@evomap/evolver 1.85.3 → 1.86.1

package/index.js

@@ -39,6 +39,74 @@ try {
   else process.env.EVOLVER_QUIET_PARENT_GIT = _prevQuiet;
 } catch (e) { /* dotenv is optional */ }
 
+async function runSetupHooksCli(args) {
+  const hookAdapter = require('./src/adapters/hookAdapter');
+  const { setupHooks, resolveConfigRoot, detectPlatform, loadAdapter } = hookAdapter;
+
+  const platformFlag = args.find(a => typeof a === 'string' && a.startsWith('--platform='));
+  const platform = platformFlag ? platformFlag.slice('--platform='.length) : undefined;
+  const force = args.includes('--force');
+  const uninstall = args.includes('--uninstall');
+  const verifyOnly = args.includes('--verify');
+
+  if (verifyOnly) {
+    try {
+      const platformId = platform || detectPlatform(process.cwd());
+      if (!platformId) {
+        console.error('[setup-hooks] --verify: could not detect platform. Pass --platform=opencode|cursor|claude-code|codex|kiro');
+        process.exit(2);
+      }
+      const adapter = loadAdapter(platformId);
+      if (!adapter || typeof adapter.verify !== 'function') {
+        console.error('[setup-hooks] --verify: platform ' + platformId + ' does not support verification yet.');
+        process.exit(2);
+      }
+      const configRoot = resolveConfigRoot(platformId, process.cwd());
+      const report = adapter.verify({ configRoot });
+      if (typeof adapter.printVerifyReport === 'function') {
+        adapter.printVerifyReport(report);
+      } else {
+        console.log(JSON.stringify(report, null, 2));
+      }
+      process.exit(report.ok ? 0 : 1);
+    } catch (verifyErr) {
+      console.error('[setup-hooks] --verify error:', verifyErr && verifyErr.message || verifyErr);
+      process.exit(1);
+    }
+  }
+
+  try {
+    const result = await setupHooks({
+      platform,
+      cwd: process.cwd(),
+      force,
+      uninstall,
+      evolverRoot: __dirname,
+    });
+    if (result && result.ok) {
+      if (!uninstall && result.files) {
+        console.log('\n[setup-hooks] Files created/updated:');
+        for (const f of result.files) {
+          console.log('  ' + f);
+        }
+      }
+      process.exit(0);
+    } else {
+      console.error('[setup-hooks] Failed: ' + (result && result.error || 'unknown'));
+      process.exit(1);
+    }
+  } catch (error) {
+    console.error('[setup-hooks] Error:', error && error.message || error);
+    process.exit(1);
+  }
+}
+
+if (require.main === module && process.argv[2] === 'setup-hooks') {
+  runSetupHooksCli(process.argv.slice(3)).catch(function (err) {
+    console.error('[setup-hooks] Error:', err && err.stack ? err.stack : String(err));
+    process.exitCode = 1;
+  });
+} else {
 const evolve = require('./src/evolve');
 const { solidify } = require('./src/gep/solidify');
 const path = require('path');
@@ -1660,70 +1728,6 @@ async function main() {
       process.exit(1);
     }
 
