@evomap/evolver 1.89.0 → 1.89.2

package/CHANGELOG.md

@@ -1,1123 +0,0 @@
-# Changelog
-
-All notable changes to `@evomap/evolver` are tracked here.
-
-## [Unreleased]
-
-## [1.88.3] - 2026-06-06
-
-### Fixed
-
-- **Gene selection no longer self-reinforces a do-nothing gene (#562).** A `stable_no_error`
-  outcome (no error before/after, no parseable EvolutionEvent — i.e. the cycle did nothing
-  measurable) was tallied as a Bayesian "success" (score 0.6). Combined with the selector's
-  drift only diversifying when >1 gene matches a signal, a sole-matching auto-gene was
-  re-selected every `--loop` cycle, climbed edge confidence p → ~1.0, and was never banned
-  (the failure-streak ban never trips on "successes") — dominating selection ~99.7% of the
-  time while producing zero artifacts (reproduced against the published 1.88.2 binary).
-  `aggregateEdges` now tallies these zero-work outcomes as `inert`, apart from real
-  successes, so they build no confidence and do not count toward attempts; `getMemoryAdvice`
-  bans a gene after `GENE_INERT_BAN_STREAK` (default 8, env `EVOLVER_GENE_INERT_BAN_STREAK`)
-  consecutive inert outcomes with no real success on a signal, so the selector falls through
-  to mutation (null → fresh gene) and diversity is restored. Consecutive-trailing (reset by
-  any real success/failure), so a gene that ever does real work is never punished for idle
-  cycles.
-- **Self-evolution validation commands no longer fail a cycle in user projects (#562).** Seed
-  genes (e.g. `gene_gep_repair_from_errors`) ship validation commands that target evolver's
-  own tree (`node scripts/validate-modules.js ./src/gep/...`). When evolver runs in a user's
-  project, `repoRoot` is that project and the script is absent, so the command could only fail
-  with "Cannot find module" — wrongly tanking the gene's `validation_pass_rate` on an
-  environment mismatch. `runValidationsOnce` now skips a `node <script>` validation command
-  whose (relative) script does not exist in `repoRoot`, excluding it from the pass/fail tally
-  instead of failing the cycle; a clear `[Solidify] Skipping validation command (script not in
-  repoRoot)` line replaces the confusing module-not-found error. Commands whose script is
-  present run unchanged.
-
-## [1.88.2] - 2026-06-05
-
-### Added
-
-- **Runtime asset injection — general agents auto-use GEP assets (P4-c, #183).** Recall now injects relevant genes/capsules into the runtime context so a general agent picks them up without an explicit `gep_recall` call.
-- **Cross-harness auto-exec recipes for Codex + OpenCode (P4-b, #184).** The Brain→Hand exec bridge gains Codex and OpenCode recipes, bringing cross-harness parity to the Claude Code bridge shipped in 1.88.1.
-- **Reuse attribution reporting (P4-a Slice A, #186, default off).** Evolver can report which prior assets a successful cycle reused. Opt-in; no behavior change at default.
-- **Heartbeat reports `force_update` outcome via the `last_update` field (#188).** The heartbeat loop now surfaces the result of a force-update so the Hub can observe update propagation.
-- **Evolver recipe CLI — build/reuse (P4-c, #173).** New `recipe` subcommand for building and reusing recipes.
-
-### Changed
-
-- **ATP now consumes `@evomap/atp-sdk` for protocol enum constants (#185).** Protocol enums come from the shared SDK singleton instead of local literals, removing a drift source.
-
-### Fixed
-
-- **Release gate regressions (#192, #193).** `pre_publish_check.js` now runs the project's real test runner (`npm test` → `node --test`) instead of the no-longer-installed `npx vitest run`, and fails closed on a non-zero exit (the old `0-failures-but-nonzero-exit ⇒ pass` escape hatch is gone). The `npm test` script also no longer hard-codes the stable `--test-isolation=process` flag (Node >=22.23 only); process isolation is Node's default, so `npm test` runs on Node 22.12+ again. Plus: `normalizeWorkspaceIdentity` canonicalizes transcript paths via `realpath` (macOS `/var` vs `/private/var`) before provenance comparison, and session-start Kiro dedup vs. non-git-notice throttling now use separate state files.
-- **ATP order/task association persisted + delivered bundle made GEP-valid (#187).**
-- **Proxy forwards asset search as `GET /a2a/assets/search` (#189).**
-
-## [1.88.1] - 2026-06-03
-
-### Added
-
-- **Conversation capability -> distilled gene (P2, `EVOLVER_CONV_DISTILL_ENABLED`).** The conversation sniffer's capability candidates (slug + transcript snippet) are now enqueued and, when enabled, run through a conversation-brief distillation (reusing the P3 claude-distill recipe + quality gate) to synthesize a candidate gene — closing discover->distill. **Shadow-only v1**: it logs a candidate gene for human review and NEVER upserts (conversation-snippet material is too thin to auto-upsert; run-green proves the validation command exits 0, not that the strategy is correct). New module `src/gep/autoDistillConv.js`; P2-owned `conv_distill.{by_hash,by_slug}` state (never the shared P3 scalars). New env: `EVOLVER_CONV_DISTILL_ENABLED` (off default), `CONV_SLUG_COOLDOWN_MS`, `EVOLVER_CONV_DISTILL_DUP_JACCARD`.
