@bonginkan/maria 4.2.0 → 4.2.2

package/README.md

@@ -4,25 +4,26 @@
 [![License](https://img.shields.io/badge/license-MIT-blue.svg)](LICENSE)
 [![TypeScript](https://img.shields.io/badge/TypeScript-5.3.3-blue)](https://www.typescriptlang.org/)
 [![Node](https://img.shields.io/badge/Node-20.10.0+-green)](https://nodejs.org/)
-[![Commands](https://img.shields.io/badge/Commands-74-success)](docs/COMMANDS.md)
+[![Commands](https://img.shields.io/badge/Commands-76-success)](docs/COMMANDS.md)
 [![Ready](https://img.shields.io/badge/Ready-100%25-brightgreen)](docs/ACHIEVEMENT_REPORT_20250902.md)
 
 > **Enterprise-grade AI development platform with 100% command availability and comprehensive fallback support**
 
-## 🚀 What's New in v4.2.0
+## 🚀 What's New in v4.2.0 (September 2, 2025)
 
 ### ✨ Major Achievements
-- **100% READY Status**: All 74 commands fully operational
-- **Zero Dependencies**: Complete fallback implementation for all external services
-- **Local LLM Support**: Full LM Studio integration for offline AI
-- **Enterprise Security**: Quantum-resistant cryptography and zero-trust architecture
-
-### 🎯 Key Features
-- **Natural Language Coding**: Transform ideas into code with `/code` command
-- **AI Safety Evaluation**: Built-in safety checks with `/safety/check`
-- **Intelligent Evolution**: Self-improving system with `/evolve`
-- **Memory Management**: Episodic memory with PII masking
-- **Real-time Monitoring**: Live dashboard with `/intelligence/dashboard`
+- **100% READY Status**: All 76 commands fully operational (Week 2 Enterprise Systems)
+- **UIR System**: Universal Intelligence Router with enterprise governance
+- **Real-time Dashboard**: Live usage monitoring with WebSocket integration
+- **Firebase Functions**: Serverless backend with auto-scaling
+- **Enhanced Telemetry**: BigQuery analytics with Firestore sync
+
+### 🎯 Week 2 Enterprise Features
+- **Safety Evaluation** (`/safety/check`): PII detection, malicious content filtering
+- **Test Suite Execution** (`/evaluation/run`): Comprehensive testing with regression analysis
+- **Health Monitoring** (`/system/health`): System metrics, trend analysis, predictive alerts
+- **Performance Monitoring**: Real-time latency tracking and optimization
+- **Security Compliance**: RBAC, audit logging, quantum-resistant crypto
 **全V2参照の削除完了** - 180個以上のV2命名規則を完全に削除し、統一された命名規則を実現。SlashCommand、RecallCommand、RememberCommandなど全コマンドが標準命名に移行完了。
 
 ## 🔐 Admin Dashboard with IAP (2025-09-01)
@@ -536,6 +537,59 @@ bq query --use_legacy_sql=false "
 - **5つの主要メトリクス**: エラー率、P95レイテンシ、レート制限、プラン分布、バージョン健全性
 - **アラート設定**: 閾値超過時の自動通知
 
+## 🔐 Secret Manager Integration (Production Ready)
+
+### Google Cloud Secret Manager
+**エンタープライズグレードのシークレット管理** - APIキーとセンシティブデータの安全な保管と管理を実現。環境変数の代わりにSecret Managerを使用することでセキュリティを大幅に向上。
+
+#### 管理対象シークレット
+- **groq-api-key**: Groq AI APIキー (Fast Inference)
+- **openai-api-key**: OpenAI APIキー
+- **anthropic-api-key**: Anthropic Claude APIキー
+- **google-ai-api-key**: Google AI APIキー
+
+#### Secret Manager利用方法
+```bash
+# シークレット一覧確認
+gcloud secrets list
+
+# シークレット作成
+echo -n "YOUR_API_KEY" | gcloud secrets create SECRET_NAME --data-file=-
+
+# シークレットアクセス
+gcloud secrets versions access latest --secret="SECRET_NAME"
+
+# IAM権限付与（サービスアカウント用）
+gcloud secrets add-iam-policy-binding SECRET_NAME \
+  --member="serviceAccount:SERVICE_ACCOUNT@PROJECT.iam.gserviceaccount.com" \
+  --role="roles/secretmanager.secretAccessor"
+```
+
+#### コード実装
+```typescript
+// Secret Manager自動統合
+// src/providers/manager.ts
+const secretManager = new SecretManagerIntegration({
+  projectId: 'maria-code-470602',
+  secrets: {
+    groq: 'groq-api-key',
+    openAI: 'openai-api-key',
+    anthropic: 'anthropic-api-key',
+    googleAI: 'google-ai-api-key'
+  }
+});
+
+// 自動フォールバック
+// 1. Secret Manager → 2. 環境変数 → 3. デフォルト値
+```
+
+#### セキュリティメリット
+- **中央管理**: すべてのAPIキーをCloud Consoleで一元管理
+- **アクセス制御**: IAMによる細かい権限管理
+- **監査ログ**: 全アクセス履歴の自動記録
+- **ローテーション**: APIキーの簡単な更新
+- **暗号化**: 保存時・転送時の自動暗号化
+
 ### Performance & Developer Experience
 | System | Before | After v4.0.0 | Improvement |
 |--------|--------|--------------|-------------|

package/dist/bin/maria.cjs

@@ -7099,6 +7099,202 @@ var init_base_provider = __esm({
   }
 });
 
