run a constellation query across every project.
- * Tolerant of older schemas (any table or column missing simply skips).
- */
-export function constellationQuery(db, opts) {
-    const kinds = new Set((opts.kinds ?? ['truth', 'artifact', 'quest', 'reference']).filter((k) => SAFE_KINDS.has(k)));
-    const visibility = new Set((opts.visibility ?? ['org', 'public']).filter((v) => SAFE_VIS.has(v)));
-    // If the caller wants their OWN project's data too, allow 'within'.
-    // Otherwise we strictly enforce the cross-project gate.
-    const includeOwn = visibility.has('within');
-    const perProject = Math.min(Math.max(1, opts.perProjectLimit ?? 5), 50);
-    const projects = db.prepare(`SELECT id, name FROM projects ORDER BY id`).all();
-    const allHits = [];
-    for (const p of projects) {
-        if (!includeOwn && opts.callerProjectId && p.id === opts.callerProjectId)
-            continue;
-        const hits = queryProject(db, p, opts.query, kinds, visibility, perProject);
-        allHits.push(...hits);
-    }
-    // Sort: most recent first overall.
-    allHits.sort((a, b) => b.capturedAt.localeCompare(a.capturedAt));
-    return allHits;
-}
-export function renderConstellation(hits, query) {
-    if (hits.length === 0) {
-        return `󱅝 No constellation matches for *${query}* across registered projects.\n\n_Set \`cross_project_visibility\` to \`'org'\` or \`'public'\` on the items you want surfaced here. Default is \`'within'\` — within-project only._`;
-    }
-    // Group by project
-    const byProject = new Map();
-    for (const h of hits) {
-        const arr = byProject.get(h.projectName) ?? [];
-        arr.push(h);
-        byProject.set(h.projectName, arr);
-    }
-    const lines = [`󱅝 **Constellation** — ${hits.length} match(es) for *${query}* across ${byProject.size} project(s)`];
-    for (const [name, items] of byProject) {
-        lines.push('');
-        lines.push(`### ${name}`);
-        for (const h of items) {
-            lines.push(`- \`${h.kind}:${h.id}\` **${h.title}** (${h.visibility})`);
-            if (h.snippet)
-                lines.push(`   ${h.snippet}`);
-        }
-    }
-    return lines.join('\n');
-}
-//# sourceMappingURL=constellation.js.map
+      `).all(i.id,e,e,e,a);for(const t of o)r.push({projectId:i.id,projectName:i.name,kind:"reference",id:t.id,title:t.title||`(reference #${t.id})`,snippet:[t.notes,t.tags].filter(Boolean).join(" \xB7 ").slice(0,200),visibility:t.visibility,capturedAt:t.captured_at})}catch{}return r}function h(s,i){const l=new Set((i.kinds??["truth","artifact","quest","reference"]).filter(e=>p.has(e))),c=new Set((i.visibility??["org","public"]).filter(e=>u.has(e))),n=c.has("within"),a=Math.min(Math.max(1,i.perProjectLimit??5),50),r=s.prepare("SELECT id, name FROM projects ORDER BY id").all(),d=[];for(const e of r){if(!n&&i.callerProjectId&&e.id===i.callerProjectId)continue;const o=_(s,e,i.query,l,c,a);d.push(...o)}return d.sort((e,o)=>o.capturedAt.localeCompare(e.capturedAt)),d}function y(s,i){if(s.length===0)return`\u{F115D} No constellation matches for *${i}* across registered projects.
+
+_Set \`cross_project_visibility\` to \`'org'\` or \`'public'\` on the items you want surfaced here. Default is \`'within'\` \u2014 within-project only._`;const l=new Map;for(const n of s){const a=l.get(n.projectName)??[];a.push(n),l.set(n.projectName,a)}const c=[`\u{F115D} **Constellation** \u2014 ${s.length} match(es) for *${i}* across ${l.size} project(s)`];for(const[n,a]of l){c.push(""),c.push(`### ${n}`);for(const r of a)c.push(`- \`${r.kind}:${r.id}\` **${r.title}** (${r.visibility})`),r.snippet&&c.push(`   ${r.snippet}`)}return c.join(`
+`)}export{h as constellationQuery,y as renderConstellation};

package/dist/context-build-budgeted.js

@@ -1,144 +1,4 @@
-/**
- * Budgeted wyrm_context_build path (Spec 014; v7 F4 T036 — extracted from the
- * index.ts monolith). Renders a stable preamble (ground truths) + a dynamic
- * body (best scaffold + recalled memory) under a token budget; items below the
- * cutoff elide to one-line stubs the agent can re-`wyrm_recall`. Lifted VERBATIM
- * behind a factory that captures the same index.ts singletons + budgeting
- * helpers it always closed over (deterministic; no LLM, Article III).