-
-### Added
-
-- **Autonomous LLM gene distillation (P3, `EVOLVER_AUTO_DISTILL_LLM`).** evolver can now
-  run the distillation prompt through a light read-only headless `claude` (reusing the P1
-  exec bridge) and turn a recurring success pattern into an LLM-quality Gene with no human in
-  the loop. New module `src/gep/autoDistillLlm.js`. Shadow-first: `off` (default) | `shadow`
-  (log candidate, no upsert) | `enforce` (upsert after a REAL quality gate). The gate:
-  structural validation + canonicalization, a Jaccard near-duplicate check, validation
-  normalization (strips policy-blocked + heavy test-suite commands, injects `node --version`),
-  and a run-green check (the gene's own validation must exit 0) BEFORE upsert. Never
-  auto-publishes (opt-in `EVOLVER_AUTO_DISTILL_LLM_PUBLISH=true`). New env:
-  `EVOLVE_DISTILL_MODEL`, `EVOLVE_DISTILL_MAX_TURNS`, `EVOLVE_DISTILL_TIMEOUT_MS`,
-  `EVOLVE_DISTILL_VALIDATION_TIMEOUT_MS`, `EVOLVER_AUTO_DISTILL_LLM_DUP_JACCARD`. Wired into
-  the daemon idle (OMLS) distill window next to the failure distiller; no behavior change at `off`.
-
-### Added
-
-- **Claude Code auto-exec bridge (`exec` subcommand).** `node index.js exec
-  --harness=claude-code [--once] [--max-cycles N]` closes the Brain→Hand loop on
-  Claude Code: it runs the Brain (`node index.js run`, bridge mode), scrapes the
-  emitted `sessions_spawn(...)`, and spawns a headless `claude -p` Hand to apply
-  the patch and run `solidify`, gated by a status file. Opt-in and shadow-first:
-  refuses unless `EVOLVE_EXEC_BRIDGE=true`. New module `src/gep/execBridge.js`
-  with a per-Hand hard timeout + process-group kill (a hung/permission-broken
-  Hand is killed and counts as a retry, never loops). The `exec` command exits
-  non-zero on any non-success outcome. New env: `EVOLVE_EXEC_BRIDGE`,
-  `EVOLVE_HAND_TIMEOUT_MS`, `EVOLVE_BRAIN_TIMEOUT_MS`, `EVOLVE_HAND_KILL_GRACE_MS`,
-  `EVOLVE_IDLE_SLEEP_MS`, `EVOLVE_HAND_MAX_BUF_BYTES`, `EVOLVE_HAND_MODEL`,
-  `EVOLVE_HAND_MAX_TURNS`, `EVOLVE_HAND_DANGEROUS`, `EVOLVE_EXEC_FALLBACKS`,
-  `CLAUDE_BIN`.
-
-## [1.88.0] - 2026-06-03
-
-### Added
-
-- **Three-platform daemon autostart templates (#163).** The repo now ships
-  install helpers so the evolver daemon auto-starts on login with
-  restart-on-failure on every supported OS, matching the existing Linux
-  `scripts/evolver.service`: a macOS launchd agent
-  (`scripts/com.evomap.evolver.plist`, `KeepAlive.SuccessfulExit=false` +
-  `ThrottleInterval=5` mirroring `Restart=on-failure`/`RestartSec=5`) and a
-  Windows Task Scheduler installer (`scripts/install-evolver-windows.ps1`,
-  `-Install`/`-Uninstall`). The Windows shape launches via a generated
-  `%LOCALAPPDATA%\EvoMap\evolver-task-launcher.vbs` with the node/index paths
-  baked into VBScript literals and a single quoted task argument — `wscript`
-  is a Windows-subsystem host so no console window appears on logon, and
-  `WScript.Quit rc` propagates the exit code so restart-on-failure still
-  observes failures. All three platforms verified live through a real reboot.
-
-- **Explicit signal injection channel (#172).** A new fifth injection point in
-  the signal-extraction stage reads user-declared signals from
-  `<gep-assets-dir>/pending_signals.json` (default `.evolver/gep`) and merges
-  them into a cycle's signal set, **bypassing the closed 20-entry
-  `OPPORTUNITY_SIGNALS` vocabulary**. This lets a human-verified, deterministic
-  capability whose intent no extractor can name still surface as a first-class
-  signal (previously it collapsed to a generic `capability_gap` and the
-  dedicated gene could never win selection). File-locked read-once semantics
-  (`consumePendingSignals()` empties the file after consuming), entries trimmed
-  and length-capped (≤200), non-fatal on error.
-
-### Fixed
-
-- **Heartbeat / daemon-survival resilience overhaul (#163).** A nine-round
-  hardening pass on the keep-alive path, addressing failure modes that left the
-  daemon silently dead after sleep/wake, idle windows, or concurrent startup:
-  - **Singleton-lock takeover is now atomic** — `linkSync` + `EEXIST` guard
-    (with a `renameSync` fallback for link-less filesystems), replacing a
-    non-atomic `unlinkSync`-before-write that could let two daemons both
-    "own" the lock and rotate `node_secret` against each other into mutual
-    401 backoff. Lock carries a `lease: true` marker + mtime refreshed every
-    `LOCK_REFRESH_MS` (60s Win / 120s POSIX); takeover honors both dead-PID
-    (`kill -0` ESRCH) and lease-expiry (mtime older than `STALE_LOCK_TTL_MS`,
-    3min Win / 5min POSIX).
-  - **sd_notify watchdog actually fires under systemd** — shells out to
-    `systemd-notify(1)` (with `NotifyAccess=all`) instead of the broken
-    `dgram` `unix_dgram` socket, which threw synchronously on node ≥22 and
-    swallowed `READY=1`/`WATCHDOG=1`.
-  - **Sleep/wake recovery** — a wall-clock drift detector (samples `Date.now()`
-    every 30s, treats a >90s jump as a wake; `cpuUsage`-vs-wall-clock delta
-    distinguishes CPU throttling from true sleep), a stuck-tick watchdog, and a
-    wake ritual that drains dead undici connections + restarts SSE.
