v0.2.0 — Tier 5 cross-device sync

v0.2.0 — Tier 5 cross-device sync

End-to-end-encrypted multi-device sync. Five additive sub-tiers (5a–5e) shipping as a single coherent feature. Local-first remains the default — sync is opt-in, every payload is sealed with X25519 + XChaCha20-Poly1305 on-device, and the relay holds opaque ciphertext only.

npm install -g lumen-kb@0.2.0

What you can do now

# Device A:
lumen sync init --relay https://lumen-relay.<your-account>.workers.dev
lumen sync enable
lumen sync show-key --reveal       # share securely

# Device B:
lumen sync import-key "<base64>" --relay <same URL>
lumen sync enable
lumen sync run                     # push → pull → apply

Concepts, compiled-truth updates, +1/−1 feedback, retirements, and trajectories all sync across your laptops. New devices coming online a year later replay the entire history from one master key.

What's in the box

• Append-only sync journal (sync_journal, schema v15) — every concept-touching mutation atomically journals alongside its entity write
• X25519 + XChaCha20-Poly1305 encryption envelope — pure-TS, audited noble-suite deps, no native bindings
• Relay HTTP client + driver with retry/backoff + circuit-breaker after 5 consecutive failures
• Reference Cloudflare Worker relay (apps/relay/) — D1-backed, ~600 LOC, deployable in three wrangler commands, zero-knowledge by construction
• Per-op apply rules (schema v16) — applyConceptCreate, applyTrajectory, applyFeedback, applyTruthUpdate, applyRetire — last-write-wins on truth_update with concept_truth_history audit trail
• lumen sync CLI — init / enable/disable / push/pull/apply/run / status / reset-error / show-key/import-key/forget-key
• 23 MCP tools (was 19) — brain_feedback, retire_skill, capture_trajectory, replay_skill join the existing surface

Tests

• 887 passing, 0 regressions (was 740 in 0.1.4)
• 132 new sync tests across 7 files (journal, crypto, keyring, relay-client, driver, apply, e2e)
• 25 relay tests via @cloudflare/vitest-pool-workers (real workerd + miniflare D1/KV, no mocks)
• 25 edge-case tests covering LWW chains, multi-device feedback/retire, mixed-op same-slug batches, orchestrator robustness, scope-aware apply

Schema migrations

Both purely additive — no rewrite of existing rows, existing tables and prior tests untouched.

• v15 — sync_state singleton + sync_journal append-only log
• v16 — concept_truth_history (LWW audit) + concept_feedback.sync_id partial UNIQUE INDEX

Honest limitations

• What syncs: concepts, feedback, truth updates, retirements, trajectories
• What doesn't: lumen add source content, embeddings, chunks — local-first stays local-first
• No realtime: sync runs on demand via lumen sync run; a daemon is Tier 6
• LWW only: no vector clocks / CRDTs in v1; flat-timestamp last-write-wins is honest enough at our scale
• Multi-device key share: currently show-key --reveal + import-key <base64>; QR / BIP39 / age-file is Tier 6
• Tombstone propagation: DELETE removes the relay blob and tombstones the relay row, but other devices learn about the deletion only via their own DELETE (Tier 6)

Migration

lumen upgrades automatically — schema v16 applies on first DB open after upgrade. No action required unless you want to enable sync (opt-in):

npm install -g lumen-kb@0.2.0
lumen sync init --relay <url>          # only if you want sync

Existing concept_feedback rows keep sync_id = NULL (the partial unique index doesn't apply to them).

Acknowledgements

Crypto primitives via @noble/ciphers and @noble/curves — pure-TS, audited, no native deps.