@evomap/evolver 1.89.0 → 1.89.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (98) hide show
  1. package/CONTRIBUTING.md +19 -0
  2. package/README.ja-JP.md +9 -32
  3. package/README.ko-KR.md +9 -32
  4. package/README.md +530 -86
  5. package/README.zh-CN.md +4 -31
  6. package/SKILL.md +1 -1
  7. package/assets/cover.png +0 -0
  8. package/index.js +14 -1
  9. package/package.json +17 -6
  10. package/scripts/a2a_export.js +63 -0
  11. package/scripts/a2a_ingest.js +79 -0
  12. package/scripts/a2a_promote.js +118 -0
  13. package/scripts/analyze_by_skill.js +121 -0
  14. package/scripts/build_binaries.js +479 -0
  15. package/scripts/check-changelog.js +166 -0
  16. package/scripts/extract_log.js +85 -0
  17. package/scripts/generate_history.js +75 -0
  18. package/scripts/gep_append_event.js +96 -0
  19. package/scripts/gep_personality_report.js +234 -0
  20. package/scripts/human_report.js +147 -0
  21. package/scripts/recall-verify-report.js +234 -0
  22. package/scripts/recover_loop.js +61 -0
  23. package/scripts/seed-merchants.js +91 -0
  24. package/scripts/suggest_version.js +89 -0
  25. package/scripts/validate-modules.js +38 -0
  26. package/scripts/validate-suite.js +78 -0
  27. package/skills/index.json +14 -0
  28. package/src/evolve/guards.js +1 -721
  29. package/src/evolve/pipeline/collect.js +1 -1283
  30. package/src/evolve/pipeline/dispatch.js +1 -421
  31. package/src/evolve/pipeline/enrich.js +1 -434
  32. package/src/evolve/pipeline/hub.js +1 -319
  33. package/src/evolve/pipeline/select.js +1 -274
  34. package/src/evolve/pipeline/signals.js +1 -206
  35. package/src/evolve/utils.js +1 -264
  36. package/src/evolve.js +1 -350
  37. package/src/forceUpdate.js +105 -20
  38. package/src/gep/a2aProtocol.js +1 -4395
  39. package/src/gep/autoDistillConv.js +1 -205
  40. package/src/gep/autoDistillLlm.js +1 -315
  41. package/src/gep/candidateEval.js +1 -92
  42. package/src/gep/candidates.js +1 -198
  43. package/src/gep/contentHash.js +1 -30
  44. package/src/gep/conversationSniffer.js +1 -266
  45. package/src/gep/crypto.js +1 -89
  46. package/src/gep/curriculum.js +1 -163
  47. package/src/gep/deviceId.js +1 -218
  48. package/src/gep/envFingerprint.js +1 -118
  49. package/src/gep/epigenetics.js +1 -31
  50. package/src/gep/execBridge.js +1 -711
  51. package/src/gep/explore.js +1 -289
  52. package/src/gep/hash.js +1 -15
  53. package/src/gep/hubFetch.js +1 -359
  54. package/src/gep/hubReview.js +1 -207
  55. package/src/gep/hubSearch.js +1 -526
  56. package/src/gep/hubVerify.js +1 -306
  57. package/src/gep/learningSignals.js +1 -89
  58. package/src/gep/memoryGraph.js +1 -1374
  59. package/src/gep/memoryGraphAdapter.js +1 -203
  60. package/src/gep/mutation.js +1 -203
  61. package/src/gep/narrativeMemory.js +1 -108
  62. package/src/gep/oauthLogin.js +34 -0
  63. package/src/gep/openPRRegistry.js +1 -205
  64. package/src/gep/personality.js +1 -423
  65. package/src/gep/policyCheck.js +1 -599
  66. package/src/gep/prompt.js +1 -836
  67. package/src/gep/recallInject.js +1 -409
  68. package/src/gep/recallVerifier.js +1 -318
  69. package/src/gep/reflection.js +1 -177
  70. package/src/gep/selector.js +1 -602
  71. package/src/gep/skillDistiller.js +1 -1294
  72. package/src/gep/skillPublisher.js +1 -1
  73. package/src/gep/solidify.js +1 -1699
  74. package/src/gep/strategy.js +1 -136
  75. package/src/gep/tokenSavings.js +1 -88
  76. package/src/gep/workspaceKeychain.js +1 -174
  77. package/src/proxy/extensions/traceControl.js +1 -99
  78. package/src/proxy/inject.js +1 -52
  79. package/src/proxy/lifecycle/manager.js +2 -0
  80. package/src/proxy/trace/extractor.js +1 -534
  81. package/src/proxy/trace/usage.js +1 -105
  82. package/.cursor/BUGBOT.md +0 -182
  83. package/.env.example +0 -68
  84. package/.git-commit-guard-token +0 -1
  85. package/.github/CODEOWNERS +0 -63
  86. package/.github/ISSUE_TEMPLATE/good_first_issue.md +0 -23
  87. package/.github/pull_request_template.md +0 -45
  88. package/.github/workflows/test.yml +0 -75
  89. package/CHANGELOG.md +0 -1123
  90. package/README.public.md +0 -594
  91. package/SECURITY.md +0 -108
  92. package/assets/gep/events.jsonl +0 -3
  93. package/examples/atp-consumer-quickstart.md +0 -100
  94. package/examples/hello-world.md +0 -38
  95. package/proxy-package.json +0 -39
  96. package/public.manifest.json +0 -141
  97. /package/assets/gep/{genes.json → genes.seed.json} +0 -0
  98. /package/{bundled-skills → skills}/_meta/SKILL.md +0 -0
package/src/forceUpdate.js CHANGED
@@ -6,8 +6,18 @@ const { getEvolverInstallRoot } = require('./gep/paths');
6
6
 