-  - **Event-loop anchor + process survival** — a ref'd 10-min keepalive tick
-    keeps the loop alive and leaves a disk heartbeat for `checkHealth`; EPIPE is
-    swallowed without killing the process while non-EPIPE stream errors are
-    still surfaced; `unhandledRejection` consults live heartbeat stats rather
-    than killing a process mid-recovery.
-  - **Hostile-hub clamps** — 429 backoff capped at 30min so a malicious/buggy
-    `retry_after_ms: 86_400_000` can't silence the heartbeat for a day;
-    `unknown_node` anti-cache-poisoning backoff with an absolute deadline.
-  - Removed a dead wake hook in `evolver-signal-detect.js` whose relative
-    `require` was `MODULE_NOT_FOUND` in the deployed `.claude/hooks/` layout
-    (no in-proc consumer exists, so it was a no-op that cost a 3000-line
-    `require` on every IDE edit).
-
-- **Standalone-binary obfuscation retries (#171).** Default `OBF_MAX_ATTEMPTS`
-  raised 4 → 12 in `scripts/build_binaries.js`. The obfuscation step
-  occasionally mangles `new.target` into an illegal `#target` token,
-  non-deterministically across node processes; the seed-perturbation retry is
-  the right mechanism but 4 attempts wasn't enough (the v1.87.4 deploy hit 4/4
-  and aborted before npm publish + binary upload). No behavior change on
-  first-attempt success; env override unchanged.
-
-## [1.87.4] - 2026-06-02
-
-### Fixed
-
-- **Cursor hook compatibility: project-dir resolution, workspace-scoped
-  recall, FS workspace-id, and a non-git notice.** The session hooks assumed
-  `process.cwd()` was the user's project, but Cursor invokes some hook events
-  with cwd set to the plugin install dir — so `git diff` collection found
-  nothing and the session-end hook silently recorded every task as empty.
-  Hooks now resolve the workspace from `CURSOR_PROJECT_DIR` /
-  `CLAUDE_PROJECT_DIR` (falling back to cwd, a no-op on Codex/opencode/Kiro/CLI).
-  Session-start recall is now scoped to the current workspace *before* the
-  most-recent-N window (a shared user-level memory graph no longer leaks one
-  project's outcomes into another), with a bounded scan instead of parsing the
-  whole graph. `workspace_id` now resolves via an FS-only fallback when the
-  evolver package isn't reachable (plugin-only installs), writing the same
-  `<workspaceRoot>/.evolver/workspace-id` secret `paths.getWorkspaceId()` uses
-  so installing the package later is seamless. And a non-git folder now gets a
-  throttled one-line notice that evolution memory is inactive, instead of
-  failing silently. (Ported from public PRs #554/#555/#557/#558, each
-  Bugbot-reviewed; private-dev #169/#170.)
-
-## [1.87.3] - 2026-06-01
-
-### Changed
-
-- **Router surfaces degenerate tier config + README defaults corrected
-  (#152).** The shipped `DEFAULT_TIER_MODELS` pins all three tiers to
-  `opus-4-7` on purpose (operators run tier-uniform while tuning tier
-  mapping, so the no-downgrade guard stays inert and 5xx retries replay one
-  model — PR #135). The trap is a user who flips `EVOMAP_ROUTER_ENABLED=1`
-  expecting the cost savings the README advertised but leaves the per-tier
-  `EVOMAP_MODEL_*` overrides unset: every turn resolves to the same model,
-  so routing is a silent no-op (and a cost *increase* for anyone previously
-  on a cheaper model). The proxy now emits a one-time `router_degenerate_tiers`
-  WARN at startup when the router is enabled and all three tiers resolve to a
-  single model. The README tier table previously documented `haiku-4-5` /
-  `sonnet-4-6` / `opus-4-7` as the defaults — that was the pre-#135 mapping
-  and never matched the shipped binary; it now states the real all-`opus-4-7`
-  defaults and how to set the overrides to get tier-based saving.
-
-### Fixed
-
-- **Heartbeat loop resilience (#544).** The heartbeat loop in
-  `LifecycleManager` had two coupled defects: (1) `heartbeat()` called
-  `store.countPending`, `getTaskMeta`, `_getEnvFingerprint`, and
-  `hello()` *before* its `try` block, so a single throw from any
-  helper (e.g. corrupt store, sandboxed `os.userInfo()`) escaped as a
-  rejected promise; (2) `tick()` had no try/catch around
-  `await this.heartbeat()`, so that rejection cancelled the next
-  `setTimeout` and silently killed the loop until the process
-  restarted. Reporter saw "first heartbeat fine, then evolver dead
-  after machine sleep — restart required". Fix wraps the entire
-  `heartbeat()` body in try/catch, defensively wraps the awaited call
-  in `_heartbeatTick()`, lowers the consecutive-failure backoff cap
-  from 30min → 15min (must stay above the 6min default interval or
-  exponential backoff inverts), and adds a generation counter so
-  `pokeHeartbeatLoop()` can't fork the loop when called while a tick
-  is mid-await. New `pokeHeartbeatLoop()` resets the schedule on
-  demand for callers that want wake-on-event semantics.
-
-## [1.87.2] - 2026-05-27
-
-### Added
-
-- **ATP autoBuyer explicit consent surface (#141).** New
-  `evolver atp <enable|disable|status>` subcommands, an ack file at
-  `<memory>/atp-autobuy-ack.json`, and an env override
-  `EVOLVER_ATP_AUTOBUY=on|off`. Resolution order at runtime:
-  env > ack > default. `setConsent` writes are atomic (tmp + rename);
-  ack reads strictly validate `enabled: boolean` so a corrupted ack
-  cannot park a user in a "prompt suppressed + autoBuyer off" dead
-  zone. CLI enable/disable surfaces a loud WARN when an
-  `EVOLVER_ATP_AUTOBUY` env value would silently override the ack at
-  runtime. The cold-start `no_consent` daemon WARN sanitizes the hub
-  URL via `URL.origin` so basic-auth credentials in
-  `A2A_HUB_URL`/`EVOMAP_HUB_URL` are never written to logs.
