wyrm-mcp 7.2.0 → 7.2.2

package/dist/migrations.js

@@ -1,22 +1,4 @@
-/**
- * Wyrm Database Migrations — Versioned schema management
- *
- * @copyright 2026 Ghost Protocol (Pvt) Ltd.
- * @license AGPL-3.0-or-later — dual-licensed; commercial terms: ghosts.lk@proton.me. See LICENSE.
- *
- * Each migration is a function that receives a better-sqlite3 Database instance.
- * Migrations run in order and are tracked in the schema_versions table.
- * Once applied, a migration is never re-run.
- */
-/**
- * All migrations in order. Append new migrations to the end — never modify existing ones.
- */
-export const migrations = [
-    {
-        version: 1,
-        description: 'Baseline schema — projects, sessions, quests, context, data_lake, skills, FTS5',
-        up: (db) => {
-            db.exec(`
+const n=[{version:1,description:"Baseline schema \u2014 projects, sessions, quests, context, data_lake, skills, FTS5",up:e=>{e.exec(`
         -- Core tables
         CREATE TABLE IF NOT EXISTS projects (
           id INTEGER PRIMARY KEY AUTOINCREMENT,
@@ -215,14 +197,7 @@ export const migrations = [
           VALUES('delete', old.id, old.key, old.value);
           INSERT INTO data_lake_fts(rowid, key, value) VALUES (new.id, new.key, new.value);
         END;
-      `);
-        },
-    },
-    {
-        version: 2,
-        description: 'Add usage_events table for analytics tracking',
-        up: (db) => {
-            db.exec(`
+      `)}},{version:2,description:"Add usage_events table for analytics tracking",up:e=>{e.exec(`
         CREATE TABLE IF NOT EXISTS usage_events (
           id INTEGER PRIMARY KEY AUTOINCREMENT,
           tool_name TEXT NOT NULL,
@@ -235,34 +210,7 @@ export const migrations = [
           timestamp TEXT DEFAULT (datetime('now'))
         );
         CREATE INDEX IF NOT EXISTS idx_usage_timestamp ON usage_events(timestamp);
-      `);
-        },
-    },
-    {
-        version: 3,
-        description: 'Add visibility and created_by columns for future multi-user support',
-        up: (db) => {
-            // Add visibility + created_by to tables that will need them.
-            // Using ALTER TABLE with defaults so existing rows get sensible values.
-            const tables = ['sessions', 'quests', 'context', 'data_lake'];
-            for (const table of tables) {
-                // Check if column already exists (idempotent)
-                const cols = db.prepare(`PRAGMA table_info(${table})`).all();
-                const colNames = cols.map(c => c.name);
-                if (!colNames.includes('visibility')) {
-                    db.exec(`ALTER TABLE ${table} ADD COLUMN visibility TEXT DEFAULT 'private'`);
-                }
-                if (!colNames.includes('created_by')) {
-                    db.exec(`ALTER TABLE ${table} ADD COLUMN created_by TEXT DEFAULT 'local'`);
-                }
-            }
-        },
-    },
-    {
-        version: 4,
-        description: 'Knowledge graph — entities, aliases, relationships with FTS5',
-        up: (db) => {
-            db.exec(`
+      `)}},{version:3,description:"Add visibility and created_by columns for future multi-user support",up:e=>{const E=["sessions","quests","context","data_lake"];for(const t of E){const i=e.prepare(`PRAGMA table_info(${t})`).all().map(T=>T.name);i.includes("visibility")||e.exec(`ALTER TABLE ${t} ADD COLUMN visibility TEXT DEFAULT 'private'`),i.includes("created_by")||e.exec(`ALTER TABLE ${t} ADD COLUMN created_by TEXT DEFAULT 'local'`)}}},{version:4,description:"Knowledge graph \u2014 entities, aliases, relationships with FTS5",up:e=>{e.exec(`
         -- Entities: named things that can be linked together
         CREATE TABLE IF NOT EXISTS entities (
           id INTEGER PRIMARY KEY AUTOINCREMENT,
@@ -291,7 +239,7 @@ export const migrations = [
         CREATE INDEX IF NOT EXISTS idx_entity_aliases_entity ON entity_aliases(entity_id);
         CREATE INDEX IF NOT EXISTS idx_entity_aliases_alias ON entity_aliases(alias);
 
-        -- Relationships between entities — directed, typed, with provenance
+        -- Relationships between entities \u2014 directed, typed, with provenance
         CREATE TABLE IF NOT EXISTS relationships (
           id INTEGER PRIMARY KEY AUTOINCREMENT,
           project_id INTEGER NOT NULL,
@@ -337,14 +285,7 @@ export const migrations = [
           INSERT INTO entities_fts(rowid, name, type, metadata)
           VALUES (new.id, new.name, new.type, new.metadata);
         END;
-      `);
-        },
-    },
-    {
-        version: 5,
-        description: 'Memory artifacts — distilled knowledge for intelligence amplification',
-        up: (db) => {
-            db.exec(`
+      `)}},{version:5,description:"Memory artifacts \u2014 distilled knowledge for intelligence amplification",up:e=>{e.exec(`
         -- Memory artifacts: distilled problem-solution records, lessons, patterns, anti-patterns.
         -- Used by wyrm_context_build to assemble task-specific memory briefs for AI models.
         CREATE TABLE IF NOT EXISTS memory_artifacts (
@@ -399,14 +340,7 @@ export const migrations = [
           INSERT INTO memory_artifacts_fts(rowid, problem, constraints, validated_fix, why_it_worked, tags)
           VALUES (new.id, new.problem, new.constraints, new.validated_fix, new.why_it_worked, new.tags);
         END;
-      `);
-        },
-    },
-    {
-        version: 6,
-        description: 'Intelligence amplification — ground truths, reasoning scaffolds, distillation review queue',
-        up: (db) => {
-            db.exec(`
+      `)}},{version:6,description:"Intelligence amplification \u2014 ground truths, reasoning scaffolds, distillation review queue",up:e=>{e.exec(`
         -- Ground truths: authoritative, versioned project facts.
         -- Use is_current=1 for the live value. Superseded rows kept for history.
