wyrm-mcp 7.2.0 → 7.2.2

package/dist/deprecations.js

@@ -1,162 +1,2 @@
-/**
- * v7 deprecation notices — Wyrm 6.18 bridge release (BROOD Phase F1, T007).
- *
- * 100% ADDITIVE on the 6.x surface: nothing here changes tool behavior,
- * names, schemas, or profiles. This module is the single registry for the
- * 22 CLI-exile candidates (spec FR-4: 18 operator tools + the device-egress
- * quartet) and emits three kinds of forward-compat warnings:
- *
- *  1. A description SUFFIX merged into tools/list at build time
- *     (`applyDeprecationNotices`, wired in the ListToolsRequestSchema
- *     handler next to `annotateTools`).
- *  2. A ONE-TIME-per-tool stderr note when a deprecated tool is invoked via
- *     MCP (`noteDeprecatedToolInvocation`, wired at the top of the CallTool
- *     handler). Failure-isolated: it can never block or break a call.
- *  (The 6.18 bridge also carried a ONE-TIME `WYRM_PROFILE=full` notice —
- *  removed at T022 when `full` became the permanent synonym of `legacy` it
- *  announced; see tool-profiles.ts.)
- *
- * (wyrm-http — the legacy HTTP server the 6.18 bridge warned about — was
- * DELETED at 7.0.0/T033; its T005 access log recorded zero traffic. `wyrm
- * serve` (http-fast) is the maintained HTTP surface.)
- *
- * CLI commands follow the spec FR-4 / T023 disposition: `wyrm
- * setup|embed|sync|cloud` already exist; `wyrm
- * license|activate|index|update|prompt|hours|invoice|agent` ship with T023.
- * In 7.0 the MCP aliases for these names return a structured redirect to the
- * exact command below — EXCEPT `wyrm_cloud_backup` and `wyrm_sync_export`,
- * which stay FUNCTIONAL through 7.0.x with a published sunset so scheduled
- * backups never silently stop.
- *
- * All output goes to STDERR only (stdout is the MCP wire on stdio).
- */
-// T023: the structured redirect rides the single T019 error dual-emit, so
-// text/structured can never drift (render.ts imports nothing from here — no cycle).
-import { renderErrorResponse } from './render.js';
-/** The 22 CLI-exile candidates (spec FR-4): 18 operator + 4 device-egress. */
-export const CLI_EXILE_TOOLS = {
-    // ── 18 operator tools ──────────────────────────────────────────────────
-    wyrm_setup: { cli: "wyrm setup" },
-    wyrm_embed: { cli: "wyrm embed" },
-    wyrm_inject_prompt: { cli: "wyrm prompt inject" },
-    wyrm_migrate_prompt: { cli: "wyrm prompt migrate" },
-    wyrm_check_update: { cli: "wyrm update --check" },
-    wyrm_self_update: { cli: "wyrm update" },
-    wyrm_vector_setup: { cli: "wyrm index setup" },
-    // reindex's long-running form also survives inside wyrm_maintenance (FR-3).
-    wyrm_reindex: { cli: "wyrm index rebuild" },
-    wyrm_encrypt_setup: { cli: "wyrm setup --encrypt" },
-    wyrm_license: { cli: "wyrm license" },
-    wyrm_activate: { cli: "wyrm activate <key>" },
-    wyrm_hours_report: { cli: "wyrm hours report" },
-    wyrm_invoice_generate: { cli: "wyrm invoice generate" },
-    wyrm_agent_init: { cli: "wyrm agent init" },
-    wyrm_agent_status: { cli: "wyrm agent status" },
-    wyrm_agent_stop: { cli: "wyrm agent stop" },
-    wyrm_agent_restart: { cli: "wyrm agent restart" },
-    wyrm_intro: { cli: "wyrm intro" },
-    // ── device-egress quartet ──────────────────────────────────────────────
-    wyrm_sync_export: { cli: "wyrm sync export --out <path>", functionalThrough: "7.0.x" },
-    wyrm_sync_import: { cli: "wyrm sync import --from <path>" },
-    wyrm_cloud_backup: { cli: "wyrm cloud backup", functionalThrough: "7.0.x" },
-    wyrm_cloud_sync: { cli: "wyrm cloud sync" },
-};
-/**
- * The description suffix advertised on a deprecated tool, or '' for
- * non-deprecated tools. Exact format pinned by tests.
