@askexenow/exe-os 0.9.280 → 0.9.281

package/dist/chunk-OSPIJMCD.js

@@ -0,0 +1,210 @@
+import {
+  redactSecrets
+} from "./chunk-Y25OJWOQ.js";
+
+// src/lib/memory-write-governor.ts
+import { createHash } from "crypto";
+var HIGH_VALUE_SUPERSESSION_TYPES = /* @__PURE__ */ new Set([
+  "decision",
+  "adr",
+  "behavior",
+  "procedure"
+]);
+var NOISE_DROP_PATTERNS = [
+  /^\s*\[📋\s+\d+\s+reviews?\s+pending\b/im,
+  /^\s*<system-reminder>[\s\S]*?<\/system-reminder>\s*$/im,
+  /^\s*The UserPromptSubmit hook checks the DB for new tasks/im,
+  /^\s*Intercom is a speedup, not delivery/im,
+  /^\s*Context bar reads as USAGE not remaining/im,
+  // Intercom noise — these repeat on every prompt and cause 18K+ duplicates
+  /^\/exe-intercom\b/i,
+  /^You have pending notifications\.\s*Run list_tasks/i,
+  /^You have open tasks\.\s*Run list_tasks/i,
+  /^You have a new P\d+ task/i,
+  /^You have more open tasks to dispatch/i,
+  /^No new tasks\.\s*(Standing by|Idle|Dashboard)/i
+];
+var SKIP_EMBED_PATTERNS = [
+  /tmux capture-pane\b/i,
+  /docker ps\b/i,
+  /docker images\b/i,
+  /git status\b/i,
+  /grep .*node_modules/i,
+  /npm (install|ci)\b[\s\S]*(added \d+ packages|audited \d+ packages)/i
+];
+function normalizeMemoryText(text) {
+  return text.replace(/\r\n/g, "\n").replace(/[ \t]+$/gm, "").replace(/\n{4,}/g, "\n\n\n").trim();
+}
+function classifyMemoryType(input) {
+  if (input.memory_type && input.memory_type.trim()) return input.memory_type.trim();
+  const tool = input.tool_name.toLowerCase();
+  const text = input.raw_text.toLowerCase();
+  if (tool.includes("store_decision") || tool.includes("decision")) return "decision";
+  if (tool.includes("commit") || text.includes("adr-") || text.includes("architectural decision")) return "adr";
+  if (tool.includes("store_behavior") || tool.includes("behavior")) return "behavior";
+  if (tool.includes("global_procedure") || text.includes("organization-wide procedures")) return "procedure";
+  if (tool.includes("checkpoint") || text.startsWith("context checkpoint")) return "checkpoint";
+  if (tool.includes("sessionsummary") || tool.includes("session-summary")) return "summary";
+  if (tool.includes("sessionend") || text.startsWith("session ended")) return "summary";
+  if (tool.includes("send_whatsapp") || tool.includes("conversation")) return "conversation";
+  if (tool === "store_memory" || tool === "manual") return "observation";
+  if (tool === "userprompt" || tool === "slashcommand") return "conversation";
+  return "raw";
+}
+function shouldDropMemory(text) {
+  const normalized = normalizeMemoryText(text);
+  if (normalized.length < 10) return { drop: true, reason: "too_short" };
+  if (NOISE_DROP_PATTERNS.some((pattern) => pattern.test(normalized))) {
+    return { drop: true, reason: "known_boilerplate_noise" };
+  }
+  return { drop: false };
+}
+function shouldSkipEmbedding(input) {
+  const type = classifyMemoryType(input);
+  if (HIGH_VALUE_SUPERSESSION_TYPES.has(type)) return false;
+  if (type === "raw" && input.raw_text.length > 2e4) return true;
+  if (SKIP_EMBED_PATTERNS.some((pattern) => pattern.test(input.raw_text))) return true;
+  return false;
+}
+function hashMemoryContent(text) {
+  return createHash("sha256").update(normalizeMemoryText(text)).digest("hex");
+}
+function scopedDedupArgs(input) {
+  return [input.contentHash, input.agentId, input.projectName, input.memoryType];
+}
+function governMemoryRecord(record) {
+  const redacted = redactSecrets(record.raw_text);
+  const normalized = normalizeMemoryText(redacted.text);
+  const memoryType = classifyMemoryType({
+    raw_text: normalized,
+    agent_id: record.agent_id,
+    project_name: record.project_name,
+    tool_name: record.tool_name,
+    memory_type: record.memory_type
+  });
