@evomap/evolver 1.88.1 → 1.88.3

package/src/adapters/scripts/evolver-task-recall.js

@@ -0,0 +1,173 @@
+#!/usr/bin/env node
+// evolver-task-recall.js
+// UserPromptSubmit hook: on each user prompt, find GEP assets (Hub genes +
+// local genes) that match the task and inject a distilled hint so a GENERAL
+// agent benefits from prior distilled capabilities without manually calling
+// MCP tools. This is the per-harness shell around src/gep/recallInject.js.
+//
+// Input  (stdin JSON, Claude Code UserPromptSubmit):
+//   { "prompt": "...", "session_id", "cwd", "transcript_path", ... }
+// Output (stdout JSON, exit 0 ALWAYS):
+//   enforce + match -> { agent_message, additionalContext,
+//                        hookSpecificOutput: { hookEventName, additionalContext } }
+//   everything else -> {}   (injects nothing)
+//
+// DESIGN CONTRACT (the fail-open core — see also recallInject.js invariants):
+//   - DEFAULT off. off finishes {} WITHOUT parsing the prompt body.
+//   - shadow computes + logs what WOULD inject but injects nothing.
+//   - enforce injects the distilled hint.
+//   - FAIL-OPEN: any error/timeout/empty -> exactly one finish({}). The hook
+//     blocks the user's prompt, so it must NEVER hang or crash the session.
+//     Claude Code's timeout fail-open behaviour is UNDOCUMENTED, so we own the
+//     deadline ourselves with a single watchdog + latch (never rely on the
+//     host to kill us gracefully).
+//   - STDOUT is a single JSON object. Any stray console.log() from a
+//     transitively-required module (e.g. signals._mergeSignals, hubSearch
+//     fetch-cost log, assetStore seeding) would corrupt it — so we redirect
+//     console.* to stderr before requiring anything heavy.
+
+'use strict';
+
+// --- stdout-poison defense: route all console.* to stderr ------------------
+// Modules we require (hubSearch, signals, assetStore, …) call console.log,
+// which writes to stdout. The hook contract is ONE JSON object on stdout, so
+// we redirect every console method to stderr. stderr on exit 0 is not fed to
+// the model for UserPromptSubmit; on non-2 exit only its first line shows in
+// the transcript as a hook-error notice — acceptable and we exit 0 anyway.
+for (const m of ['log', 'info', 'warn', 'error', 'debug']) {
+  try { console[m] = function () { try { process.stderr.write(''); } catch (_) {} }; } catch (_) {}
+}
+
+const path = require('path');
+
+// ---- Timing budget, coherent with the host kill ---------------------------
+// The host (Claude Code) kills this process at the hook's `timeout` (5s in
+// buildClaudeHooks -> 5000ms). Our OWN absolute watchdog MUST fire comfortably
+// BEFORE that, or the host could kill us mid-write and break the fail-open
+// stdout contract. So:
+//   ABSOLUTE_DEADLINE_MS (3300) < host 5000ms  -> ~1.7s headroom for finish().
+// EVOLVER_RECALL_TIMEOUT_MS is the Hub SEARCH budget only (clamped well under
+// the absolute deadline). The actual budget handed to the search is computed
+// DYNAMICALLY at search-start as (deadline - already-elapsed - safety), so
+// slow stdin/require can never let the search run past the watchdog (which
+// would otherwise spuriously return {} — Bugbot #183 medium findings).
+const T0 = Date.now();
+const ABSOLUTE_DEADLINE_MS = 3300;   // watchdog; strictly < host timeout (5000ms)
+const SEARCH_SAFETY_MS = 250;        // leave room for finish() after the search
+const MIN_SEARCH_MS = 300;           // below this, skip the search (finish {})
+
+function getSearchBudgetMs() {
+  const n = parseInt(process.env.EVOLVER_RECALL_TIMEOUT_MS, 10);
+  // Hard cap at 2800 so even a max-budget search starts and ends before the
+  // 3300ms watchdog under any realistic startup cost.
+  return Number.isFinite(n) && n >= 500 && n <= 2800 ? n : 2000;
+}
+
+function getMode() {
+  const v = String(process.env.EVOLVER_RECALL_MODE || '').toLowerCase().trim();
+  return v === 'shadow' || v === 'enforce' ? v : 'off';
+}
+
+let handled = false;
+let watchdog = null;
+
