wyrm-mcp 7.2.1 → 7.2.2

package/dist/license.js

@@ -1,442 +1,3 @@
-/**
- * Wyrm License System
- * ED25519 license key generation, signing, and offline verification
- *
- * @copyright 2026 Ghost Protocol (Pvt) Ltd.
- * @license AGPL-3.0-or-later — dual-licensed; commercial terms: ghosts.lk@proton.me. See LICENSE.
- * @module license
- * @version 3.2.0
- */
-import { createPrivateKey, createPublicKey, sign, verify, generateKeyPairSync, randomBytes, } from 'crypto';
-import { readFileSync, writeFileSync, mkdirSync, existsSync, chmodSync } from 'fs';
-import { homedir } from 'os';
-import { join } from 'path';
-// ==================== CONSTANTS ====================
-/** Base32 alphabet without visually-ambiguous characters (no I, L, O, 1) */
-const BASE32_ALPHABET = 'ABCDEFGHJKMNPQRSTUVWXYZ234567890';
-/** License key prefix */
-const KEY_PREFIX = 'WRM';
-/** Bytes of entropy per key segment (4 chars each) */
-const KEY_SEGMENT_COUNT = 4;
-const KEY_SEGMENT_LENGTH = 4;
-/** License file location */
-const WYRM_DIR = join(homedir(), '.wyrm');
-const LICENSE_PATH = join(WYRM_DIR, 'license.json');
-/**
- * Feature gates per tier.
- * Each tier inherits all features from lower tiers plus its own additions.
- */
-export const TIER_FEATURES = {
-    free: ['local_storage', 'all_tools', 'fts_search', 'unlimited_projects'],
-    pro: ['cloud_backup', 'encryption', 'analytics', 'priority_support'],
-    team: ['shared_memory', 'workspaces', 'admin_dashboard', 'slack_integration'],
-    enterprise: ['unlimited_seats', 'sso_saml', 'custom_sla', 'on_premise'],
-};
-/** Ordered tiers for cumulative feature resolution */
-const TIER_ORDER = ['free', 'pro', 'team', 'enterprise'];
-/** Default device limits per tier */
-export const TIER_DEVICE_LIMITS = {
-    free: 1,
-    pro: 1,
-    team: 25,
-    enterprise: -1,
-};
-/**
- * Embedded public key for offline verification.
- *
- * Generated 2026-05-18 alongside the wyrm-billing signing keypair.
- * The matching private key lives ONLY in wyrm-billing's
- * LICENSE_SIGNING_KEY_PRIVATE_PEM_B64 env var. This public half is
- * shipped to every Wyrm client so they can verify license JWTs
- * offline without phoning home.
- *
- * Rotation: regenerate the keypair, replace the private in
- * wyrm-billing's env, replace this constant, ship a new wyrm-mcp
- * release. Issued licenses signed under the OLD key will reject
- * after the new client rolls out — schedule a grace window.
- */
-const WYRM_PUBLIC_KEY = `-----BEGIN PUBLIC KEY-----
+import{createPrivateKey as S,createPublicKey as T,sign as w,verify as k,generateKeyPairSync as I,randomBytes as A}from"crypto";import{readFileSync as K,writeFileSync as h,mkdirSync as L,existsSync as m,chmodSync as b}from"fs";import{homedir as B}from"os";import{join as _}from"path";const x="ABCDEFGHJKMNPQRSTUVWXYZ234567890",N="WRM",F=4,R=4,l=_(B(),".wyrm"),c=_(l,"license.json"),n={free:["local_storage","all_tools","fts_search","unlimited_projects"],pro:["cloud_backup","encryption","analytics","priority_support"],team:["shared_memory","workspaces","admin_dashboard","slack_integration"],enterprise:["unlimited_seats","sso_saml","custom_sla","on_premise"]},d=["free","pro","team","enterprise"],M={free:1,pro:1,team:25,enterprise:-1},P=`-----BEGIN PUBLIC KEY-----
 MCowBQYDK2VwAyEA5WkbNjI9tclD+Mps13IzEXH5FhCBnblwy4+bjYJHpOk=
------END PUBLIC KEY-----`;
-// ==================== SINGLETON STATE ====================
-let currentLicense = null;
-let currentTier = 'free';
-let currentFeatures = new Set(TIER_FEATURES.free);
-// ==================== HELPERS ====================
-/**
- * Resolve the cumulative feature set for a given tier.
