wyrm-mcp 7.2.0 → 7.2.2

package/dist/failure-patterns.js

@@ -1,140 +1,21 @@
-/**
- * Failure Patterns — Counter-pattern detection.
- *
- * Records edits / commands / prompts that failed so the predictive push
- * can BLOCK the same suggestion mid-stream the next time it surfaces.
- * Most "memory" tools only learn from success; Wyrm learns from failure too.
- *
- * Keyed on `(signature, scope)` so semantically-identical failures
- * coalesce — re-recording the same failure increments `occurrences`
- * rather than creating a new row.
- *
- * @copyright 2026 Ghost Protocol (Pvt) Ltd.
- * @license AGPL-3.0-or-later — dual-licensed; commercial terms: ghosts.lk@proton.me. See LICENSE.
- */
-import { sanitizeFtsQuery } from './security.js';
-import { emitEvent, isLiveMemoryEnabled } from './events.js';
-import { getActor, hasExplicitAttribution } from './handlers/boundary.js';
-import { readActor, resolveAttribution } from './attribution.js';
-/** Quarantine tier ordering for monotonic promotion: widen-only, never narrow. */
-const TIER_RANK = { run: 0, project: 1, global: 2 };
-/** targetIdentityMatches: hard bound on rows pulled from the signature-prefix
- * range BEFORE the identity filter — a fixed work budget (the guard's ~200ms
- * discipline), index-bounded by the range itself. Past it the lookup degrades
- * toward fail-open (a miss), never toward a false block. */
-const IDENTITY_SCAN_CAP = 200;
-/** targetIdentityMatches: result cap AFTER the identity filter (parity with
- * query()'s LIMIT 5). Applied post-filter so same-prefix cousins can never
- * crowd a genuinely identical-target row out of the verdict. */
-const IDENTITY_MATCH_LIMIT = 5;
-/**
- * Render the failures view as the wyrm_stats prose (v7 F2, T017). Exported
- * standalone so the MCP handler AND bench/fleet-demo.mjs print the IDENTICAL
- * surface — the demo's output IS the tool's output by construction.
- */
-export function renderFailureStats(v) {
-    const scopeLine = (rec) => Object.entries(rec).filter(([, n]) => n > 0).map(([k, n]) => `${k} ${n}`).join(' · ') || 'none';
-    const bucketLine = (rows) => rows.map((r) => `${'who' in r ? r.who : r.run_id} ×${r.count}`).join(' · ') || 'none';
-    const thisRun = v.blocked.this_run.run_id === null
-        ? '- This run: (no run identity — export WYRM_RUN_ID or pass run_id)'
-        : `- This run (${v.blocked.this_run.run_id}): ${v.blocked.this_run.blocked} repeat(s) blocked`;
-    return (`󱅝 **Failure Analytics** (${v.project_id === null ? 'all projects' : `project #${v.project_id}`})\n\n` +
-        `**Recorded:** ${v.recorded.total} failure(s), ${v.recorded.unresolved} unresolved\n` +
-        `- By quarantine: ${scopeLine(v.recorded.by_quarantine_scope)}\n` +
-        `- By scope: ${scopeLine(v.recorded.by_scope)}\n` +
-        `- By agent: ${bucketLine(v.recorded.by_agent)}\n` +
-        `- By run: ${bucketLine(v.recorded.by_run)}\n\n` +
-        `**Confirmations:** ${v.confirmations.total} from ${v.confirmations.distinct_agents} distinct agent(s)\n\n` +
-        `**Repeats blocked:** ${v.blocked.total} total\n` +
-        `${thisRun}\n` +
-        `- By agent: ${bucketLine(v.blocked.by_agent)}\n` +
-        `- By run: ${bucketLine(v.blocked.by_run)}\n` +
-        `- Top blockers: ${v.blocked.top_blocked.map((t) => `#${t.failure_id} ${t.scope}:${t.target} ×${t.blocks}`).join(' · ') || 'none'}`);
-}
-/**
- * Deterministic match-tier confidence (Article III: never an LLM).
- *   - 'exact'  → 1.0: the coalescing signature itself matched — this IS the
- *                recorded failure.
- *   - 'target' → 0.95: scope+target identity (description-independent — the
- *                wyrm-guard block tier, v7 F2 review fix). Deterministic
- *                identity, strictly below 'exact' (the description was not
- *                compared) and strictly above every fuzzy score.
- *   - 'fuzzy'  → normalized FTS5 bm25. SQLite bm25() is "smaller is better"
- *                (negative for relevant rows; can go ≥0 when a term is in most
- *                rows). With r = max(0, -bm25):  0.05 + 0.85·r/(r+2),
- *                rounded to 4dp — monotone in relevance, range [0.05, 0.9),
- *                always strictly below the exact/target tiers.
- */
-export function matchConfidence(tier, bm25Rank) {
-    if (tier === 'exact')
-        return 1;
-    if (tier === 'target')
-        return 0.95;
-    const r = Math.max(0, -(bm25Rank ?? 0));
-    return Number((0.05 + 0.85 * (r / (r + 2))).toFixed(4));
-}
-/**
- * The FULL identity normalization: lowercase, whitespace runs collapsed,
- * trimmed — NO length cap. This is the truth predicate for target identity
- * (targetIdentityMatches and wyrm-guard's block tier): two targets are "the
- * same action" only when their FULL normalized strings are equal, however
- * long they are. Exported so the guard compares with exactly these semantics
- * instead of re-implementing them.
- */
-export function normalizeIdentity(s) {
-    return s.toLowerCase().replace(/\s+/g, ' ').trim();
-}
-/**
- * The signature normalization: normalizeIdentity capped at 200 chars. The cap
- * is a STORAGE/RECALL bound (it keeps stored signatures and their index keys
- * small), NOT an identity predicate: two different long targets can share
- * their first 200 normalized chars, so anything deciding "is this the same
- * target?" must compare normalizeIdentity (uncapped) forms. Exported (v7 F2,
- * T016) so wyrm-guard's range probes use EXACTLY the normalization baked into
- * every stored signature — re-implementing it there would drift.
- */
-export function normalizeSignal(s) {
-    return normalizeIdentity(s).slice(0, 200);
-}
-export class FailurePatterns {
-    db;
-    constructor(db) {
-        this.db = db;
-    }
-    /** Build a stable signature from scope+target+description, so repeated
-     * identical failures coalesce instead of creating new rows. */
-    static signature(scope, target, description) {
-        return `${scope}:${normalizeSignal(target)}:${normalizeSignal(description).slice(0, 80)}`;
-    }
-    /** Record (or increment) a failure. Returns the (new or updated) row.
