@evomap/evolver 1.88.0 → 1.88.2

package/index.js

@@ -1332,6 +1332,7 @@ async function main() {
         // Hoist module refs used inside the loop to avoid repeated module lookups per cycle
         const idleScheduler = require('./src/gep/idleScheduler');
         const { shouldDistillFromFailures: shouldDF, autoDistillFromFailures: autoDF } = require('./src/gep/skillDistiller');
+        const { autoDistillLlm } = require('./src/gep/autoDistillLlm'); // P3: autonomous LLM distillation (shadow-first, off by default)
         const { tryExplore } = require('./src/gep/explore');
 
         let currentSleepMs = minSleepMs;
@@ -1454,6 +1455,21 @@ async function main() {
                 } catch (e) {
                   if (isVerbose) console.warn('[OMLS] Distill error: ' + (e.message || e));
                 }
+                // P3: autonomous LLM-quality distillation of SUCCESS capsules.
+                // Default off; shadow logs a candidate; enforce upserts (after a
+                // real run-green gate). Reuses the P1 exec bridge under the hood.
+                if ((process.env.EVOLVER_AUTO_DISTILL_LLM || 'off') !== 'off') {
+                  try {
+                    const llmRes = await autoDistillLlm();
+                    if (llmRes && llmRes.ok && llmRes.gene) {
+                      console.log('[OMLS] Idle-window LLM distillation enforced gene: ' + llmRes.gene.id);
+                    } else if (llmRes && llmRes.reason === 'shadow_logged') {
+                      console.log('[OMLS] LLM distillation shadow candidate: ' + (llmRes.candidate && llmRes.candidate.id));
+                    }
+                  } catch (e) {
+                    if (isVerbose) console.warn('[OMLS] LLM distill error (non-fatal): ' + (e.message || e));
+                  }
+                }
               }
               if (schedule.should_explore) {
                 try {
@@ -1465,6 +1481,22 @@ async function main() {
                   if (isVerbose) console.warn('[OMLS] Explore error: ' + (e.message || e));
                 }
               }
+              // P2: conversation capability -> distilled gene (shadow-only v1).
+              // Deliberately OUTSIDE the should_distill guard: should_distill is
+              // true only at aggressive/deep intensity, but headless/air-gapped
+              // hosts fall back to 'normal', which would make P2 a dead feature.
+              // A freshly-discovered capability is time-relevant; gate it solely on
+              // its own flag + the per-slug cooldown + a non-empty queue (all of
+              // which already bound spend). Default off => zero behavior change.
+              if ((process.env.EVOLVER_CONV_DISTILL_ENABLED || 'off') !== 'off') {
+                try {
+                  const { autoDistillConversation } = require('./src/gep/autoDistillConv');
+                  const convRes = await autoDistillConversation();
+                  if (convRes && convRes.ok) console.log('[P2] conv-distill ' + convRes.mode + ' candidate: ' + (convRes.gene_id || convRes.reason));
+                } catch (e) {
+                  if (isVerbose) console.warn('[P2] conv-distill error (non-fatal): ' + (e.message || e));
+                }
+              }
               if (isVerbose && schedule.idle_seconds >= 0) {
                 console.log(`[OMLS] idle=${schedule.idle_seconds}s intensity=${schedule.intensity} multiplier=${omlsMultiplier}`);
               }
@@ -1691,6 +1723,60 @@ async function main() {
       console.error('[SOLIDIFY] Error:', error);
       process.exit(2);
     }
+  } else if (command === 'exec') {
+    // node index.js exec --harness=claude-code [--once] [--max-cycles N]
+    // P1 auto-exec bridge: run the Brain, scrape its sessions_spawn(...), spawn
+    // the Hand (headless claude) to apply + solidify. Shadow-first opt-in.
+    if (String(process.env.EVOLVE_EXEC_BRIDGE || '').toLowerCase() !== 'true') {
+      console.error('[exec] EVOLVE_EXEC_BRIDGE is not "true". The auto-exec bridge is opt-in. Refusing.');
+      process.exit(2);
+    }
+    const getFlag = (n) => {
+      const i = args.findIndex(a => a === `--${n}` || a.startsWith(`--${n}=`));
+      if (i === -1) return undefined;
+      const h = args[i];
+      if (h.includes('=')) return h.split('=').slice(1).join('='); // --n=value
+      // bare --n: if the next token is a value (not another --flag), consume it
+      // (#179 r6: support `--max-cycles N` space-separated, not just =N). A
+      // trailing bare flag with no following value stays boolean true (e.g. --once).
+      const next = args[i + 1];
+      return (next !== undefined && !next.startsWith('--')) ? next : true;
+    };
+    const harness = String(getFlag('harness') || 'claude-code');
+    const once = getFlag('once') === true;
+    // #179 r7: validate --max-cycles. Number('foo')||0 silently became 0 =
+    // unbounded daemon — a typo must fail fast, not run forever. Absent flag =>
+    // 0 (intentional unbounded). A present value must be a non-negative integer.
+    const rawMaxCycles = getFlag('max-cycles');
+    let maxCycles = 0;
+    if (rawMaxCycles !== undefined && rawMaxCycles !== true) {
+      const n = Number(rawMaxCycles);
+      if (!Number.isInteger(n) || n < 0) {
+        console.error(`[exec] invalid --max-cycles '${rawMaxCycles}' (expected a non-negative integer; 0 or omit = unbounded)`);
+        process.exit(2);
+      }
+      maxCycles = n;
+    } else if (rawMaxCycles === true) {
+      console.error('[exec] --max-cycles requires a value (e.g. --max-cycles 5 or --max-cycles=5)');
+      process.exit(2);
+    }
+    if (!['claude-code', 'openclaw', 'codex', 'opencode'].includes(harness)) {
+      console.error(`[exec] unknown --harness '${harness}' (expected claude-code | openclaw | codex | opencode)`);
+      process.exit(2);
+    }
+    try {
+      const { runExecBridge } = require('./src/gep/execBridge');
+      const res = await runExecBridge({ harness, once, maxCycles });
+      console.log(`[exec] done: cycles=${res.cycles} lastOutcome=${res.lastOutcome}`);
+      // Exit 0 only on a genuine success. A bounded/daemon run that ended in
+      // hand_failed/brain_failed/no_spawn must report non-zero to shells & CI
+      // (Bugbot #179: do not exit 0 on failure just because cycles>0).
+      process.exit(res.lastOutcome === 'success' ? 0 : 1);
+    } catch (error) {
+      console.error('[exec] bridge error:', error && error.message ? error.message : error);
+      process.exit(1);
+    }
+
   } else if (command === 'distill') {
     const responseFileFlag = args.find(a => typeof a === 'string' && a.startsWith('--response-file='));
     if (!responseFileFlag) {
@@ -2677,8 +2763,153 @@ async function main() {
       process.exit(1);
     }
 