- */
-export function deprecationSuffix(name) {
-    const entry = CLI_EXILE_TOOLS[name];
-    if (!entry)
-        return "";
-    const grace = entry.functionalThrough
-        ? ` — remains functional through ${entry.functionalThrough}`
-        : "";
-    return ` [Deprecated in v7 → use the wyrm CLI: ${entry.cli}${grace}]`;
-}
-/**
- * Append the deprecation suffix to each CLI-exile tool's description.
- * Non-mutating; unknown tools pass through untouched. Never throws.
- */
-export function applyDeprecationNotices(tools) {
-    return tools.map((tool) => {
-        const suffix = deprecationSuffix(tool.name);
-        if (!suffix)
-            return tool;
-        return { ...tool, description: `${tool.description ?? ""}${suffix}` };
-    });
-}
-// One-time-per-process warning state (per tool name).
-const warnedTools = new Set();
-/** Test hook: reset the one-time warning state. */
-export function _resetDeprecationWarningsForTests() {
-    warnedTools.clear();
-}
-/**
- * One-time stderr note when a CLI-exile tool is invoked via MCP.
- * Failure-isolated: never throws, never blocks the call.
- */
-export function noteDeprecatedToolInvocation(name) {
-    try {
-        const entry = CLI_EXILE_TOOLS[name];
-        if (!entry || warnedTools.has(name))
-            return;
-        warnedTools.add(name);
-        const grace = entry.functionalThrough
-            ? ` This name stays functional through ${entry.functionalThrough} (published sunset) so scheduled jobs never silently stop.`
-            : "";
-        process.stderr.write(`[wyrm] DEPRECATION: '${name}' moves off MCP to the wyrm CLI in 7.0 — use: ${entry.cli}.` +
-            ` Behavior is unchanged in 6.18.${grace}\n`);
-    }
-    catch {
-        /* warnings must never break a tool call */
-    }
-}
-// v7 F3 (T022): noteFullProfileDeprecation() (the 6.18 bridge notice) is
-// GONE — WYRM_PROFILE=full is now the permanent synonym of 'legacy' it
-// announced (tool-profiles.ts resolveProfile), and full has always meant
-// "every tool", so there is nothing left to warn about.
-// ── v7 F3 (T023): the structured CLI-exile redirect ─────────────────────────
-//
-// In 7.0 the MCP aliases for the names above stop executing and return this
-// structured redirect instead (spec FR-4 / §6: "~22 operator/egress names
-// return a structured redirect to their exact `wyrm` CLI replacement").
-// EXCEPTION: the functionalThrough pair (cloud_backup / sync_export) keeps
-// EXECUTING through 7.0.x with the published sunset — scheduled backups never
-// silently stop. isHardCliExile() is the dispatcher's gate.
-/** Machine-readable code for a CLI-exile redirect. Deliberately distinct from
- * WYRM_BUSY (retry as-is) and WYRM_VALIDATION (correct an argument): a CLI
- * exile is NEVER satisfiable over MCP — the contract is "run this command". */
-export const WYRM_CLI_EXILE_CODE = 'WYRM_CLI_EXILE';
-/** True iff `name` is CLI-exiled AND past its grace window — i.e. the MCP
- * alias returns the structured redirect instead of executing. The
- * functionalThrough pair (cloud_backup/sync_export) returns false: they stay
- * functional through 7.0.x (published sunset). */
-export function isHardCliExile(name) {
-    const entry = CLI_EXILE_TOOLS[name];
-    return entry !== undefined && entry.functionalThrough === undefined;
-}
-/** Build the redirect body. Deterministic (Article VIII: same name, same bytes). */
-export function cliExileRedirectBody(name) {
-    const entry = CLI_EXILE_TOOLS[name];
-    if (!entry)
-        throw new Error(`cliExileRedirectBody: '${name}' is not a CLI-exile tool`);
-    return {
-        error: {
-            code: WYRM_CLI_EXILE_CODE,
-            message: `${name} moved off MCP in 7.0 — run: ${entry.cli}`,
-            retryable: false,
-        },
-        cli: entry.cli,
-        tool: name,
