{
  "name": "@legioncodeinc/honeycomb",
  "version": "0.5.0",
  "//go-public": "Go-public switches are flipped: scoped name, public+provenance publishConfig live, `private` removed. CI auth is npm Trusted Publishing (OIDC); there is NO NPM_TOKEN. The go-live procedure is RELEASING.md 'Cut the release': the first publish is a one-time manual 2FA bootstrap that creates the package, after which every CI publish from release.yaml is tokenless OIDC.",
  "publishConfig": {
    "access": "public",
    "provenance": true
  },
  "description": "Honeycomb monorepo foundation: a long-lived daemon plus thin clients for six coding harnesses, the unified honeycomb CLI, the MCP server, and the embed daemon.",
  "license": "AGPL-3.0-or-later",
  "type": "module",
  "//build-order": "Fixed dependency direction enforced by import direction under one tsc pass: (1) core = src/shared + src/daemon-client, (2) connector-base = src/daemon, (3) plugins/native = embeddings, (4) connectors = harnesses/* + mcp + src/cli, (5) assembled distribution = esbuild per-target bundles (PRD-001b). tsc compiles the whole graph in one pass; dependents never import upward, so the single tsc invocation respects this order. PRD-001b appends '&& node esbuild.config.mjs' to the build script; that seam is intentional.",
  "bin": {
    "honeycomb": "bundle/cli.js"
  },
  "//exports": "PRD-019e: @legioncodeinc/honeycomb subpath exports. The core entry (.) is the fetch-only, browser-safe HoneycombClient (`@legioncodeinc/honeycomb`); the three framework helpers ship as separate entry points (`@legioncodeinc/honeycomb/react`, `/vercel`, `/openai`) reusing the core's token/actor model. react + ai are peerDependencies (never bundled into core).",
  "exports": {
    ".": "./sdk/index.js",
    "./react": "./sdk/react.js",
    "./vercel": "./sdk/vercel.js",
    "./openai": "./sdk/openai.js"
  },
  "files": [
    "bundle",
    "sdk",
    "daemon",
    "assets/styles.css",
    "assets/tokens",
    "assets/logos/honeycomb-memory-cluster.svg",
    "assets/logos/fonts",
    "harnesses/claude-code/bundle",
    "harnesses/claude-code/.claude-plugin",
    "harnesses/claude-code/hooks",
    "harnesses/codex/bundle",
    "harnesses/codex/package.json",
    "harnesses/cursor/bundle",
    "harnesses/hermes/bundle",
    "harnesses/pi/bundle",
    "harnesses/openclaw/dist",
    "harnesses/openclaw/openclaw.plugin.json",
    "harnesses/openclaw/package.json",
    "mcp/bundle",
    "embeddings/embed-daemon.js",
    ".claude-plugin",
    "scripts/ensure-tree-sitter.mjs",
    "scripts/ensure-embed-deps.mjs",
    "README.md"
  ],
  "scripts": {
    "prebuild": "node scripts/sync-versions.mjs",
    "version": "node scripts/sync-versions.mjs && git add .claude-plugin/plugin.json harnesses/claude-code/.claude-plugin/plugin.json harnesses/openclaw/openclaw.plugin.json harnesses/openclaw/package.json harnesses/codex/package.json .claude-plugin/marketplace.json",
    "build": "tsc && node esbuild.config.mjs",
    "bundle": "node esbuild.config.mjs",
    "typecheck": "tsc --noEmit",
    "lint": "biome check .",
    "format": "biome format --write .",
    "dup": "jscpd src harnesses mcp embeddings",
    "test": "vitest run",
    "test:watch": "vitest",
    "test:integration": "vitest run --config vitest.integration.config.ts",
    "smoke:golden-path": "node scripts/golden-path-smoke.mjs",
    "smoke:login": "node scripts/login-smoke.mjs",
    "smoke:data-api": "node scripts/dogfood-acceptance-smoke.mjs",
    "eval:recall": "node scripts/eval-recall.mjs",
    "eval:prime": "node scripts/eval-prime.mjs",
    "bench:hybrid": "node scripts/bench-hybrid.mjs",
    "deeplake:stress": "node scripts/deeplake-stress.mjs",
    "audit:openclaw": "node scripts/audit-openclaw-bundle.mjs",
    "audit:sql": "node scripts/audit-sql-safety.mjs",
    "mutation": "npm run mutation:sql && npm run mutation:prune && npm run mutation:normalize && npm run mutation:state",
    "mutation:sql": "stryker run stryker/sql.json",
    "mutation:prune": "stryker run stryker/prune.json",
    "mutation:normalize": "stryker run stryker/normalize.json",
    "mutation:state": "stryker run stryker/state.json",
    "pack:check": "node scripts/pack-check.mjs",
    "rebuild:native": "node scripts/ensure-tree-sitter.mjs",
    "ensure:embed-deps": "node scripts/ensure-embed-deps.mjs",