7
7
  const MAX_EXEC_BUFFER = 10 * 1024 * 1024;
8
8
 
9
+ const SEMVER_NUMERIC_IDENTIFIER = '0|[1-9]\\d*';
10
+ const SEMVER_PRERELEASE_IDENTIFIER = '(?:0|[1-9]\\d*|\\d*[A-Za-z-][0-9A-Za-z-]*)';
11
+ const SEMVER_BUILD_IDENTIFIER = '[0-9A-Za-z-]+';
12
+ const CONCRETE_SEMVER_RE = new RegExp(
13
+ '^(' + SEMVER_NUMERIC_IDENTIFIER + ')\\.(' + SEMVER_NUMERIC_IDENTIFIER + ')\\.(' +
14
+ SEMVER_NUMERIC_IDENTIFIER + ')(?:-(' + SEMVER_PRERELEASE_IDENTIFIER +
15
+ '(?:\\.' + SEMVER_PRERELEASE_IDENTIFIER + ')*))?(?:\\+(' +
16
+ SEMVER_BUILD_IDENTIFIER + '(?:\\.' + SEMVER_BUILD_IDENTIFIER + ')*))?$'
17
+ );
18
+
9
19
  // Sentinel returned by executeForceUpdate when the no-op short-circuit fires
10
- // (current installed version already matches required_version). Distinct from
20
+ // (current installed version already satisfies required_version). Distinct from
11
21
  // `true` so callers can suppress phantom "success" telemetry and avoid the
12
22
  // gratuitous process.exit(78) restart that follows a real upgrade. Callers
13
23
  // MUST detect this with === identity comparison; do not use truthy/falsy
@@ -36,6 +46,71 @@ const FORCE_UPDATE_BUSY = Symbol('FORCE_UPDATE_BUSY');
36
46
  // distinct processes have distinct install layouts in practice).
37
47
  let _inFlight = false;
38
48
 
