npm - @evomap/evolver - Versions diffs - 1.70.0-beta.3 → 1.70.0-beta.5 - Mend

@evomap/evolver 1.70.0-beta.3 → 1.70.0-beta.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (38) hide show

package/assets/gep/candidates.jsonl +3 -3
package/index.js +56 -2
package/package.json +1 -1
package/scripts/validate-suite.js +21 -6
package/src/evolve.js +1 -1
package/src/gep/.integrity +0 -0
package/src/gep/a2aProtocol.js +1 -1
package/src/gep/candidateEval.js +1 -1
package/src/gep/candidates.js +1 -1
package/src/gep/contentHash.js +1 -1
package/src/gep/crypto.js +1 -1
package/src/gep/curriculum.js +1 -1
package/src/gep/deviceId.js +1 -1
package/src/gep/envFingerprint.js +1 -1
package/src/gep/explore.js +1 -1
package/src/gep/hubReview.js +1 -1
package/src/gep/hubSearch.js +1 -1
package/src/gep/hubVerify.js +1 -1
package/src/gep/integrityCheck.js +1 -1
package/src/gep/learningSignals.js +1 -1
package/src/gep/memoryGraph.js +1 -1
package/src/gep/memoryGraphAdapter.js +1 -1
package/src/gep/mutation.js +1 -1
package/src/gep/narrativeMemory.js +1 -1
package/src/gep/personality.js +1 -1
package/src/gep/policyCheck.js +1 -1
package/src/gep/prompt.js +1 -1
package/src/gep/reflection.js +1 -1
package/src/gep/selector.js +1 -1
package/src/gep/selfPR.js +5 -1
package/src/gep/shield.js +1 -1
package/src/gep/skillDistiller.js +1 -1
package/src/gep/solidify.js +1 -1
package/src/gep/strategy.js +1 -1
package/src/gep/validator/sandboxExecutor.js +11 -2
package/src/proxy/lifecycle/manager.js +5 -1
package/src/proxy/mailbox/store.js +5 -0
package/src/proxy/server/http.js +47 -4

package/assets/gep/candidates.jsonl CHANGED Viewed

@@ -1,3 +1,3 @@
-{"type":"CapabilityCandidate","id":"cand_b9a66a5c","title":"Harden session log detection and fallback behavior","source":"signals","created_at":"2026-04-25T03:26:52.453Z","signals":["memory_missing","user_missing","session_logs_missing"],"tags":["memory_missing","user_missing","session_logs_missing","area:memory"],"shape":{"title":"Harden session log detection and fallback behavior","input":"Recent session transcript + memory snippets + user instructions","output":"A safe, auditable evolution patch guided by GEP assets","invariants":"Protocol order, small reversible patches, validation, append-only events","params":"Signals: memory_missing, user_missing, session_logs_missing","failure_points":"Missing signals, over-broad changes, skipped validation, missing knowledge solidification","evidence":"Signal present: session_logs_missing"}}
-{"type":"CapabilityCandidate","id":"cand_b9a66a5c","title":"Harden session log detection and fallback behavior","source":"signals","created_at":"2026-04-25T03:26:54.382Z","signals":["memory_missing","user_missing","session_logs_missing"],"tags":["memory_missing","user_missing","session_logs_missing","area:memory"],"shape":{"title":"Harden session log detection and fallback behavior","input":"Recent session transcript + memory snippets + user instructions","output":"A safe, auditable evolution patch guided by GEP assets","invariants":"Protocol order, small reversible patches, validation, append-only events","params":"Signals: memory_missing, user_missing, session_logs_missing","failure_points":"Missing signals, over-broad changes, skipped validation, missing knowledge solidification","evidence":"Signal present: session_logs_missing"}}
-{"type":"CapabilityCandidate","id":"cand_b9a66a5c","title":"Harden session log detection and fallback behavior","source":"signals","created_at":"2026-04-25T03:26:56.266Z","signals":["memory_missing","user_missing","session_logs_missing"],"tags":["memory_missing","user_missing","session_logs_missing","area:memory"],"shape":{"title":"Harden session log detection and fallback behavior","input":"Recent session transcript + memory snippets + user instructions","output":"A safe, auditable evolution patch guided by GEP assets","invariants":"Protocol order, small reversible patches, validation, append-only events","params":"Signals: memory_missing, user_missing, session_logs_missing","failure_points":"Missing signals, over-broad changes, skipped validation, missing knowledge solidification","evidence":"Signal present: session_logs_missing"}}
+{"type":"CapabilityCandidate","id":"cand_b9a66a5c","title":"Harden session log detection and fallback behavior","source":"signals","created_at":"2026-04-27T05:31:51.337Z","signals":["memory_missing","user_missing","session_logs_missing"],"tags":["memory_missing","user_missing","session_logs_missing","area:memory"],"shape":{"title":"Harden session log detection and fallback behavior","input":"Recent session transcript + memory snippets + user instructions","output":"A safe, auditable evolution patch guided by GEP assets","invariants":"Protocol order, small reversible patches, validation, append-only events","params":"Signals: memory_missing, user_missing, session_logs_missing","failure_points":"Missing signals, over-broad changes, skipped validation, missing knowledge solidification","evidence":"Signal present: session_logs_missing"}}
+{"type":"CapabilityCandidate","id":"cand_b9a66a5c","title":"Harden session log detection and fallback behavior","source":"signals","created_at":"2026-04-27T05:31:53.506Z","signals":["memory_missing","user_missing","session_logs_missing"],"tags":["memory_missing","user_missing","session_logs_missing","area:memory"],"shape":{"title":"Harden session log detection and fallback behavior","input":"Recent session transcript + memory snippets + user instructions","output":"A safe, auditable evolution patch guided by GEP assets","invariants":"Protocol order, small reversible patches, validation, append-only events","params":"Signals: memory_missing, user_missing, session_logs_missing","failure_points":"Missing signals, over-broad changes, skipped validation, missing knowledge solidification","evidence":"Signal present: session_logs_missing"}}
+{"type":"CapabilityCandidate","id":"cand_b9a66a5c","title":"Harden session log detection and fallback behavior","source":"signals","created_at":"2026-04-27T05:31:55.280Z","signals":["memory_missing","user_missing","session_logs_missing"],"tags":["memory_missing","user_missing","session_logs_missing","area:memory"],"shape":{"title":"Harden session log detection and fallback behavior","input":"Recent session transcript + memory snippets + user instructions","output":"A safe, auditable evolution patch guided by GEP assets","invariants":"Protocol order, small reversible patches, validation, append-only events","params":"Signals: memory_missing, user_missing, session_logs_missing","failure_points":"Missing signals, over-broad changes, skipped validation, missing knowledge solidification","evidence":"Signal present: session_logs_missing"}}