- *
- * @copyright 2026 Ghost Protocol (Pvt) Ltd.
- * @license AGPL-3.0-or-later
- */
-import { applyBudget, resolveBudget } from "./token-budget.js";
-import { score as rankScore } from "./context-ranking.js";
-export function makeRunBudgetedContextBuild(deps) {
-    const { groundTruths, scaffoldLib, memory, toolAnalytics, sessionSeen, tokenEstimator, rankWeights } = deps;
-    return function runBudgetedContextBuild(opts) {
-        // Resolve effective budget per spec 014 D1 precedence: call > env > fallback.
-        const budget = resolveBudget({
-            callArg: opts.maxTokens,
-            envValue: process.env.WYRM_CONTEXT_TOKEN_BUDGET,
-            clientName: null, // clientInfo wiring is a follow-up; env override is the lever today
-        });
-        const seen = opts.sessionId ? sessionSeen().getSeen(opts.sessionId) : new Set();
-        // --- Stable preamble (ground truths) ---
-        const truthsText = groundTruths.formatForContext(opts.project.id);
-        const truthsTokens = tokenEstimator.count(truthsText ?? '');
-        // Strict budget mode (D3) elides truths if even the preamble overflows;
-        // default behavior is to warn-and-overflow per spec 014.
-        let preambleText = truthsText ?? '';
-        let preambleEmitted = truthsTokens;
-        if (truthsTokens > budget * 0.5 && !opts.strictBudget) {
-            process.stderr.write(`[wyrm_context_build] ground truths consume ${truthsTokens} of ${budget}-token budget — body will be heavily elided. Pass strict_budget:true to elide truths too.\n`);
-        }
-        if (opts.strictBudget && truthsTokens > budget * 0.5) {
-            // Strict mode: keep truths brief
-            preambleText = (truthsText ?? '').slice(0, budget * 2); // 2 chars/token rough cap on chars
-            preambleEmitted = tokenEstimator.count(preambleText);
-        }
-        // --- Build candidate body items: best scaffold + memory artifacts ---
-        const items = [];
-        // Scaffold (treated as a single candidate)
-        const scaffoldMatch = scaffoldLib.findBest(opts.task, opts.project.id);
-        if (scaffoldMatch) {
-            const sText = scaffoldLib.formatForContext(scaffoldMatch);
-            const sId = scaffoldMatch.scaffold.id;
-            items.push({
-                item: { kind: 'scaffold', id: sId, title: scaffoldMatch.scaffold.problem_type, body: sText },
-                key: `scaffold:${sId}`,
-                inlineCost: tokenEstimator.count(sText),
-                stubCost: 20,
-                // Scaffold is high-relevance by definition; assign generous score.