- * E.g. `team` gets free + pro + team features.
- */
-export function resolveFeaturesForTier(tier) {
-    const idx = TIER_ORDER.indexOf(tier);
-    const features = [];
-    for (let i = 0; i <= idx; i++) {
-        features.push(...TIER_FEATURES[TIER_ORDER[i]]);
-    }
-    return [...new Set(features)];
-}
-/**
- * Build the canonical string representation of a license for signing/verification.
- * Field order is fixed so both signer and verifier produce identical payloads.
- */
-function buildCanonicalPayload(license) {
-    return [
-        license.key,
-        license.product,
-        license.tier,
-        license.issued_to,
-        license.issued_at,
-        license.expires_at ?? 'perpetual',
-        String(license.max_devices),
-        license.features.sort().join(','),
-        license.hardware_id ?? '',
-    ].join('|');
-}
-/**
- * Encode random bytes into a Base32 string of the given length
- * using our custom visually-unambiguous alphabet.
- */
-function randomBase32(length) {
-    const bytes = randomBytes(length);
-    let result = '';
-    for (let i = 0; i < length; i++) {
-        result += BASE32_ALPHABET[bytes[i] % BASE32_ALPHABET.length];
-    }
-    return result;
-}
-// ==================== KEY GENERATION (SERVER-SIDE) ====================
-/**
- * Generate an Ed25519 key pair for license signing.
- *
- * **Server-side only** — the private key must never be shipped in the client.
- *
- * @returns PEM-encoded public and private keys
- */
-export function generateKeyPair() {
-    const { publicKey, privateKey } = generateKeyPairSync('ed25519', {
-        publicKeyEncoding: { type: 'spki', format: 'pem' },
-        privateKeyEncoding: { type: 'pkcs8', format: 'pem' },
-    });
-    return { publicKey, privateKey };
-}
-/**
- * Generate a license key in `WRM-XXXX-XXXX-XXXX-XXXX` format.
- *
- * Uses `crypto.randomBytes` mapped onto a Base32 alphabet that excludes
- * visually-ambiguous characters (I, L, O, 1).
- *
- * **Server-side only.**
- */
-export function generateLicenseKey() {
-    const segments = [];
-    for (let i = 0; i < KEY_SEGMENT_COUNT; i++) {
-        segments.push(randomBase32(KEY_SEGMENT_LENGTH));
-    }
-    return `${KEY_PREFIX}-${segments.join('-')}`;
-}
-/**
- * Create a new {@link WyrmLicense} with sane defaults for the given tier.
- *
- * **Server-side only.**
- *
- * @param email - Licensee email
- * @param tier - Desired tier
- * @param options - Optional overrides (expiry, hardware binding, extra features)
- */
-export function createLicense(email, tier, options = {}) {
-    const features = resolveFeaturesForTier(tier);
-    if (options.extraFeatures) {
-        for (const f of options.extraFeatures) {
-            if (!features.includes(f))
-                features.push(f);
-        }
-    }
-    return {
-        key: generateLicenseKey(),
-        product: 'wyrm',
-        tier,
-        issued_to: email,
-        issued_at: new Date().toISOString(),
-        expires_at: options.expiresAt ?? null,
-        max_devices: options.maxDevices ?? TIER_DEVICE_LIMITS[tier],
-        features,
-        hardware_id: options.hardwareId,
-    };
-}
-/**
- * Sign a {@link WyrmLicense} with an Ed25519 private key.