         CREATE TABLE IF NOT EXISTS ground_truths (
@@ -476,33 +410,12 @@ export const migrations = [
         -- needs_review=1 means it was auto-created by wyrm_distill and awaits approval
         ALTER TABLE memory_artifacts ADD COLUMN needs_review INTEGER DEFAULT 0;
         CREATE INDEX IF NOT EXISTS idx_artifacts_review ON memory_artifacts(project_id, needs_review);
-      `);
-        },
-    },
-    {
-        version: 7,
-        description: 'Ground truth TTL — temporal decay support for staleness detection',
-        up: (db) => {
-            db.exec(`
+      `)}},{version:7,description:"Ground truth TTL \u2014 temporal decay support for staleness detection",up:e=>{e.exec(`
         ALTER TABLE ground_truths ADD COLUMN ttl_days INTEGER CHECK(ttl_days IS NULL OR ttl_days > 0);
-      `);
-        },
-    },
-    {
-        version: 8,
-        description: 'Memory artifact decay — access tracking for auto-prune',
-        up: (db) => {
-            db.exec(`
+      `)}},{version:8,description:"Memory artifact decay \u2014 access tracking for auto-prune",up:e=>{e.exec(`
         ALTER TABLE memory_artifacts ADD COLUMN last_accessed_at TEXT DEFAULT (datetime('now'));
         ALTER TABLE memory_artifacts ADD COLUMN access_count INTEGER NOT NULL DEFAULT 0;
-      `);
-        },
-    },
-    {
-        version: 9,
-        description: 'v3.9.0 — failure patterns, agent presence, causality, symbol index, tool analytics',
-        up: (db) => {
-            db.exec(`
+      `)}},{version:9,description:"v3.9.0 \u2014 failure patterns, agent presence, causality, symbol index, tool analytics",up:e=>{e.exec(`
         -- ============================================================
         -- Tier 1.1: Counter-pattern detection
         -- Records edits/commands that failed so the predictive push can
@@ -649,16 +562,9 @@ export const migrations = [
         CREATE INDEX IF NOT EXISTS idx_toolcall_name ON tool_call_log(tool_name, called_at DESC);
         CREATE INDEX IF NOT EXISTS idx_toolcall_project ON tool_call_log(project_id, called_at DESC);
         CREATE INDEX IF NOT EXISTS idx_toolcall_success ON tool_call_log(success, called_at DESC);
-      `);
-        },
-    },
-    {
-        version: 10,
-        description: 'v4.0.0 — federated sync, hash-chained audit, sub-agent embedding (wyrm_ask), session-rehydration helpers',
-        up: (db) => {
-            db.exec(`
+      `)}},{version:10,description:"v4.0.0 \u2014 federated sync, hash-chained audit, sub-agent embedding (wyrm_ask), session-rehydration helpers",up:e=>{e.exec(`
         -- ============================================================
-        -- Tier 2.8: Federated team Wyrm — selective sharing
+        -- Tier 2.8: Federated team Wyrm \u2014 selective sharing
         -- A single "is_shared" flag on the major user-facing tables.
         -- A team server pulls only is_shared=1 rows during sync.
         -- ============================================================
@@ -708,7 +614,7 @@ export const migrations = [
           ON sync_log(remote_origin, direction, synced_at DESC);
 
         -- ============================================================
-        -- Tier 3.9: Compliance audit trail — hash-chained event log
+        -- Tier 3.9: Compliance audit trail \u2014 hash-chained event log
         -- Each row references the hash of the previous row. Tampering with
         -- any historical entry breaks the chain. Combined with optional
         -- Ed25519 signing this provides a SOC2/HIPAA-grade audit surface.
@@ -730,7 +636,7 @@ export const migrations = [
         CREATE INDEX IF NOT EXISTS idx_audit_actor ON audit_log(actor, logged_at DESC);
 
         -- ============================================================
-        -- Tier 3.10: Sub-agent embedding — wyrm_ask query log
+        -- Tier 3.10: Sub-agent embedding \u2014 wyrm_ask query log
         -- Tracks every wyrm_ask invocation: query, context window, model,
         -- response, latency, tokens. Cost tracking + answer quality
         -- analysis. Doubles as a public-facing audit if wyrm_ask is
@@ -753,16 +659,9 @@ export const migrations = [
         );
         CREATE INDEX IF NOT EXISTS idx_llm_project ON llm_query_log(project_id, asked_at DESC);
         CREATE INDEX IF NOT EXISTS idx_llm_model ON llm_query_log(model, asked_at DESC);
-      `);
-        },
-    },
-    {
-        version: 11,
-        description: 'v5.0.0 — goals, agent loop, outbound MCP clients, action log',
-        up: (db) => {
-            db.exec(`
+      `)}},{version:11,description:"v5.0.0 \u2014 goals, agent loop, outbound MCP clients, action log",up:e=>{e.exec(`
         -- ============================================================
-        -- v5.0.0: Goals — persistent objectives Wyrm pursues
+        -- v5.0.0: Goals \u2014 persistent objectives Wyrm pursues
         -- ============================================================
         CREATE TABLE IF NOT EXISTS goals (
           id INTEGER PRIMARY KEY AUTOINCREMENT,
@@ -810,7 +709,7 @@ export const migrations = [
         CREATE INDEX IF NOT EXISTS idx_goal_iter_goal ON goal_iterations(goal_id, iteration_num);
 
         -- ============================================================
-        -- v5.0.0: Outbound MCP clients — Wyrm calls other servers
+        -- v5.0.0: Outbound MCP clients \u2014 Wyrm calls other servers
         -- Config rows for MCP servers Wyrm should connect to (stdio).
         -- ============================================================
         CREATE TABLE IF NOT EXISTS mcp_client_configs (
@@ -818,7 +717,7 @@ export const migrations = [
           server_name TEXT UNIQUE NOT NULL,    -- 'github', 'slack', 'phantomdragon', etc.
           command TEXT NOT NULL,               -- 'npx' or absolute path
           args TEXT,                           -- JSON array of args
-          env TEXT,                            -- JSON object of env vars (NEVER store secrets here in plaintext for prod — but local dev is fine)
+          env TEXT,                            -- JSON object of env vars (NEVER store secrets here in plaintext for prod \u2014 but local dev is fine)
           enabled INTEGER NOT NULL DEFAULT 1,
           added_at TEXT DEFAULT (datetime('now')),
           last_used_at TEXT,
@@ -839,7 +738,7 @@ export const migrations = [
         CREATE INDEX IF NOT EXISTS idx_ext_call_server ON external_call_log(server_name, called_at DESC);
 
         -- ============================================================
-        -- v5.0.0: Agent actions — the audit-trail of autonomous loop ticks
+        -- v5.0.0: Agent actions \u2014 the audit-trail of autonomous loop ticks
         -- Higher-level than goal_iterations; one row per wyrm-loop tick.