-                score: rankScore({ confidence: 0.9, relevance: 0.9, updatedAt: new Date().toISOString() }, rankWeights),
-            });
-        }
-        // Memory artifacts via recall (which returns id-level results with relevance scores)
-        const recalled = memory.recall(opts.project.id, opts.task, {
-            limit: 20,
-            minConfidence: opts.minConfidence ?? 0.2,
-        });
-        for (const r of recalled) {
-            const a = r.artifact;
-            // Skip kind filter mismatches if caller specified one
-            if (opts.kinds && opts.kinds.length > 0 && !opts.kinds.includes(a.kind))
-                continue;
-            const body = [
-                `**${a.kind.toUpperCase()}** · ${a.problem}`,
-                a.constraints ? `Constraints: ${a.constraints}` : '',
-                a.validated_fix ? `Fix: ${a.validated_fix}` : '',
-                a.why_it_worked ? `Why: ${a.why_it_worked}` : '',
-            ].filter(Boolean).join('\n');
-            items.push({
-                item: { kind: 'memory', id: a.id, title: a.problem.slice(0, 60), body },
-                key: `memory:${a.id}`,
-                inlineCost: tokenEstimator.count(body),
-                stubCost: 25,
-                score: rankScore({
-                    confidence: a.confidence,
-                    relevance: r.relevance_score,
-                    updatedAt: a.updated_at,
-                }, rankWeights),
-            });
-        }
-        // --- Apply budget ---
-        const result = applyBudget(items, {
-            budget,
-            alreadySeen: seen,
-            reserved: opts.strictBudget ? 0 : preambleEmitted,
-        });
-        // --- Mark inlined items as seen for this session ---
-        if (opts.sessionId) {
-            sessionSeen().markBulk(opts.sessionId, result.inline.map((it) => ({ id: it.id, kind: it.kind, mode: 'inline' })));
-            sessionSeen().markBulk(opts.sessionId, result.elided.map((e) => ({ id: e.item.id, kind: e.item.kind, mode: 'stub' })));
-        }
-        // --- Render output ---
-        const lines = [];
-        lines.push(`󱅝 **Context Brief** — "${opts.task}"`);
-        lines.push('');
-        lines.push('## Ground truths (stable preamble)');
-        lines.push('');
-        lines.push(preambleText || '_no ground truths set for this project yet_');
-        lines.push('');
-        lines.push('## Task-relevant memory');
-        lines.push('');
-        for (const it of result.inline) {
-            lines.push(`### [${it.kind}:${it.id}] ${it.title}`);
-            lines.push(it.body);
-            lines.push('');
-        }
-        if (result.elided.length > 0) {
-            lines.push('## Elided to stubs');
-            lines.push('');
-            lines.push('_Below the budget cutoff or already seen this session. Recall with `wyrm_recall(id)`:_');
-            lines.push('');
-            for (const e of result.elided) {
-                const tag = e.reason === 'seen' ? 'shown earlier in session' : `~${e.stubCost} tokens`;
-                lines.push(`- [${e.item.kind}:${e.item.id}] ${e.item.title} · ${tag}`);
-            }
-            lines.push('');
-        }
-        lines.push('---');
-        lines.push(`_Budget: ${result.tokensInline}/${budget} tokens inline · ${result.elided.length} stub${result.elided.length === 1 ? '' : 's'} · estimator: ${tokenEstimator.source}_`);
-        const text = lines.join('\n');
-        // Telemetry — fire-and-forget via the existing tool_call_log surface.
-        try {
-            toolAnalytics.log({
-                tool_name: 'wyrm_context_build',
-                project_id: opts.project.id,
-                args: {
-                    budget,
-                    items_total: items.length,
-                    items_inline: result.inline.length,
-                    items_elided: result.elided.length,
-                    tokens_inline: result.tokensInline,
-                    tokens_stubs: result.tokensStubs,
-                },
-                success: true,
-                latency_ms: 0,
-            });
-        }
-        catch { /* never fail context_build on telemetry */ }
-        return { content: [{ type: 'text', text }] };
-    };
-}
-//# sourceMappingURL=context-build-budgeted.js.map
+import{applyBudget as w,resolveBudget as v}from"./token-budget.js";import{score as p}from"./context-ranking.js";function S(g){const{groundTruths:b,scaffoldLib:h,memory:y,toolAnalytics:$,sessionSeen:u,tokenEstimator:d,rankWeights:f}=g;return function(t){const o=v({callArg:t.maxTokens,envValue:process.env.WYRM_CONTEXT_TOKEN_BUDGET,clientName:null}),x=t.sessionId?u().getSeen(t.sessionId):new Set,a=b.formatForContext(t.project.id),r=d.count(a??"");let m=a??"",k=r;r>o*.5&&!t.strictBudget&&process.stderr.write(`[wyrm_context_build] ground truths consume ${r} of ${o}-token budget \u2014 body will be heavily elided. Pass strict_budget:true to elide truths too.