- *
- * **Server-side only.**
- *
- * @param license - The license data to sign
- * @param privateKeyPem - PEM-encoded Ed25519 private key
- * @returns The license bundled with its base64 signature
- */
-export function signLicense(license, privateKeyPem) {
-    const payload = buildCanonicalPayload(license);
-    const key = createPrivateKey(privateKeyPem);
-    const sig = sign(null, Buffer.from(payload, 'utf-8'), key);
-    return {
-        license,
-        signature: sig.toString('base64'),
-    };
-}
-// ==================== VERIFICATION (CLIENT-SIDE / OFFLINE) ====================
-/**
- * Verify a {@link SignedLicense} against an Ed25519 public key.
- *
- * Performs three checks:
- * 1. Signature validity (Ed25519)
- * 2. Product field matches "wyrm"
- * 3. Expiry date (if present)
- *
- * Works fully offline with zero external dependencies.
- *
- * @param signed - The signed license bundle
- * @param publicKeyPem - Optional PEM override; defaults to the embedded key
- */
-export function verifyLicense(signed, publicKeyPem) {
-    const freeFallback = {
-        valid: false,
-        tier: 'free',
-        features: [...TIER_FEATURES.free],
-        expiresAt: null,
-    };
-    try {
-        const { license, signature } = signed;
-        // Product check
-        if (license.product !== 'wyrm') {
-            return { ...freeFallback, error: 'Invalid product identifier' };
-        }
-        // Tier validity
-        if (!TIER_ORDER.includes(license.tier)) {
-            return { ...freeFallback, error: `Unknown tier: ${license.tier}` };
-        }
-        // Signature verification
-        const payload = buildCanonicalPayload(license);
-        const pem = publicKeyPem ?? WYRM_PUBLIC_KEY;
-        let key;
-        try {
-            key = createPublicKey(pem);
-        }
-        catch {
-            return { ...freeFallback, error: 'Invalid public key' };
-        }
-        const isValid = verify(null, Buffer.from(payload, 'utf-8'), key, Buffer.from(signature, 'base64'));
-        if (!isValid) {
-            return { ...freeFallback, error: 'Invalid signature — license may be tampered' };
-        }
-        // Expiry check
-        if (license.expires_at !== null) {
-            const expiry = new Date(license.expires_at);
-            if (isNaN(expiry.getTime())) {
-                return { ...freeFallback, error: 'Malformed expiry date' };
-            }
-            if (expiry.getTime() < Date.now()) {
-                return {
-                    valid: false,
-                    tier: license.tier,
-                    features: [...TIER_FEATURES.free],
-                    expiresAt: license.expires_at,
-                    error: `License expired on ${license.expires_at}`,
-                };
-            }
-        }
-        return {
-            valid: true,
-            tier: license.tier,
-            features: [...license.features],
-            expiresAt: license.expires_at,
-        };
-    }
-    catch (err) {
-        const message = err instanceof Error ? err.message : String(err);
-        return { ...freeFallback, error: `Verification failed: ${message}` };
-    }
-}
-// ==================== TAMPER-EVIDENCE (KAT) ====================
-/**
- * Known-Answer Test for the official build: confirm the verifier still REJECTS a
- * structurally-valid but badly-signed license. If a fork stubs `verifyLicense` to
- * always-accept (so it can run on a forged `license.json` and bypass the activation
- * gate), this self-test trips. It's a deterrent layer — a determined forker can
- * remove this too — but it raises the effort beyond a one-line edit. Pure + offline.
- */
-export function selfTestVerifier() {
-    try {
-        const forged = {
-            license: {
-                key: 'WRM-KAT0-KAT0-KAT0-KAT0', product: 'wyrm', tier: 'enterprise',
-                issued_to: 'integrity@selftest', issued_at: '2026-01-01T00:00:00.000Z',
-                expires_at: null, max_devices: -1, features: [...TIER_FEATURES.enterprise],
-            },
-            signature: Buffer.from('integrity-self-test-not-a-valid-signature').toString('base64'),
-        };
-        if (verifyLicense(forged).valid)
-            return { ok: false, reason: 'verifier_accepts_forged_signature' };
-        return { ok: true };
-    }
-    catch {
-        // An unexpected crypto error shouldn't hard-fail an honest build → "can't confirm".