+  const drop = shouldDropMemory(normalized);
+  const skipEmbedding = shouldSkipEmbedding({
+    raw_text: normalized,
+    agent_id: record.agent_id,
+    project_name: record.project_name,
+    tool_name: record.tool_name,
+    memory_type: memoryType
+  });
+  const trajectoryValue = record.trajectory;
+  const redactedTrajectory = typeof trajectoryValue === "string" ? redactSecrets(trajectoryValue).text : record.trajectory;
+  return {
+    record: {
+      ...record,
+      raw_text: normalized,
+      memory_type: memoryType,
+      vector: skipEmbedding ? null : record.vector,
+      keywords: record.keywords ? redactSecrets(record.keywords).text : record.keywords,
+      trajectory: redactedTrajectory
+    },
+    contentHash: hashMemoryContent(normalized),
+    shouldDrop: drop.drop,
+    dropReason: drop.reason,
+    skipEmbedding,
+    hygiene: {
+      dedup: true,
+      supersession: HIGH_VALUE_SUPERSESSION_TYPES.has(memoryType)
+    }
+  };
+}
+async function findScopedDuplicate(input) {
+  const { getClient } = await import("./lib/database.js");
+  const client = getClient();
+  const args = scopedDedupArgs(input);
+  let sql = `SELECT id FROM memories
+             WHERE content_hash = ?
+               AND agent_id = ?
+               AND project_name = ?
+               AND COALESCE(memory_type, 'raw') = ?
+               AND COALESCE(status, 'active') != 'deleted'`;
+  if (input.excludeId) {
+    sql += " AND id != ?";
+    args.push(input.excludeId);
+  }
+  sql += " ORDER BY timestamp DESC LIMIT 1";
+  const result = await client.execute({ sql, args });
+  return result.rows[0]?.id ? String(result.rows[0].id) : null;
+}
+async function runPostWriteMemoryHygiene(memoryId) {
+  try {
+    const { getClient } = await import("./lib/database.js");
+    const client = getClient();
+    const current = await client.execute({
+      sql: `SELECT id, agent_id, project_name, memory_type, content_hash, supersedes_id,
+                   importance, timestamp
+            FROM memories
+            WHERE id = ?
+            LIMIT 1`,
+      args: [memoryId]
+    });
+    const row = current.rows[0];
+    if (!row) return;
+    const memoryType = String(row.memory_type ?? "raw");
+    const contentHash = row.content_hash ? String(row.content_hash) : null;
+    const agentId = String(row.agent_id);
+    const projectName = String(row.project_name);
+    if (contentHash) {
+      await client.execute({
+        sql: `UPDATE memories
+              SET status = 'deleted',
+                  outcome = COALESCE(outcome, 'superseded')
+              WHERE id != ?
+                AND content_hash = ?
+                AND agent_id = ?
+                AND project_name = ?
+                AND COALESCE(memory_type, 'raw') = ?
+                AND COALESCE(status, 'active') = 'active'`,
+        args: [memoryId, contentHash, agentId, projectName, memoryType]
+      });
+    }
+    const supersedesId = row.supersedes_id ? String(row.supersedes_id) : null;
+    if (supersedesId && HIGH_VALUE_SUPERSESSION_TYPES.has(memoryType)) {
+      const old = await client.execute({
+        sql: `SELECT importance FROM memories WHERE id = ? LIMIT 1`,
+        args: [supersedesId]
+      });
+      const oldImportance = Number(old.rows[0]?.importance ?? 0);
+      const newImportance = Number(row.importance ?? 0);
+      await client.batch([
+        {
+          sql: `UPDATE memories
+                SET status = 'archived',
+                    outcome = COALESCE(outcome, 'superseded')
+                WHERE id = ?`,
+          args: [supersedesId]
+        },
+        {
+          sql: `UPDATE memories
+                SET importance = MAX(COALESCE(importance, 5), ?),
+                    parent_memory_id = COALESCE(parent_memory_id, ?)