-  } else if (command === 'setup-hooks') {
-    const hookAdapter = require('./src/adapters/hookAdapter');
-    const { setupHooks, resolveConfigRoot, detectPlatform, loadAdapter } = hookAdapter;
-
-    const platformFlag = args.find(a => typeof a === 'string' && a.startsWith('--platform='));
-    const platform = platformFlag ? platformFlag.slice('--platform='.length) : undefined;
-    const force = args.includes('--force');
-    const uninstall = args.includes('--uninstall');
-    const verifyOnly = args.includes('--verify');
-
-    if (verifyOnly) {
-      // Read-only verification: do not touch any files, just report whether
-      // the previously-installed hooks/plugin look healthy. Lets users answer
-      // "is the plugin actually loaded?" without grepping opencode logs.
-      try {
-        const platformId = platform || detectPlatform(process.cwd());
-        if (!platformId) {
-          console.error('[setup-hooks] --verify: could not detect platform. Pass --platform=opencode|cursor|claude-code|codex|kiro');
-          process.exit(2);
-        }
-        const adapter = loadAdapter(platformId);
-        if (!adapter || typeof adapter.verify !== 'function') {
-          console.error('[setup-hooks] --verify: platform ' + platformId + ' does not support verification yet.');
-          process.exit(2);
-        }
-        const configRoot = resolveConfigRoot(platformId, process.cwd());
-        const report = adapter.verify({ configRoot });
-        if (typeof adapter.printVerifyReport === 'function') {
-          adapter.printVerifyReport(report);
-        } else {
-          console.log(JSON.stringify(report, null, 2));
-        }
-        process.exit(report.ok ? 0 : 1);
-      } catch (verifyErr) {
-        console.error('[setup-hooks] --verify error:', verifyErr && verifyErr.message || verifyErr);
-        process.exit(1);
-      }
-    }
-
-    try {
-      const result = await setupHooks({
-        platform,
-        cwd: process.cwd(),
-        force,
-        uninstall,
-        evolverRoot: __dirname,
-      });
-      if (result && result.ok) {
-        if (!uninstall && result.files) {
-          console.log('\n[setup-hooks] Files created/updated:');
-          for (const f of result.files) {
-            console.log('  ' + f);
-          }
-        }
-        process.exit(0);
-      } else {
-        console.error('[setup-hooks] Failed: ' + (result && result.error || 'unknown'));
-        process.exit(1);
-      }
-    } catch (error) {
-      console.error('[setup-hooks] Error:', error && error.message || error);
-      process.exit(1);
-    }
-
   } else if (command === 'reset-local-secret') {
     // Wipe every local store of node_secret in one shot, so a daemon stuck
     // after a manual web reset (https://evomap.ai/account -> Reset Secret)
@@ -1923,6 +1927,7 @@ if (require.main === module) {
 
 module.exports = {
   main,
+  runSetupHooksCli,
   readJsonSafe,
   rejectPendingRun,
   isPendingSolidify,
@@ -1931,3 +1936,4 @@ module.exports = {
   writeCycleProgressAtomic,
   spawnReplacementProcess,
 };
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@evomap/evolver",
-  "version": "1.85.3",
+  "version": "1.86.1",
   "description": "A GEP-powered self-evolution engine for AI agents. Features automated log analysis and Genome Evolution Protocol (GEP) for auditable, reusable evolution assets.",
   "main": "index.js",
   "bin": {
@@ -43,6 +43,9 @@
   "devDependencies": {
     "javascript-obfuscator": "^5.4.1"
   },
+  "optionalDependencies": {
+    "@napi-rs/keyring": "^1.1.6"
+  },
   "files": [
     "assets/",
     "index.js",