-        expected: `This operator/egress tool is CLI-exiled (spec FR-4): its MCP alias never executes in 7.0. ` +
-            `Run \`${entry.cli}\` from a shell instead — do not retry this MCP call (the redirect is ` +
-            `deterministic). The wyrm CLI ships the full replacement; \`wyrm --help\` lists it.`,
-    };
-}
-/** The full dual-emit MCP response for a CLI-exile redirect — `isError:true`,
- * text = JSON of the SAME body riding structuredContent (the T019 renderer). */
-export function cliExileRedirectResponse(name) {
-    return renderErrorResponse(cliExileRedirectBody(name));
-}
-//# sourceMappingURL=deprecations.js.map
+import{renderErrorResponse as c}from"./render.js";const i={wyrm_setup:{cli:"wyrm setup"},wyrm_embed:{cli:"wyrm embed"},wyrm_inject_prompt:{cli:"wyrm prompt inject"},wyrm_migrate_prompt:{cli:"wyrm prompt migrate"},wyrm_check_update:{cli:"wyrm update --check"},wyrm_self_update:{cli:"wyrm update"},wyrm_vector_setup:{cli:"wyrm index setup"},wyrm_reindex:{cli:"wyrm index rebuild"},wyrm_encrypt_setup:{cli:"wyrm setup --encrypt"},wyrm_license:{cli:"wyrm license"},wyrm_activate:{cli:"wyrm activate <key>"},wyrm_hours_report:{cli:"wyrm hours report"},wyrm_invoice_generate:{cli:"wyrm invoice generate"},wyrm_agent_init:{cli:"wyrm agent init"},wyrm_agent_status:{cli:"wyrm agent status"},wyrm_agent_stop:{cli:"wyrm agent stop"},wyrm_agent_restart:{cli:"wyrm agent restart"},wyrm_intro:{cli:"wyrm intro"},wyrm_sync_export:{cli:"wyrm sync export --out <path>",functionalThrough:"7.0.x"},wyrm_sync_import:{cli:"wyrm sync import --from <path>"},wyrm_cloud_backup:{cli:"wyrm cloud backup",functionalThrough:"7.0.x"},wyrm_cloud_sync:{cli:"wyrm cloud sync"}};function o(r){const e=i[r];if(!e)return"";const t=e.functionalThrough?` \u2014 remains functional through ${e.functionalThrough}`:"";return` [Deprecated in v7 \u2192 use the wyrm CLI: ${e.cli}${t}]`}function y(r){return r.map(e=>{const t=o(e.name);return t?{...e,description:`${e.description??""}${t}`}:e})}const n=new Set;function m(){n.clear()}function a(r){try{const e=i[r];if(!e||n.has(r))return;n.add(r);const t=e.functionalThrough?` This name stays functional through ${e.functionalThrough} (published sunset) so scheduled jobs never silently stop.`:"";process.stderr.write(`[wyrm] DEPRECATION: '${r}' moves off MCP to the wyrm CLI in 7.0 \u2014 use: ${e.cli}. Behavior is unchanged in 6.18.${t}
+`)}catch{}}const s="WYRM_CLI_EXILE";function p(r){const e=i[r];return e!==void 0&&e.functionalThrough===void 0}function l(r){const e=i[r];if(!e)throw new Error(`cliExileRedirectBody: '${r}' is not a CLI-exile tool`);return{error:{code:s,message:`${r} moved off MCP in 7.0 \u2014 run: ${e.cli}`,retryable:!1},cli:e.cli,tool:r,expected:`This operator/egress tool is CLI-exiled (spec FR-4): its MCP alias never executes in 7.0. Run \`${e.cli}\` from a shell instead \u2014 do not retry this MCP call (the redirect is deterministic). The wyrm CLI ships the full replacement; \`wyrm --help\` lists it.`}}function w(r){return c(l(r))}export{i as CLI_EXILE_TOOLS,s as WYRM_CLI_EXILE_CODE,m as _resetDeprecationWarningsForTests,y as applyDeprecationNotices,l as cliExileRedirectBody,w as cliExileRedirectResponse,o as deprecationSuffix,p as isHardCliExile,a as noteDeprecatedToolInvocation};

package/dist/design.js

@@ -1,38 +1,4 @@
-/**
- * Design tokens + references (5.9.0 — creative workflow).
- *
- * Design tokens store a project's design system primitives (colour /
- * type / spacing / motion / etc.) as first-class data so AI helpers
- * working on creative tasks don't have to re-derive the system from
- * scattered CSS or memory artifacts on every call.
- *
- * Design references store inspiration / mood-board URLs and image paths
- * with tags, so a designer accreting visual references over time has a
- * searchable library.