+  } else if (command === 'recipe') {
+    // recipe build  — assemble a DNA blueprint from owned Gene/Capsule assets
+    // recipe reuse  — fetch + express an existing recipe into an organism
+    const sub = args[1];
+    const {
+      getHubUrl, getNodeId, getHubNodeSecret, sendHelloToHub, rotateNodeSecret,
+      hubCreateRecipe, hubPublishRecipe, hubGetRecipe, hubExpressRecipe,
+    } = require('./src/gep/a2aProtocol');
+
+    const hubUrl = getHubUrl();
+    if (!hubUrl) {
+      console.error('[recipe] A2A_HUB_URL is not configured. Set A2A_HUB_URL (e.g. https://evomap.ai).');
+      process.exit(1);
+    }
+
+    function flagVal(name) {
+      const eq = args.find(a => typeof a === 'string' && a.startsWith('--' + name + '='));
+      return eq ? eq.split('=').slice(1).join('=') : null;
+    }
+    async function ensureRegistered(tag) {
+      if (!getHubNodeSecret()) {
+        console.log('[' + tag + '] No node_secret found. Registering with Hub...');
+        const hello = await sendHelloToHub();
+        if (!hello || !hello.ok) {
+          console.error('[' + tag + '] Failed to register with Hub:', (hello && hello.error) || 'unknown');
+          process.exit(1);
+        }
+        console.log('[' + tag + '] Registered as ' + getNodeId());
+      }
+    }
+    // True when the hub rejected our node_secret as stale/invalid — the one
+    // case where a rotate-and-retry is the documented recovery.
+    function isStaleSecret(result) {
+      if (!result || result.ok) return false;
+      if (result.status !== 401 && result.status !== 403) return false;
+      const e = String(result.error || '');
+      return e.includes('node_secret_invalid') || e.includes('node_secret_not_set');
+    }
+    // Run a hub call; if it fails because our node_secret is stale, rotate
+    // once and retry. Rotation only works when the CURRENT secret is still
+    // server-valid (the hub authenticates the rotate with it). If the secret
+    // has fully diverged from the server, rotation cannot recover it — that
+    // requires re-registering, so we surface the actionable recovery path
+    // instead of silently looping.
+    let _authRecoveryFailed = false;
+    async function callWithAuthRetry(tag, fn) {
+      let result = await fn();
+      if (isStaleSecret(result) && typeof rotateNodeSecret === 'function' && !_authRecoveryFailed) {
+        console.log('[' + tag + '] node_secret stale; rotating via /a2a/hello and retrying...');
+        const rot = await rotateNodeSecret();
+        if (rot && rot.ok) {
+          result = await fn();
+        } else {
+          _authRecoveryFailed = true;
+          console.error('[' + tag + '] Could not auto-rotate: the local node_secret has diverged from the Hub and can no longer authenticate a rotate.');
+          console.error('  Recover by either:');
+          console.error('    1. Reset Secret on the web (Account -> Reset Secret), then run: node index.js reset-local-secret');
+          console.error('    2. Or register a fresh node: set a new A2A_NODE_ID and retry (auto-provisions).');
+        }
+      }
+      return result;
+    }
+    function reportHubError(tag, result) {
+      console.error('[' + tag + '] Hub call failed' + (result.status ? ' (HTTP ' + result.status + ')' : '') + ': ' + (result.error || 'unknown'));
+      if (result.status === 401 || result.status === 403) console.error('  Auth failed. If this persists, delete ~/.evomap/node_secret and retry.');
+      else if (result.status === 402) console.error('  Insufficient credits. Check your balance at ' + hubUrl);
+    }
+
+    if (sub === 'build') {
+      // --genes=<asset_id,...> ordered; types resolved from the local asset store.
+      const genesArg = flagVal('genes');
+      const title = flagVal('title');
+      const description = flagVal('description');
+      const doPublish = args.includes('--publish');
+      if (!genesArg || !title) {
+        console.error('Usage: node index.js recipe build --title="..." --genes=<asset_id,...> [--description="..."] [--price=N] [--publish]');
+        console.error('  Builds a DRAFT recipe by default. --publish is opt-in and pushes it live.');