package/index.js CHANGED Viewed

@@ -847,6 +847,23 @@ async function main() {
       const data = await resp.json();
       const outFlag = args.find(a => typeof a === 'string' && a.startsWith('--out='));
       const safeId = String(data.skill_id || skillId).replace(/[^a-zA-Z0-9_\-\.]/g, '_');
+      // Reject safeId values that would either stay inside cwd instead of
+      // descending into skills/, or escape cwd entirely. The sanitizing regex
+      // above permits `.`, so `..` / `.` / empty survive it; `path.join('.',
+      // 'skills', '..')` collapses to `.` which turns the download directory
+      // into the user's working directory and lets Hub-supplied bundled_files
+      // overwrite `index.js`, `package.json`, etc. See GHSA-cfcj-hqpf-hccf.
+      if (
+        safeId === '' ||
+        safeId === '.' ||
+        safeId === '..' ||
+        safeId.includes('/') ||
+        safeId.includes('\\') ||
+        safeId.includes('\0')
+      ) {
+        console.error('[fetch] Hub returned an invalid skill_id: ' + JSON.stringify(safeId));
+        process.exit(1);
+      }
       let outDir;
       if (outFlag) {
         const rawOut = outFlag.slice('--out='.length);
@@ -869,7 +886,16 @@ async function main() {
         }
         outDir = resolvedOut;
       } else {
-        outDir = path.join('.', 'skills', safeId);
+        // Defense in depth: apply the same traversal check to the default
+        // branch so any remaining path-smuggling shape in `safeId` is caught.
+        const candidate = path.resolve(process.cwd(), 'skills', safeId);
+        const skillsRoot = path.resolve(process.cwd(), 'skills');
+        const rel = path.relative(skillsRoot, candidate);
+        if (rel.startsWith('..') || path.isAbsolute(rel)) {
+          console.error('[fetch] Hub-provided skill_id escapes skills/ directory: ' + JSON.stringify(safeId));
+          process.exit(1);
+        }
+        outDir = candidate;
       }
       if (!fs.existsSync(outDir)) fs.mkdirSync(outDir, { recursive: true });
@@ -885,12 +911,24 @@ async function main() {
         '.yml', '.yaml',
       ]);
       const MAX_SKILL_FILE_BYTES = 512 * 1024;
+      // Even with outDir locked to skills/, a legitimate-looking skill can
+      // ship a bundled file named `package.json`, `index.js`, or any other
+      // top-level project artifact whose name collides with something the
+      // user may later copy back up. Prefix-guard the resolved path so every
+      // write stays strictly within the resolved outDir (no trailing `/..`
+      // in basename, no absolute path smuggling) and never points at cwd.
+      const resolvedOutDir = path.resolve(outDir);
+      const resolvedCwd = path.resolve(process.cwd());
       const bundled = Array.isArray(data.bundled_files) ? data.bundled_files : [];
       const skippedFiles = [];
       for (const file of bundled) {
         if (!file || !file.name || typeof file.content !== 'string') continue;
         const safeName = path.basename(file.name);
+        if (!safeName || safeName === '.' || safeName === '..') {
+          skippedFiles.push(String(file.name));
+          continue;
+        }
         const ext = path.extname(safeName).toLowerCase();
         if (!ALLOWED_SKILL_EXTENSIONS.has(ext)) {
           console.warn('[fetch] Skipped skill file with disallowed extension: ' + safeName);
@@ -902,7 +940,23 @@ async function main() {
           skippedFiles.push(safeName);
           continue;
         }
-        fs.writeFileSync(path.join(outDir, safeName), file.content, 'utf8');
+        const destPath = path.resolve(resolvedOutDir, safeName);
+        const relToOut = path.relative(resolvedOutDir, destPath);
+        if (relToOut.startsWith('..') || path.isAbsolute(relToOut)) {
+          console.warn('[fetch] Skipped bundled file whose resolved path escapes outDir: ' + safeName);
+          skippedFiles.push(safeName);
+          continue;
+        }
+        // Never let a bundled write touch the evolver's own cwd -- this is
+        // the concrete attack shape from GHSA-cfcj-hqpf-hccf (fetch default
+        // branch writing to `./index.js`). outDir should always be under
+        // skills/ now, but belt-and-braces keep the guarantee explicit.
+        if (path.dirname(destPath) === resolvedCwd) {
+          console.warn('[fetch] Skipped bundled file that would land in cwd: ' + safeName);
+          skippedFiles.push(safeName);
+          continue;
+        }
+        fs.writeFileSync(destPath, file.content, 'utf8');
       }
       console.log('[fetch] Skill downloaded to: ' + outDir);