    "ci": "npm run typecheck && npm run dup && npm run test && npm run audit:sql",
    "postinstall": "node scripts/ensure-tree-sitter.mjs && node scripts/ensure-embed-deps.mjs",
    "prepack": "npm run build",
    "smoke:daemon-bundle": "node scripts/smoke-daemon-bundle.mjs",
    "smoke:local-queue-upgrade": "node --experimental-sqlite scripts/local-queue-upgrade-smoke.mjs",
    "smoke:local-queue-packaged-upgrade": "node --experimental-sqlite scripts/local-queue-packaged-upgrade-smoke.mjs",
    "smoke:local-queue-packaged-live-proof": "node --experimental-sqlite scripts/local-queue-packaged-live-proof.mjs"
  },
  "devDependencies": {
    "@biomejs/biome": "^2.5.0",
    "@stryker-mutator/core": "^8.7.1",
    "@stryker-mutator/vitest-runner": "^8.7.1",
    "@types/node": "^22.0.0",
    "@types/pg": "^8.11.10",
    "@types/react": "^18.3.31",
    "@types/react-dom": "^18.3.7",
    "@vitest/coverage-v8": "^3.2.6",
    "esbuild": "^0.28.1",
    "fast-check": "^4.8.0",
    "jscpd": "^4.0.5",
    "jsdom": "^25.0.1",
    "react": "18.3.1",
    "react-dom": "18.3.1",
    "typescript": "^5.7.0",
    "vitest": "^3.2.6"
  },
  "engines": {
    "node": ">=22.5.0"
  },
  "//peerDependencies": "PRD-019e: react powers @legioncodeinc/honeycomb/react; ai powers @legioncodeinc/honeycomb/vercel. Both are OPTIONAL peers (peerDependenciesMeta) so the core entry stays dependency-free for Node/Bun/browser. The core client (.) pulls in NEITHER.",
  "peerDependencies": {
    "ai": ">=3.0.0",
    "react": ">=18.0.0"
  },
  "peerDependenciesMeta": {
    "react": {
      "optional": true
    },
    "ai": {
      "optional": true
    }
  },
  "dependencies": {
    "@hono/node-server": "^1.19.14",
    "@modelcontextprotocol/sdk": "^1.29.0",
    "@noble/ciphers": "^2.2.0",
    "hono": "^4.12.25",
    "tree-sitter-wasms": "^0.1.13",
    "web-tree-sitter": "^0.22.6",
    "yaml": "^2.9.0",
    "zod": "^4.4.3"
  },
  "//optionalDependencies": "PRD-025 D-2: the embedding RUNTIME (@huggingface/transformers + its ONNX native runtime, ~600 MB with the nomic-embed-text-v1.5 model acquired at first-run) ships as an OPTIONAL dependency, NOT in the `files` allowlist. This keeps the published @legioncodeinc/honeycomb tarball LEAN (the model is downloaded + cached on the daemon's first warmup, not packed — AC-7) and keeps `npm i` fast for everyone; a `--no-optional` / slimmed / offline install simply runs recall on the BM25/ILIKE lexical fallback (no quality cliff — D-4). The embed daemon dynamic-imports this only at warmup, so the bundle + CI never require it.",
  "//optionalDependencies-pg": "Self-hosted backend (PgDeepLakeTransport, src/daemon/storage/pg-transport.ts): `pg` is used ONLY when the storage endpoint is a postgres:// URL (a self-hosted Activeloop pg_deeplake backend). It is OPTIONAL and dynamic-imported at the first query, so the default HTTP path, the lean cloud bundles, and a `--no-optional` install never need it; esbuild externalizes it so it is never bundled.",
  "optionalDependencies": {
    "@huggingface/transformers": "^3.8.1",
    "pg": "^8.13.1"
  },
  "//overrides": "Dependabot transitive-devDependency remediation. All are DEV-only and never ship (the `files` allowlist packs built bundles, not node_modules), so consumer risk is nil — these clear the dev/CI tree. tmp ^0.2.6 fixes GHSA-ph9p-34f9-6g65 (HIGH path traversal) + GHSA-52f5-9888-hmc6 (symlink write), reached only via @stryker-mutator/core -> @inquirer/prompts -> external-editor -> tmp (which calls only tmpNameSync, stable across the 0.0.33->0.2.x major). esbuild ^0.28.1 fixes GHSA-g7r4-m6w7-qqqr (Windows dev-server file read) in vitest's nested copy; the direct dep is already 0.28.1. @babel/core ^7.29.6 fixes GHSA-4x5r-pxfx-6jf8 (sourceMappingURL file read) under @stryker-mutator/instrumenter. ajv ^8.20.0 fixes GHSA-2g4f-4pwh-qvx6 ($data ReDoS) under @stryker-mutator/core's schema validator — a same-major bump (8.17.1 -> 8.20.x), preferred over npm audit's suggested breaking @stryker-mutator/core 9.x major. Validated by npm run mutation (exercises tmp+babel+ajv schema load) + npm run ci/build (exercises esbuild).",
  "overrides": {
    "tmp": "^0.2.6",
    "esbuild": "^0.28.1",
    "@babel/core": "^7.29.6",
    "ajv": "^8.20.0"
  },
  "repository": {
    "type": "git",
    "url": "git+https://github.com/legioncodeinc/honeycomb.git"
  }
}