+// Single-writer latch: exactly one stdout write, exactly one exit. Mirrors the
+// proven pattern in evolver-signal-detect.js / evolver-session-end.js.
+function finish(obj) {
+  if (handled) return;
+  handled = true;
+  if (watchdog) { try { clearTimeout(watchdog); } catch (_) {} }
+  try { process.stdout.write(JSON.stringify(obj || {})); } catch (_) {}
+  process.exit(0);
+}
+
+function main() {
+  const mode = getMode();
+
+  // Absolute watchdog, armed at process entry and INDEPENDENT of the search
+  // budget. Fires at ABSOLUTE_DEADLINE_MS (3300ms) — strictly under the host's
+  // timeout (5000ms) so the host can never kill us mid-write. If stdin never
+  // closes OR anything hangs, we emit {} and exit cleanly first.
+  watchdog = setTimeout(() => finish({}), ABSOLUTE_DEADLINE_MS);
+
+  let buf = '';
+  try {
+    process.stdin.setEncoding('utf8');
+  } catch (_) { /* some hosts pass no stdin */ }
+  process.stdin.on('data', (c) => { buf += c; });
+  process.stdin.on('error', () => finish({}));
+  process.stdin.on('end', () => {
+    if (handled) return;
+
+    // off: do NOT even parse the prompt body (privacy: nothing read/sent).
+    if (mode === 'off') return finish({});
+
+    let prompt = '';
+    let sessionId = '';
+    try {
+      const input = buf.trim() ? JSON.parse(buf) : {};
+      prompt = String(input.prompt || '').trim();
+      sessionId = String(input.session_id || input.sessionId || '').trim();
+    } catch (_) {
+      return finish({});
+    }
+    if (prompt.length < 8) return finish({}); // trivial prompt -> skip
+
+    // Heavy require INSIDE try/catch: a broken require graph must fail open,
+    // not crash the user's prompt (this is also why the e2e test runs the
+    // copied hook with mode=off and asserts exit 0 + parseable stdout).
+    let core;
+    try {
+      const { findEvolverRoot } = require('./_runtimePaths');
+      const root = findEvolverRoot();
+      if (!root) return finish({});
+      core = require(path.join(root, 'src', 'gep', 'recallInject.js'));
+    } catch (_) {
+      return finish({});
+    }
+
+    // Pass the ABSOLUTE deadline (T0 + watchdog window) plus the configured
+    // search cap. The core bounds the Hub call by the time REMAINING to that
+    // deadline (minus its own post-await safety margin) and runs local-gene
+    // disk I/O BEFORE the Hub await — so neither the Hub search nor the
+    // post-processing can overrun the watchdog (Bugbot #183: slow startup or a
+    // budget-eating Hub call must not let the timer fire mid-work). If too
+    // little time remains even before starting, skip and fail open.
+    const elapsed = Date.now() - T0;
+    const remaining = ABSOLUTE_DEADLINE_MS - elapsed - SEARCH_SAFETY_MS;
+    if (remaining < MIN_SEARCH_MS) return finish({});
+    const deadlineMs = T0 + ABSOLUTE_DEADLINE_MS;
+
+    Promise.resolve()
+      .then(() => core.recallForTask({ prompt, mode, sessionId, timeoutMs: getSearchBudgetMs(), deadlineMs }))
+      .then((r) => {
+        if (r && r.inject && r.text) {
+          // Emit BOTH shapes:
+          //   - nested hookSpecificOutput.additionalContext is the DOCUMENTED
+          //     canonical UserPromptSubmit injection shape (system-reminder,
+          //     no transcript noise).
+          //   - flat additionalContext / agent_message match the in-repo
+          //     precedent (session-start.js) for hosts that read the flat key.
+          // Extra keys are tolerated/ignored by hosts; whichever wins, the
+          // other is harmless.
+          return finish({
+            agent_message: r.text,
+            additionalContext: r.text,
+            hookSpecificOutput: {
+              hookEventName: 'UserPromptSubmit',
+              additionalContext: r.text,
+            },
+          });
+        }
+        // shadow (logged inside the core) and no-match both inject nothing.
+        return finish({});
+      })
+      .catch(() => finish({}));
+  });
+}
+
+if (require.main === module) {
+  main();
+} else {
+  module.exports = { getMode, getSearchBudgetMs };
+}