-     *
-     * v7 F2 review fix: the whole write — dedup SELECT, UPDATE-or-INSERT, the
-     * confirmation row, and any auto-promotion — runs in ONE transaction
-     * declared IMMEDIATE. This closes two confirmed races at once:
-     *   1. SELECT-then-INSERT across processes: two agents first-recording the
-     *      same signature could both miss the SELECT — the loser threw an
-     *      unclassified SQLITE_CONSTRAINT_UNIQUE (losing its confirmation, the
-     *      very second-distinct-agent signal T015 promotion needs), and
-     *      project_id-NULL rows (NULLs are distinct under SQLite UNIQUE)
-     *      DUPLICATED, splitting confirmations so neither row ever reached the
-     *      n>=2 promotion bar. BEGIN IMMEDIATE takes the write lock before the
-     *      SELECT, so the dedup read always sees committed truth.
-     *   2. Multi-statement partial commit: a BUSY between the row write and
-     *      noteConfirmation() left the row committed while the structured
-     *      WYRM_BUSY body told the caller to retry — inflating occurrences.
-     *      Atomic record() makes "retrying is safe" true for this path.
-     */
-    record(input) {
-        const signature = FailurePatterns.signature(input.scope, input.target, input.description);
-        const projectId = input.project_id ?? null;
-        const ambient = getActor();
-        const persist = this.db.transaction(() => {
-            const existing = this.db.prepare(`
+import{sanitizeFtsQuery as I}from"./security.js";import{emitEvent as b,isLiveMemoryEnabled as A}from"./events.js";import{getActor as E,hasExplicitAttribution as j}from"./handlers/boundary.js";import{readActor as m,resolveAttribution as C}from"./attribution.js";const T={run:0,project:1,global:2},D=200,y=5;function W(a){const e=r=>Object.entries(r).filter(([,o])=>o>0).map(([o,c])=>`${o} ${c}`).join(" \xB7 ")||"none",t=r=>r.map(o=>`${"who"in o?o.who:o.run_id} \xD7${o.count}`).join(" \xB7 ")||"none",n=a.blocked.this_run.run_id===null?"- This run: (no run identity \u2014 export WYRM_RUN_ID or pass run_id)":`- This run (${a.blocked.this_run.run_id}): ${a.blocked.this_run.blocked} repeat(s) blocked`;return`\u{F115D} **Failure Analytics** (${a.project_id===null?"all projects":`project #${a.project_id}`})
+
+**Recorded:** ${a.recorded.total} failure(s), ${a.recorded.unresolved} unresolved
+- By quarantine: ${e(a.recorded.by_quarantine_scope)}
+- By scope: ${e(a.recorded.by_scope)}
+- By agent: ${t(a.recorded.by_agent)}
+- By run: ${t(a.recorded.by_run)}
+
+**Confirmations:** ${a.confirmations.total} from ${a.confirmations.distinct_agents} distinct agent(s)
+
+**Repeats blocked:** ${a.blocked.total} total
+${n}
+- By agent: ${t(a.blocked.by_agent)}
+- By run: ${t(a.blocked.by_run)}
+- Top blockers: ${a.blocked.top_blocked.map(r=>`#${r.failure_id} ${r.scope}:${r.target} \xD7${r.blocks}`).join(" \xB7 ")||"none"}`}function M(a,e){if(a==="exact")return 1;if(a==="target")return .95;const t=Math.max(0,-(e??0));return Number((.05+.85*(t/(t+2))).toFixed(4))}function h(a){return a.toLowerCase().replace(/\s+/g," ").trim()}function g(a){return h(a).slice(0,200)}class O{db;constructor(e){this.db=e}static signature(e,t,n){return`${e}:${g(t)}:${g(n).slice(0,80)}`}record(e){const t=O.signature(e.scope,e.target,e.description),n=e.project_id??null,r=E(),c=this.db.transaction(()=>{const i=this.db.prepare(`
         SELECT * FROM failure_patterns
         WHERE signature = ? AND (project_id IS ? OR project_id = ?)
-      `).get(signature, projectId, projectId);
-            if (existing) {
-                this.db.prepare(`
+      `).get(t,n,n);if(i)return this.db.prepare(`
           UPDATE failure_patterns
           SET occurrences = occurrences + 1,
               last_seen = datetime('now'),
@@ -142,202 +23,21 @@ export class FailurePatterns {
               severity = ?,
               resolved = 0
           WHERE id = ?
-        `).run(input.why_failed ?? null, input.severity ?? existing.severity, existing.id);
-                // v7 F2 (T015): a re-record by a KNOWN agent is a CONFIRMATION of the
-                // pattern — the debrief-independent "≥2 distinct agent_id confirmations
-                // → auto-promote" path lives in noteConfirmation(). Fetch the row AFTER
-                // so a promotion triggered by this very confirmation is visible to the
-                // caller.
-                this.noteConfirmation(existing.id, ambient);
-                return this.get(existing.id);
-            }
-            // v7 F2 (T009): stamp the recording actor. The dedup UPDATE path above
-            // intentionally does NOT restamp — attribution names the first recorder
-            // (and keeps the first recorder's quarantine_scope: cross-run
-            // re-occurrences coalesce but do NOT widen authority — T015's ≥2-agent
-            // confirmation promotion owns widening).
-            //
-            // v7 F2 (T014) quarantine default, documented:
-            //   run_id present        → 'run'     (born in a fleet run: instantly
-            //                                      authoritative for same-run siblings,
-            //                                      quarantined from everyone else until
-            //                                      T015 promotion)
-            //   no run, project row   → 'project' (the 6.x reach: authoritative for
-            //                                      its whole project at once)
-            //   no run, NULL project  → 'global'  (6.x check() matched NULL-project
-            //                                      rows from EVERY project; plain
-            //                                      'project' would silently narrow
-            //                                      them — same rationale as the
-            //                                      migration-20 backfill)
-            const quarantine = input.quarantine_scope
-                ?? (ambient.run_id !== null ? 'run' : projectId === null ? 'global' : 'project');
-            const info = this.db.prepare(`
+        `).run(e.why_failed??null,e.severity??i.severity,i.id),this.noteConfirmation(i.id,r),this.get(i.id);const s=e.quarantine_scope??(r.run_id!==null?"run":n===null?"global":"project"),d=this.db.prepare(`
         INSERT INTO failure_patterns
           (project_id, signature, scope, target, description, why_failed, severity, agent_id, run_id, quarantine_scope)
         VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
-      `).run(projectId, signature, input.scope, input.target, input.description, input.why_failed ?? null, input.severity ?? 'medium', ambient.agent_id, ambient.run_id, quarantine);
-            const created = this.get(info.lastInsertRowid);
-            // v7 F2 (T015): the first recorder is confirmation #1 (a single agent can
-            // never auto-promote its own run-quarantined failure — that needs a
-            // SECOND distinct agent_id).