+// src/services/intelligent-model-selector/SecretManagerIntegration.ts
+var SecretManagerIntegration_exports = {};
+__export(SecretManagerIntegration_exports, {
+  SecretManagerIntegration: () => SecretManagerIntegration
+});
+var import_secret_manager, SecretManagerIntegration;
+var init_SecretManagerIntegration = __esm({
+  "src/services/intelligent-model-selector/SecretManagerIntegration.ts"() {
+    import_secret_manager = require("@google-cloud/secret-manager");
+    SecretManagerIntegration = class {
+      // 1 hour
+      constructor(config2) {
+        this.config = config2;
+        this.client = new import_secret_manager.SecretManagerServiceClient();
+      }
+      client;
+      cache = /* @__PURE__ */ new Map();
+      cacheExpiry = /* @__PURE__ */ new Map();
+      CACHE_TTL = 36e5;
+      /**
+       * Get API key from Secret Manager with caching
+       */
+      async getApiKey(provider) {
+        const secretName = this.getSecretName(provider);
+        if (!secretName) {
+          return void 0;
+        }
+        const cached = this.getCachedSecret(secretName);
+        if (cached) {
+          return cached;
+        }
+        try {
+          const name2 = `projects/${this.config.projectId}/secrets/${secretName}/versions/latest`;
+          const [version] = await this.client.accessSecretVersion({ name: name2 });
+          const payload = version.payload?.data;
+          if (!payload) {
+            console.error(`Secret ${secretName} has no payload`);
+            return void 0;
+          }
+          const secret = payload.toString();
+          this.cacheSecret(secretName, secret);
+          return secret;
+        } catch (error2) {
+          if (error2.code !== 5) {
+            console.error(`Failed to access secret ${secretName}:`, error2);
+          }
+          return this.getFallbackFromEnv(provider);
+        }
+      }
+      /**
+       * Get all API keys
+       */
+      async getAllApiKeys() {
+        const [googleApiKey, openaiApiKey, anthropicApiKey, groqApiKey] = await Promise.all([
+          this.getApiKey("google"),
+          this.getApiKey("openai"),
+          this.getApiKey("anthropic"),
+          this.getApiKey("groq")
+        ]);
+        return {
+          googleApiKey,
+          openaiApiKey,
+          anthropicApiKey,
+          groqApiKey
+        };
+      }
+      /**
+       * Verify that required secrets exist
+       */
+      async verifySecrets() {
+        const available = [];
+        const missing = [];
+        const providers = ["google", "openai", "anthropic", "groq"];
+        for (const provider of providers) {
+          const secretName = this.getSecretName(provider);
+          if (!secretName) continue;
+          try {
+            const name2 = `projects/${this.config.projectId}/secrets/${secretName}`;
+            await this.client.getSecret({ name: name2 });
+            available.push(provider);
+          } catch (error2) {
+            missing.push(provider);
+          }
+        }
+        return { available, missing };
+      }
+      /**
+       * Create or update a secret
+       */
+      async createOrUpdateSecret(provider, apiKey) {
+        const secretName = this.getSecretName(provider);
+        if (!secretName) {
+          return false;
+        }
+        const secretId = `projects/${this.config.projectId}/secrets/${secretName}`;
+        try {
+          let secretExists = false;
+          try {
+            await this.client.getSecret({ name: secretId });
+            secretExists = true;
+          } catch {
+            secretExists = false;
+          }
+          if (!secretExists) {
+            await this.client.createSecret({
+              parent: `projects/${this.config.projectId}`,
+              secretId: secretName,
+              secret: {
+                replication: {
+                  automatic: {}
+                },
+                labels: {
+                  service: "ims",
+                  provider
+                }
+              }
+            });
+          }
+          await this.client.addSecretVersion({
+            parent: secretId,
+            payload: {
+              data: Buffer.from(apiKey, "utf8")
+            }
+          });
+          this.cache.delete(secretName);
+          this.cacheExpiry.delete(secretName);
+          return true;
+        } catch (error2) {
+          console.error(`Failed to create/update secret ${secretName}:`, error2);
+          return false;
+        }
+      }
+      /**
+       * Get secret name for provider
+       */
+      getSecretName(provider) {
+        switch (provider) {
+          case "google":
+            return this.config.secrets.googleAI || "google-ai-api-key";
+          case "openai":
+            return this.config.secrets.openAI || "openai-api-key";
+          case "anthropic":