package/src/atp/atpExecute.js

@@ -59,7 +59,7 @@ function _buildGene(capabilities, signals) {
     : ['atp_task'];
   const gene = {
     type: 'Gene',
-    schema_version: '1.0',
+    schema_version: '1.0.0',
     id: 'gene_atp_answer_' + caps.sort().join('_').slice(0, 40),
     summary: 'Deliver an ATP task answer for capabilities: ' + caps.join(', '),
     signals_match: sig,
@@ -69,6 +69,9 @@ function _buildGene(capabilities, signals) {
       'Produce a concrete, actionable answer addressing the question directly.',
       'Return the answer as Capsule content for verifiable delivery.',
     ],
+    // gep-sdk Gene schema requires `constraints`; an ATP answer edits no
+    // files, so the blast radius is empty rather than left unbounded.
+    constraints: { max_files: 0, forbidden_paths: [] },
     validation: [
       'Answer is non-empty and directly addresses the buyer question.',
       'Answer references the requested capabilities where relevant.',
@@ -86,7 +89,7 @@ function _buildCapsule({ gene, answer, summary, orderId, taskId, capabilities, s
     || 'ATP merchant delivery for order ' + String(orderId || '').slice(0, 24);
   const capsule = {
     type: 'Capsule',
-    schema_version: '1.0',
+    schema_version: '1.0.0',
     id: 'capsule_atp_' + String(orderId || taskId || Date.now()).replace(/[^a-zA-Z0-9_\-]/g, '_').slice(0, 40),
     trigger: sig,
     gene: gene.id,
@@ -96,11 +99,21 @@ function _buildCapsule({ gene, answer, summary, orderId, taskId, capabilities, s
     outcome: { status: 'success', score: confidence },
     env_fingerprint: { platform: process.platform, arch: process.arch, runtime: 'evolver-atp' },
     content: answer,
-    source_type: 'atp_task_executor',
-    atp: {
-      order_id: orderId || null,
-      task_id: taskId || null,
-      capabilities: caps,
+    // 'generated' is the gep-sdk source_type enum value for a freshly
+    // produced asset; the ATP-specific provenance rides in `a2a.atp` below.
+    source_type: 'generated',
+    // The order/task association MUST live under `a2a`, not as a top-level
+    // `atp` key: the Hub's payload sanitizer allow-lists `a2a` but not `atp`
+    // (CAPSULE_ALLOWED_FIELDS), so a top-level `atp` was being silently
+    // stripped on publish and the association never reached the Hub. `a2a`
+    // is also an open object in gep-sdk's Capsule schema, so this keeps the
+    // bundle GEP-valid.
+    a2a: {
+      atp: {
+        order_id: orderId || null,
+        task_id: taskId || null,
+        capabilities: caps,
+      },
     },
   };
   capsule.asset_id = computeAssetId(capsule);

package/src/atp/cli.js

@@ -14,6 +14,14 @@
 // injectable for tests. Each runner returns a Promise that resolves to
 // { exitCode: number, output?: string, data?: object }.
 
+const {
+  ATP_VERIFY_MODES,
+  ATP_VERIFY_ACTIONS,
+  ATP_ROUTING_MODES,
+  ATP_PROOF_STATUSES,
+  ATP_ROLES,
+} = require('./protocol');
+
 function _parseNamed(args, longFlag, shortFlag) {
   const long = args.findIndex(a => typeof a === 'string' && (a === longFlag || a.startsWith(longFlag + '=')));
   if (long !== -1) {
@@ -83,11 +91,11 @@ function parseBuyArgs(args) {
 