-
-### Changed
-
-- **ATP autoBuyer default ON for new installs (#145, follow-up to
-  #141).** With no env override and no ack, `getConsent()` returns
-  `{enabled: true, source: 'default'}` and autoBuyer starts under the
-  daily/per-order caps (50/day, 10/order; cold-start half-cap for the
-  first 5 min). The first-run TTY prompt and `evolver atp disable` are
-  the explicit opt-out paths; ack='disable' continues to win over the
-  default. Daemon/hook/CI cold-start emits a one-time WARN naming the
-  hub origin, the active caps, and the `evolver atp disable` command,
-  so the policy is never silent.
-
-- **`recallVerifier` default off (#136).** Client-side publish→recall
-  round-trip verification is no longer enabled by default. The Hub
-  `/a2a/fetch` contract is strict (unknown asset_id → empty results,
-  0 cost; verified against current Hub via random-hash smoke). The
-  round-trip check was redundant as a default safety net. Operators
-  who want end-to-end SLA observability can opt in with
-  `EVOLVE_RECALL_VERIFY=1`. No code paths removed; only the default
-  changed. (Already shipped in 1.87.1; promoted here for the
-  main-line changelog.)
-
-### Fixed
-
-- **Proxy router: canonicalize Bedrock model IDs + skip alias-only
-  5xx retry (#135) and defense-in-depth canonicalize at proxy
-  boundary (#139).** Resolves model alias drift between Anthropic-
-  shaped requests and Bedrock model IDs at both the router selection
-  layer and the inbound proxy boundary so a 5xx that originated from
-  an unresolvable alias is not retried as a different alias of the
-  same family.
-
-- **`forceUpdate` preserves `.env`, `.env.local`, `USER.md`, and
-  `.evolver/` (#142).** Force-update no longer wipes operator
-  configuration or workspace identity files when overlaying a new
-  release on top of an existing install; the preserve-list is now
-  explicit and tested.
-
-- **`evolver setup-hooks` ships `_memoryFiltering.js` alongside
-  generated session hooks (#547, #140, #143).** A fresh
-  `setup-hooks --platform=codex` against `@evomap/evolver@1.87.0`
-  left `.codex/hooks/` without `_memoryFiltering.js`, so the
-  generated `evolver-session-start.js` crashed immediately with
-  `Error: Cannot find module './_memoryFiltering'`.
-  `copyHookScripts`/`removeHookScripts` now include the helper, and
-  a regression suite scans every `require('./_*')` in the source
-  adapter scripts to assert install + uninstall cover them.
-  Reproduced by @rendigua on Windows; community PR
-  EvoMap/evolver#550 from @mvanhorn arrived independently with the
-  same diagnosis on the same day. (Already shipped in 1.87.1;
-  promoted here for the main-line changelog.)
-
-### Docs
-
-- **Backfill 1.87.0 proxy track + publish-gate entries
-  (#122/#123/#127/#128/#131/#132) into the changelog (#138).**
-
-## [1.87.1] - 2026-05-27
-
-Released from `release/1.87.1`; superseded by 1.87.2. Contains
-#136 and #547/#140 (see above).
-
-## [1.87.0] - 2026-05-26
-
-### Added
-
-- **AWS Bedrock as a second upstream for `/v1/messages` (#122).** Selected
-  per-request via `EVOMAP_UPSTREAM=bedrock` (default `anthropic`,
-  byte-for-byte unchanged). The Bedrock path pulls `body.model` →
-  `modelId`, injects `anthropic_version: bedrock-2023-05-31`, strips
-  top-level `model` / `stream` (Bedrock 400s on unknown fields, infers
-  stream from the command type), and re-emits Bedrock chunks as standard
-  SSE `data: <json>\n\n` so SDK callers don't need to know which upstream
-  served the request; the SDK owns SigV4 + AWS event-stream decoding.
-  `messages_route.js` softens the Anthropic-shaped credential check under
-  `EVOMAP_UPSTREAM=bedrock` (proxy's real gate is still the Bearer
-  `proxy_token` enforced in `ProxyHttpServer`; with SigV4 + AWS_* env in
-  place, inbound `x-api-key` is meaningless on the Bedrock path). This
-  unblocks Phase C cheap%-verification for deployments that don't have an
-  Anthropic-account upstream available — see PR #127 for the CC v2.1.150
-  body-shape compatibility patch that lands on top.
-
-- **Optional OS-keychain backing for `workspace-id` (issue #111 Phase 1).**
-  `getWorkspaceId()` can now persist the per-workspace secret in the OS
-  keychain (`@napi-rs/keyring` optional dep — macOS Keychain Services /
-  libsecret on Linux / Windows Credential Manager) instead of leaving it
-  readable to any same-uid process via `<workspace>/.evolver/workspace-id`.
-  Mode is controlled by `EVOLVER_WORKSPACE_KEYCHAIN`:
-  - `auto` (default) — try keychain, fall back to FS on any failure.
-    Behaviour stays IDENTICAL to v1.85.x for any deployment that
-    doesn't install the optional addon.
-  - `force` — keychain only; throws if `@napi-rs/keyring` isn't loaded.
-    Use in CI to assert the addon is present.
-  - `off` — skip keychain; FS only.