+`),t.strictBudget&&r>o*.5&&(m=(a??"").slice(0,o*2),k=d.count(m));const l=[],c=h.findBest(t.task,t.project.id);if(c){const e=h.formatForContext(c),i=c.scaffold.id;l.push({item:{kind:"scaffold",id:i,title:c.scaffold.problem_type,body:e},key:`scaffold:${i}`,inlineCost:d.count(e),stubCost:20,score:p({confidence:.9,relevance:.9,updatedAt:new Date().toISOString()},f)})}const B=y.recall(t.project.id,t.task,{limit:20,minConfidence:t.minConfidence??.2});for(const e of B){const i=e.artifact;if(t.kinds&&t.kinds.length>0&&!t.kinds.includes(i.kind))continue;const _=[`**${i.kind.toUpperCase()}** \xB7 ${i.problem}`,i.constraints?`Constraints: ${i.constraints}`:"",i.validated_fix?`Fix: ${i.validated_fix}`:"",i.why_it_worked?`Why: ${i.why_it_worked}`:""].filter(Boolean).join(`
+`);l.push({item:{kind:"memory",id:i.id,title:i.problem.slice(0,60),body:_},key:`memory:${i.id}`,inlineCost:d.count(_),stubCost:25,score:p({confidence:i.confidence,relevance:e.relevance_score,updatedAt:i.updated_at},f)})}const s=w(l,{budget:o,alreadySeen:x,reserved:t.strictBudget?0:k});t.sessionId&&(u().markBulk(t.sessionId,s.inline.map(e=>({id:e.id,kind:e.kind,mode:"inline"}))),u().markBulk(t.sessionId,s.elided.map(e=>({id:e.item.id,kind:e.item.kind,mode:"stub"}))));const n=[];n.push(`\u{F115D} **Context Brief** \u2014 "${t.task}"`),n.push(""),n.push("## Ground truths (stable preamble)"),n.push(""),n.push(m||"_no ground truths set for this project yet_"),n.push(""),n.push("## Task-relevant memory"),n.push("");for(const e of s.inline)n.push(`### [${e.kind}:${e.id}] ${e.title}`),n.push(e.body),n.push("");if(s.elided.length>0){n.push("## Elided to stubs"),n.push(""),n.push("_Below the budget cutoff or already seen this session. Recall with `wyrm_recall(id)`:_"),n.push("");for(const e of s.elided){const i=e.reason==="seen"?"shown earlier in session":`~${e.stubCost} tokens`;n.push(`- [${e.item.kind}:${e.item.id}] ${e.item.title} \xB7 ${i}`)}n.push("")}n.push("---"),n.push(`_Budget: ${s.tokensInline}/${o} tokens inline \xB7 ${s.elided.length} stub${s.elided.length===1?"":"s"} \xB7 estimator: ${d.source}_`);const C=n.join(`
+`);try{$.log({tool_name:"wyrm_context_build",project_id:t.project.id,args:{budget:o,items_total:l.length,items_inline:s.inline.length,items_elided:s.elided.length,tokens_inline:s.tokensInline,tokens_stubs:s.tokensStubs},success:!0,latency_ms:0})}catch{}return{content:[{type:"text",text:C}]}}}export{S as makeRunBudgetedContextBuild};

package/dist/context-ranking.js

@@ -1,69 +1 @@
-/**
- * Combined-score computation for context-build candidates (spec 014).
- *
- * Combines four signals into a single score in [0, 1]:
- *
- *   confidence × wC + recency × wR + relevance × wU + usefulness × wU
- *
- * Weights load from WYRM_RANK_WEIGHTS env (JSON) with sane defaults.
- *
- * @copyright 2026 Ghost Protocol (Pvt) Ltd.
- * @license AGPL-3.0-or-later — dual-licensed; commercial terms: ghosts.lk@proton.me. See LICENSE.
- */
-import { logger } from './logger.js';
-export const DEFAULT_WEIGHTS = {
-    confidence: 0.4,
-    recency: 0.2,
-    relevance: 0.3,
-    usefulness: 0.1,
-};
-/**
- * Load weights from WYRM_RANK_WEIGHTS env var. Falls back to defaults
- * on any parse/validation error. Logs the active weights at startup.