-            this.noteConfirmation(created.id, ambient);
-            return created;
-        });
-        const row = persist.immediate();
-        // Reference-only + private (isShared omitted): failure detail never
-        // replicates. Emitted AFTER commit (the sweepRunQuarantine pattern) so
-        // followers re-reading on the event always see the committed row.
-        emitEvent(this.db, { projectId: row.project_id ?? 0, kind: 'failure', refTable: 'failure_patterns', refId: row.id });
-        return row;
-    }
-    get(id) {
-        const row = this.db.prepare('SELECT * FROM failure_patterns WHERE id = ?').get(id);
-        return row ?? null;
-    }
-    // ── v7 F2 (T015): run-quarantine promotion (all debrief-INDEPENDENT) ──────
-    /**
-     * Confirmation ledger + the ≥2-distinct-agents auto-promotion path.
-     *
-     * Every record() of a signature by a KNOWN agent_id files one confirmation
-     * row in failure_confirmations (migration 21). PK (failure_id, agent_id)
-     * makes COUNT(*) the DISTINCT-agent count by construction: the same agent
-     * re-recording N times stays ONE confirmation, and unattributed re-records
-     * (ambient agent_id NULL) still increment occurrences but can never
-     * establish distinctness, so they never count.
-     *
-     * When a 'run'-quarantined failure reaches ≥2 distinct agents it
-     * auto-promotes to 'project' ('global' for project-NULL rows — see
-     * applyPromotion): two independent agents hitting the same wall is a real
-     * pattern, not single-agent run noise. Works with zero wyrm_run/debrief
-     * involvement (that tooling arrives in F3) and across runs — record()'s
-     * dedup matches by signature regardless of quarantine tier, so a sibling
-     * fleet independently re-hitting the failure confirms it too.
-     *
-     * Under-counts safely: two agents that BOTH fall back to the same
-     * clientInfo name (e.g. 'claude-code') collapse into one confirmation —
-     * the fallback can delay promotion, never force it.
-     */
-    noteConfirmation(failureId, ambient) {
-        if (ambient.agent_id === null)
-            return;
-        this.db.prepare(`
+      `).run(n,t,e.scope,e.target,e.description,e.why_failed??null,e.severity??"medium",r.agent_id,r.run_id,s),u=this.get(d.lastInsertRowid);return this.noteConfirmation(u.id,r),u}).immediate();return b(this.db,{projectId:c.project_id??0,kind:"failure",refTable:"failure_patterns",refId:c.id}),c}get(e){return this.db.prepare("SELECT * FROM failure_patterns WHERE id = ?").get(e)??null}noteConfirmation(e,t){if(t.agent_id===null)return;this.db.prepare(`
       INSERT OR IGNORE INTO failure_confirmations (failure_id, agent_id, run_id)
       VALUES (?, ?, ?)
-    `).run(failureId, ambient.agent_id, ambient.run_id);
-        const row = this.get(failureId);
-        if (!row || row.quarantine_scope !== 'run')
-            return;
-        const { n } = this.db.prepare('SELECT COUNT(*) AS n FROM failure_confirmations WHERE failure_id = ?').get(failureId);
-        if (n >= 2)
-            this.applyPromotion(failureId, 'project');
-    }
-    /**
-     * The ungated internal promotion primitive. Monotonic: run → project →
-     * global, NEVER narrows. 'project' on a project_id-NULL row normalizes to
-     * 'global' — 6.x check() matches NULL-project rows from every project, so
-     * labeling one 'project' would be false (same rationale as the migration-20
-     * backfill). Emits a reference-only failure event on an actual widening so
-     * live-memory followers re-read the row's new authority (failures stay
-     * private: is_shared=0, never replicated).
-     */
-    applyPromotion(id, tier) {
-        const row = this.get(id);
-        if (!row)
-            return false;
-        const effective = tier === 'project' && row.project_id === null ? 'global' : tier;
-        if (TIER_RANK[effective] <= TIER_RANK[row.quarantine_scope])
-            return false;
-        this.db.prepare('UPDATE failure_patterns SET quarantine_scope = ? WHERE id = ?').run(effective, id);
-        emitEvent(this.db, {
-            projectId: row.project_id ?? 0, kind: 'failure',
-            refTable: 'failure_patterns', refId: id,
-        });
-        return true;
-    }
-    /**
-     * The orchestrator promote flag behind wyrm_failure_record/_resolve
-     * `promote:'project'|'global'`.
-     *
-     * AUTHORITY MODEL (Article VII — the documented rule, enforced by
-     * boundary.hasExplicitAttribution on the AMBIENT envelope): the flag is
-     * honored ONLY when the caller carries EXPLICIT identity — a run_id (run
-     * ids never come from the clientInfo fallback) or an agent_id supplied via
-     * param/_meta/Wyrm-Actor-header/env. The bare clientInfo fallback that
-     * every anonymous MCP caller gets for free carries NO promotion authority.
-     * Denial is visible, never silent: `authorized:false` comes back and the
-     * tool handler reports the ignored flag in its response text.
-     */
-    promote(id, tier) {
-        if (!hasExplicitAttribution(getActor())) {
-            return { row: this.get(id), authorized: false, changed: false };
-        }
-        const changed = this.applyPromotion(id, tier);
-        return { row: this.get(id), authorized: true, changed };
-    }
-    /**
-     * The run-quarantine MAINTENANCE SWEEP — the third debrief-independent
-     * promotion path, wired into wyrm_maintenance (and shipped in the same
-     * commit as the quarantine, per spec FR-2). One transaction; idempotent —
-     * a second sweep over a settled DB changes zero rows.
-     *
-     * Run lifecycle enforced (works with NO runs rows at all — wyrm_run is F3):
-     *  1. EXPIRE abandoned-run noise (TTL auto-expiry): unresolved 'run'-scoped
-     *     failures whose runs row says status='abandoned' — an EXPLICIT verdict
-     *     (an orchestrator/operator junked the run, or a previous sweep TTL'd
-     *     it) — are auto-resolved with a note. Noise never reaches project
-     *     memory; history is kept (resolve, not delete).