-  When the addon is available, an existing FS secret is migrated into
-  the keychain on first call and the FS file is INTENTIONALLY retained
-  so bun-compiled binaries (which don't sideload the `.node` addon yet
-  — Phase 2) keep agreeing with node-CLI sessions on the same id.
-  `EVOLVER_WORKSPACE_ID` env override is unchanged and still wins.
-
-### Fixed
-
-- **Codex / Claude transcript directories are auto-discovered without
-  the `EVOLVER_CURSOR_TRANSCRIPTS_DIR` env (issue #543, PR #130 + #133).**
-  Before this release, `readCursorTranscripts()` returned empty unless
-  the operator had manually exported `EVOLVER_CURSOR_TRANSCRIPTS_DIR`,
-  so a fresh Codex install reported `[NO SESSION LOGS FOUND]` on every
-  cycle even though Codex was writing rollouts to `~/.codex/sessions/`.
-  `resolveTranscriptDirs()` now picks up `~/.codex/sessions/` and
-  `~/.claude/projects/` by default. Cross-project transcripts are
-  filtered against the current workspace so a session recorded in a
-  different repo can't leak into this review (Bugbot PR #130 Security
-  MEDIUM, fail-closed when `session_meta.cwd` is missing). PR #133
-  follow-up accepts multiple workspace identities (`WORKSPACE_ROOT`,
-  `process.cwd()`, `EVOLVER_REPO_ROOT`) so the auto-discovery still
-  works in a workspace whose cwd has no `.git` and `getRepoRoot()`
-  would otherwise fall back to the evolver install dir. Together with
-  the entry below, this closes the second half of issue #540 (#543's
-  half).
-
-- **`user_missing` and `session_logs_missing` advisories now quiet down
-  on a Codex install whose `memory_graph.jsonl` is accumulating but has
-  no `outcome` records yet (issue #540 follow-up).** The original #540
-  fix landed a three-tier fallback for the memory snippet
-  (`MEMORY.md` → AGENTS.md marker section → memory_graph outcome tail),
-  but `readUserSnippet` and `_sessionLogFallback` still required
-  `_isOutcomeEntry`-shaped records to suppress their advisories. On a
-  fresh Codex install the first few cycles only write `signal` /
-  `hypothesis` / `attempt` / `epoch_boundary` entries — no
-  `outcome.status` — so both advisories kept firing on every cycle
-  even though the graph was visibly accumulating. Reported by
-  @rendigua on issue #540 with a 1.86.0 fresh-install reproduction.
-  The fix adds `readMemoryGraphAnyTail()` as a tier-2 fallback under
-  the existing outcome-tail tier, so any parseable graph entry is
-  enough to displace the legacy `[USER.md MISSING]` /
-  `[NO SESSION LOGS FOUND]` placeholders that `gep/signals.js`
-  (line 348-351) keys on. `readMemorySnippet`'s contract is unchanged
-  (AGENTS.md marker still wins over the graph for the memory tier).
-  PR #108 round-3 hardening (cross-workspace entries from the
-  user-level shared graph must pass the `workspace_id` / `cwd` filter)
-  applies to the new tier too.
-
-- **Lifecycle `hello` no longer mints a fresh `node_id` when MailboxStore
-  is empty but `~/.evomap/node_id` still exists.** The legacy GEP path
-  (`src/gep/a2aProtocol.js`) writes the node_id as a bare hex file at
-  `~/.evomap/node_id`. Lifecycle's hello previously consulted only
-  `MailboxStore.getState('node_id')` and fell straight through to
-  `crypto.randomBytes(6)` when the store was unprimed. Any install whose
-  `state.json` was created (or wiped) after the legacy file existed —
-  e.g. an upgrade from a pre-lifecycle version, or a partial recovery
-  flow — therefore registered a brand-new A2ANode under the same owner
-  on the very next daemon boot, abandoning the original record (with
-  its stake / reputation / aliases) as an orphan in the web UI.
-  Reading `~/.evomap/node_id` between the store lookup and the random
-  fallback keeps both paths agreeing on a single identity.
-
-- **Router refuses silent intra-family generational downgrades, and the
-  default tier IDs are now Bedrock-resolvable (#132).** Two related
-  router fixes that closed the same misconfiguration class. First, the
-  `/v1/messages` rewrite path now refuses moves where the chosen tier
-  model is strictly older than the caller's original within the same
-  Claude family (opus / sonnet / haiku) — cross-family rewrites (the
-  router's core cheap-tier behaviour, opus → haiku) stay allowed.
-  Triggered by the 2026-05-25 `/compact` stall on Aurora, where
-  `EVOMAP_MODEL_EXPENSIVE` was still pinned to `opus-4-1` while live
-  traffic had moved to `opus-4-7`: every planning turn silently
-  rewrote 4-7 → 4-1, hit Bedrock 5xx on the older endpoint, and
-  absorbed the cost via the upstream-5xx retry path. The guard makes
-  this **loud** (`router_fallback` with `reason: downgrade_blocked`)
-  instead of silent. Second, `DEFAULT_TIER_MODELS` previously used
-  short aliases that Bedrock rejects with `ValidationException: invalid
-  model identifier`. Defaults are now:
-  - `cheap     = global.anthropic.claude-haiku-4-5-20251001-v1:0`
-  - `mid       = global.anthropic.claude-sonnet-4-6` (only `global.*`
-    sonnet on Bedrock today)
-  - `expensive = global.anthropic.claude-opus-4-7`
-  The `mid = sonnet-4-6` choice is exactly the case the no-downgrade
-  guard protects: a caller pinned to `sonnet-4-7` does not silently
-  drop to 4-6 — the request stays on 4-7 and `downgrade_blocked` shows
-  up in telemetry, so when Bedrock adds a `global.*` `sonnet-4-7`
-  alias the regression becomes visible instead of invisible.