- */
-export function loadWeightsFromEnv(env = process.env) {
-    const raw = env.WYRM_RANK_WEIGHTS;
-    if (!raw)
-        return { ...DEFAULT_WEIGHTS };
-    try {
-        const parsed = JSON.parse(raw);
-        const w = {
-            confidence: clamp01(parsed.confidence ?? DEFAULT_WEIGHTS.confidence),
-            recency: clamp01(parsed.recency ?? DEFAULT_WEIGHTS.recency),
-            relevance: clamp01(parsed.relevance ?? DEFAULT_WEIGHTS.relevance),
-            usefulness: clamp01(parsed.usefulness ?? DEFAULT_WEIGHTS.usefulness),
-        };
-        return w;
-    }
-    catch (e) {
-        logger.warn(`Invalid WYRM_RANK_WEIGHTS, using defaults: ${e.message}`);
-        return { ...DEFAULT_WEIGHTS };
-    }
-}
-function clamp01(x) {
-    if (!Number.isFinite(x))
-        return 0;
-    return Math.max(0, Math.min(1, x));
-}
-/**
- * Compute the combined score in [0, 1].
- *
- * Recency uses exponential decay over 30 days from updatedAt to now.
- * Missing signals default to neutral (0.5 confidence, 0.5 relevance, 0.5
- * usefulness; recency to 0 if no updatedAt).
- */
-export function score(item, weights, now = new Date()) {
-    const c = clamp01(item.confidence ?? 0.5);
-    const u = clamp01(item.usefulness ?? 0.5);
-    const r = clamp01(item.relevance ?? 0.5);
-    const ageDays = item.updatedAt
-        ? Math.max(0, (now.getTime() - new Date(item.updatedAt).getTime()) / (24 * 60 * 60 * 1000))
-        : Infinity;
-    const recency = Number.isFinite(ageDays) ? Math.exp(-ageDays / 30) : 0;
-    const total = c * weights.confidence +
-        recency * weights.recency +
-        r * weights.relevance +
-        u * weights.usefulness;
-    return clamp01(total);
-}
-//# sourceMappingURL=context-ranking.js.map
+import{logger as l}from"./logger.js";const s={confidence:.4,recency:.2,relevance:.3,usefulness:.1};function p(e=process.env){const r=e.WYRM_RANK_WEIGHTS;if(!r)return{...s};try{const n=JSON.parse(r);return{confidence:c(n.confidence??s.confidence),recency:c(n.recency??s.recency),relevance:c(n.relevance??s.relevance),usefulness:c(n.usefulness??s.usefulness)}}catch(n){return l.warn(`Invalid WYRM_RANK_WEIGHTS, using defaults: ${n.message}`),{...s}}}function c(e){return Number.isFinite(e)?Math.max(0,Math.min(1,e)):0}function v(e,r,n=new Date){const t=c(e.confidence??.5),a=c(e.usefulness??.5),u=c(e.relevance??.5),o=e.updatedAt?Math.max(0,(n.getTime()-new Date(e.updatedAt).getTime())/(1440*60*1e3)):1/0,f=Number.isFinite(o)?Math.exp(-o/30):0,i=t*r.confidence+f*r.recency+u*r.relevance+a*r.usefulness;return c(i)}export{s as DEFAULT_WEIGHTS,p as loadWeightsFromEnv,v as score};

package/dist/crypto.js

@@ -1,179 +1 @@
-/**
- * Wyrm Encryption Module
- * AES-256-GCM encryption for sensitive memory data
- *
- * @copyright 2026 Ghost Protocol (Pvt) Ltd.
- * @license AGPL-3.0-or-later — dual-licensed; commercial terms: ghosts.lk@proton.me. See LICENSE.
