@evomap/evolver 1.81.0 → 1.82.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (47) hide show
  1. package/package.json +4 -1
  2. package/scripts/recall-verify-report.js +225 -0
  3. package/src/evolve/guards.js +1 -1
  4. package/src/evolve/pipeline/collect.js +1 -1
  5. package/src/evolve/pipeline/dispatch.js +1 -1
  6. package/src/evolve/pipeline/enrich.js +1 -1
  7. package/src/evolve/pipeline/hub.js +1 -1
  8. package/src/evolve/pipeline/select.js +1 -1
  9. package/src/evolve/pipeline/signals.js +1 -1
  10. package/src/evolve/utils.js +1 -1
  11. package/src/evolve.js +1 -1
  12. package/src/forceUpdate.js +50 -16
  13. package/src/gep/.integrity +0 -0
  14. package/src/gep/a2aProtocol.js +1 -1
  15. package/src/gep/candidateEval.js +1 -1
  16. package/src/gep/candidates.js +1 -1
  17. package/src/gep/contentHash.js +1 -1
  18. package/src/gep/crypto.js +1 -1
  19. package/src/gep/curriculum.js +1 -1
  20. package/src/gep/deviceId.js +1 -1
  21. package/src/gep/envFingerprint.js +1 -1
  22. package/src/gep/epigenetics.js +1 -1
  23. package/src/gep/explore.js +1 -1
  24. package/src/gep/hash.js +1 -1
  25. package/src/gep/hubReview.js +1 -1
  26. package/src/gep/hubSearch.js +1 -1
  27. package/src/gep/hubVerify.js +1 -1
  28. package/src/gep/integrityCheck.js +1 -1
  29. package/src/gep/learningSignals.js +1 -1
  30. package/src/gep/memoryGraph.js +1 -1
  31. package/src/gep/memoryGraphAdapter.js +1 -1
  32. package/src/gep/mutation.js +1 -1
  33. package/src/gep/narrativeMemory.js +1 -1
  34. package/src/gep/openPRRegistry.js +1 -0
  35. package/src/gep/paths.js +20 -0
  36. package/src/gep/personality.js +1 -1
  37. package/src/gep/policyCheck.js +1 -1
  38. package/src/gep/portable.js +9 -2
  39. package/src/gep/prompt.js +1 -1
  40. package/src/gep/recallVerifier.js +306 -0
  41. package/src/gep/reflection.js +1 -1
  42. package/src/gep/selector.js +1 -1
  43. package/src/gep/shield.js +1 -1
  44. package/src/gep/skill2gep.js +9 -1
  45. package/src/gep/skillDistiller.js +1 -1
  46. package/src/gep/solidify.js +1 -1
  47. package/src/gep/strategy.js +1 -1
package/src/forceUpdate.js CHANGED
@@ -1,7 +1,8 @@
1
1
  const fs = require('fs');
2
+ const os = require('os');
2
3
  const path = require('path');
3
4
  const { execSync } = require('child_process');
4
- const { getRepoRoot } = require('./gep/paths');
5
+ const { getEvolverInstallRoot } = require('./gep/paths');
5
6
 
6
7
  const MAX_EXEC_BUFFER = 10 * 1024 * 1024;
7
8
 
@@ -10,10 +11,39 @@ const MAX_EXEC_BUFFER = 10 * 1024 * 1024;
10
11
  // thread can trigger it independently (heartbeat-only workers need this
11
12
  // because they never reach the evolve run() loop that consumes the pending
12
13
  // force_update directive).
14
+ //
15
+ // CRITICAL (issue #51): this function MUST operate on the evolver INSTALL
16
+ // directory, NOT getRepoRoot(). getRepoRoot() preferentially returns the
17
+ // user's surrounding project (process.cwd()'s nearest .git ancestor).
18
+ // Using it here would delete the user's project files and copy the
19
+ // evolver package on top of them. Always use getEvolverInstallRoot(),
20
+ // which resolves to the package containing this file regardless of
21
+ // install layout (global npm / local node_modules / dev clone).
13
22
  function executeForceUpdate(forceUpdate) {
14
- const REPO_ROOT = getRepoRoot();
23
+ const INSTALL_ROOT = getEvolverInstallRoot();
24
+
25
+ // Defense in depth: if a future refactor breaks path resolution and
26
+ // INSTALL_ROOT no longer points at the evolver package (no package.json
27
+ // / wrong package name), refuse the update rather than risk
28
+ // overwriting an unrelated directory. This is the last guard between
29
+ // the deletion loop and the user's data.
30
+ try {
31
+ const pkg = JSON.parse(fs.readFileSync(path.join(INSTALL_ROOT, 'package.json'), 'utf8'));
32
+ if (!pkg || (pkg.name !== '@evomap/evolver' && pkg.name !== 'evolver')) {
33
+ console.warn('[ForceUpdate] Refusing — ' + INSTALL_ROOT +
34
+ '/package.json has name="' + (pkg && pkg.name) +
35
+ '", expected "@evomap/evolver". Aborting to avoid data loss.');
36
+ return false;
37
+ }
38
+ } catch (e) {
39
+ console.warn('[ForceUpdate] Refusing — cannot read ' + INSTALL_ROOT +
40
+ '/package.json: ' + (e && e.message || e));
41
+ return false;
42
+ }
43
+
15
44
  const requiredVersion = String(forceUpdate.required_version || '').replace(/^>=/, '');
16
- console.log('[ForceUpdate] Starting multi-channel update (target: >=' + requiredVersion + ')');
45
+ console.log('[ForceUpdate] Starting multi-channel update (target: >=' + requiredVersion +
46
+ ', install root: ' + INSTALL_ROOT + ')');
17
47
 