+        process.exit(1);
+      }
+      const { loadGenes, loadCapsules } = require('./src/gep/assetStore');
+      const typeById = new Map();
+      try {
+        for (const g of (loadGenes() || [])) if (g && g.asset_id) typeById.set(g.asset_id, 'Gene');
+        for (const c of (loadCapsules() || [])) if (c && c.asset_id) typeById.set(c.asset_id, 'Capsule');
+      } catch (e) { /* fall back to Gene below */ }
+
+      const ids = genesArg.split(',').map(s => s.trim()).filter(Boolean);
+      if (ids.length === 0) { console.error('[recipe build] --genes is empty.'); process.exit(1); }
+      if (ids.length > 20) { console.error('[recipe build] at most 20 steps per recipe.'); process.exit(1); }
+      const steps = ids.map((asset_id, i) => ({
+        asset_id,
+        asset_type: typeById.get(asset_id) || 'Gene',
+        position: i,
+      }));
+
+      await ensureRegistered('recipe build');
+      const priceVal = flagVal('price');
+      const createRes = await callWithAuthRetry('recipe build', () => hubCreateRecipe({
+        title, steps, description: description || undefined,
+        pricePerExecution: priceVal ? Number(priceVal) : undefined,
+      }));
+      if (!createRes.ok) { reportHubError('recipe build', createRes); process.exit(1); }
+      const recipe = (createRes.data && (createRes.data.recipe || createRes.data)) || {};
+      const recipeId = recipe.id;
+      console.log('[recipe build] Created DRAFT recipe ' + recipeId + ' ("' + title + '", ' + steps.length + ' steps).');
+
+      if (doPublish && recipeId) {
+        const pubRes = await callWithAuthRetry('recipe build', () => hubPublishRecipe(recipeId));
+        if (!pubRes.ok) { reportHubError('recipe build', pubRes); process.exit(1); }
+        console.log('[recipe build] Published recipe ' + recipeId + ' to the marketplace.');
+      } else if (!doPublish) {
+        console.log('[recipe build] Left as draft. Re-run with --publish to make it live.');
+      }
+      process.exit(0);
+    } else if (sub === 'reuse') {
+      const recipeId = flagVal('id') || (args[2] && !String(args[2]).startsWith('-') ? args[2] : null);
+      if (!recipeId) {
+        console.error('Usage: node index.js recipe reuse --id=<recipe_id> [--input=<json>]');
+        process.exit(1);
+      }
+      await ensureRegistered('recipe reuse');
+      const getRes = await hubGetRecipe(recipeId);
+      if (!getRes.ok) { reportHubError('recipe reuse', getRes); process.exit(1); }
+      let inputPayload = {};
+      const inputArg = flagVal('input');
+      if (inputArg) {
+        try { inputPayload = JSON.parse(inputArg); }
+        catch (e) { console.error('[recipe reuse] --input must be valid JSON.'); process.exit(1); }
+      }
+      const expRes = await callWithAuthRetry('recipe reuse', () => hubExpressRecipe(recipeId, inputPayload));
+      if (!expRes.ok) { reportHubError('recipe reuse', expRes); process.exit(1); }
+      console.log('[recipe reuse] Expressed recipe ' + recipeId + '.');
+      if (isVerbose) console.log(JSON.stringify(expRes.data, null, 2));
+      process.exit(0);
+    } else {
+      console.error('Usage: node index.js recipe <build|reuse> [flags]');
+      console.error('  build --title="..." --genes=<asset_id,...> [--publish]   (draft unless --publish)');
+      console.error('  reuse --id=<recipe_id> [--input=<json>]');
+      process.exit(1);
+    }
+
   } else {
-    console.log(`Usage: node index.js [run|/evolve|solidify|review|distill|fetch|sync|asset-log|webui|setup-hooks|buy|orders|verify|atp|atp-complete] [--loop]
+    console.log(`Usage: node index.js [run|/evolve|solidify|review|distill|fetch|sync|asset-log|webui|setup-hooks|recipe|buy|orders|verify|atp|atp-complete] [--loop]
+  - recipe flags:
+    - build --title="..." --genes=<asset_id,...> [--description] [--price=N] [--publish]
+                              (builds a DRAFT DNA blueprint; --publish is opt-in)
+    - reuse --id=<recipe_id> [--input=<json>]   (express a recipe into an organism)
   - fetch flags:
     - --skill=<id> | -s <id>   (skill ID to download)
     - --out=<dir>              (output directory, default: ./skills/<skill_id>)