- *
- * @copyright 2026 Ghost Protocol (Pvt) Ltd.
- * @license AGPL-3.0-or-later — dual-licensed; commercial terms: ghosts.lk@proton.me. See LICENSE.
- */
-const VALID_CATEGORIES = new Set([
-    'color', 'type', 'spacing', 'motion', 'shadow', 'radius', 'breakpoint', 'custom',
-]);
-const VALID_REF_KINDS = new Set([
-    'url', 'image', 'palette', 'snippet',
-]);
-export class DesignSystem {
-    db;
-    constructor(db) {
-        this.db = db;
-    }
-    // ---------- Tokens ----------
-    setToken(input) {
-        if (!VALID_CATEGORIES.has(input.category)) {
-            throw new Error(`invalid category: ${input.category} (must be one of ${[...VALID_CATEGORIES].join(', ')})`);
-        }
-        if (!input.key || !input.value) {
-            throw new Error('key and value are required');
-        }
-        this.db.prepare(`
+const a=new Set(["color","type","spacing","motion","shadow","radius","breakpoint","custom"]),d=new Set(["url","image","palette","snippet"]);class E{db;constructor(e){this.db=e}setToken(e){if(!a.has(e.category))throw new Error(`invalid category: ${e.category} (must be one of ${[...a].join(", ")})`);if(!e.key||!e.value)throw new Error("key and value are required");return this.db.prepare(`
       INSERT INTO design_tokens (project_id, category, key, value, notes, source)
       VALUES (?, ?, ?, ?, ?, ?)
       ON CONFLICT(project_id, category, key) DO UPDATE SET
@@ -40,135 +6,41 @@ export class DesignSystem {
         notes = excluded.notes,
         source = excluded.source,
         updated_at = datetime('now')
-    `).run(input.projectId, input.category, input.key, input.value, input.notes ?? null, input.source ?? 'user');
-        return this.getToken(input.projectId, input.category, input.key);
-    }
-    getToken(projectId, category, key) {
-        const row = this.db.prepare(`
+    `).run(e.projectId,e.category,e.key,e.value,e.notes??null,e.source??"user"),this.getToken(e.projectId,e.category,e.key)}getToken(e,r,t){return this.db.prepare(`
       SELECT * FROM design_tokens
       WHERE project_id = ? AND category = ? AND key = ?
-    `).get(projectId, category, key);
-        return row ?? null;
-    }
-    listTokens(projectId, category) {
-        if (category) {
-            return this.db.prepare(`
+    `).get(e,r,t)??null}listTokens(e,r){return r?this.db.prepare(`
         SELECT * FROM design_tokens
         WHERE project_id = ? AND category = ?
         ORDER BY key
-      `).all(projectId, category);
-        }
-        return this.db.prepare(`
+      `).all(e,r):this.db.prepare(`
       SELECT * FROM design_tokens
       WHERE project_id = ?
       ORDER BY category, key
-    `).all(projectId);
-    }
-    deleteToken(projectId, category, key) {
-        const result = this.db.prepare(`
+    `).all(e)}deleteToken(e,r,t){return(this.db.prepare(`
       DELETE FROM design_tokens
       WHERE project_id = ? AND category = ? AND key = ?
-    `).run(projectId, category, key);
-        return (result.changes ?? 0) > 0;
-    }
-    /**
-     * Render the token set as a markdown table grouped by category — handy
-     * for folding into context briefs.