18
48
  function parseVer(v) {
19
49
  var m = String(v || '').match(/(\d+)\.(\d+)\.(\d+)/);
@@ -29,42 +59,46 @@ function executeForceUpdate(forceUpdate) {
29
59
  }
30
60
  function getCurrentVersion() {
31
61
  try {
32
- var pkg = JSON.parse(fs.readFileSync(path.join(REPO_ROOT, 'package.json'), 'utf8'));
62
+ var pkg = JSON.parse(fs.readFileSync(path.join(INSTALL_ROOT, 'package.json'), 'utf8'));
33
63
  return pkg.version || '0.0.0';
34
64
  } catch (_) { return '0.0.0'; }
35
65
  }
36
66
 
67
+ // Use os.tmpdir() for staging — INSTALL_ROOT's parent (e.g.
68
+ // /usr/lib/node_modules/@evomap when globally installed) is often not
69
+ // writable, unlike the previous user-project parent.
70
+ const TMP_TARGET = path.join(os.tmpdir(), '.evolver-update-tmp-' + process.pid);
71
+
37
72
  // Channel 1: GitHub Release (via degit)
38
73
  try {
39
74
  console.log('[ForceUpdate] Channel 1: GitHub Release download...');
40
- var tmpTarget = path.resolve(REPO_ROOT, '..', '.evolver-update-tmp');
41
- try { fs.rmSync(tmpTarget, { recursive: true, force: true }); } catch (_) {}
42
- execSync('npx -y degit EvoMap/evolver ' + JSON.stringify(tmpTarget), {
75
+ try { fs.rmSync(TMP_TARGET, { recursive: true, force: true }); } catch (_) {}
76
+ execSync('npx -y degit EvoMap/evolver ' + JSON.stringify(TMP_TARGET), {
43
77
  encoding: 'utf8', stdio: ['ignore', 'pipe', 'pipe'],
44
78
  timeout: 60000, windowsHide: true, maxBuffer: MAX_EXEC_BUFFER,
45
79
  });
46
- var tmpPkg = JSON.parse(fs.readFileSync(path.join(tmpTarget, 'package.json'), 'utf8'));
80
+ var tmpPkg = JSON.parse(fs.readFileSync(path.join(TMP_TARGET, 'package.json'), 'utf8'));
47
81
  if (tmpPkg.version && isAtLeast(tmpPkg.version, requiredVersion)) {
48
- var entries = fs.readdirSync(REPO_ROOT, { withFileTypes: true });
82
+ var entries = fs.readdirSync(INSTALL_ROOT, { withFileTypes: true });
49
83
  for (var ei = 0; ei < entries.length; ei++) {
50
84
  var eName = entries[ei].name;
51
85
  if (eName === 'node_modules' || eName === 'memory' || eName === '.git' || eName === 'MEMORY.md') continue;
52
- try { fs.rmSync(path.join(REPO_ROOT, eName), { recursive: true, force: true }); } catch (_) {}
86
+ try { fs.rmSync(path.join(INSTALL_ROOT, eName), { recursive: true, force: true }); } catch (_) {}
53
87
  }
54
- var newEntries = fs.readdirSync(tmpTarget, { withFileTypes: true });
88
+ var newEntries = fs.readdirSync(TMP_TARGET, { withFileTypes: true });
55
89
  for (var ni = 0; ni < newEntries.length; ni++) {
56
- var src = path.join(tmpTarget, newEntries[ni].name);
57
- var dst = path.join(REPO_ROOT, newEntries[ni].name);
90
+ var src = path.join(TMP_TARGET, newEntries[ni].name);
91
+ var dst = path.join(INSTALL_ROOT, newEntries[ni].name);
58
92
  fs.cpSync(src, dst, { recursive: true });
59
93
  }
60
- try { fs.rmSync(tmpTarget, { recursive: true, force: true }); } catch (_) {}
94
+ try { fs.rmSync(TMP_TARGET, { recursive: true, force: true }); } catch (_) {}
61
95
  console.log('[ForceUpdate] GitHub Release update successful: ' + tmpPkg.version);
62
96
  return true;
63
97
  }
64
- try { fs.rmSync(tmpTarget, { recursive: true, force: true }); } catch (_) {}
98
+ try { fs.rmSync(TMP_TARGET, { recursive: true, force: true }); } catch (_) {}
65
99
  } catch (e) {
66
100
  console.warn('[ForceUpdate] GitHub Release failed:', e && e.message || e);
67
- try { fs.rmSync(path.resolve(REPO_ROOT, '..', '.evolver-update-tmp'), { recursive: true, force: true }); } catch (_) {}
101
+ try { fs.rmSync(TMP_TARGET, { recursive: true, force: true }); } catch (_) {}
68
102
  }
69
103
 
70
104
  // Channel 2: npm
package/src/gep/.integrity CHANGED
Binary file