         -- ============================================================
         CREATE TABLE IF NOT EXISTS agent_actions (
@@ -854,14 +753,7 @@ export const migrations = [
         );
         CREATE INDEX IF NOT EXISTS idx_agent_actions_goal ON agent_actions(goal_id, ran_at DESC);
         CREATE INDEX IF NOT EXISTS idx_agent_actions_actor ON agent_actions(actor, ran_at DESC);
-      `);
-        },
-    },
-    {
-        version: 12,
-        description: 'session_seen_artifacts (spec 014) + token-budget telemetry columns',
-        up: (db) => {
-            db.exec(`
+      `)}},{version:12,description:"session_seen_artifacts (spec 014) + token-budget telemetry columns",up:e=>{e.exec(`
         -- session_seen_artifacts: per-session dedup so wyrm_context_build
         -- doesn't re-emit fully-rendered content the AI already saw this
         -- session. Pruned by wyrm_maintenance after WYRM_SEEN_TTL_DAYS
@@ -878,14 +770,7 @@ export const migrations = [
           ON session_seen_artifacts(session_id, shown_at DESC);
         CREATE INDEX IF NOT EXISTS idx_session_seen_prune
           ON session_seen_artifacts(shown_at);
-      `);
-        },
-    },
-    {
-        version: 13,
-        description: 'design_tokens + design_references — creative workflow tables (5.9.0)',
-        up: (db) => {
-            db.exec(`
+      `)}},{version:13,description:"design_tokens + design_references \u2014 creative workflow tables (5.9.0)",up:e=>{e.exec(`
         CREATE TABLE IF NOT EXISTS design_tokens (
           id INTEGER PRIMARY KEY AUTOINCREMENT,
           project_id INTEGER NOT NULL,
@@ -936,14 +821,7 @@ export const migrations = [
           INSERT INTO design_references_fts(rowid, title, notes, tags)
           VALUES (new.id, new.title, new.notes, new.tags);
         END;
-      `);
-        },
-    },
-    {
-        version: 14,
-        description: 'token_savings_log + cross_project_visibility — Wyrm 6.0 substrate (spec 018)',
-        up: (db) => {
-            db.exec(`
+      `)}},{version:14,description:"token_savings_log + cross_project_visibility \u2014 Wyrm 6.0 substrate (spec 018)",up:e=>{e.exec(`
         -- Token-savings telemetry: every Wyrm tool that has a counterfactual
         -- logs an estimate so the statusline and digest can show real ROI.
         CREATE TABLE IF NOT EXISTS token_savings_log (
@@ -966,36 +844,10 @@ export const migrations = [
           ON token_savings_log(session_id, timestamp DESC);
         CREATE INDEX IF NOT EXISTS idx_savings_category
           ON token_savings_log(category, timestamp DESC);
-      `);
-            // Cross-project visibility flags on every searchable kind.
-            // Default 'within' — no existing data leaks across projects.
-            const tables = [
-                'ground_truths',
-                'memory_artifacts',
-                'quests',
-                'decision_edges', // was 'decisions' (a table that never existed) — fixed in v17; kept correct here for fresh installs
-                'design_references',
-                'design_tokens',
-            ];
-            for (const t of tables) {
-                try {
-                    const cols = db.prepare(`PRAGMA table_info(${t})`).all();
-                    if (cols.some((c) => c.name === 'cross_project_visibility'))
-                        continue;
-                    db.exec(`
+      `);const E=["ground_truths","memory_artifacts","quests","decision_edges","design_references","design_tokens"];for(const t of E)try{if(e.prepare(`PRAGMA table_info(${t})`).all().some(i=>i.name==="cross_project_visibility"))continue;e.exec(`
             ALTER TABLE ${t} ADD COLUMN cross_project_visibility TEXT NOT NULL DEFAULT 'within'
               CHECK (cross_project_visibility IN ('within', 'org', 'public'));
-          `);
-                }
-                catch { /* table may not exist on older installs; safe to skip */ }
-            }
-        },
-    },
-    {
-        version: 15,
-        description: 'Live Memory v6.4 — append-only events log + wyrm_meta (device identity)',
-        up: (db) => {
-            db.exec(`
+          `)}catch{}}},{version:15,description:"Live Memory v6.4 \u2014 append-only events log + wyrm_meta (device identity)",up:e=>{e.exec(`
         -- Node-local KV (stable device id for cross-device event identity, etc.)
         CREATE TABLE IF NOT EXISTS wyrm_meta (
           key   TEXT PRIMARY KEY,
@@ -1004,7 +856,7 @@ export const migrations = [
 
         -- Append-only event log (Live Memory v6.4). The existing tables stay the
         -- system of record; this is a derived stream for live propagation. Writes
-        -- emit here as a FAILURE-ISOLATED side effect (see events.ts) — a broken
+        -- emit here as a FAILURE-ISOLATED side effect (see events.ts) \u2014 a broken
         -- events table can never regress the canonical write. 'cursor' is the
         -- LOCAL subscription cursor (monotonic per node); cross-device identity is
         -- (origin_device, origin_seq), with replication via INSERT OR IGNORE.
@@ -1025,19 +877,7 @@ export const migrations = [
         );
         CREATE INDEX IF NOT EXISTS idx_events_project_cursor ON events(project_id, cursor);
         CREATE INDEX IF NOT EXISTS idx_events_kind ON events(kind, created_at);
-      `);
-        },
-    },
-    {
-        version: 16,
-        description: 'Rebuild FTS tables with porter stemming (override≈overrides≈overriding) for better recall',
-        up: (db) => {
-            // The base-table triggers reference these FTS tables BY NAME, so recreating
-            // them with the same name + the porter tokenizer keeps the triggers valid —
-            // no need to drop/recreate triggers. `rebuild` repopulates from the
-            // external-content base table. Migrations run single-threaded at startup,
-            // so there's no concurrent write between DROP and CREATE.
-            db.exec(`
+      `)}},{version:16,description:"Rebuild FTS tables with porter stemming (override\u2248overrides\u2248overriding) for better recall",up:e=>{e.exec(`
         DROP TABLE IF EXISTS quests_fts;
         CREATE VIRTUAL TABLE quests_fts USING fts5(
           title, description, content='quests', content_rowid='id',
@@ -1065,62 +905,13 @@ export const migrations = [
           tokenize='porter unicode61'
         );
         INSERT INTO skills_fts(skills_fts) VALUES('rebuild');
-      `);
-        },
-    },
-    {
-        version: 17,
-        description: 'Backfill cross_project_visibility on decision_edges (migration 14 named a non-existent "decisions" table)',
-        up: (db) => {
-            // Migration 14 looped over a table called 'decisions' that never existed —
-            // the real table is 'decision_edges' — so it silently never got the
-            // cross_project_visibility column. Add it here (guarded + idempotent) so
-            // already-migrated DBs converge with fresh installs (which now get it in v14).