49
+ function parseConcreteSemver(version) {
50
+ var match = CONCRETE_SEMVER_RE.exec(normalizeConcreteSemver(version));
51
+ if (!match) return null;
52
+ return {
53
+ major: match[1],
54
+ minor: match[2],
55
+ patch: match[3],
56
+ prerelease: match[4] ? match[4].split('.') : [],
57
+ };
58
+ }
59
+
60
+ function normalizeConcreteSemver(version) {
61
+ var normalized = String(version || '').replace(/^v(?=\d)/, '');
62
+ return CONCRETE_SEMVER_RE.test(normalized) ? normalized : '';
63
+ }
64
+
65
+ function normalizeRequiredVersion(raw) {
66
+ return normalizeConcreteSemver(String(raw || '').replace(/^[>=^~\s]+/, ''));
67
+ }
68
+
69
+ function isNumericPrereleaseIdentifier(value) {
70
+ return /^\d+$/.test(value);
71
+ }
72
+
73
+ function compareNumericIdentifierStrings(left, right) {
74
+ if (left.length !== right.length) return left.length - right.length;
75
+ if (left < right) return -1;
76
+ if (left > right) return 1;
77
+ return 0;
78
+ }
79
+
80
+ function comparePrereleaseIdentifiers(left, right) {
81
+ var leftNumeric = isNumericPrereleaseIdentifier(left);
82
+ var rightNumeric = isNumericPrereleaseIdentifier(right);
83
+ if (leftNumeric && rightNumeric) return compareNumericIdentifierStrings(left, right);
84
+ if (leftNumeric) return -1;
85
+ if (rightNumeric) return 1;
86
+ if (left < right) return -1;
87
+ if (left > right) return 1;
88
+ return 0;
89
+ }
90
+
91
+ function compareConcreteSemver(left, right) {
92
+ var a = parseConcreteSemver(left);
93
+ var b = parseConcreteSemver(right);
94
+ if (!a || !b) return null;
95
+ var majorCmp = compareNumericIdentifierStrings(a.major, b.major);
96
+ if (majorCmp !== 0) return majorCmp;
97
+ var minorCmp = compareNumericIdentifierStrings(a.minor, b.minor);
98
+ if (minorCmp !== 0) return minorCmp;
99
+ var patchCmp = compareNumericIdentifierStrings(a.patch, b.patch);
100
+ if (patchCmp !== 0) return patchCmp;
101
+ if (!a.prerelease.length && !b.prerelease.length) return 0;
102
+ if (!a.prerelease.length) return 1;
103
+ if (!b.prerelease.length) return -1;
104
+ var max = Math.max(a.prerelease.length, b.prerelease.length);
105
+ for (var i = 0; i < max; i++) {
106
+ if (a.prerelease[i] === undefined) return -1;
107
+ if (b.prerelease[i] === undefined) return 1;
108
+ var cmp = comparePrereleaseIdentifiers(a.prerelease[i], b.prerelease[i]);
109
+ if (cmp !== 0) return cmp;
110
+ }
111
+ return 0;
112
+ }
113
+
39
114
  // Force Update: triggered by Hub when version is critically outdated.
40
115
  // Extracted from src/evolve.js so both the evolve main loop and heartbeat
41
116
  // thread can trigger it independently (heartbeat-only workers need this
@@ -96,9 +171,11 @@ function _executeForceUpdateInner(forceUpdate) {
96
171
  return false;
97
172
  }
98
173
 
99
- const requiredVersion = String(forceUpdate.required_version || '').replace(/^[>=^~\s]+/, '');
100
- if (!/^\d+\.\d+\.\d+(-[\w.]+)?(\+[\w.]+)?$/.test(requiredVersion)) {
101
- console.warn('[ForceUpdate] Refusing — required_version "' + requiredVersion + '" is not a concrete semver (ranges not accepted).');
174
+ const requiredVersion = normalizeRequiredVersion(forceUpdate.required_version);
175
+ if (!requiredVersion) {
176
+ console.warn('[ForceUpdate] Refusing — required_version "' +
177
+ String(forceUpdate.required_version || '').replace(/^[>=^~\s]+/, '') +
178
+ '" is not a concrete semver (ranges not accepted).');
102
179
  return false;
103
180
  }
104
181
 