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@evomap/evolver",
-  "version": "1.88.0",
+  "version": "1.88.2",
   "description": "A GEP-powered self-evolution engine for AI agents. Features automated log analysis and Genome Evolution Protocol (GEP) for auditable, reusable evolution assets.",
   "main": "index.js",
   "bin": {
@@ -37,6 +37,7 @@
   },
   "dependencies": {
     "@aws-sdk/client-bedrock-runtime": "^3.1053.0",
+    "@evomap/atp-sdk": "^0.1.0",
     "@evomap/gep-sdk": "^1.5.0",
     "dotenv": "^16.4.7",
     "undici": "^7.0.0"

package/src/adapters/claudeCode.js

@@ -20,6 +20,24 @@ function buildClaudeHooks(evolverRoot) {
           ],
         },
       ],
+      UserPromptSubmit: [
+        {
+          hooks: [
+            {
+              type: 'command',
+              // Runtime asset injection (P4-c). DEFAULT off (EVOLVER_RECALL_MODE
+              // unset/off -> emits {} without reading the prompt). The script
+              // owns an absolute 3.3s watchdog that always exits 0 with valid
+              // JSON (fail-open); this host timeout (5s) is a strict backstop
+              // ABOVE that watchdog, so the host never kills the script
+              // mid-write. A stuck/slow recall can never block or erase the
+              // user's prompt.
+              command: `node ${scriptsBase}/evolver-task-recall.js`,
+              timeout: 5,
+            },
+          ],
+        },
+      ],
       PostToolUse: [
         {
           matcher: 'Write',
@@ -55,6 +73,8 @@ This project uses evolver for self-evolution. Hooks automatically:
 1. Inject recent evolution memory at session start
 2. Detect evolution signals during file edits
 3. Record outcomes at session end
+4. (Opt-in) Surface matching distilled capabilities for each prompt — set
+   \`EVOLVER_RECALL_MODE=shadow\` to preview, \`enforce\` to inject (default off).
 