package/scripts/check-changelog.js

@@ -0,0 +1,166 @@
+'use strict';
+
+/**
+ * CHANGELOG release-section integrity guard.
+ *
+ * Catches the misattribution pattern that bit us with #540 / PR #107:
+ * an entry filed under `## [X.Y.Z]` AFTER v1.85.0 was already published
+ * to npm, so the changelog claimed a fix the binary didn't contain.
+ *
+ * Algorithm: for every `## [X.Y.Z]` heading in CHANGELOG.md that has a
+ * matching git tag (`vX.Y.Z`), compare the section content at HEAD
+ * against the section content at that tag. If they differ, somebody
+ * edited a frozen-and-released section — fail loud.
+ *
+ * Notes:
+ *   - `## [Unreleased]` is exempt (it's the staging area, no tag).
+ *   - Version headings without a corresponding tag are exempt — that's
+ *     usually the "preparing X.Y.Z" state right before the tag exists.
+ *   - Tag lookup is local-only (`git rev-parse`); CI must `git fetch
+ *     --tags` first if it runs on a shallow clone.
+ *   - `repoRoot` is injectable so tests don't need to monkey-patch the
+ *     module by re-evaluating source (autogame-17 PR #115 review).
+ *
+ * Usage:
+ *   node scripts/check-changelog.js              # CLI mode, exits 0/1
+ *   const { checkChangelogIntegrity } = require('./check-changelog');
+ *   const result = checkChangelogIntegrity({ repoRoot });
+ */
+
+const { execFileSync } = require('child_process');
+const fs = require('fs');
+const path = require('path');
+
+const DEFAULT_REPO_ROOT = path.resolve(__dirname, '..');
+
+function readChangelogAtHead(repoRoot) {
+  return fs.readFileSync(path.join(repoRoot, 'CHANGELOG.md'), 'utf8');
+}
+
+function readChangelogAtRef(repoRoot, ref) {
+  try {
+    return execFileSync('git', ['show', `${ref}:CHANGELOG.md`], {
+      cwd: repoRoot,
+      encoding: 'utf8',
+      stdio: ['ignore', 'pipe', 'ignore'],
+    });
+  } catch {
+    return null;
+  }
+}
+
+function tagExists(repoRoot, tag) {
+  try {
+    execFileSync('git', ['rev-parse', '--verify', `refs/tags/${tag}`], {
+      cwd: repoRoot,
+      stdio: ['ignore', 'ignore', 'ignore'],
+    });
+    return true;
+  } catch {
+    return false;
+  }
+}
+
+// Pull every `## [X.Y.Z]` heading from the file, skipping `[Unreleased]`.
+function listReleasedVersionHeadings(text) {
+  const versions = [];
+  const re = /^## \[(\d+\.\d+\.\d+(?:[-+][\w.]+)?)\]/gm;
+  let m;
+  while ((m = re.exec(text)) !== null) {
+    versions.push(m[1]);
+  }
+  return versions;
+}
+
+// Extract the body between `## [X.Y.Z]` and the next `## [` (or EOF).
+// Normalises trailing whitespace and trailing blank lines so a stray
+// newline doesn't fail the equality check.
+//
+// Heading match is line-anchored (`/^## \[X\.Y\.Z\]/m`) so a fenced
+// code block or quoted text containing `## [X.Y.Z]` mid-line cannot be
+// mistaken for the section start (Bugbot PR #115 review).
+function extractSection(text, version) {