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@evomap/evolver",
-  "version": "1.70.0-beta.3",
+  "version": "1.70.0-beta.5",
   "description": "A GEP-powered self-evolution engine for AI agents. Features automated log analysis and Genome Evolution Protocol (GEP) for auditable, reusable evolution assets.",
   "main": "index.js",
   "bin": {

package/scripts/validate-suite.js CHANGED Viewed

@@ -1,6 +1,8 @@
-// Usage: node scripts/validate-suite.js [test-glob-pattern]
+// Usage: node scripts/validate-suite.js [test-glob-pattern | test-file]
 // Runs the evolver test suite -- repo root is derived from script location, no shell glob needed.
-const { execSync } = require('child_process');
+// Accepts either a directory glob pattern (e.g. `test/*.test.js`) or a concrete test file path.
+// See community PR #514.
+const { execFileSync } = require('child_process');
 const path = require('path');
 const fs = require('fs');
@@ -8,10 +10,22 @@ const EVOLVER_REPO_ROOT = path.join(__dirname, '..');
 const pattern = process.argv[2] || 'test/*.test.js';
 function expandTestGlob(repoRoot, pat) {
-  const dir = pat.replace(/\/\*\.test\.js$/, '');
+  const fullPattern = path.isAbsolute(pat) ? pat : path.join(repoRoot, pat);
+  if (fs.existsSync(fullPattern) && fs.statSync(fullPattern).isFile()) {
+    return fullPattern.endsWith('.test.js') ? [fullPattern] : [];
+  }
+  const dir = path.dirname(pat);
+  const basenamePattern = path.basename(pat);
   const fullDir = path.isAbsolute(dir) ? dir : path.join(repoRoot, dir);
+  if (!fs.existsSync(fullDir) || !fs.statSync(fullDir).isDirectory()) return [];
+  const escaped = basenamePattern
+    .replace(/[.+?^${}()|[\]\\]/g, '\\$&')
+    .replace(/\*/g, '.*');
+  const matcher = new RegExp('^' + escaped + '$');
   return fs.readdirSync(fullDir)
-    .filter(f => f.endsWith('.test.js'))
+    .filter(f => f.endsWith('.test.js') && matcher.test(f))
     .map(f => path.join(fullDir, f))
     .sort();
 }
@@ -22,7 +36,6 @@ if (files.length === 0) {
   process.exit(1);
 }
-const cmd = 'node --test ' + files.join(' ');
 const env = Object.assign({}, process.env, {
   NODE_ENV: 'test',
   EVOLVER_REPO_ROOT,
@@ -30,9 +43,11 @@ const env = Object.assign({}, process.env, {
 });
 delete env.EVOLVE_BRIDGE;
 delete env.OPENCLAW_WORKSPACE;
+// Clear NODE_TEST_CONTEXT so nested runs from within node --test work.
+delete env.NODE_TEST_CONTEXT;
 try {
-  const output = execSync(cmd, {
+  const output = execFileSync(process.execPath, ['--test', ...files], {
     cwd: EVOLVER_REPO_ROOT,
     stdio: ['pipe', 'pipe', 'pipe'],
     timeout: 180000,