 For substantive tasks, call \`gep_recall\` before work and \`gep_record_outcome\` after.
 Signals: log_error, perf_bottleneck, user_feature_request, capability_gap, deployment_issue, test_failure.`;
@@ -126,7 +146,7 @@ function uninstall({ configRoot }) {
                 const innerBefore = matcher.hooks.length;
                 const filtered = matcher.hooks.filter(h => {
                   const cmd = (h && h.command) || '';
-                  return !cmd.includes('evolver-session') && !cmd.includes('evolver-signal');
+                  return !cmd.includes('evolver-session') && !cmd.includes('evolver-signal') && !cmd.includes('evolver-task-recall');
                 });
                 // A matcher containing both evolver and user hooks shrinks
                 // its inner array without changing the outer matcher count.

package/src/adapters/hookAdapter.js

@@ -76,7 +76,7 @@ function mergeWithHooksUnion(target, source) {
       if (tArr && sArr) {
         const isEvolverOwned = (entry) => {
           const cmds = collectCommands(entry);
-          return cmds.some(c => c.includes('evolver-session') || c.includes('evolver-signal'));
+          return cmds.some(c => c.includes('evolver-session') || c.includes('evolver-signal') || c.includes('evolver-task-recall'));
         };
         const userEntries = tArr.filter(e => !isEvolverOwned(e));
         result.hooks[event] = [...userEntries, ...sArr];
@@ -171,6 +171,7 @@ function copyHookScripts(destDir, evolverRoot) {
     'evolver-session-start.js',
     'evolver-signal-detect.js',
     'evolver-session-end.js',
+    'evolver-task-recall.js',
   ];
   fs.mkdirSync(destDir, { recursive: true });
   const copied = [];
@@ -224,7 +225,7 @@ function removeEvolverHooks(filePath, { markerKey = '_evolver_managed' } = {}) {
           const before = data.hooks[event].length;
           data.hooks[event] = data.hooks[event].filter(h => {
             const cmd = h.command || '';
-            return !cmd.includes('evolver-session') && !cmd.includes('evolver-signal');
+            return !cmd.includes('evolver-session') && !cmd.includes('evolver-signal') && !cmd.includes('evolver-task-recall');
           });
           if (data.hooks[event].length !== before) changed = true;
           if (data.hooks[event].length === 0) delete data.hooks[event];
@@ -257,6 +258,7 @@ function removeHookScripts(hooksDir) {
     'evolver-session-start.js',
     'evolver-signal-detect.js',
     'evolver-session-end.js',
+    'evolver-task-recall.js',
   ];
   let removed = 0;
   for (const name of scripts) {

package/src/adapters/scripts/evolver-session-start.js

@@ -199,14 +199,18 @@ function getDedupStatePath() {
   return path.join(dir, 'session-start-state.json');
 }
 
-// TTL throttle keyed by an arbitrary string, persisted in session-start-state
-// .json. Returns true if `key` fired within the last `ttlMs` (caller should
-// suppress); otherwise records "now" for `key` and returns false. Best-effort:
-// a state read/write failure just means no throttling (fail open). Shared by
-// the Kiro per-prompt dedup and the non-git notice so both age out of the same
-// file (entries older than 24h are pruned on write).
-function throttled(key, ttlMs) {
-  const statePath = getDedupStatePath();
+function getNoticeStatePath() {
+  const dir = process.env.EVOLVER_SESSION_STATE_DIR
+    || path.join(os.homedir(), '.evolver');
+  try { fs.mkdirSync(dir, { recursive: true }); } catch { /* ignore */ }
+  return path.join(dir, 'session-start-notice-state.json');
+}
+
+// TTL throttle keyed by an arbitrary string. Returns true if `key` fired within
+// the last `ttlMs` (caller should suppress); otherwise records "now" for `key`
+// and returns false. Best-effort: a state read/write failure just means no
+// throttling (fail open). Entries older than 24h are pruned on write.
+function throttled(key, ttlMs, statePath) {
   let state = {};
   try {
     if (fs.existsSync(statePath)) {
@@ -241,7 +245,7 @@ function shouldSkipInjection() {
   if (!dedupEnabled) return false;
 