+  const escaped = version.replace(/[.+]/g, (c) => '\\' + c);
+  const re = new RegExp(`^## \\[${escaped}\\]`, 'm');
+  const match = re.exec(text);
+  if (!match) return null;
+  const after = match.index + match[0].length;
+  const rest = text.slice(after);
+  const nextRel = rest.search(/\n## \[/);
+  const raw = nextRel === -1 ? rest : rest.slice(0, nextRel);
+  return raw
+    .split('\n')
+    .map((line) => line.replace(/\s+$/, ''))
+    .join('\n')
+    .replace(/\n+$/, '');
+}
+
+function checkChangelogIntegrity(opts) {
+  const repoRoot = (opts && opts.repoRoot) || DEFAULT_REPO_ROOT;
+  const head = readChangelogAtHead(repoRoot);
+  const versions = listReleasedVersionHeadings(head);
+
+  const drift = [];
+  const skipped = [];
+
+  for (const version of versions) {
+    const tag = `v${version}`;
+    if (!tagExists(repoRoot, tag)) {
+      skipped.push({ version, reason: 'no matching git tag (probably preparing this release)' });
+      continue;
+    }
+    const tagText = readChangelogAtRef(repoRoot, tag);
+    if (tagText == null) {
+      skipped.push({ version, reason: `tag ${tag} exists but its CHANGELOG.md is unreadable` });
+      continue;
+    }
+    const headSection = extractSection(head, version);
+    const tagSection = extractSection(tagText, version);
+    if (headSection == null || tagSection == null) {
+      skipped.push({ version, reason: 'section parse failed' });
+      continue;
+    }
+    if (headSection !== tagSection) {
+      drift.push({ version, tag });
+    }
+  }
+
+  return { drift, skipped, checked: versions.length - skipped.length };
+}
+
+function main() {
+  const result = checkChangelogIntegrity();
+
+  process.stdout.write(`\n=== CHANGELOG release-section guard ===\n`);
+  process.stdout.write(`Checked ${result.checked} released version section(s); skipped ${result.skipped.length}.\n`);
+
+  for (const s of result.skipped) {
+    process.stdout.write(`  [skip] ${s.version}: ${s.reason}\n`);
+  }
+
+  if (result.drift.length === 0) {
+    process.stdout.write(`\n[OK] No released CHANGELOG section was edited after its release tag.\n`);
+    return 0;
+  }
+
+  process.stderr.write(`\n[FAIL] ${result.drift.length} CHANGELOG section(s) diverged from their release tag:\n`);
+  for (const d of result.drift) {
+    process.stderr.write(`  - ## [${d.version}] differs from ${d.tag}:CHANGELOG.md\n`);
+  }
+  process.stderr.write(
+    `\nReleased sections must stay frozen. Move any new entries under ## [Unreleased],\n` +
+    `or, if the entry was genuinely missing from the release, amend it on a hotfix\n` +
+    `branch and tag a patch release.\n`
+  );
+  return 1;
+}
+
+if (require.main === module) {
+  process.exit(main());
+}
+
+module.exports = {
+  checkChangelogIntegrity,
+  extractSection,         // for tests
+  listReleasedVersionHeadings, // for tests
+};