@@ -109,22 +186,31 @@ function _executeForceUpdateInner(forceUpdate) {
109
186
  } catch (_) { return '0.0.0'; }
110
187
  }
111
188
 
112
- // Idempotency short-circuit: the hub keeps re-issuing the same force_update
113
- // directive until the node reports success. After a successful upgrade +
114
- // restart (process.exit(78)), the next heartbeat may still carry the same
115
- // directive. Without this early return, a transient Channel 1 failure (npx
116
- // unavailable, network blip, EBUSY) would cause executeForceUpdate to
117
- // return false and overwrite the previous successful run's state file with
118
- // a bogus "failed" even though we are already at the target version.
189
+ // Idempotency / anti-downgrade short-circuit: the hub keeps re-issuing the
190
+ // same force_update directive until the node reports success. After a
191
+ // successful upgrade + restart (process.exit(78)), the next heartbeat may
192
+ // still carry the same directive. Without this early return, a transient
193
+ // Channel 1 failure (npx unavailable, network blip, EBUSY) would cause
194
+ // executeForceUpdate to return false and overwrite the previous successful
195
+ // run's state file with a bogus "failed" -- even though we are already at or
196
+ // above the target version.
119
197
  //
120
198
  // Compare the ACTUAL current running version (which reflects the new
121
- // version post-restart) against the parsed requiredVersion. Only reached
122
- // after the strip+validate above, so a garbage / unparseable
123
- // required_version will NOT short-circuit it falls into the validation
124
- // failure branch above and returns false safely.
199
+ // version post-restart) against the parsed requiredVersion. Force-update is
200
+ // a minimum-version floor, not an exact-version pin: a node running 1.88.4
201
+ // must not be downgraded to satisfy a 1.88.3 floor. Only reached after the
202
+ // strip+validate above, so a garbage / unparseable required_version will NOT
203
+ // short-circuit -- it falls into the validation failure branch above and
204
+ // returns false safely.
125
205
  var currentVersion = getCurrentVersion();
126
- if (currentVersion === requiredVersion) {
127
- console.log('[ForceUpdate] already at required version, no-op (current=' +
206
+ var versionCmp = compareConcreteSemver(currentVersion, requiredVersion);
207
+ if (versionCmp === null) {
208
+ console.warn('[ForceUpdate] Refusing — current installed version "' +
209
+ currentVersion + '" is not a concrete semver.');
210
+ return false;
211
+ }
212
+ if (versionCmp >= 0) {
213
+ console.log('[ForceUpdate] already satisfies required version, no-op (current=' +
128
214
  currentVersion + ', required=' + requiredVersion + ')');
129
215
  // Return the dedicated sentinel rather than `true`. Callers use this to
130
216
  // (a) emit status="skipped" telemetry instead of a phantom "success"
@@ -219,7 +305,7 @@ function _executeForceUpdateInner(forceUpdate) {
219
305
  }
220
306
 
221
307
  // Test-only hook: re-implements the EXACT same operator-strip + semver
222
- // validation as the inline check at executeForceUpdate's L99-100. Exists
308
+ // validation as the runtime force_update check. Exists
223
309
  // so test/forceUpdateLastUpdateReport.test.js can build a parity sweep
224
310
  // proving that _extractTargetVersion's (a2aProtocol.js) verdict matches
225
311
  // forceUpdate.js's verdict byte-for-byte on any input -- the comment at
@@ -229,8 +315,7 @@ function _executeForceUpdateInner(forceUpdate) {
229
315
  // parity test breaks.
230
316
  function _isAcceptedRequiredVersionForTesting(raw) {
231
317
  if (typeof raw !== 'string') return false;
232
- var stripped = String(raw).replace(/^[>=^~\s]+/, '');
233
- return /^\d+\.\d+\.\d+(-[\w.]+)?(\+[\w.]+)?$/.test(stripped);
318
+ return normalizeRequiredVersion(raw) !== '';
234
319
  }
235
320
 
236
321
  module.exports = {