-        return { ok: true };
-    }
-}
-// ==================== FEATURE GATES ====================
-/**
- * Check whether a specific feature is available in the current license.
- *
- * @param feature - Feature flag name (e.g. `"encryption"`, `"sso_saml"`)
- */
-export function hasFeature(feature) {
-    return currentFeatures.has(feature);
-}
-/**
- * Get the current active license tier.
- * Defaults to `"free"` when no valid license is loaded.
- */
-export function getTier() {
-    return currentTier;
-}
-/**
- * Return a summary of the currently-loaded license state.
- */
-export function getLicenseInfo() {
-    if (!currentLicense) {
-        return {
-            tier: 'free',
-            features: [...TIER_FEATURES.free],
-            expiresAt: null,
-            valid: false,
-            issuedTo: null,
-            key: null,
-        };
-    }
-    const validation = verifyLicense(currentLicense);
-    return {
-        tier: validation.tier,
-        features: validation.features,
-        expiresAt: validation.expiresAt,
-        valid: validation.valid,
-        issuedTo: currentLicense.license.issued_to,
-        key: currentLicense.license.key,
-    };
-}
-// ==================== PERSISTENCE ====================
-/**
- * Load a signed license from `~/.wyrm/license.json`.
- *
- * @returns The parsed {@link SignedLicense} or `null` if not found / unparseable
- */
-export function loadLicense() {
-    try {
-        if (!existsSync(LICENSE_PATH))
-            return null;
-        const raw = readFileSync(LICENSE_PATH, 'utf-8');
-        const parsed = JSON.parse(raw);
-        // Basic shape check
-        if (!parsed.license || !parsed.signature)
-            return null;
-        if (!parsed.license.key || !parsed.license.tier)
-            return null;
-        return parsed;
-    }
-    catch {
-        return null;
-    }
-}
-/**
- * Persist a signed license to `~/.wyrm/license.json`.
- * File permissions are set to `0o600` (owner read/write only).
- *
- * @param signed - The signed license to save
- */
-export function saveLicense(signed) {
-    if (!existsSync(WYRM_DIR)) {
-        mkdirSync(WYRM_DIR, { recursive: true });
-    }
-    const json = JSON.stringify(signed, null, 2);
-    writeFileSync(LICENSE_PATH, json, { encoding: 'utf-8', mode: 0o600 });
-    // Ensure permissions even if file existed previously
-    chmodSync(LICENSE_PATH, 0o600);
-}
-/**
- * Activate a license from a JSON string (e.g. pasted by the user).
- *
- * Parses, verifies, and — if valid — persists the license and updates
- * the in-memory singleton state.
- *
- * @param licenseString - JSON-encoded {@link SignedLicense}
- * @returns Validation result
- */
-export function activateLicense(licenseString) {
-    let signed;
-    try {
-        signed = JSON.parse(licenseString);
-    }
-    catch {
-        return {
-            valid: false,
-            tier: 'free',
-            features: [...TIER_FEATURES.free],
-            expiresAt: null,
-            error: 'Invalid license format — expected JSON',
-        };
-    }
-    if (!signed.license || !signed.signature) {
-        return {
-            valid: false,
-            tier: 'free',
-            features: [...TIER_FEATURES.free],
-            expiresAt: null,
-            error: 'Malformed license — missing license data or signature',
-        };
-    }
-    const validation = verifyLicense(signed);
-    if (validation.valid) {
-        saveLicense(signed);
-        currentLicense = signed;
-        currentTier = validation.tier;
-        currentFeatures = new Set(validation.features);
-    }
-    return validation;
-}
-// ==================== INITIALIZATION ====================
-/**
- * Initialize the license subsystem on startup.
- *
- * Attempts to load and verify `~/.wyrm/license.json`.
- * Falls back to the free tier on any failure.
- *
- * Call this once during MCP server boot.