-     */
-    formatForContext(projectId) {
-        const tokens = this.listTokens(projectId);
-        if (tokens.length === 0)
-            return '';
-        const byCategory = new Map();
-        for (const t of tokens) {
-            const arr = byCategory.get(t.category) ?? [];
-            arr.push(t);
-            byCategory.set(t.category, arr);
-        }
-        const lines = [];
-        lines.push('### 🎨 Design tokens');
-        for (const [cat, items] of byCategory) {
-            lines.push('');
-            lines.push(`**${cat}:**`);
-            for (const t of items) {
-                lines.push(`- \`${t.key}\` = \`${t.value}\`${t.notes ? ` — ${t.notes}` : ''}`);
-            }
-        }
-        return lines.join('\n');
-    }
-    // ---------- References ----------
-    addReference(input) {
-        if (!VALID_REF_KINDS.has(input.kind)) {
-            throw new Error(`invalid kind: ${input.kind} (must be one of ${[...VALID_REF_KINDS].join(', ')})`);
-        }
-        if (!input.location) {
-            throw new Error('location is required');
-        }
-        const result = this.db.prepare(`
+    `).run(e,r,t).changes??0)>0}formatForContext(e){const r=this.listTokens(e);if(r.length===0)return"";const t=new Map;for(const s of r){const o=t.get(s.category)??[];o.push(s),t.set(s.category,o)}const n=[];n.push("### \u{1F3A8} Design tokens");for(const[s,o]of t){n.push(""),n.push(`**${s}:**`);for(const c of o)n.push(`- \`${c.key}\` = \`${c.value}\`${c.notes?` \u2014 ${c.notes}`:""}`)}return n.join(`
+`)}addReference(e){if(!d.has(e.kind))throw new Error(`invalid kind: ${e.kind} (must be one of ${[...d].join(", ")})`);if(!e.location)throw new Error("location is required");const r=this.db.prepare(`
       INSERT INTO design_references (project_id, kind, location, title, notes, tags)
       VALUES (?, ?, ?, ?, ?, ?)
-    `).run(input.projectId ?? null, input.kind, input.location, input.title ?? null, input.notes ?? null, input.tags ?? null);
-        return this.getReference(Number(result.lastInsertRowid));
-    }
-    getReference(id) {
-        const row = this.db.prepare(`SELECT * FROM design_references WHERE id = ?`).get(id);
-        return row ?? null;
-    }
-    listReferences(opts = {}) {
-        const limit = Math.min(opts.limit ?? 50, 200);
-        if (opts.tag) {
-            const tagPattern = `%${opts.tag}%`;
-            if (opts.projectId != null) {
-                return this.db.prepare(`
+    `).run(e.projectId??null,e.kind,e.location,e.title??null,e.notes??null,e.tags??null);return this.getReference(Number(r.lastInsertRowid))}getReference(e){return this.db.prepare("SELECT * FROM design_references WHERE id = ?").get(e)??null}listReferences(e={}){const r=Math.min(e.limit??50,200);if(e.tag){const t=`%${e.tag}%`;return e.projectId!=null?this.db.prepare(`
           SELECT * FROM design_references
           WHERE project_id = ? AND tags LIKE ?
           ORDER BY captured_at DESC LIMIT ?
-        `).all(opts.projectId, tagPattern, limit);
-            }
-            return this.db.prepare(`
+        `).all(e.projectId,t,r):this.db.prepare(`
         SELECT * FROM design_references
         WHERE tags LIKE ?
         ORDER BY captured_at DESC LIMIT ?
-      `).all(tagPattern, limit);
-        }
-        if (opts.projectId != null) {
-            return this.db.prepare(`
+      `).all(t,r)}return e.projectId!=null?this.db.prepare(`
         SELECT * FROM design_references
         WHERE project_id = ?
         ORDER BY captured_at DESC LIMIT ?
-      `).all(opts.projectId, limit);
-        }
-        return this.db.prepare(`
+      `).all(e.projectId,r):this.db.prepare(`
       SELECT * FROM design_references
       ORDER BY captured_at DESC LIMIT ?
-    `).all(limit);
-    }
-    searchReferences(query, opts = {}) {
-        const limit = Math.min(opts.limit ?? 20, 100);
-        // FTS5 lookup, joined back to design_references for the full rows.
-        const baseQuery = `
+    `).all(r)}searchReferences(e,r={}){const t=Math.min(r.limit??20,100),n=`
       SELECT dr.* FROM design_references_fts ft
       JOIN design_references dr ON dr.id = ft.rowid
       WHERE design_references_fts MATCH ?