-
-- **Claude Code v2.1.150+ body shapes accepted by the Bedrock upstream
-  (#127).** Three top-level fields CC v2.1.150 sends are accepted by
-  Anthropic's public API but rejected by Bedrock InvokeModel with HTTP
-  400 — `thinking: { type: "adaptive" }` (Bedrock only takes
-  `"enabled"` / `"disabled"`), `output_config: { effort }`, and
-  `context_management: { ... }` (both rejected as extra inputs). Without
-  this fix every CC v2.1.150 request through the proxy in Bedrock mode
-  400s, so the Phase C `EVOMAP_UPSTREAM=bedrock` data window introduced
-  by #122 could not actually log completed `router_decision` events.
-  `_proxyBedrock` now folds `thinking.type: "adaptive"` → `"enabled"`
-  (defaulting `budget_tokens` to `max_tokens / 2` with a 1024 floor when
-  CC omits it — adaptive mode lets the model pick, but Bedrock's
-  `"enabled"` requires the field) and strips `output_config` and
-  `context_management` before forwarding. The strip site sits next to
-  the existing `body.stream` strip and carries an explicit comment that
-  future CC schema additions will surface the same way (whole-request
-  400) and need to be added to the same list.
-
-- **`proxy.token` reuses across daemon restarts instead of rotating on
-  every boot (#128).** `ProxyHttpServer.start()` previously called
-  `crypto.randomBytes(32)` unconditionally, so any long-lived shell that
-  had sourced `client-env.sh` once and was still exporting
-  `ANTHROPIC_AUTH_TOKEN` 401'd against the proxy as soon as the daemon
-  restarted. Aurora's typical mix (6+ `claude` processes across 4
-  Cursor terminal panes spawned hours before the most recent restart)
-  hit this on every daemon respawn. `start()` now reads `settings.json`
-  *before* `clearIfStale()` wipes the prior `proxy` block: if a token is
-  on disk, it's reused; a new one is minted only on first launch or
-  after a clean `stop()` (which still calls `clearSettings`). The trust
-  boundary is unchanged — the file remains mode 0600, the local
-  `127.0.0.1` socket is still reachable by any same-uid process, and
-  compromise recovery is `evox proxy stop` + `rm
-  ~/.evolver/settings.json` + restart.
-
-- **Grace-token list survives daemon restart (#131).** `_handleRequest`
-  now reads `proxy.previous_tokens` directly from `settings.json`
-  (constant-time compare against the primary plus the extras) and
-  `start()` preserves `previous_tokens` across restart instead of having
-  the shallow `writeSettings({proxy:{...}})` merge silently drop the
-  list. This replaces an earlier env-shim design
-  (`EVOMAP_PROXY_EXTRA_TOKENS` populated by a python3 block in
-  `evolver-daemon-start.sh`) that had three places to keep in sync.
-  Recovery path: when `~/.evolver/settings.json` is wiped externally
-  (logout / manual `rm`) while long-lived CC sessions still hold the
-  pre-wipe bearer in their fork-time env, the operator pastes the lost
-  token into `previous_tokens` and the proxy keeps accepting it until
-  those sessions die naturally. Clean `stop()` still calls
-  `clearSettings`, which intentionally drops the whole proxy block
-  including `previous_tokens` — clean shutdown wipes grace state by
-  design.
-
-### Refactored
-
-- **Lifecycle's legacy node_id reader now routes through
-  `paths.getEvomapPath()`** so `EVOLVER_HOME` honours both reader and
-  writer in lockstep (the writer in `src/gep/a2aProtocol.js` was
-  consolidated onto the same helper in #114). No behaviour change
-  beyond unifying the override semantics.
-
-- **Seed genes opt three task classes into EvoX's
-  `GeneRoutingHint`.** PR #384 on the EvoX side wired
-  `Gene.routing_hint` through to the multi-tier router and reasoning
-  selector, but the bundled defaults shipped with `routing_hint: null`
-  for every gene — so `RouterDecision.reason="gene_hint"` never fired
-  in production telemetry (0 of 131 turns in the first reduction logged
-  in `evox/docs/concepts/router-lessons-learned-2026-05-18.md` §3).
-  This release bumps three seed genes off the default per the guidance
-  baked into the LLM prompt template (`src/gep/prompt.js:179-194`):
-  `gene_tool_integrity` and `gene_distilled_s2g-env-vars` go to
-  `cheap` + `low` (deterministic, mostly string/JSON manipulation), and
-  `gene_gep_optimize_tool_usage` goes to `mid` + `medium` (light
-  reasoning, no deep multi-step planning). The broader `repair` /
-  `innovate` genes are intentionally left null so the router's
-  classifier picks per-turn — matches the prompt's "Omit when the gene
-  applies broadly across complexities" rule. Fully additive; installs
-  whose local `genes.json` already overrides any of these IDs are not
-  touched (the asset_id-respecting load path in `loadGenes()` keeps
-  user customisations intact).
-
-### Internal
-
-- **End-to-end test for the issue #540 advisory-signal fix and a new
-  CHANGELOG release-section integrity guard (#113 / #115).** PR #105
-  added function-level tests for `readMemorySnippet` /
-  `readUserSnippet` / `readRealSessionLog`, but the user-visible bug
-  was the three advisory signals firing on every Codex review cycle
-  end-to-end. New tests run `collect.js` outputs through
-  `gep/signals.js` to lock in that pipeline so a future refactor
-  breaking the chain at either end fails loudly. The new
-  `scripts/check-changelog.js` + `pre_publish_check.js` integration
-  catches the #540 / PR #107 misattribution pattern (an entry filed
-  under `## [X.Y.Z]` after vX.Y.Z was already published). `extractSection`
-  is line-anchored so fenced code samples don't trigger false drift,
-  and `EVOLVER_CHANGELOG_GUARD_SOFT=1` is available as an interim
-  escape hatch while private-dev still relies on public-mirror tags.