-     *  2. PROMOTE unresolved 'run'-scoped failures from runs that are OVER or
-     *     INACTIVE past the TTL — the run ended without resolving or debriefing
-     *     them, and quarantined learning must not die with its run:
-     *       - runs.status IN ('completed','failed'): definitively over;
-     *       - runs.status='running' but BOTH runs.updated_at and the newest
-     *         run-tagged event are older than the TTL: a crashed/stalled fleet;
-     *       - no runs row at all (the common F2 shape: an orchestrator exports
-     *         WYRM_RUN_ID without registering a run) and BOTH the failure's
-     *         last_seen and the newest run-tagged event are older than the TTL.
-     *     Target tier: 'project' ('global' when project_id IS NULL).
-     *  3. MARK the TTL-stalled 'running' runs of step 2 'abandoned' — AFTER
-     *     their failures were promoted (a crash must not lose learning). Any
-     *     LATE write that re-quarantines against such a dead run is noise and
-     *     expires on the next sweep via step 1.
-     *
-     * Activity signal: run-tagged events (idx_events_run) — every attributed
-     * write emits one, so a live fleet continuously refreshes its run; reads
-     * (failure_check) never keep a run alive. THE SIGNAL ONLY EXISTS WHILE LIVE
-     * MEMORY IS ON: emitEvent is WYRM_LIVE_MEMORY-gated, so with it off a fully
-     * active fleet produces ZERO run-tagged events and "no recent events" is
-     * silence, not evidence of a dead run. The sweep therefore degrades
-     * EXPLICITLY in that mode: the inactivity/TTL paths — the stalled-'running'
-     * clause, the no-runs-row (orphan) clause, and the step-3 abandon — are
-     * SKIPPED, only the explicit-verdict paths act (status='abandoned' expiry,
-     * status IN ('completed','failed') promotion), and the result carries
-     * `degraded` naming the mode so maintenance output can say why nothing
-     * promoted. Deterministic, zero LLM calls (Article III); every value is a
-     * bound parameter (the datetime() modifier and the TTL-path gate are bound
-     * too, never spliced into SQL).
-     */
-    sweepRunQuarantine(opts) {
-        const hours = Math.max(1, Math.floor(opts?.runInactiveHours ?? 24));
-        const cut = `-${hours} hours`; // datetime('now', @cut) modifier, bound
-        const cutMs = Date.now() - hours * 3_600_000; // events.created_at is INTEGER ms
-        // @ttl gate: 1 only when the run-tagged-event heartbeat can exist at all
-        // (see the doc comment) — the inactivity clauses must not read its
-        // absence as inactivity when live memory is off.
-        const eventSignal = isLiveMemoryEnabled();
-        const sweep = this.db.transaction(() => {
-            // 1. EXPIRE abandoned-run noise.
-            const expired = this.db.prepare(`
+    `).run(e,t.agent_id,t.run_id);const n=this.get(e);if(!n||n.quarantine_scope!=="run")return;const{n:r}=this.db.prepare("SELECT COUNT(*) AS n FROM failure_confirmations WHERE failure_id = ?").get(e);r>=2&&this.applyPromotion(e,"project")}applyPromotion(e,t){const n=this.get(e);if(!n)return!1;const r=t==="project"&&n.project_id===null?"global":t;return T[r]<=T[n.quarantine_scope]?!1:(this.db.prepare("UPDATE failure_patterns SET quarantine_scope = ? WHERE id = ?").run(r,e),b(this.db,{projectId:n.project_id??0,kind:"failure",refTable:"failure_patterns",refId:e}),!0)}promote(e,t){if(!j(E()))return{row:this.get(e),authorized:!1,changed:!1};const n=this.applyPromotion(e,t);return{row:this.get(e),authorized:!0,changed:n}}sweepRunQuarantine(e){const t=Math.max(1,Math.floor(e?.runInactiveHours??24)),n=`-${t} hours`,r=Date.now()-t*36e5,o=A(),c=this.db.transaction(()=>{const i=this.db.prepare(`
         UPDATE failure_patterns
         SET resolved = 1,
-            resolution_note = COALESCE(resolution_note || ' · ', '')
+            resolution_note = COALESCE(resolution_note || ' \xB7 ', '')
               || 'auto-expired by run-quarantine sweep: run ' || run_id || ' was abandoned'
         WHERE resolved = 0 AND quarantine_scope = 'run' AND run_id IS NOT NULL
           AND run_id IN (SELECT run_id FROM runs WHERE status = 'abandoned')
-      `).run().changes;
-            // 2. PROMOTE from over/inactive runs. Select-then-update (inside the
-            // same transaction, so still atomic) — the promoted ids emit
-            // reference-only events after commit.
-            const promotedIds = this.db.prepare(`
+      `).run().changes,s=this.db.prepare(`
         SELECT fp.id FROM failure_patterns fp
         WHERE fp.resolved = 0 AND fp.quarantine_scope = 'run' AND fp.run_id IS NOT NULL
           AND (
@@ -363,155 +63,18 @@ export class FailurePatterns {
               )
             )
           )
-      `).all({ cut, cutMs, ttl: eventSignal ? 1 : 0 }).map((r) => r.id);
-            const widen = this.db.prepare(`
+      `).all({cut:n,cutMs:r,ttl:o?1:0}).map(l=>l.id),d=this.db.prepare(`
         UPDATE failure_patterns
         SET quarantine_scope = CASE WHEN project_id IS NULL THEN 'global' ELSE 'project' END
         WHERE id = ?
-      `);
-            for (const id of promotedIds)
-                widen.run(id);
-            // 3. TTL-abandon the stalled running runs (after step 2 promoted them).
-            // Event-dependent like the step-2 TTL clauses: without the heartbeat a
-            // 'running' run cannot be judged dead, so it is left alone.
-            const abandoned = !eventSignal ? 0 : this.db.prepare(`
+      `);for(const l of s)d.run(l);const u=o?this.db.prepare(`
         UPDATE runs SET status = 'abandoned', updated_at = datetime('now')
         WHERE status = 'running' AND updated_at < datetime('now', @cut)
           AND NOT EXISTS (
             SELECT 1 FROM events e
             WHERE e.run_id = runs.run_id AND e.created_at >= @cutMs
           )
-      `).run({ cut, cutMs }).changes;
-            return { promotedIds, expired, abandoned };
-        })();
-        // Reference-only events for the widened rows. Explicit NULL attribution
-        // (T009 emitEvent semantics): the sweep is system maintenance — it must
-        // not inherit whoever happened to call wyrm_maintenance.