-    `;
-        if (opts.projectId != null) {
-            return this.db.prepare(`${baseQuery} AND dr.project_id = ? ORDER BY dr.captured_at DESC LIMIT ?`)
-                .all(query, opts.projectId, limit);
-        }
-        return this.db.prepare(`${baseQuery} ORDER BY dr.captured_at DESC LIMIT ?`)
-            .all(query, limit);
-    }
-    deleteReference(id) {
-        const result = this.db.prepare(`DELETE FROM design_references WHERE id = ?`).run(id);
-        return (result.changes ?? 0) > 0;
-    }
-    countReferences(projectId) {
-        if (projectId != null) {
-            const row = this.db.prepare(`SELECT COUNT(*) AS n FROM design_references WHERE project_id = ?`).get(projectId);
-            return row.n;
-        }
-        const row = this.db.prepare(`SELECT COUNT(*) AS n FROM design_references`).get();
-        return row.n;
-    }
-}
-//# sourceMappingURL=design.js.map
+    `;return r.projectId!=null?this.db.prepare(`${n} AND dr.project_id = ? ORDER BY dr.captured_at DESC LIMIT ?`).all(e,r.projectId,t):this.db.prepare(`${n} ORDER BY dr.captured_at DESC LIMIT ?`).all(e,t)}deleteReference(e){return(this.db.prepare("DELETE FROM design_references WHERE id = ?").run(e).changes??0)>0}countReferences(e){return e!=null?this.db.prepare("SELECT COUNT(*) AS n FROM design_references WHERE project_id = ?").get(e).n:this.db.prepare("SELECT COUNT(*) AS n FROM design_references").get().n}}export{E as DesignSystem};

package/dist/event-replication.js

@@ -1,112 +1 @@
-/**
- * Live Memory v6.4 (Phase 3) — cross-device event replication.
- *
- * A Wyrm node syncs with a PEER node over the Phase-2 HTTP surface — no separate
- * cloud relay required, the peer is just another Wyrm HTTP server (`wyrm serve`):
- *   - PULL: GET  peer `/events?project=…&since=<pull-watermark>` → ingest each.
- *   - PUSH: POST peer `/events` with our shared events newer than <push-watermark>.
- *
- * Privacy: only `is_shared = 1` events are ever collected for push, and
- * reference-only rows keep `payload_json = NULL` — protected data never leaves
- * the box. Dedup + echo-suppression happen on the receiving side
- * (`ingestRemoteEvent`), so re-delivery and round-trips are no-ops. Events are
- * append-only, so there are no merge conflicts.
- *
- * The DB dependency is a structural interface (`ReplDb`) and `fetch` is injected,
- * so this whole module is unit-testable with a fake peer and no real sockets.
- *
- * @copyright 2026 Ghost Protocol (Pvt) Ltd.
- * @license AGPL-3.0-or-later — dual-licensed; commercial terms: ghosts.lk@proton.me. See LICENSE.
- */
-import { logger } from './logger.js';
-import { guardedFetchJson, checkPeerUrl } from './repl-guard.js';
-const PUSH_LIMIT = 500;
-const pushKey = (p) => `repl:push:${p.baseUrl}:${p.localProjectId}`;
-const pullKey = (p) => `repl:pull:${p.baseUrl}:${p.localProjectId}`;
-const toInt = (v) => Number.parseInt(v || '0', 10) || 0;
-function authHeaders(token) {
-    const h = { 'Content-Type': 'application/json' };
-    if (token)
-        h['Authorization'] = `Bearer ${token}`;
-    return h;
-}
-/** Map a stored event to the wire shape; the peer records OUR cursor as its `cloud_cursor`. */
-function toRemote(e) {
-    return {
-        origin_device: e.origin_device, origin_seq: e.origin_seq, cloud_cursor: e.cursor,
-        kind: e.kind, ref_table: e.ref_table, ref_id: e.ref_id, actor: e.actor,
-        is_shared: e.is_shared, payload_json: e.payload_json, created_at: e.created_at,
-    };
-}
-/** PUSH local shared events newer than our push-watermark to the peer. */
-export async function pushSharedEvents(db, peer, fetchImpl) {
-    const pre = checkPeerUrl(peer.baseUrl);
-    if (!pre.ok)
-        return { pushed: 0, error: `push: ${pre.reason}` };
-    const since = toInt(db.getMeta(pushKey(peer)));
-    const batch = db.eventsForPush(peer.localProjectId, since, PUSH_LIMIT);
-    if (batch.length === 0)
-        return { pushed: 0 };
-    try {
-        // guardedFetchJson enforces scheme/host allowlist, no-redirect, timeout, bounded body.
-        await guardedFetchJson(fetchImpl, peer.baseUrl, '/events', {
-            method: 'POST', headers: authHeaders(peer.token),
-            body: JSON.stringify({ project: peer.remoteProject, events: batch.map(toRemote) }),
-        });
-        // Advance the watermark only on a confirmed 2xx (ingest is idempotent, so a
-        // retried push that double-sends is harmless on the peer).