 function parseOrdersArgs(args) {
   const role = _parseNamed(args, '--role', null);
-  if (role && !['consumer', 'merchant'].includes(role)) {
-    return { ok: false, error: 'invalid --role: ' + role + ' (expected consumer|merchant)' };
+  if (role && !ATP_ROLES.includes(role)) {
+    return { ok: false, error: 'invalid --role: ' + role + ' (expected ' + ATP_ROLES.join('|') + ')' };
   }
   const status = _parseNamed(args, '--status', null);
-  if (status && !['pending', 'verified', 'disputed', 'settled'].includes(status)) {
+  if (status && !ATP_PROOF_STATUSES.includes(status)) {
     return { ok: false, error: 'invalid --status: ' + status };
   }
   const limitRaw = _parseNamed(args, '--limit', null);
@@ -112,8 +120,8 @@ function parseVerifyArgs(args) {
     return { ok: false, error: 'verify requires <orderId>' };
   }
   const action = _parseNamed(args, '--action', null) || 'confirm';
-  if (!['confirm', 'ai_judge'].includes(action)) {
-    return { ok: false, error: 'invalid --action: ' + action + ' (expected confirm|ai_judge)' };
+  if (!ATP_VERIFY_ACTIONS.includes(action)) {
+    return { ok: false, error: 'invalid --action: ' + action + ' (expected ' + ATP_VERIFY_ACTIONS.join('|') + ')' };
   }
   return { ok: true, opts: { orderId, action } };
 }
@@ -324,11 +332,11 @@ async function runAtp(opts, deps) {
 function printUsage() {
   return [
     'ATP subcommands:',
-    '  evolver buy <caps> [--budget=N] [--question "..."] [--routing=fastest|cheapest|auction|swarm]',
-    '              [--verify=auto|ai_judge|bilateral] [--no-wait] [--timeout=<seconds>]',
-    '  evolver orders [--role=consumer|merchant] [--status=pending|verified|disputed|settled]',
+    '  evolver buy <caps> [--budget=N] [--question "..."] [--routing=' + ATP_ROUTING_MODES.join('|') + ']',
+    '              [--verify=' + ATP_VERIFY_MODES.join('|') + '] [--no-wait] [--timeout=<seconds>]',
+    '  evolver orders [--role=' + ATP_ROLES.join('|') + '] [--status=' + ATP_PROOF_STATUSES.join('|') + ']',
     '                 [--limit=N] [--json]',
-    '  evolver verify <orderId> [--action=confirm|ai_judge]',
+    '  evolver verify <orderId> [--action=' + ATP_VERIFY_ACTIONS.join('|') + ']',
     '  evolver atp <enable|disable|status>   -- manage auto-spend consent',
   ].join('\n');
 }

package/src/atp/protocol.js

@@ -0,0 +1,41 @@
+// Protocol-level enum constants for the Agent Transaction Protocol.
+//
+// These values (verify modes, routing modes, proof statuses, roles,
+// execution modes) live in @evomap/atp-sdk. This module is a thin
+// CommonJS facade so callsites in src/atp/ can `require('./protocol')`
+// for the authoritative sets instead of re-spelling the literals.
+//
+// Why move them out: ATP is the wire contract between this engine, the
+// EvoMap Hub, and (in future) evox-Rust. Hand-maintaining the allowed
+// value sets in each implementation is exactly the drift that the
+// v1.80.8 "explore" enum incident taught us to avoid for GEP. The ATP
+// contract is extracted into its own SDK before a second runtime wires
+// in, while it is still cheap. If you find yourself writing an enum
+// list literal here again (e.g. ['pending','verified',...]), stop --
+// import the constant from this facade instead, and bump
+// @evomap/atp-sdk if the set itself needs to change.
+//
+// Implementation note: @evomap/atp-sdk is published as ESM
+// (`"type": "module"`). Node supports `require()` of synchronous ESM
+// packages on 22.12.0 and later. The SDK itself stays permissive
+// (`engines.node >=18`) so `import`-based consumers on 18/20 aren't
+// blocked; the `>=22.12` guarantee that makes the require() below work
+// is pinned in THIS package's (evolver's) `engines.node`, not the SDK's.
+
+const {
+  ATP_VERIFY_MODES,
+  ATP_VERIFY_ACTIONS,
+  ATP_ROUTING_MODES,
+  ATP_PROOF_STATUSES,
+  ATP_ROLES,
+  ATP_EXECUTION_MODES,
+} = require('@evomap/atp-sdk');
+
+module.exports = {
+  ATP_VERIFY_MODES,
+  ATP_VERIFY_ACTIONS,
+  ATP_ROUTING_MODES,
+  ATP_PROOF_STATUSES,
+  ATP_ROLES,
+  ATP_EXECUTION_MODES,
+};