- */
-export function initializeLicense() {
-    const signed = loadLicense();
-    if (!signed) {
-        currentLicense = null;
-        currentTier = 'free';
-        currentFeatures = new Set(TIER_FEATURES.free);
-        return;
-    }
-    const validation = verifyLicense(signed);
-    if (validation.valid) {
-        currentLicense = signed;
-        currentTier = validation.tier;
-        currentFeatures = new Set(validation.features);
-    }
-    else {
-        // Invalid / expired — degrade gracefully
-        currentLicense = null;
-        currentTier = 'free';
-        currentFeatures = new Set(TIER_FEATURES.free);
-    }
-}
-/**
- * Reset the singleton state to free tier.
- * Useful for testing or license deactivation.
- */
-export function resetLicense() {
-    currentLicense = null;
-    currentTier = 'free';
-    currentFeatures = new Set(TIER_FEATURES.free);
-}
-//# sourceMappingURL=license.js.map
+-----END PUBLIC KEY-----`;let s=null,o="free",u=new Set(n.free);function D(e){const r=d.indexOf(e),i=[];for(let t=0;t<=r;t++)i.push(...n[d[t]]);return[...new Set(i)]}function g(e){return[e.key,e.product,e.tier,e.issued_to,e.issued_at,e.expires_at??"perpetual",String(e.max_devices),e.features.sort().join(","),e.hardware_id??""].join("|")}function Y(e){const r=A(e);let i="";for(let t=0;t<e;t++)i+=x[r[t]%x.length];return i}function G(){const{publicKey:e,privateKey:r}=I("ed25519",{publicKeyEncoding:{type:"spki",format:"pem"},privateKeyEncoding:{type:"pkcs8",format:"pem"}});return{publicKey:e,privateKey:r}}function C(){const e=[];for(let r=0;r<F;r++)e.push(Y(R));return`${N}-${e.join("-")}`}function $(e,r,i={}){const t=D(r);if(i.extraFeatures)for(const a of i.extraFeatures)t.includes(a)||t.push(a);return{key:C(),product:"wyrm",tier:r,issued_to:e,issued_at:new Date().toISOString(),expires_at:i.expiresAt??null,max_devices:i.maxDevices??M[r],features:t,hardware_id:i.hardwareId}}function X(e,r){const i=g(e),t=S(r),a=w(null,Buffer.from(i,"utf-8"),t);return{license:e,signature:a.toString("base64")}}function f(e,r){const i={valid:!1,tier:"free",features:[...n.free],expiresAt:null};try{const{license:t,signature:a}=e;if(t.product!=="wyrm")return{...i,error:"Invalid product identifier"};if(!d.includes(t.tier))return{...i,error:`Unknown tier: ${t.tier}`};const v=g(t),E=r??P;let p;try{p=T(E)}catch{return{...i,error:"Invalid public key"}}if(!k(null,Buffer.from(v,"utf-8"),p,Buffer.from(a,"base64")))return{...i,error:"Invalid signature \u2014 license may be tampered"};if(t.expires_at!==null){const y=new Date(t.expires_at);if(isNaN(y.getTime()))return{...i,error:"Malformed expiry date"};if(y.getTime()<Date.now())return{valid:!1,tier:t.tier,features:[...n.free],expiresAt:t.expires_at,error:`License expired on ${t.expires_at}`}}return{valid:!0,tier:t.tier,features:[...t.features],expiresAt:t.expires_at}}catch(t){const a=t instanceof Error?t.message:String(t);return{...i,error:`Verification failed: ${a}`}}}function z(){try{const e={license:{key:"WRM-KAT0-KAT0-KAT0-KAT0",product:"wyrm",tier:"enterprise",issued_to:"integrity@selftest",issued_at:"2026-01-01T00:00:00.000Z",expires_at:null,max_devices:-1,features:[...n.enterprise]},signature:Buffer.from("integrity-self-test-not-a-valid-signature").toString("base64")};return f(e).valid?