-        for (const id of sweep.promotedIds) {
-            const row = this.get(id);
-            emitEvent(this.db, {
-                projectId: row?.project_id ?? 0, kind: 'failure',
-                refTable: 'failure_patterns', refId: id, agentId: null, runId: null,
-            });
-        }
-        return {
-            promoted: sweep.promotedIds.length,
-            expired: sweep.expired,
-            runs_abandoned: sweep.abandoned,
-            // Key ABSENT (not null) on a fully-signalled sweep — the healthy result
-            // shape stays exactly { promoted, expired, runs_abandoned }.
-            ...(eventSignal ? {} : {
-                degraded: 'live memory off (WYRM_LIVE_MEMORY) — run-tagged events do not exist, '
-                    + 'so the run-inactivity TTL paths were skipped; only explicit run '
-                    + 'verdicts acted (completed/failed promote, abandoned expires)',
-            }),
-        };
-    }
-    /** Check whether a proposed action matches any unresolved failure.
-     * Stage 1: exact signature match (scope+target+description); stage 2 fallback:
-     * FTS fuzzy match within the same scope. Both ordered by occurrences DESC,
-     * last_seen DESC, LIMIT 5 — no multiplicative recency-times-occurrences score.
-     *
-     * v7 F2 (T014) run-scope awareness: 'run'-quarantined rows only match callers
-     * carrying the SAME run_id (ambient envelope by default) — 6.x rows are all
-     * 'project'/'global' so their behavior is byte-identical to 6.x. */
-    check(scope, target, description, projectId, opts) {
-        return this.query(scope, target, description, projectId ?? null, opts)
-            .map(({ _match: _m, _rank: _r, ...row }) => row);
-    }
-    /**
-     * v7 F2 (T014): the canonical structured verdict for wyrm_failure_check
-     * (spec FR-2). Same two-stage query and ordering as check() — the verdict is
-     * a richer VIEW of the same rows, so prose derived from it cannot drift from
-     * 6.x behavior. `confidence` = max over per-match matchConfidence() scores
-     * (deterministic bm25/match-tier arithmetic — Article III).
-     */
-    checkVerdict(scope, target, description, projectId, opts) {
-        const rows = this.query(scope, target, description, projectId ?? null, opts);
-        const matches = rows.map((r) => this.toVerdictMatch(r, r._match, r._rank));
-        return {
-            blocked: matches.length > 0,
-            matches,
-            recorded_by_agent: matches[0]?.recorded_by_agent ?? null,
-            run_id: matches[0]?.run_id ?? null,
-            confidence: matches.reduce((m, x) => Math.max(m, x.confidence), 0),
-        };
-    }
-    /**
-     * Map a stored row to the canonical verdict-match shape. Shared by
-     * checkVerdict() and wyrm-guard's target-identity tier (v7 F2 review fix)
-     * so the two surfaces cannot drift.
-     */
-    toVerdictMatch(r, match, bm25Rank = null) {
-        const att = resolveAttribution(r);
-        return {
-            id: r.id,
-            pattern: r.signature,
-            scope: r.scope,
-            quarantine_scope: r.quarantine_scope,
-            target: r.target,
-            description: r.description,
-            why_failed: r.why_failed,
-            severity: r.severity,
-            occurrences: r.occurrences,
-            last_seen: r.last_seen,
-            recorded_by_agent: att.actor,
-            run_id: att.run_id,
-            match,
-            confidence: matchConfidence(match, bm25Rank),
-        };
-    }
-    /**
-     * v7 F2 review fix (T016): the deterministic TARGET-IDENTITY lookup behind
-     * wyrm-guard's block tier.
-     *
-     * Production failures always carry a NON-EMPTY description (the
-     * wyrm_failure_record schema and the daemon endpoint both require one), so
-     * full-signature equality against the guard's empty-description probe could
-     * never match a real row — the documented "exact signature match" block rule
-     * was unreachable outside empty-description test fixtures.
-     *
-     * RECALL vs TRUTH — the two invariants this lookup keeps strictly separate:
-     *
-     *   · RECALL is the signature PREFIX range `scope:normalizeSignal(target):`
-     *     — description-independent, a bound-parameter range scan (no LIKE, no
-     *     template SQL), with the same project filter and run-tier gate as
-     *     query(). The 200-char signature cap and the ':' separator both live
-     *     here, so the range legitimately over-captures: a stored target that
-     *     extends the probe past a colon (probe 'npm run build', stored
-     *     'npm run build:dev') and any row sharing a truncated 200-char prefix
-     *     both land IN the range. Callers must pass the RAW (pre-normalize,
-     *     uncapped) target so the truth check below has the full string.
-     *
-     *   · TRUTH is full-string identity: a row is kept only when
-     *     normalizeIdentity(stored target) === normalizeIdentity(probe) — the
-     *     UNCAPPED normalization over the full stored column and the full
-     *     probe. Targets differing only past the signature cap are NOT
-     *     identical. (Pushing this check into SQL via the signature would be
-     *     unsound: the signature is ambiguous at the target/description
-     *     boundary — target 'npm run build:dev' + description 'x' is
-     *     byte-identical to target 'npm run build' + description 'dev:x'.)
-     *
-     * The result cap applies AFTER the truth check: prefix-cousins, however
-     * many and however highly ranked, can never crowd a genuinely identical
-     * row out of the verdict. The range scan itself pulls at most
-     * IDENTITY_SCAN_CAP rows (occurrences/recency-ordered) as a fixed work
-     * budget — past it the lookup degrades toward fail-open (a miss), never
-     * toward a false block. (query()'s FTS fuzzy stage keeps its own LIMIT 5
-     * and CAN be crowded — acceptable, because fuzzy results only ever feed
-     * warn context; the block verdict never depends on FTS recall.)
-     */
-    targetIdentityMatches(scope, target, projectId, opts) {
-        const fullTarget = normalizeIdentity(target);
-        const normTarget = fullTarget.slice(0, 200); // === normalizeSignal(target): the stored-signature key
-        if (normTarget.length === 0)
-            return []; // an empty prefix would match every row in scope
-        const callerRun = opts?.callerRunId !== undefined ? opts.callerRunId : getActor().run_id;
-        // Half-open prefix range under SQLite's binary collation: every signature
-        // beginning with `scope:target:` sorts in [`...:`, `...;`) (';' is ':'+1).