-        db.setMeta(pushKey(peer), String(batch[batch.length - 1].cursor));
-        return { pushed: batch.length };
-    }
-    catch (err) {
-        const msg = err instanceof Error ? err.message : String(err);
-        logger.warn('live-memory: push failed', { peer: peer.baseUrl, err: msg });
-        return { pushed: 0, error: `push: ${msg}` };
-    }
-}
-/** PULL peer events newer than our pull-watermark and ingest them. */
-export async function pullPeerEvents(db, peer, fetchImpl) {
-    const since = toInt(db.getMeta(pullKey(peer)));
-    try {
-        // `shared=1`: only the peer's shareable events — its private events stay on its box.
-        const path = `/events?project=${encodeURIComponent(peer.remoteProject)}&since=${since}&limit=${PUSH_LIMIT}&shared=1`;
-        const data = (await guardedFetchJson(fetchImpl, peer.baseUrl, path, {
-            method: 'GET', headers: authHeaders(peer.token),
-        }));
-        // Defend against a hostile/buggy peer: keep only well-shaped events with a
-        // finite numeric cursor, and never ingest more than we asked for.
-        const events = (Array.isArray(data.events) ? data.events : [])
-            .filter((e) => !!e && typeof e === 'object' && Number.isFinite(e.cursor))
-            .slice(0, PUSH_LIMIT);
-        let pulled = 0, duplicates = 0, echoes = 0;
-        let maxCursor = since;
-        for (const e of events) {
-            const r = db.ingestRemoteEvent(peer.localProjectId, { ...toRemote(e), cloud_cursor: e.cursor });
-            if (r === 'inserted')
-                pulled++;
-            else if (r === 'echo')
-                echoes++;
-            else
-                duplicates++;
-            if (e.cursor > maxCursor)
-                maxCursor = e.cursor;
-        }
-        // Advance the watermark ONLY from cursors we actually received — NEVER from a
-        // peer-claimed `cursor` scalar. An empty or forged response can't skip us forward.
-        db.setMeta(pullKey(peer), String(maxCursor));
-        return { pulled, duplicates, echoes };
-    }
-    catch (err) {
-        const msg = err instanceof Error ? err.message : String(err);
-        logger.warn('live-memory: pull failed', { peer: peer.baseUrl, err: msg });
-        return { pulled: 0, duplicates: 0, echoes: 0, error: `pull: ${msg}` };
-    }
-}
-/** One-shot replication with a peer: pull, then push. Never throws. */
-export async function replicateOnce(db, peer, fetchImpl) {
-    const pull = await pullPeerEvents(db, peer, fetchImpl);
-    const push = await pushSharedEvents(db, peer, fetchImpl);
-    const errors = [pull.error, push.error].filter((e) => Boolean(e));
-    return { pulled: pull.pulled, pushed: push.pushed, duplicates: pull.duplicates, echoes: pull.echoes, errors };
-}
-//# sourceMappingURL=event-replication.js.map
+import{logger as f}from"./logger.js";import{guardedFetchJson as m,checkPeerUrl as P}from"./repl-guard.js";const u=500,g=e=>`repl:push:${e.baseUrl}:${e.localProjectId}`,y=e=>`repl:pull:${e.baseUrl}:${e.localProjectId}`,_=e=>Number.parseInt(e||"0",10)||0;function v(e){const r={"Content-Type":"application/json"};return e&&(r.Authorization=`Bearer ${e}`),r}function j(e){return{origin_device:e.origin_device,origin_seq:e.origin_seq,cloud_cursor:e.cursor,kind:e.kind,ref_table:e.ref_table,ref_id:e.ref_id,actor:e.actor,is_shared:e.is_shared,payload_json:e.payload_json,created_at:e.created_at}}async function $(e,r,a){const o=P(r.baseUrl);if(!o.ok)return{pushed:0,error:`push: ${o.reason}`};const s=_(e.getMeta(g(r))),t=e.eventsForPush(r.localProjectId,s,u);if(t.length===0)return{pushed:0};try{return await