- * @module crypto
- * @version 3.0.0
- */
-import { createCipheriv, createDecipheriv, randomBytes, scryptSync, createHash } from 'crypto';
-import { existsSync, readFileSync, writeFileSync, mkdirSync } from 'fs';
-import { join } from 'path';
-import { homedir } from 'os';
-const WYRM_DIR = join(homedir(), '.wyrm');
-const MASTER_SALT_FILE = join(WYRM_DIR, 'crypto.salt');
-const ALGORITHM = 'aes-256-gcm';
-const IV_LENGTH = 16;
-const SALT_LENGTH = 32;
-const TAG_LENGTH = 16;
-const KEY_LENGTH = 32;
-/**
- * Wyrm Crypto - Handles encryption/decryption of sensitive data
- */
-export class WyrmCrypto {
-    masterKey = null;
-    config;
-    constructor(config) {
-        this.config = {
-            enabled: config?.enabled ?? false,
-            keyDerivation: config?.keyDerivation ?? 'scrypt',
-            iterations: config?.iterations ?? 100000,
-        };
-    }
-    /**
-     * Initialize crypto with a master password
-     */
-    initialize(password) {
-        if (!password || password.length < 8) {
-            throw new Error('Password must be at least 8 characters');
-        }
-        // Use a per-installation random salt (persisted, never derived from constant)
-        if (!existsSync(WYRM_DIR)) {
-            mkdirSync(WYRM_DIR, { recursive: true, mode: 0o700 });
-        }
-        let salt;
-        if (existsSync(MASTER_SALT_FILE)) {
-            salt = Buffer.from(readFileSync(MASTER_SALT_FILE, 'utf8').trim(), 'hex');
-        }
-        else {
-            salt = randomBytes(32);
-            writeFileSync(MASTER_SALT_FILE, salt.toString('hex'), { mode: 0o600 });
-        }
-        this.masterKey = scryptSync(password, salt, KEY_LENGTH);
-        this.config.enabled = true;
-    }
-    /**
-     * Check if encryption is enabled and configured
-     */
-    isEnabled() {
-        return this.config.enabled && this.masterKey !== null;
-    }
-    /**
-     * Derive a unique key for each piece of data
-     */
-    deriveKey(salt) {
-        if (!this.masterKey) {
-            throw new Error('Crypto not initialized. Call initialize() with a password first.');
-        }
-        return scryptSync(this.masterKey, salt, KEY_LENGTH);
-    }
-    /**
-     * Encrypt a string value
-     */
-    encrypt(plaintext) {
-        if (!this.isEnabled()) {
-            throw new Error('Encryption not enabled');
-        }
-        const salt = randomBytes(SALT_LENGTH);
-        const iv = randomBytes(IV_LENGTH);
-        const key = this.deriveKey(salt);
-        const cipher = createCipheriv(ALGORITHM, key, iv);
-        let encrypted = cipher.update(plaintext, 'utf8', 'hex');
-        encrypted += cipher.final('hex');
-        const tag = cipher.getAuthTag();
-        return {
-            iv: iv.toString('hex'),
-            salt: salt.toString('hex'),
-            tag: tag.toString('hex'),
-            data: encrypted,
-            version: 1,
-        };
-    }
-    /**
-     * Decrypt an encrypted value
-     */
-    decrypt(encrypted) {
-        if (!this.isEnabled()) {
-            throw new Error('Encryption not enabled');
-        }
-        const salt = Buffer.from(encrypted.salt, 'hex');
-        const iv = Buffer.from(encrypted.iv, 'hex');
-        const tag = Buffer.from(encrypted.tag, 'hex');
-        const key = this.deriveKey(salt);
-        const decipher = createDecipheriv(ALGORITHM, key, iv);
-        decipher.setAuthTag(tag);
-        let decrypted = decipher.update(encrypted.data, 'hex', 'utf8');
-        decrypted += decipher.final('utf8');
-        return decrypted;
-    }
-    /**
-     * Encrypt if enabled, otherwise return plaintext
-     */
-    maybeEncrypt(value) {
-        if (!this.isEnabled()) {
-            return value;
-        }
-        const encrypted = this.encrypt(value);
-        return `ENC:${JSON.stringify(encrypted)}`;
-    }
-    /**
-     * Decrypt if encrypted, otherwise return as-is
-     */
-    maybeDecrypt(value) {
-        if (!value.startsWith('ENC:')) {
-            return value;
-        }
-        if (!this.isEnabled()) {
-            // Can't decrypt without key
-            return '[ENCRYPTED - KEY REQUIRED]';
-        }
-        try {
-            const encrypted = JSON.parse(value.slice(4));
-            return this.decrypt(encrypted);
-        }
-        catch {
-            return '[DECRYPT FAILED]';
-        }
-    }
-    /**
-     * Generate a secure random key for API tokens, etc.