   const ttlMs = Number(process.env.EVOLVER_SESSION_START_DEDUP_TTL_MS) || (30 * 60 * 1000);
-  return throttled(process.cwd(), ttlMs);
+  return throttled(process.cwd(), ttlMs, getDedupStatePath());
 }
 
 function main() {
@@ -256,7 +260,7 @@ function main() {
   // from git diffs), so tell the user — once per folder per TTL — instead of
   // failing silently. Emitted regardless of whether any memory exists below.
   const parts = [];
-  if (!isGitWorkspace(currentDir) && !throttled('nongit:' + currentDir, NON_GIT_NOTICE_TTL_MS)) {
+  if (!isGitWorkspace(currentDir) && !throttled('nongit:' + currentDir, NON_GIT_NOTICE_TTL_MS, getNoticeStatePath())) {
     parts.push(NON_GIT_NOTICE);
   }
 

package/src/adapters/scripts/evolver-task-recall.js

@@ -0,0 +1,173 @@
+#!/usr/bin/env node
+// evolver-task-recall.js
+// UserPromptSubmit hook: on each user prompt, find GEP assets (Hub genes +
+// local genes) that match the task and inject a distilled hint so a GENERAL
+// agent benefits from prior distilled capabilities without manually calling
+// MCP tools. This is the per-harness shell around src/gep/recallInject.js.
+//
+// Input  (stdin JSON, Claude Code UserPromptSubmit):
+//   { "prompt": "...", "session_id", "cwd", "transcript_path", ... }
+// Output (stdout JSON, exit 0 ALWAYS):
+//   enforce + match -> { agent_message, additionalContext,
+//                        hookSpecificOutput: { hookEventName, additionalContext } }
+//   everything else -> {}   (injects nothing)
+//
+// DESIGN CONTRACT (the fail-open core — see also recallInject.js invariants):
+//   - DEFAULT off. off finishes {} WITHOUT parsing the prompt body.
+//   - shadow computes + logs what WOULD inject but injects nothing.
+//   - enforce injects the distilled hint.
+//   - FAIL-OPEN: any error/timeout/empty -> exactly one finish({}). The hook
+//     blocks the user's prompt, so it must NEVER hang or crash the session.
+//     Claude Code's timeout fail-open behaviour is UNDOCUMENTED, so we own the
+//     deadline ourselves with a single watchdog + latch (never rely on the
+//     host to kill us gracefully).
+//   - STDOUT is a single JSON object. Any stray console.log() from a
+//     transitively-required module (e.g. signals._mergeSignals, hubSearch
+//     fetch-cost log, assetStore seeding) would corrupt it — so we redirect
+//     console.* to stderr before requiring anything heavy.
+
+'use strict';
+
+// --- stdout-poison defense: route all console.* to stderr ------------------
+// Modules we require (hubSearch, signals, assetStore, …) call console.log,
+// which writes to stdout. The hook contract is ONE JSON object on stdout, so
+// we redirect every console method to stderr. stderr on exit 0 is not fed to
+// the model for UserPromptSubmit; on non-2 exit only its first line shows in
+// the transcript as a hook-error notice — acceptable and we exit 0 anyway.
+for (const m of ['log', 'info', 'warn', 'error', 'debug']) {
+  try { console[m] = function () { try { process.stderr.write(''); } catch (_) {} }; } catch (_) {}
+}
+
+const path = require('path');
+
+// ---- Timing budget, coherent with the host kill ---------------------------
+// The host (Claude Code) kills this process at the hook's `timeout` (5s in
+// buildClaudeHooks -> 5000ms). Our OWN absolute watchdog MUST fire comfortably
+// BEFORE that, or the host could kill us mid-write and break the fail-open
+// stdout contract. So:
+//   ABSOLUTE_DEADLINE_MS (3300) < host 5000ms  -> ~1.7s headroom for finish().
+// EVOLVER_RECALL_TIMEOUT_MS is the Hub SEARCH budget only (clamped well under
+// the absolute deadline). The actual budget handed to the search is computed
+// DYNAMICALLY at search-start as (deadline - already-elapsed - safety), so
+// slow stdin/require can never let the search run past the watchdog (which
+// would otherwise spuriously return {} — Bugbot #183 medium findings).
+const T0 = Date.now();
+const ABSOLUTE_DEADLINE_MS = 3300;   // watchdog; strictly < host timeout (5000ms)
+const SEARCH_SAFETY_MS = 250;        // leave room for finish() after the search
+const MIN_SEARCH_MS = 300;           // below this, skip the search (finish {})
+
+function getSearchBudgetMs() {
+  const n = parseInt(process.env.EVOLVER_RECALL_TIMEOUT_MS, 10);
+  // Hard cap at 2800 so even a max-budget search starts and ends before the
+  // 3300ms watchdog under any realistic startup cost.