-            try {
-                const cols = db.prepare(`PRAGMA table_info(decision_edges)`).all();
-                if (!cols.some((c) => c.name === 'cross_project_visibility')) {
-                    db.exec(`
+      `)}},{version:17,description:'Backfill cross_project_visibility on decision_edges (migration 14 named a non-existent "decisions" table)',up:e=>{try{e.prepare("PRAGMA table_info(decision_edges)").all().some(t=>t.name==="cross_project_visibility")||e.exec(`
             ALTER TABLE decision_edges ADD COLUMN cross_project_visibility TEXT NOT NULL DEFAULT 'within'
               CHECK (cross_project_visibility IN ('within', 'org', 'public'));
-          `);
-                }
-            }
-            catch { /* table may not exist on a very old install; safe to skip */ }
-        },
-    },
-    {
-        version: 18,
-        description: 'GOD-SKILL SPEC v2 — skill tier/governs/composes + spec-kit registry (specs table)',
-        up: (db) => {
-            // --- Skill governance columns (additive, safe defaults) ---
-            // tier: atomic|mega|god — apex skill tier routing. Default 'atomic' so
-            //   every pre-existing skill keeps its current (leaf) behaviour.
-            // governs: JSON string array of skill names this node routes DOWN to
-            //   (god → megas, mega → atomics). Default '[]'.
-            // composes: JSON string array of skill names this node pulls in laterally.
-            //   Default '[]'.
-            // All three are guarded so re-running against a partially-migrated DB
-            // (or a fresh install that already has them) is a no-op.
-            const skillCols = db.prepare(`PRAGMA table_info(skills)`).all();
-            const hasSkillCol = (c) => skillCols.some((x) => x.name === c);
-            if (!hasSkillCol('tier')) {
-                db.exec(`
+          `)}catch{}}},{version:18,description:"GOD-SKILL SPEC v2 \u2014 skill tier/governs/composes + spec-kit registry (specs table)",up:e=>{const E=e.prepare("PRAGMA table_info(skills)").all(),t=s=>E.some(i=>i.name===s);t("tier")||e.exec(`
           ALTER TABLE skills ADD COLUMN tier TEXT NOT NULL DEFAULT 'atomic'
             CHECK (tier IN ('atomic', 'mega', 'god'));
-        `);
-            }
-            if (!hasSkillCol('governs')) {
-                db.exec(`ALTER TABLE skills ADD COLUMN governs TEXT NOT NULL DEFAULT '[]';`);
-            }
-            if (!hasSkillCol('composes')) {
-                db.exec(`ALTER TABLE skills ADD COLUMN composes TEXT NOT NULL DEFAULT '[]';`);
-            }
-            db.exec(`CREATE INDEX IF NOT EXISTS idx_skills_tier ON skills(tier);`);
-            // --- Spec-kit registry (GHOSTMESH spec-kit specs → Wyrm-native) ---
-            // One row per registered spec directory, linked to a project. The
-            // generated quests carry a deterministic tag signature so wyrm_spec_register
-            // is idempotent (re-run updates the same quests instead of duplicating).
-            db.exec(`
+        `),t("governs")||e.exec("ALTER TABLE skills ADD COLUMN governs TEXT NOT NULL DEFAULT '[]';"),t("composes")||e.exec("ALTER TABLE skills ADD COLUMN composes TEXT NOT NULL DEFAULT '[]';"),e.exec("CREATE INDEX IF NOT EXISTS idx_skills_tier ON skills(tier);"),e.exec(`
         CREATE TABLE IF NOT EXISTS specs (
           id INTEGER PRIMARY KEY AUTOINCREMENT,
           project_id INTEGER NOT NULL,
@@ -1135,86 +926,11 @@ export const migrations = [
         );
         CREATE INDEX IF NOT EXISTS idx_specs_project ON specs(project_id);
         CREATE INDEX IF NOT EXISTS idx_specs_dir ON specs(spec_dir);
-      `);
-        },
-    },
-    {
-        version: 19,
-        description: 'Grove sync policy: projects.sync_policy gate (private by default) for cloud + federation isolation',
-        up: (db) => {
-            // Grove-level replication gate. A project's rows may leave the local box
-            // only if its grove opts in:
-            //   'private' (default): never replicates by any channel.
-            //   'cloud':  may replicate to the operator's OWN cloud backup
-            //             (per-row cross_project_visibility still applies).
-            //   'team':   may also federate to a team Wyrm
-            //             (per-row is_shared still applies).
-            // This is a SECOND, grove-level gate on top of the existing per-row flags,
-            // so one accidental flag flip can never alone leak a private grove.
-            const pcols = db.prepare(`PRAGMA table_info(projects)`).all();
-            if (!pcols.some((c) => c.name === 'sync_policy')) {
-                db.exec(`
+      `)}},{version:19,description:"Grove sync policy: projects.sync_policy gate (private by default) for cloud + federation isolation",up:e=>{e.prepare("PRAGMA table_info(projects)").all().some(o=>o.name==="sync_policy")||e.exec(`
           ALTER TABLE projects ADD COLUMN sync_policy TEXT NOT NULL DEFAULT 'private'
             CHECK (sync_policy IN ('private', 'cloud', 'team'));
-        `);
-            }
-            // Backward-compatible backfill, CONSERVATIVE: a project that already had
-            // cloud-eligible rows (cross_project_visibility org/public) keeps its cloud
-            // backup ability (cloud is per-operator + encrypted, low risk, no silent
-            // regression). We deliberately DO NOT auto-promote any grove to 'team':
-            // federation is the actual team-exposure axis, so it is ALWAYS an explicit
-            // opt-in (via `wyrm grove policy <proj> team`). This guarantees a grove that
-            // merely had an is_shared row in the past is never silently moved off
-            // 'private' on upgrade. Everything not cloud-eligible stays 'private'.
-            const hasCol = (t, c) => {
-                try {
-                    return db.prepare(`PRAGMA table_info(${t})`).all().some((x) => x.name === c);
-                }
-                catch {
-                    return false;
-                }
-            };
-            const distinctPids = (sql) => {
-                try {
-                    return db.prepare(sql).all().map((r) => r.pid);
-                }
-                catch {
-                    return [];
-                }
-            };
-            const cloudIds = new Set();
-            for (const t of ['ground_truths', 'memory_artifacts', 'quests', 'design_tokens', 'design_references']) {
-                if (!hasCol(t, 'cross_project_visibility') || !hasCol(t, 'project_id'))
-                    continue;
-                for (const pid of distinctPids(`SELECT DISTINCT project_id AS pid FROM ${t}
-           WHERE cross_project_visibility IN ('org', 'public') AND project_id IS NOT NULL`))
-                    cloudIds.add(pid);
-            }
-            const setCloud = db.prepare(`UPDATE projects SET sync_policy = 'cloud' WHERE id = ? AND sync_policy = 'private'`);
-            for (const id of cloudIds)
-                setCloud.run(id);
-        },
-    },
-    {
-        version: 20,
-        description: 'v7 F2 (T008) — run-native provenance: runs + run_agents tables, agent_id/run_id attribution on 9 tables, failure_patterns.quarantine_scope',
-        up: (db) => {
-            // ============================================================
-            // v7 BROOD FR-1: run-native provenance core.