-     */
-    static generateSecureToken(length = 32) {
-        return randomBytes(length).toString('hex');
-    }
-    /**
-     * Hash a value for comparison (one-way)
-     */
-    static hash(value, algorithm = 'sha256') {
-        return createHash(algorithm).update(value).digest('hex');
-    }
-    /**
-     * Verify a hash
-     */
-    static verifyHash(value, hash, algorithm = 'sha256') {
-        const computed = WyrmCrypto.hash(value, algorithm);
-        // Constant-time comparison
-        if (computed.length !== hash.length)
-            return false;
-        let result = 0;
-        for (let i = 0; i < computed.length; i++) {
-            result |= computed.charCodeAt(i) ^ hash.charCodeAt(i);
-        }
-        return result === 0;
-    }
-}
-// Singleton instance
-let cryptoInstance = null;
-export function getCrypto() {
-    if (!cryptoInstance) {
-        cryptoInstance = new WyrmCrypto();
-    }
-    return cryptoInstance;
-}
-export function initializeCrypto(password) {
-    cryptoInstance = new WyrmCrypto({ enabled: true });
-    cryptoInstance.initialize(password);
-    return cryptoInstance;
-}
-//# sourceMappingURL=crypto.js.map
+import{createCipheriv as g,createDecipheriv as x,randomBytes as c,scryptSync as u,createHash as S}from"crypto";import{existsSync as y,readFileSync as b,writeFileSync as T,mkdirSync as w}from"fs";import{join as d}from"path";import{homedir as v}from"os";const l=d(v(),".wyrm"),f=d(l,"crypto.salt"),p="aes-256-gcm",C=16,A=32,R=16,m=32;class h{masterKey=null;config;constructor(t){this.config={enabled:t?.enabled??!1,keyDerivation:t?.keyDerivation??"scrypt",iterations:t?.iterations??1e5}}initialize(t){if(!t||t.length<8)throw new Error("Password must be at least 8 characters");y(l)||w(l,{recursive:!0,mode:448});let e;y(f)?e=Buffer.from(b(f,"utf8").trim(),"hex"):(e=c(32),T(f,e.toString("hex"),{mode:384})),this.masterKey=u(t,e,m),this.config.enabled=!0}isEnabled(){return this.config.enabled&&this.masterKey!==null}deriveKey(t){if(!this.masterKey)throw new Error("Crypto not initialized. Call initialize() with a password first.");return u(this.masterKey,t,m)}encrypt(t){if(!this.isEnabled())throw new Error("Encryption not enabled");const e=c(A),s=c(C),n=this.deriveKey(e),i=g(p,n,s);let r=i.update(t,"utf8","hex");r+=i.final("hex");const a=i.getAuthTag();return{iv:s.toString("hex"),salt:e.toString("hex"),tag:a.toString("hex"),data:r,version:1}}decrypt(t){if(!this.isEnabled())throw new Error("Encryption not enabled");const e=Buffer.from(t.salt,"hex"),s=Buffer.from(t.iv,"hex"),n=Buffer.from(t.tag,"hex"),i=this.deriveKey(e),r=x(p,i,s);r.setAuthTag(n);let a=r.update(t.data,"hex","utf8");return a+=r.final("utf8"),a}maybeEncrypt(t){if(!this.isEnabled())return t;const e=this.encrypt(t);return`ENC:${JSON.stringify(e)}`}maybeDecrypt(t){if(!t.startsWith("ENC:"))return t;if(!this.isEnabled())return"[ENCRYPTED - KEY REQUIRED]";try{const e=JSON.parse(t.slice(4));return this.decrypt(e)}catch{return"[DECRYPT FAILED]"}}static generateSecureToken(t=32){return c(t).toString("hex")}static hash(t,e="sha256"){return S(e).update(t).digest("hex")}static verifyHash(t,e,s="sha256"){const n=h.hash(t,s);if(n.length!==e.length)return!1;let i=0;for(let r=0;r<n.length;r++)i|=n.charCodeAt(r)^e.charCodeAt(r);return i===0}}let o=null;function H(){return o||(o=new h),o}function I(E){return o=new h({enabled:!0}),o.initialize(E),o}export{h as WyrmCrypto,H as getCrypto,I as initializeCrypto};