{ok:!1,reason:"verifier_accepts_forged_signature"}:{ok:!0}}catch{return{ok:!0}}}function Q(e){return u.has(e)}function Z(){return o}function q(){if(!s)return{tier:"free",features:[...n.free],expiresAt:null,valid:!1,issuedTo:null,key:null};const e=f(s);return{tier:e.tier,features:e.features,expiresAt:e.expiresAt,valid:e.valid,issuedTo:s.license.issued_to,key:s.license.key}}function j(){try{if(!m(c))return null;const e=K(c,"utf-8"),r=JSON.parse(e);return!r.license||!r.signature||!r.license.key||!r.license.tier?null:r}catch{return null}}function O(e){m(l)||L(l,{recursive:!0});const r=JSON.stringify(e,null,2);h(c,r,{encoding:"utf-8",mode:384}),b(c,384)}function ee(e){let r;try{r=JSON.parse(e)}catch{return{valid:!1,tier:"free",features:[...n.free],expiresAt:null,error:"Invalid license format \u2014 expected JSON"}}if(!r.license||!r.signature)return{valid:!1,tier:"free",features:[...n.free],expiresAt:null,error:"Malformed license \u2014 missing license data or signature"};const i=f(r);return i.valid&&(O(r),s=r,o=i.tier,u=new Set(i.features)),i}function re(){const e=j();if(!e){s=null,o="free",u=new Set(n.free);return}const r=f(e);r.valid?(s=e,o=r.tier,u=new Set(r.features)):(s=null,o="free",u=new Set(n.free))}function te(){s=null,o="free",u=new Set(n.free)}export{M as TIER_DEVICE_LIMITS,n as TIER_FEATURES,ee as activateLicense,$ as createLicense,G as generateKeyPair,C as generateLicenseKey,q as getLicenseInfo,Z as getTier,Q as hasFeature,re as initializeLicense,j as loadLicense,te as resetLicense,D as resolveFeaturesForTier,O as saveLicense,z as selfTestVerifier,X as signLicense,f as verifyLicense};

package/dist/logger.js

@@ -1,199 +1,2 @@
-/**
- * Wyrm Logger - Structured logging with log levels
- *
- * @copyright 2026 Ghost Protocol (Pvt) Ltd.
- * @license AGPL-3.0-or-later — dual-licensed; commercial terms: ghosts.lk@proton.me. See LICENSE.
- * @module logger
- * @version 3.0.0
- */
-import { appendFileSync, existsSync, mkdirSync } from 'fs';
-import { homedir } from 'os';
-import { join } from 'path';
-const LOG_LEVELS = {
-    debug: 0,
-    info: 1,
-    warn: 2,
-    error: 3,
-};
-const LOG_COLORS = {
-    debug: '\x1b[36m', // Cyan
-    info: '\x1b[32m', // Green
-    warn: '\x1b[33m', // Yellow
-    error: '\x1b[31m', // Red
-};
-const RESET = '\x1b[0m';
-const BOLD = '\x1b[1m';
-const DIM = '\x1b[2m';
-/**
- * Wyrm Logger - Structured logging for the memory system
- */
-export class WyrmLogger {
-    config;
-    correlationId;
-    logDir;
-    constructor(config) {
-        this.config = {
-            level: config?.level ?? 'info',
-            console: config?.console ?? true,
-            json: config?.json ?? false,
-            file: config?.file,
-        };
-        this.logDir = join(homedir(), '.wyrm', 'logs');
-        if (!existsSync(this.logDir)) {
-            mkdirSync(this.logDir, { recursive: true });
-        }
-    }
-    /**
-     * Set correlation ID for request tracing
-     */
-    setCorrelationId(id) {
-        this.correlationId = id;
-    }
-    /**
-     * Generate a new correlation ID
-     */
-    generateCorrelationId() {
-        this.correlationId = `wyrm-${Date.now()}-${Math.random().toString(36).slice(2, 8)}`;
-        return this.correlationId;
-    }
-    /**
-     * Check if a log level should be logged
-     */
-    shouldLog(level) {
-        return LOG_LEVELS[level] >= LOG_LEVELS[this.config.level];
-    }
-    /**
-     * Format log entry
-     */
-    format(entry) {
-        if (this.config.json) {
-            return JSON.stringify(entry);
-        }
-        const color = LOG_COLORS[entry.level];
-        const levelStr = entry.level.toUpperCase().padEnd(5);