-            // Additive + guarded (Article VI): new tables use IF NOT EXISTS, every
-            // ALTER is PRAGMA-checked, and the only UPDATE is a one-time backfill
-            // INSIDE its column guard. A v6.x DB opens under this migration with
-            // 100% of its rows; nothing is renamed, dropped, or rewritten.
-            // ============================================================
-            // ---- runs: one row per orchestrated fleet run ----
-            // run_id is a ULID (src/ulid.ts: 26-char Crockford base32, monotonic,
-            // crypto-random) so run ids sort lexicographically in creation order.
-            // parent_run_id nests runs (orchestrator spawning sub-orchestrators).
-            // debrief_artifact_id links the run's debrief memory_artifact when the
-            // orchestrator files one. No FK from run_agents.agent_id to
-            // agent_presence: presence rows are TTL-pruned heartbeats, while run
-            // membership is durable provenance that must outlive them.
-            db.exec(`
+        `);const t=(o,a)=>{try{return e.prepare(`PRAGMA table_info(${o})`).all().some(r=>r.name===a)}catch{return!1}},s=o=>{try{return e.prepare(o).all().map(a=>a.pid)}catch{return[]}},i=new Set;for(const o of["ground_truths","memory_artifacts","quests","design_tokens","design_references"])if(!(!t(o,"cross_project_visibility")||!t(o,"project_id")))for(const a of s(`SELECT DISTINCT project_id AS pid FROM ${o}
+           WHERE cross_project_visibility IN ('org', 'public') AND project_id IS NOT NULL`))i.add(a);const T=e.prepare("UPDATE projects SET sync_policy = 'cloud' WHERE id = ? AND sync_policy = 'private'");for(const o of i)T.run(o)}},{version:20,description:"v7 F2 (T008) \u2014 run-native provenance: runs + run_agents tables, agent_id/run_id attribution on 9 tables, failure_patterns.quarantine_scope",up:e=>{e.exec(`
         CREATE TABLE IF NOT EXISTS runs (
           run_id TEXT PRIMARY KEY,
           parent_run_id TEXT,
@@ -1239,98 +955,14 @@ export const migrations = [
           FOREIGN KEY (run_id) REFERENCES runs(run_id) ON DELETE CASCADE
         );
         CREATE INDEX IF NOT EXISTS idx_run_agents_agent ON run_agents(agent_id);
-      `);
-            // ---- nullable agent_id/run_id attribution on the 9 provenance tables ----
-            // Soft references on purpose (no FK to runs): attribution is provenance
-            // metadata — pruning or never-creating a runs row must never block or
-            // cascade-delete canonical memory rows.
-            //
-            // On `events`, attribution EXTENDS the existing `actor` column — NOT a
-            // parallel concept. `actor` stays the human display identity exactly as
-            // 6.x wrote it; `agent_id` (machine identity) and `run_id` land
-            // alongside. Precedence at read sites that surface attribution
-            // (src/attribution.ts owns this rule):
-            //   1. agent_id  — machine identity (v7 fleet writes)
-            //   2. actor     — display identity (6.x writes, human labels)
-            //   3. 'legacy'  — neither set (a pre-v7 row); read-time only, never
-            //                  written back. audit_log.actor follows the same rule.
-            //
-            // quest_claims already has agent_id (NOT NULL, migration 9) — the guard
-            // skips it and only run_id is added there. All other tables gain both.
-            const hasCol = (t, c) => {
-                try {
-                    return db.prepare(`PRAGMA table_info(${t})`).all()
-                        .some((x) => x.name === c);
-                }
-                catch {
-                    return false;
-                }
-            };
-            const ATTRIBUTED_TABLES = [
-                'memory_artifacts', 'failure_patterns', 'decision_edges',
-                'ground_truths', 'quests', 'sessions', 'quest_claims',
-                'events', 'audit_log',
-            ];
-            for (const t of ATTRIBUTED_TABLES) {
-                if (!hasCol(t, 'agent_id'))
-                    db.exec(`ALTER TABLE ${t} ADD COLUMN agent_id TEXT;`);
-                if (!hasCol(t, 'run_id'))
-                    db.exec(`ALTER TABLE ${t} ADD COLUMN run_id TEXT;`);
-            }
-            // Partial indexes for the run-scoped hot paths (failure quarantine,
-            // run-tagged event fan-out, debrief assembly). Partial so the 6.x
-            // all-NULL bulk costs nothing.
-            db.exec(`
+      `);const E=(s,i)=>{try{return e.prepare(`PRAGMA table_info(${s})`).all().some(T=>T.name===i)}catch{return!1}},t=["memory_artifacts","failure_patterns","decision_edges","ground_truths","quests","sessions","quest_claims","events","audit_log"];for(const s of t)E(s,"agent_id")||e.exec(`ALTER TABLE ${s} ADD COLUMN agent_id TEXT;`),E(s,"run_id")||e.exec(`ALTER TABLE ${s} ADD COLUMN run_id TEXT;`);e.exec(`
         CREATE INDEX IF NOT EXISTS idx_failure_run ON failure_patterns(run_id) WHERE run_id IS NOT NULL;
         CREATE INDEX IF NOT EXISTS idx_events_run ON events(run_id) WHERE run_id IS NOT NULL;
         CREATE INDEX IF NOT EXISTS idx_artifacts_run ON memory_artifacts(run_id) WHERE run_id IS NOT NULL;
-      `);
-            // ---- failure_patterns quarantine scope (run|project|global) ----
-            // The v7 spec names this column `scope`, but failure_patterns.scope has
-            // existed since migration 9 with DIFFERENT semantics: it is the signature
-            // MATCH dimension ('file'|'symbol'|'command'|'prompt') baked into every
-            // stored signature by FailurePatterns.signature(). Renaming or
-            // repurposing it would be a destructive rewrite (Article VI) and corrupt
-            // every existing signature, so the run|project|global QUARANTINE/
-            // authority scope lands as `quarantine_scope`.
-            //
-            // Default 'project' preserves 6.x semantics: a 6.x failure recorded with
-            // a project_id was authoritative for its whole project the moment it was
-            // written (check() filters by project_id). The guarded one-time backfill
-            // marks project_id-IS-NULL rows 'global' because 6.x check() matched
-            // those rows from EVERY project (`OR project_id IS NULL`) — without it,
-            // v7 quarantine enforcement would silently narrow their reach.