-
-- **Publish-time enforcement for the #542 duplicate-import regression
-  class (#123).** The regression test shipped with PR #118 (#542 hotfix)
-  was claimed to keep duplicate `const path = require('path')` from
-  reaching npm again. Auditing the gate showed the claim was incomplete:
-  `pre_publish_check.js` Check #1 (`npx vitest run`) is non-functional on
-  this project — every test file uses `require('node:test')`, so vitest
-  exits non-zero with `No test suite found` regardless of whether the
-  in-file tests pass, and publishers therefore set `SKIP_TESTS=1`. The
-  duplicate-import class would silently slip through that path. This
-  release adds `checkEntryPointScriptsParse`, a new pre-publish step
-  that runs `node --check` directly on every `.js` in
-  `src/adapters/scripts/` and on `index.js` (parse-only, ~50 ms per
-  file, independent of the test-suite check, names the offending file
-  and line in the failure message). It also collapses
-  `test/adaptersSyntax.test.js`'s dynamic per-file `it()` loop into one
-  static `it()` that iterates targets internally and reports every
-  failing file in a single assertion message — now statically
-  discoverable by both `node --test` and vitest's node:test compat
-  layer. Scoped narrowly to making the #542 class unpublishable; the
-  broader vitest-vs-node:test runner question is intentionally left
-  alone.
-
-## [1.85.3] - 2026-05-23
-
-### Fixed
-
-- **Codex `session-end` hook no longer crashes with `SyntaxError: Identifier 'path' has already been declared` on fresh install.** A previous
-  change added a top-of-file import block (`fs` / `path` / `os`) without
-  noticing that an existing `const path = require('path')` further down
-  the file was still in place. Both v1.85.1 AND v1.85.2 shipped to npm
-  with this regression — every fresh `npm install -g @evomap/evolver`
-  followed by `evolver setup-hooks --platform=codex` produced a
-  parse-broken hook, blocking Codex `session-end` entirely with no
-  user-side workaround (issue #542). The duplicate is removed and a
-  `node --check` regression guard now runs against every file in
-  `src/adapters/scripts/` and the CLI entry as part of the test suite,
-  so this class of regression (parse-time failure in entry-point scripts
-  that the existing vitest suite never loads) cannot reach npm again.
-
-- **`getRepoRoot()` no longer escapes `node_modules` to pick up an
-  unrelated outer `.git` (#541).** When `@evomap/evolver` is installed
-  globally (e.g. `npm install -g @evomap/evolver` on macOS Homebrew), the
-  package lives at `/opt/homebrew/lib/node_modules/@evomap/evolver` and
-  Homebrew itself is a git repository, so `/opt/homebrew/.git` exists.
-  Whenever the user ran `evolver` from a directory that did *not* have a
-  `.git` in any ancestor (a fresh project before `git init`, a generic
-  `~/` shell, an OpenClaw workspace, etc.), the upward walk from the
-  install location escaped the package's own `node_modules` and resolved
-  `repoRoot` to `/opt/homebrew` — silently sending `workspaceRoot` /
-  `memoryDir` / `evolutionDir` to a directory that doesn't belong to the
-  user, scanning the wrong session logs, and producing evolution
-  proposals for the wrong codebase. No crash; the only signal was that
-  the output looked subtly wrong. The walk now stops at the parent of
-  the nearest `node_modules` ancestor: for a local install
-  (`<project>/node_modules/@evomap/evolver`) the boundary still includes
-  `<project>` so the user's `.git` is found correctly; for a global
-  install the boundary is `/opt/homebrew/lib`, which has no `.git`, so
-  the walk falls back to the install dir instead of escaping. Dev
-  clones (not inside any `node_modules`) keep the original unbounded
-  walk. `EVOLVER_REPO_ROOT` remains the explicit override and is
-  unaffected.
-
-## [1.85.2] - 2026-05-22
-
-### Fixed
-
-- **Daemon restart no longer overwrites the hub-rotated `node_secret` with a
-  stale shell `A2A_NODE_SECRET`.** When a previous run rotated the secret
-  via `/a2a/hello`, the hub-recognised value was persisted in
-  `~/.evomap/mailbox/state.json`. On the next daemon boot, the parent shell
-  still exported the *old* value of `A2A_NODE_SECRET` (a child process
-  cannot mutate its parent's env). The `_resolveNodeSecret` env-vs-store
-  reconciliation treated this as a conflict and let env win, silently
-  overwriting the rotated secret. Subsequent heartbeats 403'd, rotation
-  was correctly refused by the hub (issue #320 requires proof of current
-  ownership), and the daemon entered a 30-minute backoff that could not
-  be self-recovered. The store now carries a `node_secret_source` tag
-  (`'hub_rotate'` for hub-issued values, `'env_seed'` otherwise);
-  hub_rotate values win over a differing env, while #529's original
-  case (env-fresh, store-stale, no source tag) still falls back to env.
-
-- **Re-auth backoff escalates exponentially.** Consecutive `reAuthenticate`
-  failures now back off 30min → 60min → 2h, capped at ~4h, instead of
-  resetting to a flat 30 minutes every time. A daemon stuck on a bad
-  secret no longer gets re-poked twice an hour by inbound auth errors,
-  drowning the log without surfacing the manual-recovery requirement.