+                WHERE id = ?`,
+          args: [Math.max(oldImportance, newImportance), supersedesId, memoryId]
+        }
+      ], "write");
+    }
+  } catch (err) {
+    process.stderr.write(
+      `[memory-governor] post-write hygiene failed for ${memoryId}: ${err instanceof Error ? err.message : String(err)}
+`
+    );
+  }
+}
+function schedulePostWriteMemoryHygiene(memoryIds) {
+  if (process.env.EXE_SKIP_MEMORY_HYGIENE === "1") return;
+  if (memoryIds.length === 0) return;
+  const run = () => {
+    void Promise.all(memoryIds.map((id) => runPostWriteMemoryHygiene(id)));
+  };
+  if (typeof setImmediate === "function") setImmediate(run);
+  else setTimeout(run, 0);
+}
+
+export {
+  governMemoryRecord,
+  findScopedDuplicate,
+  schedulePostWriteMemoryHygiene
+};

package/dist/chunk-OUGWEH4J.js

@@ -0,0 +1,240 @@
+import {
+  getClient,
+  isCoordinatorName,
+  loadEmployeesSync
+} from "./chunk-52UDAVZE.js";
+
+// src/lib/steward-gate.ts
+import crypto from "crypto";
+var ROLE_PERMISSIONS = {
+  coordinator: /* @__PURE__ */ new Set([
+    "close_task",
+    "cancel_task",
+    "merge_entities",
+    "purge_document",
+    "deactivate_behavior",
+    "override"
+  ]),
+  manager: /* @__PURE__ */ new Set([
+    "close_task",
+    // their team only — enforced contextually
+    "deactivate_behavior"
+    // their team's behaviors
+  ]),
+  specialist: /* @__PURE__ */ new Set([
+    "deactivate_behavior_own",
+    // own behaviors only
+    "delete_own_memory"
+  ])
+};
+var UNIVERSAL_OPS = /* @__PURE__ */ new Set([
+  "update_own_task",
+  "store_memory",
+  "store_behavior"
+]);
+var MANAGER_ROLES = /* @__PURE__ */ new Set(["CTO", "CMO"]);
+var StewardGate = class {
+  /**
+   * Check whether an agent has authority for a destructive operation.
+   */
+  async checkAuthority(agent, operation, target) {
+    const role = await this.resolveRole(agent);
+    if (UNIVERSAL_OPS.has(operation)) {
+      const decision2 = {
+        allowed: true,
+        reason: `Operation "${operation}" is universally permitted.`,
+        confidence: 1,
+        requires_override: false
+      };
+      await this.logDecision(agent, operation, target, decision2);
+      return decision2;
+    }
+    const permissions = ROLE_PERMISSIONS[role];
+    let allowed = permissions.has(operation);
+    let reason;
+    if (!allowed && role === "specialist" && operation === "deactivate_behavior") {
+      const isOwn = await this.isOwnBehavior(agent, target);
+      if (isOwn) {
+        allowed = true;
+        reason = `Specialist "${agent}" can deactivate their own behavior.`;
+      } else {
+        reason = `Specialist "${agent}" cannot deactivate behaviors belonging to other agents.`;
+      }
+    } else if (allowed) {
+      reason = `Role "${role}" has authority for "${operation}".`;
+    } else {
+      reason = `Role "${role}" does not have authority for "${operation}". Requires coordinator override.`;
+    }
+    let requiresOverride = !allowed;
+    let confidence = allowed ? 0.95 : 0.9;
+    try {
+      const dreamingPath = "./dreaming.js";
+      const dreaming = await import(
+        /* @vite-ignore */
+        dreamingPath
+      );
+      if (typeof dreaming.calculateDrift === "function") {
+        const driftScore = await dreaming.calculateDrift(agent);
+        if (typeof driftScore === "number" && driftScore > 0.8) {
+          requiresOverride = true;
+          confidence = Math.max(0.5, confidence - 0.3);
+          reason += ` (\u26A0\uFE0F High drift score: ${driftScore.toFixed(2)} \u2014 requires override.)`;
+        }
+      }
+    } catch {
+    }
+    const decision = {
+      allowed: allowed && !requiresOverride,
+      reason,
+      confidence,
+      requires_override: requiresOverride
+    };
+    await this.logDecision(agent, operation, target, decision);
+    return decision;
+  }
+  /**
+   * Record an explicit coordinator override that bypasses the gate.