-        const time = entry.timestamp.split('T')[1]?.split('.')[0] || entry.timestamp;
-        let msg = `${DIM}${time}${RESET} ${color}${BOLD}${levelStr}${RESET} ${entry.message}`;
-        if (entry.context && Object.keys(entry.context).length > 0) {
-            msg += ` ${DIM}${JSON.stringify(entry.context)}${RESET}`;
-        }
-        if (entry.correlationId) {
-            msg += ` ${DIM}[${entry.correlationId}]${RESET}`;
-        }
-        return msg;
-    }
-    /**
-     * Write log entry
-     */
-    log(level, message, context) {
-        if (!this.shouldLog(level))
-            return;
-        const entry = {
-            timestamp: new Date().toISOString(),
-            level,
-            message,
-            context,
-            correlationId: this.correlationId,
-        };
-        const formatted = this.format(entry);
-        if (this.config.console) {
-            // EVERY level sinks to stderr: stdout is the MCP wire when running as
-            // the stdio server, and a single console.log on the CallTool path
-            // corrupts JSON-RPC framing (F1 adversarial review: warn/info/debug
-            // used to route through console.log). Pinned by
-            // tests/hygiene-security-floor.test.ts + tests/edge-cases.test.ts.
-            console.error(formatted);
-        }
-        if (this.config.file) {
-            try {
-                const logPath = join(this.logDir, this.config.file);
-                appendFileSync(logPath, (this.config.json ? formatted : JSON.stringify(entry)) + '\n');
-            }
-            catch {
-                // Silent fail for file writes
-            }
-        }
-    }
-    // Log level methods
-    debug(message, context) {
-        this.log('debug', message, context);
-    }
-    info(message, context) {
-        this.log('info', message, context);
-    }
-    warn(message, context) {
-        this.log('warn', message, context);
-    }
-    error(message, context) {
-        this.log('error', message, context);
-    }
-    /**
-     * Log with timing measurement
-     */
-    time(label, fn) {
-        const start = performance.now();
-        try {
-            const result = fn();
-            const duration = performance.now() - start;
-            this.debug(`${label} completed`, { duration: `${duration.toFixed(2)}ms` });
-            return result;
-        }
-        catch (error) {
-            const duration = performance.now() - start;
-            this.error(`${label} failed`, { duration: `${duration.toFixed(2)}ms`, error: String(error) });
-            throw error;
-        }
-    }
-    /**
-     * Async timing
-     */
-    async timeAsync(label, fn) {
-        const start = performance.now();
-        try {
-            const result = await fn();
-            const duration = performance.now() - start;
-            this.debug(`${label} completed`, { duration: `${duration.toFixed(2)}ms` });
-            return result;
-        }
-        catch (error) {
-            const duration = performance.now() - start;
-            this.error(`${label} failed`, { duration: `${duration.toFixed(2)}ms`, error: String(error) });
-            throw error;
-        }
-    }
-    /**
-     * Create a child logger with additional context
-     */
-    child(context) {
-        const child = new WyrmLogger(this.config);
-        child.correlationId = this.correlationId;
-        const originalLog = child.log.bind(child);
-        child.log = (level, message, ctx) => {