-            if (!hasCol('failure_patterns', 'quarantine_scope')) {
-                db.exec(`
+      `),E("failure_patterns","quarantine_scope")||(e.exec(`
           ALTER TABLE failure_patterns ADD COLUMN quarantine_scope TEXT NOT NULL DEFAULT 'project'
             CHECK (quarantine_scope IN ('run', 'project', 'global'));
-        `);
-                db.exec(`UPDATE failure_patterns SET quarantine_scope = 'global' WHERE project_id IS NULL;`);
-            }
-            db.exec(`CREATE INDEX IF NOT EXISTS idx_failure_quarantine ON failure_patterns(quarantine_scope, resolved);`);
-        },
-    },
-    {
-        version: 21,
-        description: 'v7 F2 (T015) — failure_confirmations: distinct-agent confirmation ledger behind run-quarantine auto-promotion',
-        up: (db) => {
-            // ============================================================
-            // v7 BROOD FR-2 (T015): run-scoped failure quarantine promotion.
-            // One row per (failure, agent) that recorded/confirmed the same failure
-            // signature — the evidence ledger behind the debrief-INDEPENDENT
-            // "≥2 distinct agent_id confirmations → promote to project scope" rule
-            // (src/failure-patterns.ts noteConfirmation()).
-            //
-            // Additive + guarded (Article VI): IF NOT EXISTS only — re-running this
-            // up() is a no-op and a v6.x DB opens with 100% of its rows untouched.
-            //
-            // PK (failure_id, agent_id) makes COUNT(*) per failure_id the DISTINCT
-            // agent count by construction: the same agent re-recording N times is
-            // ONE confirmation. run_id records where a confirmation came from (T017
-            // analytics input); it is NOT part of the identity. The FK cascades with
-            // the failure row — confirmations are evidence ABOUT a canonical row,
-            // never canonical memory themselves (a delete() must not orphan them).
-            db.exec(`
+        `),e.exec("UPDATE failure_patterns SET quarantine_scope = 'global' WHERE project_id IS NULL;")),e.exec("CREATE INDEX IF NOT EXISTS idx_failure_quarantine ON failure_patterns(quarantine_scope, resolved);")}},{version:21,description:"v7 F2 (T015) \u2014 failure_confirmations: distinct-agent confirmation ledger behind run-quarantine auto-promotion",up:e=>{e.exec(`
         CREATE TABLE IF NOT EXISTS failure_confirmations (
           failure_id INTEGER NOT NULL,
           agent_id TEXT NOT NULL,
@@ -1339,42 +971,7 @@ export const migrations = [
           PRIMARY KEY (failure_id, agent_id),
           FOREIGN KEY (failure_id) REFERENCES failure_patterns(id) ON DELETE CASCADE
         );
-      `);
-        },
-    },
-    {
-        version: 22,
-        description: 'v7 F2 (T017) — failure_blocks: prevented-repeat ledger behind wyrm_stats view=failures',
-        up: (db) => {
-            // ============================================================
-            // v7 BROOD FR-2 (T017): prevented-repeat analytics.
-            // One row per BLOCKED failure_check verdict (blocked:true) — the unit of
-            // "a repeat was prevented". Attribution columns name the CHECKING
-            // agent/run (the agent that was about to repeat the failure), NOT the
-            // recorder — failure_patterns.agent_id/run_id already name the recorder.
-            // failure_id is the verdict's top blocker (matches[0]).
-            //
-            // STORAGE CHOICE, documented (the task offered counter-table vs
-            // events-derived):
-            //   - NOT events-derived: emitEvent is failure-isolated best-effort AND
-            //     the events log is retention-pruned (WYRM_EVENT_RETAIN_DAYS /
-            //     maxPerProject in wyrm_maintenance) — analytics derived from it
-            //     would silently undercount over time (same rationale that kept the
-            //     T015 confirmation ledger off the events log). failure_check is
-            //     also a READ that emits no events today; emitting one per check
-            //     would bloat the private event stream for one integer of analytics.
-            //   - An APPEND-ONLY ledger (not an UPSERTed counter row): one INSERT
-            //     per blocked verdict is exactly correct under multi-process fleet
-            //     concurrency with no read-modify-write race, and read-time
-            //     COUNT/GROUP BY is deterministic (Article III: pure SQL, zero LLM).
-            //   - Private by construction: this is not an events surface — block
-            //     rows never ride SSE/replication (failures stay is_shared=0).
-            //
-            // Additive + guarded (Article VI): IF NOT EXISTS only — re-running this
-            // up() is a no-op and a v6.x DB opens with 100% of its rows untouched.
-            // FK cascades with the failure row (the migration-21 precedent): blocks
-            // are analytics ABOUT a canonical row, never canonical memory.
-            db.exec(`
+      `)}},{version:22,description:"v7 F2 (T017) \u2014 failure_blocks: prevented-repeat ledger behind wyrm_stats view=failures",up:e=>{e.exec(`
         CREATE TABLE IF NOT EXISTS failure_blocks (
           id INTEGER PRIMARY KEY AUTOINCREMENT,
           failure_id INTEGER NOT NULL,
@@ -1384,41 +981,7 @@ export const migrations = [
           blocked_at TEXT DEFAULT (datetime('now')),
           FOREIGN KEY (failure_id) REFERENCES failure_patterns(id) ON DELETE CASCADE
         );
-      `);
-            // "N repeats blocked this run" is the hot read — partial index in the
-            // style of migration 20's idx_failure_run/idx_events_run.
-            db.exec(`CREATE INDEX IF NOT EXISTS idx_failure_blocks_run ON failure_blocks(run_id) WHERE run_id IS NOT NULL;`);
-            db.exec(`CREATE INDEX IF NOT EXISTS idx_failure_blocks_failure ON failure_blocks(failure_id);`);
-        },
-    },
-    {
-        version: 23,
-        description: 'v7 F3 (T028) — run_briefs: byte-stable fleet session_prime brief cache, one row per (run_id, role)',
-        up: (db) => {
-            // ============================================================
-            // v7 BROOD FR-5 (T028): fleet-mode session_prime.
-            // The FIRST prime of a (run_id, role) compiles the role-sliced brief
-            // and CAS-inserts it here (INSERT OR IGNORE on the PK, then every
-            // caller — winner and losers alike — reads the row back), so 12
-            // simultaneous primes across 12 PROCESSES return the byte-identical
-            // cached prefix (spec §7 criterion 8). An in-memory cache cannot give
-            // that guarantee: fleet agents are separate stdio server processes
-            // sharing only this SQLite file.
-            //
-            // body_json is the full structured session_prime body (the T026
-            // sections[] shape) — the text channel re-derives from it through the
-            // T019 renderer, so text and structuredContent cannot drift.
-            //
-            // run_id is a SOFT reference to runs (no FK), the migration-20
-            // precedent: a prime may legitimately race `wyrm_run action=start`
-            // (the F2 "orchestrator already exported WYRM_RUN_ID" orphan shape),
-            // and a cache row must never block or cascade with run lifecycle.