m(a,r.baseUrl,"/events",{method:"POST",headers:v(r.token),body:JSON.stringify({project:r.remoteProject,events:t.map(j)})}),e.setMeta(g(r),String(t[t.length-1].cursor)),{pushed:t.length}}catch(c){const i=c instanceof Error?c.message:String(c);return f.warn("live-memory: push failed",{peer:r.baseUrl,err:i}),{pushed:0,error:`push: ${i}`}}}async function U(e,r,a){const o=_(e.getMeta(y(r)));try{const s=`/events?project=${encodeURIComponent(r.remoteProject)}&since=${o}&limit=${u}&shared=1`,t=await m(a,r.baseUrl,s,{method:"GET",headers:v(r.token)}),c=(Array.isArray(t.events)?t.events:[]).filter(n=>!!n&&typeof n=="object"&&Number.isFinite(n.cursor)).slice(0,u);let i=0,d=0,h=0,l=o;for(const n of c){const p=e.ingestRemoteEvent(r.localProjectId,{...j(n),cloud_cursor:n.cursor});p==="inserted"?i++:p==="echo"?h++:d++,n.cursor>l&&(l=n.cursor)}return e.setMeta(y(r),String(l)),{pulled:i,duplicates:d,echoes:h}}catch(s){const t=s instanceof Error?s.message:String(s);return f.warn("live-memory: pull failed",{peer:r.baseUrl,err:t}),{pulled:0,duplicates:0,echoes:0,error:`pull: ${t}`}}}async function S(e,r,a){const o=await U(e,r,a),s=await $(e,r,a),t=[o.error,s.error].filter(c=>!!c);return{pulled:o.pulled,pushed:s.pushed,duplicates:o.duplicates,echoes:o.echoes,errors:t}}export{U as pullPeerEvents,$ as pushSharedEvents,S as replicateOnce};

package/dist/events-sse.js

@@ -1,43 +1,7 @@
-/**
- * Live Memory v6.4 (Phase 2) — SSE framing + cursor-resume helpers.
- *
- * Pure functions, no DB/HTTP imports. Kept in their own module so they can be
- * unit-tested in isolation. (Historical: importing `http-fast.ts` used to run
- * a top-level `new WyrmDB()` and open the real ~/.wyrm/wyrm.db at module
- * load; v7 F2 T012 made that open lazy, but small pure modules remain the
- * right unit-test surface.)
- *
- * @copyright 2026 Ghost Protocol (Pvt) Ltd.
- * @license AGPL-3.0-or-later — dual-licensed; commercial terms: ghosts.lk@proton.me. See LICENSE.
- */
-/**
- * Serialize one event as an SSE frame. The `id:` line is the event cursor, so a
- * dropped client reconnects with `Last-Event-ID: <cursor>` and resumes exactly
- * where it left off. `kind` becomes the `event:` type; newlines are stripped so
- * a malformed kind can't inject extra SSE fields.
- */
-export function sseFrame(ev) {
-    const kind = String(ev.kind).replace(/[\r\n]/g, ' ');
-    return `id: ${ev.cursor}\nevent: ${kind}\ndata: ${JSON.stringify(ev)}\n\n`;
-}
-/** An SSE keep-alive comment line (ignored by clients, keeps the socket warm). */
-export const SSE_KEEPALIVE = ': ka\n\n';
-/**
- * Resolve the cursor an SSE / pull client should start from.
- * Precedence: SSE reconnect `Last-Event-ID` header → `?since=` query param → 0.
- * Always returns a finite integer ≥ 0 (defends against negative, NaN, and the
- * `string[]` shape Node uses for repeated headers). A present-but-garbage
- * Last-Event-ID falls through to `since` rather than silently resetting to 0.
- */
-export function resolveStartCursor(lastEventId, sinceParam) {
-    const fromHeader = Array.isArray(lastEventId) ? lastEventId[0] : lastEventId;
-    for (const raw of [fromHeader, sinceParam]) {
-        if (raw === undefined || raw === null || raw === '')
-            continue;
-        const n = Number.parseInt(String(raw), 10);
-        if (Number.isFinite(n) && n >= 0)
-            return n;
-    }
-    return 0;
-}
-//# sourceMappingURL=events-sse.js.map
+function o(r){const e=String(r.kind).replace(/[\r\n]/g," ");return`id: ${r.cursor}
+event: ${e}
+data: ${JSON.stringify(r)}
+
+`}const s=`: ka
+
+`;function u(r,e){const i=Array.isArray(r)?r[0]:r;for(const n of[i,e]){if(n==null||n==="")continue;const t=Number.parseInt(String(n),10);if(Number.isFinite(t)&&t>=0)return t}return 0}export{s as SSE_KEEPALIVE,u as resolveStartCursor,o as sseFrame};