-        const lo = `${scope}:${normTarget}:`;
-        const hi = `${scope}:${normTarget};`;
-        const rows = this.db.prepare(`
+      `).run({cut:n,cutMs:r}).changes:0;return{promotedIds:s,expired:i,abandoned:u}})();for(const i of c.promotedIds){const s=this.get(i);b(this.db,{projectId:s?.project_id??0,kind:"failure",refTable:"failure_patterns",refId:i,agentId:null,runId:null})}return{promoted:c.promotedIds.length,expired:c.expired,runs_abandoned:c.abandoned,...o?{}:{degraded:"live memory off (WYRM_LIVE_MEMORY) \u2014 run-tagged events do not exist, so the run-inactivity TTL paths were skipped; only explicit run verdicts acted (completed/failed promote, abandoned expires)"}}}check(e,t,n,r,o){return this.query(e,t,n,r??null,o).map(({_match:c,_rank:i,...s})=>s)}checkVerdict(e,t,n,r,o){const i=this.query(e,t,n,r??null,o).map(s=>this.toVerdictMatch(s,s._match,s._rank));return{blocked:i.length>0,matches:i,recorded_by_agent:i[0]?.recorded_by_agent??null,run_id:i[0]?.run_id??null,confidence:i.reduce((s,d)=>Math.max(s,d.confidence),0)}}toVerdictMatch(e,t,n=null){const r=C(e);return{id:e.id,pattern:e.signature,scope:e.scope,quarantine_scope:e.quarantine_scope,target:e.target,description:e.description,why_failed:e.why_failed,severity:e.severity,occurrences:e.occurrences,last_seen:e.last_seen,recorded_by_agent:r.actor,run_id:r.run_id,match:t,confidence:M(t,n)}}targetIdentityMatches(e,t,n,r){const o=h(t),c=o.slice(0,200);if(c.length===0)return[];const i=r?.callerRunId!==void 0?r.callerRunId:E().run_id,s=`${e}:${c}:`,d=`${e}:${c};`;return this.db.prepare(`
       SELECT * FROM failure_patterns
       WHERE resolved = 0
         AND signature >= @lo AND signature < @hi
@@ -519,183 +82,51 @@ export class FailurePatterns {
         AND (quarantine_scope <> 'run' OR run_id = @run)
       ORDER BY occurrences DESC, last_seen DESC
       LIMIT @cap
-    `).all({
-            lo, hi, project: projectId ?? null, run: callerRun, cap: IDENTITY_SCAN_CAP,
-        });
-        // TRUTH check first, result cap second (see the doc comment): identity is
-        // re-verified on the FULL stored column against the FULL probe, and only
-        // then are the top IDENTITY_MATCH_LIMIT kept — capping before filtering
-        // would let higher-ranked prefix-cousins evict the identical row.
-        return rows
-            .filter((r) => normalizeIdentity(r.target) === fullTarget)
-            .slice(0, IDENTITY_MATCH_LIMIT);
-    }
-    // ── v7 F2 (T017): prevented-repeat analytics ───────────────────────────────
-    /**
-     * Count one prevented repeat: a blocked:true verdict files ONE row in the
-     * failure_blocks ledger (migration 22 — the documented storage choice lives
-     * on that migration), attributed to the CHECKING agent/run from the ambient
-     * actor envelope — the agent that was about to repeat the failure, not the
-     * recorder. failure_id is the verdict's top blocker (matches[0]).
-     *
-     * Deliberately a SEPARATE method, not a side effect inside checkVerdict():
-     * checks must stay pure reads — wyrm-guard (T016) runs checkVerdict() over a
-     * READONLY DB handle and a write inside it would crash every guard probe.
-     * Counting surfaces: the MCP wyrm_failure_check handler (the logSavings
-     * precedent — it already writes savings on the same path), and — v7 F2
-     * review fix — wyrm-guard's block path via a separate short-lived RW
-     * connection (best-effort, fail-open), so the harness-enforced blocks feed
-     * the FR-2 ROI number too. Remaining uncounted (documented): the agent-loop
-     * internalDispatch failure_check.
-     *
-     * NEVER throws (the emitEvent contract): the check already succeeded — a
-     * readonly handle, SQLITE_BUSY, or a pre-migration-22 DB must never turn a
-     * successful read into a failure for the sake of analytics.
-     */
-    recordBlock(verdict, projectId) {
-        if (!verdict.blocked || verdict.matches.length === 0)
-            return;
-        try {
-            const ambient = getActor();
-            this.db.prepare(`
+    `).all({lo:s,hi:d,project:n??null,run:i,cap:D}).filter(l=>h(l.target)===o).slice(0,y)}recordBlock(e,t){if(!(!e.blocked||e.matches.length===0))try{const n=E();this.db.prepare(`
         INSERT INTO failure_blocks (failure_id, project_id, agent_id, run_id)
         VALUES (?, ?, ?, ?)
-      `).run(verdict.matches[0].id, projectId ?? null, ambient.agent_id, ambient.run_id);
-        }
-        catch { /* best-effort analytics — log-and-drop, never break the check */ }
-    }
-    /**
-     * v7 F2 review fix: retention for the failure_blocks ledger (migration 22).
-     * The ledger is append-only and caller-amplifiable — every blocked
-     * wyrm_failure_check (a read tool, no rate limit) files one row, and nothing
-     * pruned it, so a loop probing one known-blocked signature could grow the
-     * table without bound. wyrm_maintenance calls this with the SAME retention
-     * knob as the event log (WYRM_EVENT_RETAIN_DAYS, default 90d) — mirroring
-     * pruneEvents. Bound parameter for the datetime modifier (never spliced);
-     * best-effort on a pre-migration-22 DB (returns 0).
-     */
-    pruneBlocks(olderThanDays) {
-        const days = Math.max(1, Math.floor(olderThanDays));
-        try {
-            return this.db.prepare(`DELETE FROM failure_blocks WHERE blocked_at < datetime('now', @cut)`).run({ cut: `-${days} days` }).changes;
-        }
-        catch {
-            return 0;
-        }
-    }
-    /**
-     * The `wyrm_stats view=failures` aggregation (spec FR-2 prevented-repeat
-     * analytics): per-run/per-agent recorded-failure attribution + "N repeats
-     * blocked this run". Pure indexed COUNT/GROUP BY (idx_failure_run,
-     * idx_failure_quarantine, idx_failure_blocks_run) with always-bound params —
-     * deterministic, zero LLM calls (Article III). Project filter is EXACT
-     * (rows recorded for that project_id); omitted = all rows, the fleet view.