+            return this.config.secrets.anthropic || "anthropic-api-key";
+          case "groq":
+            return this.config.secrets.groq || "groq-api-key";
+          default:
+            return void 0;
+        }
+      }
+      /**
+       * Get cached secret if valid
+       */
+      getCachedSecret(secretName) {
+        const expiry = this.cacheExpiry.get(secretName);
+        if (!expiry || Date.now() > expiry) {
+          this.cache.delete(secretName);
+          this.cacheExpiry.delete(secretName);
+          return void 0;
+        }
+        return this.cache.get(secretName);
+      }
+      /**
+       * Cache a secret
+       */
+      cacheSecret(secretName, value) {
+        this.cache.set(secretName, value);
+        this.cacheExpiry.set(secretName, Date.now() + this.CACHE_TTL);
+      }
+      /**
+       * Get fallback from environment variable
+       */
+      getFallbackFromEnv(provider) {
+        switch (provider) {
+          case "google":
+            return process.env.GOOGLE_AI_API_KEY;
+          case "openai":
+            return process.env.OPENAI_API_KEY;
+          case "anthropic":
+            return process.env.ANTHROPIC_API_KEY;
+          case "groq":
+            return process.env.GROQ_API_KEY;
+          default:
+            return void 0;
+        }
+      }
+      /**
+       * Clear cache
+       */
+      clearCache() {
+        this.cache.clear();
+        this.cacheExpiry.clear();
+      }
+    };
+  }
+});
+
 // src/providers/groq-provider.ts
 var groq_provider_exports = {};
 __export(groq_provider_exports, {
@@ -7485,13 +7681,32 @@ var init_manager = __esm({
           })
         );
       }
-      /** Register adapters based on env keys (OpenAI is real, others placeholder but safe) */
+      /** Register adapters based on Secret Manager or env keys */
       async initializeProviders() {
-        const OPENAI_API_KEY = process.env.OPENAI_API_KEY;
-        const ANTHROPIC_API_KEY = process.env.ANTHROPIC_API_KEY;
-        const GOOGLE_API_KEY = process.env.GOOGLE_API_KEY || process.env.GOOGLE_AI_API_KEY;
-        const GROQ_API_KEY = process.env.GROQ_API_KEY;
+        let OPENAI_API_KEY = process.env.OPENAI_API_KEY;
+        let ANTHROPIC_API_KEY = process.env.ANTHROPIC_API_KEY;
+        let GOOGLE_API_KEY = process.env.GOOGLE_API_KEY || process.env.GOOGLE_AI_API_KEY;
+        let GROQ_API_KEY = process.env.GROQ_API_KEY;
         const GROK_API_KEY = process.env.GROK_API_KEY || process.env.XAI_API_KEY;
+        try {
+          const { SecretManagerIntegration: SecretManagerIntegration2 } = await Promise.resolve().then(() => (init_SecretManagerIntegration(), SecretManagerIntegration_exports));
+          const secretManager = new SecretManagerIntegration2({
+            projectId: process.env.GOOGLE_CLOUD_PROJECT || "maria-code-470602",
+            secrets: {
+              openAI: "openai-api-key",
+              anthropic: "anthropic-api-key",
+              googleAI: "google-ai-api-key",
+              groq: "groq-api-key"
+            }
+          });
+          const keys = await secretManager.getAllApiKeys();
+          OPENAI_API_KEY = keys.openaiApiKey || OPENAI_API_KEY;
+          ANTHROPIC_API_KEY = keys.anthropicApiKey || ANTHROPIC_API_KEY;
+          GOOGLE_API_KEY = keys.googleApiKey || GOOGLE_API_KEY;
+          GROQ_API_KEY = keys.groqApiKey || GROQ_API_KEY;
+        } catch (error2) {
+          console.debug("Secret Manager not available, using environment variables");
+        }
         if (OPENAI_API_KEY) this.register(new UnifiedOpenAIProvider(OPENAI_API_KEY));
         if (ANTHROPIC_API_KEY) this.register(new UnifiedAnthropicProvider(ANTHROPIC_API_KEY));
         if (GOOGLE_API_KEY) this.register(new UnifiedGoogleProvider(GOOGLE_API_KEY));
@@ -21552,7 +21767,7 @@ var init_package = __esm({
   "package.json"() {
     package_default = {
       name: "@bonginkan/maria",
-      version: "4.2.0",
+      version: "4.2.2",
       description: "\u{1F680} MARIA v4.2.0 - Enterprise AI Development Platform with 100% Command Availability. Features 74 production-ready commands with comprehensive fallback implementation, local LLM support, and zero external dependencies. Includes natural language coding, AI safety evaluation, intelligent evolution system, episodic memory with PII masking, and real-time monitoring dashboard. Built with TypeScript AST-powered code generation, OAuth2.0 + PKCE authentication, quantum-resistant cryptography, and enterprise-grade performance.",
       keywords: [
         "ai",
@@ -27741,7 +27956,7 @@ var init_bigquery_telemetry = __esm({
       httpEndpoint = null;
       config = {
         projectId: process.env.GOOGLE_CLOUD_PROJECT || "maria-code-470602",
-        datasetId: "cli",
+        datasetId: "maria_telemetry",
         tableName: "command_executions",
         batchSize: 100,
         flushIntervalMs: 3e4,