+   */
+  async override(agent, operation, target, reason) {
+    const role = await this.resolveRole(agent);
+    if (role !== "coordinator") {
+      const decision2 = {
+        allowed: false,
+        reason: `Only coordinators can issue overrides. "${agent}" is a ${role}.`,
+        confidence: 1,
+        requires_override: false
+      };
+      await this.logDecision(agent, `override:${operation}`, target, decision2);
+      return decision2;
+    }
+    const decision = {
+      allowed: true,
+      reason: `Coordinator override: ${reason}`,
+      confidence: 1,
+      requires_override: false
+    };
+    await this.logDecision(agent, `override:${operation}`, target, decision);
+    return decision;
+  }
+  /**
+   * Query the audit trail.
+   */
+  async getAuditLog(opts) {
+    await this.ensureAuditTable();
+    const client = getClient();
+    const conditions = [];
+    const args = [];
+    if (opts?.agent) {
+      conditions.push("agent = ?");
+      args.push(opts.agent);
+    }
+    if (opts?.operation) {
+      conditions.push("operation = ?");
+      args.push(opts.operation);
+    }
+    const where = conditions.length > 0 ? `WHERE ${conditions.join(" AND ")}` : "";
+    const limit = opts?.limit ?? 50;
+    const result = await client.execute({
+      sql: `SELECT * FROM steward_audit ${where} ORDER BY created_at DESC LIMIT ?`,
+      args: [...args, limit]
+    });
+    return result.rows.map((row) => ({
+      id: String(row.id),
+      agent: String(row.agent),
+      operation: String(row.operation),
+      target: String(row.target),
+      decision: {
+        allowed: Number(row.allowed) === 1,
+        reason: String(row.reason),
+        confidence: Number(row.confidence),
+        requires_override: Number(row.requires_override) === 1
+      },
+      timestamp: String(row.created_at)
+    }));
+  }
+  // -------------------------------------------------------------------------
+  // Internal methods
+  // -------------------------------------------------------------------------
+  /**
+   * Resolve an agent name to a role category.
+   */
+  async resolveRole(agent) {
+    if (isCoordinatorName(agent)) return "coordinator";
+    try {
+      const employees = loadEmployeesSync();
+      const employee = employees.find((e) => e.name === agent);
+      if (employee && MANAGER_ROLES.has(employee.role)) return "manager";
+    } catch {
+    }
+    return "specialist";
+  }
+  /**
+   * Check if a behavior belongs to the given agent.
+   */
+  async isOwnBehavior(agent, behaviorId) {
+    try {
+      const client = getClient();
+      const result = await client.execute({
+        sql: "SELECT agent_id FROM behaviors WHERE id = ? LIMIT 1",
+        args: [behaviorId]
+      });
+      if (result.rows.length === 0) return false;
+      return String(result.rows[0].agent_id) === agent;
+    } catch {
+      return false;
+    }
+  }
+  /**
+   * Ensure the steward_audit table exists.
+   */
+  async ensureAuditTable() {
+    const client = getClient();
+    await client.execute({
+      sql: `CREATE TABLE IF NOT EXISTS steward_audit (
+        id                TEXT PRIMARY KEY,
+        agent             TEXT NOT NULL,
+        operation         TEXT NOT NULL,
+        target            TEXT NOT NULL,
+        allowed           INTEGER NOT NULL,
+        reason            TEXT NOT NULL,
+        confidence        REAL NOT NULL,
+        requires_override INTEGER NOT NULL DEFAULT 0,
+        created_at        TEXT NOT NULL
+      )`,
+      args: []
+    });
+  }
+  /**
+   * Log a gate decision to the audit trail.
+   */
+  async logDecision(agent, operation, target, decision) {
+    try {
+      await this.ensureAuditTable();
+      const client = getClient();
+      await client.execute({
+        sql: `INSERT INTO steward_audit (id, agent, operation, target, allowed, reason, confidence, requires_override, created_at)
+              VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)`,
+        args: [
+          crypto.randomUUID(),
+          agent,
+          operation,
+          target,
+          decision.allowed ? 1 : 0,
+          decision.reason,
+          decision.confidence,
+          decision.requires_override ? 1 : 0,
+          (/* @__PURE__ */ new Date()).toISOString()
+        ]
+      });
+    } catch {
+      process.stderr.write(
+        `[steward-gate] Audit log write failed for ${agent}:${operation}
+`
+      );
+    }
+  }
+};
+
+export {
+  StewardGate
+};