-     */
-    failureStats(opts) {
-        const projectId = opts?.projectId ?? null;
-        const callerRun = opts?.callerRunId !== undefined ? opts.callerRunId : getActor().run_id;
-        const p = { project: projectId };
-        const totals = this.db.prepare(`
+      `).run(e.matches[0].id,t??null,n.agent_id,n.run_id)}catch{}}pruneBlocks(e){const t=Math.max(1,Math.floor(e));try{return this.db.prepare("DELETE FROM failure_blocks WHERE blocked_at < datetime('now', @cut)").run({cut:`-${t} days`}).changes}catch{return 0}}failureStats(e){const t=e?.projectId??null,n=e?.callerRunId!==void 0?e.callerRunId:E().run_id,r={project:t},o=this.db.prepare(`
       SELECT COUNT(*) AS total, COALESCE(SUM(resolved = 0), 0) AS unresolved
       FROM failure_patterns WHERE (@project IS NULL OR project_id = @project)
-    `).get(p);
-        const byQuarantine = { run: 0, project: 0, global: 0 };
-        for (const r of this.db.prepare(`
+    `).get(r),c={run:0,project:0,global:0};for(const _ of this.db.prepare(`
       SELECT quarantine_scope AS k, COUNT(*) AS n FROM failure_patterns
       WHERE (@project IS NULL OR project_id = @project) GROUP BY quarantine_scope
-    `).all(p))
-            byQuarantine[r.k] = r.n;
-        const byScope = { file: 0, symbol: 0, command: 0, prompt: 0, edit: 0 };
-        for (const r of this.db.prepare(`
+    `).all(r))c[_.k]=_.n;const i={file:0,symbol:0,command:0,prompt:0,edit:0};for(const _ of this.db.prepare(`
       SELECT scope AS k, COUNT(*) AS n FROM failure_patterns
       WHERE (@project IS NULL OR project_id = @project) GROUP BY scope
-    `).all(p))
-            byScope[r.k] = r.n;
-        // GROUP BY the raw column (one NULL group), display via readActor —
-        // 'legacy' is read-time presentation only, never stored (src/attribution.ts).
-        // Four FIXED query literals (no table-name interpolation — the hygiene
-        // ratchet's zero-template-SQL floor stays clean); LIMIT 10 is the
-        // deterministic bucket bound (count DESC, name ASC tiebreak).
-        const toAgentBuckets = (rows) => rows.map((r) => ({ who: readActor(r.agent_id), count: r.count }));
-        const recordedByAgent = toAgentBuckets(this.db.prepare(`
+    `).all(r))i[_.k]=_.n;const s=_=>_.map(N=>({who:m(N.agent_id),count:N.count})),d=s(this.db.prepare(`
       SELECT agent_id, COUNT(*) AS count FROM failure_patterns
       WHERE (@project IS NULL OR project_id = @project)
       GROUP BY agent_id ORDER BY count DESC, agent_id ASC LIMIT 10
-    `).all(p));
-        const recordedByRun = this.db.prepare(`
+    `).all(r)),u=this.db.prepare(`
       SELECT run_id, COUNT(*) AS count FROM failure_patterns
       WHERE run_id IS NOT NULL AND (@project IS NULL OR project_id = @project)
       GROUP BY run_id ORDER BY count DESC, run_id ASC LIMIT 10
-    `).all(p);
-        const blockedByAgent = toAgentBuckets(this.db.prepare(`
+    `).all(r),l=s(this.db.prepare(`
       SELECT agent_id, COUNT(*) AS count FROM failure_blocks
       WHERE (@project IS NULL OR project_id = @project)
       GROUP BY agent_id ORDER BY count DESC, agent_id ASC LIMIT 10
-    `).all(p));
-        const blockedByRun = this.db.prepare(`
+    `).all(r)),f=this.db.prepare(`
       SELECT run_id, COUNT(*) AS count FROM failure_blocks
       WHERE run_id IS NOT NULL AND (@project IS NULL OR project_id = @project)
       GROUP BY run_id ORDER BY count DESC, run_id ASC LIMIT 10
-    `).all(p);
-        const conf = this.db.prepare(`
+    `).all(r),R=this.db.prepare(`
       SELECT COUNT(*) AS total, COUNT(DISTINCT fc.agent_id) AS distinct_agents
       FROM failure_confirmations fc
       JOIN failure_patterns fp ON fp.id = fc.failure_id
       WHERE (@project IS NULL OR fp.project_id = @project)
-    `).get(p);
-        const blockedTotal = this.db.prepare(`
+    `).get(r),p=this.db.prepare(`
       SELECT COUNT(*) AS n FROM failure_blocks WHERE (@project IS NULL OR project_id = @project)
-    `).get(p).n;
-        // `run_id = NULL` is never true in SQL — a runless caller reads 0, the
-        // same always-bound-param shape as the query() run gate.
-        const thisRunBlocked = this.db.prepare(`
+    `).get(r).n,S=this.db.prepare(`
       SELECT COUNT(*) AS n FROM failure_blocks
       WHERE run_id = @run AND (@project IS NULL OR project_id = @project)
-    `).get({ ...p, run: callerRun }).n;
-        const topBlocked = this.db.prepare(`
+    `).get({...r,run:n}).n,L=this.db.prepare(`
       SELECT fb.failure_id, fp.scope, fp.target, COUNT(*) AS blocks
       FROM failure_blocks fb
       JOIN failure_patterns fp ON fp.id = fb.failure_id
       WHERE (@project IS NULL OR fb.project_id = @project)
       GROUP BY fb.failure_id ORDER BY blocks DESC, fb.failure_id ASC LIMIT 5
-    `).all(p);
-        return {
-            view: 'failures',
-            project_id: projectId,
-            recorded: {
-                total: totals.total,
-                unresolved: totals.unresolved,
-                by_quarantine_scope: byQuarantine,
-                by_scope: byScope,
-                by_agent: recordedByAgent,
-                by_run: recordedByRun,
-            },
-            confirmations: { total: conf.total, distinct_agents: conf.distinct_agents },
-            blocked: {
-                total: blockedTotal,
-                by_agent: blockedByAgent,
-                by_run: blockedByRun,
-                this_run: { run_id: callerRun ?? null, blocked: thisRunBlocked },
-                top_blocked: topBlocked,
-            },
-        };
-    }
-    /** The shared two-stage match query behind check()/checkVerdict(). */
-    query(scope, target, description, projectId, opts) {
-        // 'run'-tier gate: the caller's run from the ambient envelope unless
-        // explicitly supplied. `run_id = NULL` is never true in SQL, so a caller
-        // with no run simply never sees run-quarantined rows. The optional tier
-        // filter is an always-bound nullable param (@tier IS NULL = 'any') — no
-        // SQL assembled from values (hygiene ratchet: zero template interpolation).