package/src/adapters/hookAdapter.js

@@ -153,12 +153,11 @@ function assertNotSymlink(p, label) {
 
 function copyHookScripts(destDir, evolverRoot) {
   const scriptsDir = path.join(evolverRoot || __dirname, 'scripts');
-  // _runtimePaths.js is required by the two session-* scripts via
-  // `require('./_runtimePaths')`, which resolves relative to the *destination*
-  // (__dirname after copy). It MUST be copied alongside or both hooks crash
-  // with MODULE_NOT_FOUND at runtime. Caught in PR #94 review.
+  // Helper modules are required by copied hook scripts via relative require()
+  // calls, which resolve against the destination hook directory at runtime.
   const scripts = [
     '_runtimePaths.js',
+    '_memoryFiltering.js',
     'evolver-session-start.js',
     'evolver-signal-detect.js',
     'evolver-session-end.js',
@@ -237,6 +236,7 @@ function removeEvolverHooks(filePath, { markerKey = '_evolver_managed' } = {}) {
 function removeHookScripts(hooksDir) {
   const scripts = [
     '_runtimePaths.js',
+    '_memoryFiltering.js',
     'evolver-session-start.js',
     'evolver-signal-detect.js',
     'evolver-session-end.js',

package/src/adapters/scripts/_memoryFiltering.js

@@ -0,0 +1,35 @@
+// _memoryFiltering.js
+// Shared memory filtering logic for evolver hooks (platform-independent).
+//
+// Responsibility: Filter evolution memory outcomes to reduce noise in Claude/Codex context.
+// - Removes failed outcomes (no learning value)
+// - Filters low-confidence outcomes (score < 0.5)
+// - Enforces time bounds (< 7 days old)
+// - Limits result size (max 3 outcomes)
+
+const DEFAULT_MIN_SCORE = 0.5;
+const DEFAULT_MAX_AGE_MS = 7 * 24 * 60 * 60 * 1000; // 7 days
+const DEFAULT_MAX_OUTCOMES = 3;
+
+function filterRelevantOutcomes(entries, opts = {}) {
+  const minScore = opts.minScore !== undefined ? opts.minScore : DEFAULT_MIN_SCORE;
+  const maxAgeMs = opts.maxAgeMs !== undefined ? opts.maxAgeMs : DEFAULT_MAX_AGE_MS;
+  const maxOutcomes = opts.maxOutcomes !== undefined ? opts.maxOutcomes : DEFAULT_MAX_OUTCOMES;
+
+  const now = Date.now();
+
+  return entries
+    .filter(e => {
+      // Only keep 'success' outcomes (failed ones don't provide learning value)
+      if (e.outcome?.status !== 'success') return false;
+      // Only keep high-confidence outcomes
+      if ((e.outcome?.score ?? 0) < minScore) return false;
+      // Only keep recent outcomes
+      const ts = e.timestamp ? new Date(e.timestamp).getTime() : 0;
+      if (now - ts > maxAgeMs) return false;
+      return true;
+    })
+    .slice(-maxOutcomes);
+}
+
+module.exports = { filterRelevantOutcomes, DEFAULT_MIN_SCORE, DEFAULT_MAX_AGE_MS, DEFAULT_MAX_OUTCOMES };

package/src/adapters/scripts/evolver-session-start.js

@@ -8,6 +8,56 @@ const path = require('path');
 const os = require('os');
 
 const { findEvolverRoot, findMemoryGraph } = require('./_runtimePaths');
+const { filterRelevantOutcomes } = require('./_memoryFiltering');
+
+function findGitRoot(start) {
+  let dir = path.resolve(start || process.cwd());
+  while (dir !== path.dirname(dir)) {
+    if (fs.existsSync(path.join(dir, '.git'))) return dir;
+    dir = path.dirname(dir);
+  }
+  return null;
+}
+
+function resolveWorkspaceRootForReader() {
+  if (process.env.OPENCLAW_WORKSPACE) return process.env.OPENCLAW_WORKSPACE;
+  const repoRoot = process.env.EVOLVER_REPO_ROOT || findGitRoot(process.cwd()) || process.cwd();
+  const workspaceDir = path.join(repoRoot, 'workspace');
+  if (fs.existsSync(workspaceDir)) return workspaceDir;
+  return repoRoot;
+}
+
+function resolveWorkspaceIdForReader() {
+  if (process.env.EVOLVER_WORKSPACE_ID) return String(process.env.EVOLVER_WORKSPACE_ID);
+  const file = path.join(resolveWorkspaceRootForReader(), '.evolver', 'workspace-id');
+  try {
+    const dirStat = fs.lstatSync(path.dirname(file), { throwIfNoEntry: false });
+    if (dirStat && dirStat.isSymbolicLink()) return null;
+    const fileStat = fs.lstatSync(file, { throwIfNoEntry: false });
+    if (!fileStat || fileStat.isSymbolicLink() || !fileStat.isFile()) return null;
+    const raw = fs.readFileSync(file, 'utf8').trim();
+    if (raw && /^[a-f0-9]{32,}$/i.test(raw)) return raw;
+  } catch { /* workspace id is best-effort in copied hooks */ }
+  return null;
+}
+
+function filterWorkspaceEntries(entries) {
+  const cwd = process.cwd();
+  const workspaceId = resolveWorkspaceIdForReader();
+
+  return entries.filter(entry => {
+    if (!entry || typeof entry !== 'object') return false;
+    if (workspaceId && entry.workspace_id) {
+      return String(entry.workspace_id) === String(workspaceId);
+    }
+    if (entry.cwd) {
+      return path.resolve(String(entry.cwd)) === path.resolve(cwd);
+    }
+    // Older entries did not carry a workspace tag. Do not inject them from
+    // hooks because copied hooks often share a user-level fallback memory file.
+    return false;
+  });
+}
 
 function readLastN(filePath, n) {
   try {
@@ -99,18 +149,21 @@ function main() {
     return;
   }
 