-            // Retention: wyrm_maintenance prunes by created_at (T029, same
-            // WYRM_EVENT_RETAIN_DAYS knob as the event log).
-            //
-            // Additive + guarded (Article VI): IF NOT EXISTS only — re-running
-            // this up() is a no-op and a v6.x DB opens with 100% of its rows.
-            db.exec(`
+      `),e.exec("CREATE INDEX IF NOT EXISTS idx_failure_blocks_run ON failure_blocks(run_id) WHERE run_id IS NOT NULL;"),e.exec("CREATE INDEX IF NOT EXISTS idx_failure_blocks_failure ON failure_blocks(failure_id);")}},{version:23,description:"v7 F3 (T028) \u2014 run_briefs: byte-stable fleet session_prime brief cache, one row per (run_id, role)",up:e=>{e.exec(`
         CREATE TABLE IF NOT EXISTS run_briefs (
           run_id TEXT NOT NULL,
           role TEXT NOT NULL DEFAULT '',
@@ -1427,198 +990,20 @@ export const migrations = [
           created_at TEXT DEFAULT (datetime('now')),
           PRIMARY KEY (run_id, role)
         );
-      `);
-        },
-    },
-    {
-        version: 24,
-        description: 'v7 F3 (T029) — claims/presence hardening: role on quest_claims, run_id/role on agent_presence, run-scoped partial indexes',
-        up: (db) => {
-            // ============================================================
-            // v7 BROOD FR-5 (T029): claims/presence run attribution completed.
-            // quest_claims got run_id in migration 20; `role` lands here so an
-            // orchestrator auditing the claim board sees WHICH fleet role holds
-            // each lease. agent_presence persists rows (TTL heartbeats, table
-            // since migration 9) so it gains BOTH run_id and role — presence
-            // dashboards become per-run. All three are stamped at write time from
-            // the ambient actor envelope + run_agents membership (presence.ts);
-            // NULL outside a run (the migration-20 soft-ref rule: never an FK —
-            // attribution metadata must never block or cascade canonical rows).
-            //
-            // Claims stay atomic via the existing PK-conflict CAS — this migration
-            // adds attribution columns only, no locking changes (the spec is
-            // explicit: there is no race to fix).
-            //
-            // Additive + guarded (Article VI): PRAGMA-checked ALTERs, IF NOT
-            // EXISTS indexes — a v6.x DB opens with 100% of its rows; pre-v7 rows
-            // carry NULL and read as 'legacy' at display time only.
-            const hasCol = (t, c) => {
-                try {
-                    return db.prepare(`PRAGMA table_info(${t})`).all()
-                        .some((x) => x.name === c);
-                }
-                catch {
-                    return false;
-                }
-            };
-            if (!hasCol('quest_claims', 'role'))
-                db.exec(`ALTER TABLE quest_claims ADD COLUMN role TEXT;`);
-            if (!hasCol('agent_presence', 'run_id'))
-                db.exec(`ALTER TABLE agent_presence ADD COLUMN run_id TEXT;`);
-            if (!hasCol('agent_presence', 'role'))
-                db.exec(`ALTER TABLE agent_presence ADD COLUMN role TEXT;`);
-            // Partial indexes in the migration-20 style: the all-NULL 6.x bulk
-            // costs nothing; wyrm_run status + per-run presence views are the
-            // hot reads.
-            db.exec(`
+      `)}},{version:24,description:"v7 F3 (T029) \u2014 claims/presence hardening: role on quest_claims, run_id/role on agent_presence, run-scoped partial indexes",up:e=>{const E=(t,s)=>{try{return e.prepare(`PRAGMA table_info(${t})`).all().some(i=>i.name===s)}catch{return!1}};E("quest_claims","role")||e.exec("ALTER TABLE quest_claims ADD COLUMN role TEXT;"),E("agent_presence","run_id")||e.exec("ALTER TABLE agent_presence ADD COLUMN run_id TEXT;"),E("agent_presence","role")||e.exec("ALTER TABLE agent_presence ADD COLUMN role TEXT;"),e.exec(`
         CREATE INDEX IF NOT EXISTS idx_quest_claims_run ON quest_claims(run_id) WHERE run_id IS NOT NULL;
         CREATE INDEX IF NOT EXISTS idx_presence_run ON agent_presence(run_id) WHERE run_id IS NOT NULL;
-      `);
-        },
-    },
-    {
-        version: 25,
-        description: 'Skills portability — store SKILL.md content (+ sha/ts) in the registry and make skills cloud-sync-eligible behind the per-row visibility gate',
-        up: (db) => {
-            // ============================================================
-            // SKILLS CLOUD SYNC: carry skill BODIES across machines.
-            // The `skills` table has only ever held metadata + a `skill_path`
-            // pointer into ~/.copilot/skills/<slug>/SKILL.md — a pointer that is
-            // meaningless on another machine. To make a registered skill portable
-            // (this Fedora box → a Mac mini) we store the SKILL.md text itself.
-            //
-            // Additive + guarded (Article VI), the migration 20/24 style: every
-            // ALTER is PRAGMA-checked, nothing is renamed/dropped/rewritten, and a
-            // v7.0.1 DB opens under this migration with 100% of its rows preserved.
-            //
-            //   content            — the full SKILL.md text (NULL until backfilled;
-            //                         a skill whose file is unreadable stays NULL).
-            //   content_sha256     — sha256 of `content`, for idempotent backfill
-            //                         (skip unchanged) and export dedup.
-            //   content_updated_at — when `content` last changed (sync/merge aid).
-            //
-            // CRITICAL — FTS: skills_fts is an EXTERNAL-CONTENT FTS5 over
-            // (name, description, tags) ONLY (content='skills'). Adding plain base
-            // columns does NOT change the FTS table's indexed columns, so the
-            // external-content contract and its insert/delete/update triggers are
-            // untouched. (Verified by the post-migration FTS search test.)
-            const hasCol = (t, c) => {
-                try {
-                    return db.prepare(`PRAGMA table_info(${t})`).all()
-                        .some((x) => x.name === c);
-                }
-                catch {
-                    return false;
-                }
-            };
-            if (!hasCol('skills', 'content'))
-                db.exec(`ALTER TABLE skills ADD COLUMN content TEXT;`);
-            if (!hasCol('skills', 'content_sha256'))
-                db.exec(`ALTER TABLE skills ADD COLUMN content_sha256 TEXT;`);
-            if (!hasCol('skills', 'content_updated_at'))
-                db.exec(`ALTER TABLE skills ADD COLUMN content_updated_at TEXT;`);
-            // ---- cloud-sync eligibility, private-by-default (Article I/IX) ----
-            // Skills are global (no project_id), so the grove (project) sync_policy
-            // gate cannot apply per-skill. We instead make skills sync the SAME way
-            // ground_truths/memory_artifacts do: a per-row `cross_project_visibility`
-            // marker, DEFAULT 'within' (operator-private). The sync engine's visClause
-            // (`cross_project_visibility IN ('org','public')`) is the egress gate —
-            // a brand-new skills column defaulting to 'within' means NO skill leaves
-            // this machine until the operator explicitly promotes it. `is_shared`
-            // (default 0) lands too so the team-federation gate has its flag.