-        const callerRun = opts?.callerRunId !== undefined ? opts.callerRunId : getActor().run_id;
-        const runScope = opts?.runScope ?? 'any';
-        const params = {
-            project: projectId,
-            run: callerRun,
-            tier: runScope === 'any' ? null : runScope,
-        };
-        const signature = FailurePatterns.signature(scope, target, description);
-        const exact = this.db.prepare(`
+    `).all(r);return{view:"failures",project_id:t,recorded:{total:o.total,unresolved:o.unresolved,by_quarantine_scope:c,by_scope:i,by_agent:d,by_run:u},confirmations:{total:R.total,distinct_agents:R.distinct_agents},blocked:{total:p,by_agent:l,by_run:f,this_run:{run_id:n??null,blocked:S},top_blocked:L}}}query(e,t,n,r,o){const c=o?.callerRunId!==void 0?o.callerRunId:E().run_id,i=o?.runScope??"any",s={project:r,run:c,tier:i==="any"?null:i},d=O.signature(e,t,n),u=this.db.prepare(`
       SELECT *, NULL AS _rank FROM failure_patterns
       WHERE resolved = 0 AND signature = @sig
         AND (project_id IS @project OR project_id = @project OR project_id IS NULL)
@@ -703,30 +134,7 @@ export class FailurePatterns {
         AND (@tier IS NULL OR quarantine_scope = @tier)
       ORDER BY occurrences DESC, last_seen DESC
       LIMIT 5
-    `).all({ ...params, sig: signature });
-        if (exact.length > 0)
-            return exact.map((r) => ({ ...r, _match: 'exact', _rank: null }));
-        // Fuzzy fallback: FTS over description + target, bm25-ranked for the
-        // deterministic confidence score (ordering stays the 6.x occurrences/
-        // recency order — confidence is reported, not used to reorder).
-        //
-        // v7 F2 (T016): each term is quoted into a phrase (implicit AND preserved —
-        // this stage wants precision, unlike buildFtsMatchQuery's OR). Chars that
-        // survive sanitizeFtsQuery but are FTS5 operators in bareword position
-        // ('-', '+', '/', …) previously made MATCH throw "syntax error" — silently
-        // swallowed into ZERO recall for any probe with a shell flag or path, the
-        // guard's main input class. Quoting is operator-safe ('"' itself is already
-        // stripped); tokens with no letter/digit would be zero-token phrases that
-        // AND-zero the whole query, so they are dropped.
-        const q = sanitizeFtsQuery(`${target} ${description}`.slice(0, 100));
-        if (!q)
-            return [];
-        const terms = q.split(' ').filter((t) => /[\p{L}\p{N}]/u.test(t));
-        if (terms.length === 0)
-            return [];
-        const probe = terms.map((t) => `"${t.replace(/"/g, '')}"`).join(' ');
-        try {
-            const fuzzy = this.db.prepare(`
+    `).all({...s,sig:d});if(u.length>0)return u.map(p=>({...p,_match:"exact",_rank:null}));const l=I(`${t} ${n}`.slice(0,100));if(!l)return[];const f=l.split(" ").filter(p=>/[\p{L}\p{N}]/u.test(p));if(f.length===0)return[];const R=f.map(p=>`"${p.replace(/"/g,"")}"`).join(" ");try{return this.db.prepare(`
         SELECT fp.*, bm25(failure_patterns_fts) AS _rank FROM failure_patterns fp
         JOIN failure_patterns_fts fts ON fts.rowid = fp.id
         WHERE failure_patterns_fts MATCH @q
@@ -737,36 +145,11 @@ export class FailurePatterns {
           AND (@tier IS NULL OR fp.quarantine_scope = @tier)
         ORDER BY fp.occurrences DESC, fp.last_seen DESC
         LIMIT 5
-      `).all({ ...params, q: probe, scope });
-            return fuzzy.map((r) => ({ ...r, _match: 'fuzzy' }));
-        }
-        catch {
-            return [];
-        }
-    }
-    /** List unresolved failures in a project, most-recent-first. */
-    list(projectId, limit = 20) {
-        if (projectId == null) {
-            return this.db.prepare(`SELECT * FROM failure_patterns WHERE resolved = 0
-         ORDER BY last_seen DESC LIMIT ?`).all(limit);
-        }
-        return this.db.prepare(`SELECT * FROM failure_patterns
+      `).all({...s,q:R,scope:e}).map(S=>({...S,_match:"fuzzy"}))}catch{return[]}}list(e,t=20){return e==null?this.db.prepare(`SELECT * FROM failure_patterns WHERE resolved = 0
+         ORDER BY last_seen DESC LIMIT ?`).all(t):this.db.prepare(`SELECT * FROM failure_patterns
        WHERE resolved = 0 AND project_id = ?
-       ORDER BY last_seen DESC LIMIT ?`).all(projectId, limit);
-    }
-    /** Mark a failure as resolved (the underlying issue was fixed). */
-    resolve(id, note) {
-        this.db.prepare(`
+       ORDER BY last_seen DESC LIMIT ?`).all(e,t)}resolve(e,t){return this.db.prepare(`
       UPDATE failure_patterns
       SET resolved = 1, resolution_note = ?
       WHERE id = ?
-    `).run(note ?? null, id);
-        return this.get(id);
-    }
-    /** Permanently delete a failure (use sparingly — resolve() is preferred). */
-    delete(id) {
-        const info = this.db.prepare('DELETE FROM failure_patterns WHERE id = ?').run(id);
-        return info.changes > 0;
-    }
-}
-//# sourceMappingURL=failure-patterns.js.map
+    `).run(t??null,e),this.get(e)}delete(e){return this.db.prepare("DELETE FROM failure_patterns WHERE id = ?").run(e).changes>0}}export{O as FailurePatterns,M as matchConfidence,h as normalizeIdentity,g as normalizeSignal,W as renderFailureStats};