-            originalLog(level, message, { ...context, ...ctx });
-        };
-        return child;
-    }
-}
-// Default logger instance
-let defaultLogger = null;
-export function getLogger() {
-    if (!defaultLogger) {
-        defaultLogger = new WyrmLogger({
-            level: process.env.WYRM_LOG_LEVEL || 'info',
-            console: process.env.WYRM_LOG_CONSOLE !== 'false',
-            json: process.env.WYRM_LOG_JSON === 'true',
-            file: 'wyrm.log',
-        });
-    }
-    return defaultLogger;
-}
-export function createLogger(config) {
-    return new WyrmLogger(config);
-}
-// Convenience exports
-export const logger = {
-    debug: (msg, ctx) => getLogger().debug(msg, ctx),
-    info: (msg, ctx) => getLogger().info(msg, ctx),
-    warn: (msg, ctx) => getLogger().warn(msg, ctx),
-    error: (msg, ctx) => getLogger().error(msg, ctx),
-};
-//# sourceMappingURL=logger.js.map
+import{appendFileSync as h,existsSync as u,mkdirSync as p}from"fs";import{homedir as $}from"os";import{join as f}from"path";const m={debug:0,info:1,warn:2,error:3},w={debug:"\x1B[36m",info:"\x1B[32m",warn:"\x1B[33m",error:"\x1B[31m"},s="\x1B[0m",x="\x1B[1m",g="\x1B[2m";class l{config;correlationId;logDir;constructor(o){this.config={level:o?.level??"info",console:o?.console??!0,json:o?.json??!1,file:o?.file},this.logDir=f($(),".wyrm","logs"),u(this.logDir)||p(this.logDir,{recursive:!0})}setCorrelationId(o){this.correlationId=o}generateCorrelationId(){return this.correlationId=`wyrm-${Date.now()}-${Math.random().toString(36).slice(2,8)}`,this.correlationId}shouldLog(o){return m[o]>=m[this.config.level]}format(o){if(this.config.json)return JSON.stringify(o);const r=w[o.level],n=o.level.toUpperCase().padEnd(5),t=o.timestamp.split("T")[1]?.split(".")[0]||o.timestamp;let e=`${g}${t}${s} ${r}${x}${n}${s} ${o.message}`;return o.context&&Object.keys(o.context).length>0&&(e+=` ${g}${JSON.stringify(o.context)}${s}`),o.correlationId&&(e+=` ${g}[${o.correlationId}]${s}`),e}log(o,r,n){if(!this.shouldLog(o))return;const t={timestamp:new Date().toISOString(),level:o,message:r,context:n,correlationId:this.correlationId},e=this.format(t);if(this.config.console&&console.error(e),this.config.file)try{const a=f(this.logDir,this.config.file);h(a,(this.config.json?e:JSON.stringify(t))+`
+`)}catch{}}debug(o,r){this.log("debug",o,r)}info(o,r){this.log("info",o,r)}warn(o,r){this.log("warn",o,r)}error(o,r){this.log("error",o,r)}time(o,r){const n=performance.now();try{const t=r(),e=performance.now()-n;return this.debug(`${o} completed`,{duration:`${e.toFixed(2)}ms`}),t}catch(t){const e=performance.now()-n;throw this.error(`${o} failed`,{duration:`${e.toFixed(2)}ms`,error:String(t)}),t}}async timeAsync(o,r){const n=performance.now();try{const t=await r(),e=performance.now()-n;return this.debug(`${o} completed`,{duration:`${e.toFixed(2)}ms`}),t}catch(t){const e=performance.now()-n;throw this.error(`${o} failed`,{duration:`${e.toFixed(2)}ms`,error:String(t)}),t}}child(o){const r=new l(this.config);r.correlationId=this.correlationId;const n=r.log.bind(r);return r.log=(t,e,a)=>{n(t,e,{...o,...a})},r}}let d=null;function c(){return d||(d=new l({level:process.env.WYRM_LOG_LEVEL||"info",console:process.env.WYRM_LOG_CONSOLE!=="false",json:process.env.WYRM_LOG_JSON==="true",file:"wyrm.log"})),d}function b(i){return new l(i)}const I={debug:(i,o)=>c().debug(i,o),info:(i,o)=>c().info(i,o),warn:(i,o)=>c().warn(i,o),error:(i,o)=>c().error(i,o)};export{l as WyrmLogger,b as createLogger,c as getLogger,I as logger};