-            // This adds skills to the existing privacy lattice without weakening the
-            // default, exactly per the constitution's private-by-default rule.
-            if (!hasCol('skills', 'cross_project_visibility')) {
-                db.exec(`ALTER TABLE skills ADD COLUMN cross_project_visibility TEXT NOT NULL DEFAULT 'within';`);
-            }
-            if (!hasCol('skills', 'is_shared')) {
-                db.exec(`ALTER TABLE skills ADD COLUMN is_shared INTEGER NOT NULL DEFAULT 0;`);
-            }
-            // Partial index for the egress hot path (collectChangedRows filters on
-            // promoted rows), migration 20/24 style — the all-'within' default bulk
-            // costs nothing.
-            db.exec(`CREATE INDEX IF NOT EXISTS idx_skills_visibility ON skills(cross_project_visibility) WHERE cross_project_visibility != 'within';`);
-        },
-    },
-    {
-        version: 26,
-        description: 'Reverse-bridge rejection tombstones — remember a once-rejected outside-prose sig so the next sweep never re-queues content the operator already deleted',
-        up: (db) => {
-            // ============================================================
-            // REVERSE-BRIDGE REJECTION MEMORY (security pass #2, finding #1).
-            //
-            // detectEdits() always re-emits the operator prose OUTSIDE the Wyrm
-            // markers as an 'outside' edit on EVERY sweep — there is no diff against
-            // a prior state. Re-queueing is suppressed only by existsBySig() against
-            // the live review queue. So if the operator REVIEWS and REJECTS (deletes)
-            // a reverse-bridge candidate, the sig disappears from the DB and the next
-            // sweep re-extracts + re-queues the identical prose — a review-queue loop
-            // for content the operator already said no to.
-            //
-            // Fix: a tombstone of rejected `rb:` sigs. wyrm_review's reject path
-            // records the sig here; makeBridgeDeps.existsBySig() additionally consults
-            // it, so a once-rejected outside-prose edit is remembered as rejected and
-            // never re-offered. Purely local, per-project, never replicated.
-            //
-            // Additive + guarded (Article VI), migration 20/24/25 style: a brand-new
-            // table, nothing renamed/dropped, a v7.0.x DB opens with 100% of its rows.
-            db.exec(`
+      `)}},{version:25,description:"Skills portability \u2014 store SKILL.md content (+ sha/ts) in the registry and make skills cloud-sync-eligible behind the per-row visibility gate",up:e=>{const E=(t,s)=>{try{return e.prepare(`PRAGMA table_info(${t})`).all().some(i=>i.name===s)}catch{return!1}};E("skills","content")||e.exec("ALTER TABLE skills ADD COLUMN content TEXT;"),E("skills","content_sha256")||e.exec("ALTER TABLE skills ADD COLUMN content_sha256 TEXT;"),E("skills","content_updated_at")||e.exec("ALTER TABLE skills ADD COLUMN content_updated_at TEXT;"),E("skills","cross_project_visibility")||e.exec("ALTER TABLE skills ADD COLUMN cross_project_visibility TEXT NOT NULL DEFAULT 'within';"),E("skills","is_shared")||e.exec("ALTER TABLE skills ADD COLUMN is_shared INTEGER NOT NULL DEFAULT 0;"),e.exec("CREATE INDEX IF NOT EXISTS idx_skills_visibility ON skills(cross_project_visibility) WHERE cross_project_visibility != 'within';")}},{version:26,description:"Reverse-bridge rejection tombstones \u2014 remember a once-rejected outside-prose sig so the next sweep never re-queues content the operator already deleted",up:e=>{e.exec(`
         CREATE TABLE IF NOT EXISTS reverse_bridge_tombstones (
           project_id INTEGER NOT NULL,
           sig        TEXT NOT NULL,
           created_at TEXT NOT NULL DEFAULT (datetime('now')),
           PRIMARY KEY (project_id, sig)
         );
-      `);
-        },
-    },
-];
-/**
- * Run all pending migrations on the database.
- * Creates the schema_versions table if it doesn't exist.
- * Returns the list of migrations that were applied.
- */
-export function runMigrations(db) {
-    // Create the version tracking table (always safe to re-run)
-    db.exec(`
+      `)}}];function d(e){e.exec(`
     CREATE TABLE IF NOT EXISTS schema_versions (
       version INTEGER PRIMARY KEY,
       description TEXT NOT NULL,
       applied_at TEXT DEFAULT (datetime('now'))
     );
-  `);
-    const currentVersion = db.prepare('SELECT COALESCE(MAX(version), 0) as v FROM schema_versions').get().v;
-    // Always apply in ascending version order, regardless of array order in
-    // `migrations` (defensive — v3.9 added a migration that was authored out
-    // of array order). Sorted copy so we don't mutate the exported array.
-    const pending = migrations
-        .filter(m => m.version > currentVersion)
-        .slice()
-        .sort((a, b) => a.version - b.version);
-    if (pending.length === 0)
-        return [];
-    const applied = [];
-    const insertVersion = db.prepare('INSERT INTO schema_versions (version, description) VALUES (?, ?)');
-    for (const migration of pending) {
-        // Each migration runs in its own transaction for atomicity
-        const runOne = db.transaction(() => {
-            migration.up(db);
-            insertVersion.run(migration.version, migration.description);
-        });
-        runOne();
-        applied.push(migration);
-    }
-    return applied;
-}
-/**
- * Get the current schema version.
- */
-export function getSchemaVersion(db) {
-    try {
-        return db.prepare('SELECT COALESCE(MAX(version), 0) as v FROM schema_versions').get().v;
-    }
-    catch {
-        return 0; // schema_versions table doesn't exist yet
-    }
-}
-//# sourceMappingURL=migrations.js.map
+  `);const E=e.prepare("SELECT COALESCE(MAX(version), 0) as v FROM schema_versions").get().v,t=n.filter(T=>T.version>E).slice().sort((T,o)=>T.version-o.version);if(t.length===0)return[];const s=[],i=e.prepare("INSERT INTO schema_versions (version, description) VALUES (?, ?)");for(const T of t)e.transaction(()=>{T.up(e),i.run(T.version,T.description)})(),s.push(T);return s}function N(e){try{return e.prepare("SELECT COALESCE(MAX(version), 0) as v FROM schema_versions").get().v}catch{return 0}}export{N as getSchemaVersion,n as migrations,d as runMigrations};