+  return Number.isFinite(n) && n >= 500 && n <= 2800 ? n : 2000;
+}
+
+function getMode() {
+  const v = String(process.env.EVOLVER_RECALL_MODE || '').toLowerCase().trim();
+  return v === 'shadow' || v === 'enforce' ? v : 'off';
+}
+
+let handled = false;
+let watchdog = null;
+
+// Single-writer latch: exactly one stdout write, exactly one exit. Mirrors the
+// proven pattern in evolver-signal-detect.js / evolver-session-end.js.
+function finish(obj) {
+  if (handled) return;
+  handled = true;
+  if (watchdog) { try { clearTimeout(watchdog); } catch (_) {} }
+  try { process.stdout.write(JSON.stringify(obj || {})); } catch (_) {}
+  process.exit(0);
+}
+
+function main() {
+  const mode = getMode();
+
+  // Absolute watchdog, armed at process entry and INDEPENDENT of the search
+  // budget. Fires at ABSOLUTE_DEADLINE_MS (3300ms) — strictly under the host's
+  // timeout (5000ms) so the host can never kill us mid-write. If stdin never
+  // closes OR anything hangs, we emit {} and exit cleanly first.
+  watchdog = setTimeout(() => finish({}), ABSOLUTE_DEADLINE_MS);
+
+  let buf = '';
+  try {
+    process.stdin.setEncoding('utf8');
+  } catch (_) { /* some hosts pass no stdin */ }
+  process.stdin.on('data', (c) => { buf += c; });
+  process.stdin.on('error', () => finish({}));
+  process.stdin.on('end', () => {
+    if (handled) return;
+
+    // off: do NOT even parse the prompt body (privacy: nothing read/sent).
+    if (mode === 'off') return finish({});
+
+    let prompt = '';
+    let sessionId = '';
+    try {
+      const input = buf.trim() ? JSON.parse(buf) : {};
+      prompt = String(input.prompt || '').trim();
+      sessionId = String(input.session_id || input.sessionId || '').trim();
+    } catch (_) {
+      return finish({});
+    }
+    if (prompt.length < 8) return finish({}); // trivial prompt -> skip
+
+    // Heavy require INSIDE try/catch: a broken require graph must fail open,
+    // not crash the user's prompt (this is also why the e2e test runs the
+    // copied hook with mode=off and asserts exit 0 + parseable stdout).
+    let core;
+    try {
+      const { findEvolverRoot } = require('./_runtimePaths');
+      const root = findEvolverRoot();
+      if (!root) return finish({});
+      core = require(path.join(root, 'src', 'gep', 'recallInject.js'));
+    } catch (_) {
+      return finish({});
+    }
+
+    // Pass the ABSOLUTE deadline (T0 + watchdog window) plus the configured
+    // search cap. The core bounds the Hub call by the time REMAINING to that
+    // deadline (minus its own post-await safety margin) and runs local-gene
+    // disk I/O BEFORE the Hub await — so neither the Hub search nor the
+    // post-processing can overrun the watchdog (Bugbot #183: slow startup or a
+    // budget-eating Hub call must not let the timer fire mid-work). If too
+    // little time remains even before starting, skip and fail open.
+    const elapsed = Date.now() - T0;
+    const remaining = ABSOLUTE_DEADLINE_MS - elapsed - SEARCH_SAFETY_MS;
+    if (remaining < MIN_SEARCH_MS) return finish({});
+    const deadlineMs = T0 + ABSOLUTE_DEADLINE_MS;
+
+    Promise.resolve()
+      .then(() => core.recallForTask({ prompt, mode, sessionId, timeoutMs: getSearchBudgetMs(), deadlineMs }))
+      .then((r) => {
+        if (r && r.inject && r.text) {
+          // Emit BOTH shapes:
+          //   - nested hookSpecificOutput.additionalContext is the DOCUMENTED
+          //     canonical UserPromptSubmit injection shape (system-reminder,
+          //     no transcript noise).
+          //   - flat additionalContext / agent_message match the in-repo
+          //     precedent (session-start.js) for hosts that read the flat key.
+          // Extra keys are tolerated/ignored by hosts; whichever wins, the
+          // other is harmless.
+          return finish({
+            agent_message: r.text,
+            additionalContext: r.text,
+            hookSpecificOutput: {
+              hookEventName: 'UserPromptSubmit',
+              additionalContext: r.text,
+            },
+          });
+        }
+        // shadow (logged inside the core) and no-match both inject nothing.
+        return finish({});
+      })
+      .catch(() => finish({}));
+  });
+}
+
+if (require.main === module) {
+  main();
+} else {
+  module.exports = { getMode, getSearchBudgetMs };
+}