-  const entries = readLastN(graphPath, 5);
-  if (entries.length === 0) {
+  const entries = readLastN(graphPath, 20);
+  const scoped = filterWorkspaceEntries(entries);
+  const filtered = filterRelevantOutcomes(scoped);
+
+  if (filtered.length === 0) {
     process.stdout.write(JSON.stringify({}));
     return;
   }
 
-  const successCount = entries.filter(e => e.outcome && e.outcome.status === 'success').length;
-  const failCount = entries.filter(e => e.outcome && e.outcome.status === 'failed').length;
+  const successCount = filtered.filter(e => e.outcome && e.outcome.status === 'success').length;
+  const failCount = filtered.filter(e => e.outcome && e.outcome.status === 'failed').length;
 
-  const lines = entries.map(formatOutcome);
+  const lines = filtered.map(formatOutcome);
   const summary = [
-    `[Evolution Memory] Recent ${entries.length} outcomes (${successCount} success, ${failCount} failed):`,
+    `[Evolution Memory] Recent ${filtered.length} outcomes (${successCount} success, ${failCount} failed):`,
     ...lines,
     '',
     'Use successful approaches. Avoid repeating failed patterns.',

package/src/adapters/scripts/evolver-signal-detect.js

@@ -13,9 +13,32 @@ const SIGNAL_KEYWORDS = {
   test_failure: ['test failed', 'test failure', 'assertion', 'expect(', 'assert.'],
 };
 
+function stratifyContent(text) {
+  // Separate code/comments/documents to avoid false positives
+  const lines = text.split('\n');
+  const documentText = [];
+
+  for (const line of lines) {
+    const trimmed = line.trim();
+    // Skip lines that are comments or code structure (not document text)
+    if (trimmed.startsWith('//') || trimmed.startsWith('#') || trimmed.startsWith('*') ||
+        trimmed.startsWith('{') || trimmed.startsWith('[') || trimmed.startsWith('}') ||
+        trimmed.startsWith(']') || trimmed.startsWith('/*')) {
+      continue;
+    }
+    documentText.push(line);
+  }
+
+  return documentText.join('\n');
+}
+
 function detectSignals(text) {
   if (!text || typeof text !== 'string') return [];
-  const lower = text.toLowerCase();
+
+  // Apply stratification to reduce false positives from code/comments
+  const stratified = stratifyContent(text);
+  const lower = stratified.toLowerCase();
+
   const found = [];
   for (const [signal, keywords] of Object.entries(SIGNAL_KEYWORDS)) {
     for (const kw of keywords) {
@@ -28,6 +51,30 @@ function detectSignals(text) {
   return [...new Set(found)];
 }
 
+function getToolName(input) {
+  const raw = input.tool_name || input.toolName || input.name || input.tool;
+  if (typeof raw === 'string') return raw;
+  if (raw && typeof raw.name === 'string') return raw.name;
+  return '';
+}
+
+function isWriteLikeTool(input) {
+  const name = getToolName(input).toLowerCase();
+  // Older hook payloads did not include a tool name. Keep those compatible
+  // and let the content/path checks below decide whether there is work to do.
+  if (!name) return true;
+  return (
+    name === 'write' ||
+    name === 'edit' ||
+    name === 'multiedit' ||
+    name === 'notebookedit' ||
+    name === 'apply_patch' ||
+    name.includes('write') ||
+    name.includes('edit') ||
+    name.includes('patch')
+  );
+}
+
 function main() {
   let inputData = '';
   let handled = false;
@@ -38,6 +85,10 @@ function main() {
     handled = true;
     try {
       const input = inputData.trim() ? JSON.parse(inputData) : {};
+      if (!isWriteLikeTool(input)) {
+        process.stdout.write(JSON.stringify({}));
+        return;
+      }
       // Claude Code's PostToolUse payload nests tool args under tool_input.
       // Older/raw shapes put them at the top level; support both.
       const ti = input.tool_input || {};