package/src/config.js

@@ -136,9 +136,14 @@ const REPAIR_LOOP_THRESHOLD = envInt('EVOLVER_REPAIR_LOOP_THRESHOLD', 3);
 //
 // GENE_BAN_PER_KEY_ATTEMPTS:    minimum attempts on the same signal key
 // GENE_BAN_BEST_THRESHOLD:      best success rate at or below which the Gene is banned
+// GENE_INERT_BAN_STREAK:        consecutive inert (stable_no_error, zero-work) outcomes
+//                               on a signal key after which a Gene with no real
+//                               success is banned, so --loop selection explores
+//                               instead of re-running a do-nothing gene (#562)
 // GENE_EPIGENETIC_HARD_BOOST:   epigenetic boost at or below which the Gene is hard-suppressed
 const GENE_BAN_PER_KEY_ATTEMPTS = envInt('EVOLVER_GENE_BAN_PER_KEY_ATTEMPTS', 4);
 const GENE_BAN_BEST_THRESHOLD = envFloat('EVOLVER_GENE_BAN_BEST_THRESHOLD', 0.15);
+const GENE_INERT_BAN_STREAK = envInt('EVOLVER_GENE_INERT_BAN_STREAK', 8);
 const GENE_EPIGENETIC_HARD_BOOST = envFloat('EVOLVER_GENE_EPIGENETIC_HARD_BOOST', -0.3);
 const SESSION_ARCHIVE_TRIGGER = envInt('EVOLVER_SESSION_ARCHIVE_TRIGGER', 100);
 const SESSION_ARCHIVE_KEEP = envInt('EVOLVER_SESSION_ARCHIVE_KEEP', 50);
@@ -177,6 +182,26 @@ const SELF_PR_TIMEOUT_MS = envInt('EVOLVER_SELF_PR_TIMEOUT_MS', 30000);
 
 const LEAK_CHECK_MODE = envStr('EVOLVER_LEAK_CHECK', 'strict');
 
+// --- Reuse attribution (P4-a, Slice A) ---
+// Controls whether the evolver attaches a `reuse_attribution` block to the
+// synced `outcome` MemoryGraphEvent so the Hub can LATER (P4-a Slice B, gated +
+// team-signed-off) credit the SOURCE node when its asset is reused. Modes:
+//   off    (default) — attach nothing; byte-identical to pre-P4-a behavior.
+//   shadow           — attach the attribution block; it rides the existing
+//                      syncEventToHub -> /a2a/memory/event into the Hub's
+//                      MemoryGraphEvent.payload blob, which is GDI-inert and
+//                      read by NO payout path today.
+// There is intentionally NO `enforce` on the CLIENT: the evolver cannot move
+// money, so an enforce word would be a lie. The report stays economy-inert
+// until a SIGNED-OFF Hub reader converts it to credit (which MUST add the
+// anti-sybil gating — see P4-a Slice B). Until then it only emits honest,
+// runtime-observed attribution data (never agent-supplied identity).
+const REUSE_ATTRIBUTION_MODE = envStr('EVOLVER_REUSE_ATTRIBUTION', 'off');
+function reuseAttributionMode() {
+  const v = String(process.env.EVOLVER_REUSE_ATTRIBUTION || REUSE_ATTRIBUTION_MODE || 'off').toLowerCase().trim();
+  return v === 'shadow' ? 'shadow' : 'off';
+}
+
 // --- Validator mode (opt-out) ---
 // Node role: the evolver periodically fetches assigned validation tasks from
 // the Hub, runs the commands in an isolated sandbox, and submits
@@ -223,6 +248,7 @@ module.exports = {
   REPAIR_LOOP_THRESHOLD,
   GENE_BAN_PER_KEY_ATTEMPTS,
   GENE_BAN_BEST_THRESHOLD,
+  GENE_INERT_BAN_STREAK,
   GENE_EPIGENETIC_HARD_BOOST,
   SESSION_ARCHIVE_TRIGGER,
   SESSION_ARCHIVE_KEEP,
@@ -257,6 +283,9 @@ module.exports = {
   BLAST_RADIUS_HARD_CAP_LINES,
   // Security
   LEAK_CHECK_MODE,
+  // Reuse attribution (P4-a Slice A)
+  REUSE_ATTRIBUTION_MODE,
+  reuseAttributionMode,
   // Validator (opt-in role)
   VALIDATOR_ENABLED,
   VALIDATOR_STAKE_AMOUNT,