package/src/atp/atpExecute.js

@@ -59,7 +59,7 @@ function _buildGene(capabilities, signals) {
     : ['atp_task'];
   const gene = {
     type: 'Gene',
-    schema_version: '1.0',
+    schema_version: '1.0.0',
     id: 'gene_atp_answer_' + caps.sort().join('_').slice(0, 40),
     summary: 'Deliver an ATP task answer for capabilities: ' + caps.join(', '),
     signals_match: sig,
@@ -69,6 +69,9 @@ function _buildGene(capabilities, signals) {
       'Produce a concrete, actionable answer addressing the question directly.',
       'Return the answer as Capsule content for verifiable delivery.',
     ],
+    // gep-sdk Gene schema requires `constraints`; an ATP answer edits no
+    // files, so the blast radius is empty rather than left unbounded.
+    constraints: { max_files: 0, forbidden_paths: [] },
     validation: [
       'Answer is non-empty and directly addresses the buyer question.',
       'Answer references the requested capabilities where relevant.',
@@ -86,7 +89,7 @@ function _buildCapsule({ gene, answer, summary, orderId, taskId, capabilities, s
     || 'ATP merchant delivery for order ' + String(orderId || '').slice(0, 24);
   const capsule = {
     type: 'Capsule',
-    schema_version: '1.0',
+    schema_version: '1.0.0',
     id: 'capsule_atp_' + String(orderId || taskId || Date.now()).replace(/[^a-zA-Z0-9_\-]/g, '_').slice(0, 40),
     trigger: sig,
     gene: gene.id,
@@ -96,11 +99,21 @@ function _buildCapsule({ gene, answer, summary, orderId, taskId, capabilities, s
     outcome: { status: 'success', score: confidence },
     env_fingerprint: { platform: process.platform, arch: process.arch, runtime: 'evolver-atp' },
     content: answer,
-    source_type: 'atp_task_executor',
-    atp: {
-      order_id: orderId || null,
-      task_id: taskId || null,
-      capabilities: caps,
+    // 'generated' is the gep-sdk source_type enum value for a freshly
+    // produced asset; the ATP-specific provenance rides in `a2a.atp` below.
+    source_type: 'generated',
+    // The order/task association MUST live under `a2a`, not as a top-level
+    // `atp` key: the Hub's payload sanitizer allow-lists `a2a` but not `atp`
+    // (CAPSULE_ALLOWED_FIELDS), so a top-level `atp` was being silently
+    // stripped on publish and the association never reached the Hub. `a2a`
+    // is also an open object in gep-sdk's Capsule schema, so this keeps the
+    // bundle GEP-valid.
+    a2a: {
+      atp: {
+        order_id: orderId || null,
+        task_id: taskId || null,
+        capabilities: caps,
+      },
     },
   };
   capsule.asset_id = computeAssetId(capsule);