-
-### Added
-
-- **`evolver reset-local-secret` CLI helper.** Wipes the three local
-  `node_secret` stores (MailboxStore, legacy `~/.evomap/node_secret`,
-  and prints an unset hint for the shell `A2A_NODE_SECRET`) so a daemon
-  whose hub side has been web-reset (`https://evomap.ai/account` →
-  Reset Secret) can boot clean. New `docs/secret-recovery.md` documents
-  the env-vs-store decision tree and the recovery flow.
-
-## [1.85.1] - 2026-05-22
-
-### Fixed
-
-- **Stop hook no longer re-injects the evolution receipt as a user prompt.**
-  `evolver-session-end.js` previously emitted `followup_message`,
-  `stopMessage`, and `additionalContext` on every session end. The
-  `followup_message` field tells Claude Code to feed the receipt back into
-  the next inference round, which caused agents to "respond" to their own
-  evolution log line — visible to users as an unexplained extra reasoning
-  turn after every task. The hook now emits only `systemMessage`, a
-  UI-only notification that does not influence the next turn.
-
-- **Cursor compatibility for the Stop hook.** Cursor's Claude Code-compatible
-  runtime currently treats `systemMessage` as a user prompt as well. The
-  hook now detects Cursor (via `TERM_PROGRAM=cursor`, `CURSOR_TRACE_ID`,
-  `CURSOR_SESSION_ID`, or the manual override `EVOLVER_HOOK_HOST=cursor`)
-  and omits `systemMessage` there. The receipt is always appended to
-  `~/.evolver/logs/evolution.log` (override path with
-  `EVOLVER_HOOK_LOG_DIR`) so it is never silently lost. Set
-  `EVOLVER_HOOK_VERBOSE=1` to force the inline notification on under
-  Cursor for debugging.
-
-- **Stop hook process now exits promptly.** The hook held the event loop
-  open for ~7 s on every session end because its watchdog `setTimeout`
-  was never cleared after stdin closed. The watchdog is now cancelled and
-  the process exits explicitly when the response is written.
-
-- **`evolver --review` no longer raises `memory_missing` / `user_missing` /
-  `session_logs_missing` on every cycle when running on Codex (#540).**
-  Codex doesn't generate a workspace-root `MEMORY.md` / `USER.md` and
-  doesn't expose readable session-transcript files, so the review
-  pipeline used to keep flagging those three advisory signals on every
-  cycle. `src/evolve/pipeline/collect.js` now falls back, in order:
-  `MEMORY.md` / `USER.md` → the `<!-- evolver-evolution-memory -->`
-  section that `setup-hooks` injects into the workspace's `AGENTS.md` /
-  `CLAUDE.md` → the tail of `memory_graph.jsonl` (last 5 outcomes).
-  `readRealSessionLog()` reuses the same memory-graph tail when no
-  platform session source has any data. Real markdown still wins, the
-  marked-section fallback is gated on the evolver marker (a
-  user-authored `AGENTS.md` without it is ignored), and the legacy
-  `[MEMORY.md MISSING]` / `[USER.md MISSING]` / `[NO SESSION LOGS
-  FOUND]` placeholders are still returned when nothing is available —
-  which transitively suppresses the three advisory signals that
-  `gep/signals.js` triggers on those literal strings. README adds a
-  "Codex caveats" subsection documenting the platform limitation.
-
-### Security
-
-- **Per-workspace random secret replaces plain-text `cwd` self-tag in
-  `memory_graph.jsonl` (#109).** PR #108 introduced a `cwd` field on
-  every memory-graph entry and used it to scope reads at the user-level
-  fallback path (`~/.evolver/memory/evolution/memory_graph.jsonl`),
-  closing the cross-workspace leak. The Cursor Bugbot round-3 advisory
-  pointed out that `cwd` is a self-report — any process under the same
-  uid could write entries claiming a different workspace's `cwd` and
-  poison its reads. This release adds `paths.getWorkspaceId()`, which
-  lazily creates `<workspace>/.evolver/workspace-id` (mode 0600,
-  32-hex random) and stamps every new entry with `workspace_id`. The
-  reader uses a three-tier policy: prefer `workspace_id` matching when
-  the current workspace has a secret, fall back to legacy `cwd`-only
-  matching when it doesn't (clean upgrade for pre-existing entries),
-  drop entries that have neither. The writer lazy-loads the canonical
-  resolver from the project-local evolver install so writer + reader
-  resolve from the same path. The secret file is created with
-  `O_WRONLY | O_CREAT | O_EXCL | O_NOFOLLOW` after an `lstat`
-  pre-check, so a pre-placed symlink can't redirect the write outside
-  the workspace. `EVOLVER_WORKSPACE_ID` env var remains as an explicit
-  override / escape hatch. Note: in the co-uid threat model, any
-  process under the same uid can still *read* the FS secret —
-  migrating to an OS keychain is tracked in #111.
-
-## [1.85.0] - 2026-05-22
-
-### Fixed
-
-- **Hook scripts now record outcomes to a writable location even when no
-  evolver-managed project directory is present (#536).** Previously,
-  npm-global installs of evolver had no `memory/evolution/` directory under
-  the install root, so `evolver-session-end.js` reported "nowhere (no Hub
-  or local path)" when neither `EVOMAP_HUB_URL` nor a project-local
-  evolver was configured. The shared `_runtimePaths.js` helper now falls
-  back to `~/.evolver/memory/evolution/memory_graph.jsonl`, creating the
-  directory on first write. The same helper teaches both
-  `evolver-session-start.js` and `evolver-session-end.js` to resolve the
-  package root via `require.resolve('@evomap/evolver/package.json')`,
-  which works for npm-global installs where the relative `../../..` walk
-  used to escape the package.
-
-- **`evolver-session-end.js` no longer prints "system cannot find the
-  path" noise on Windows (#537).** The script now invokes git via
-  `spawnSync('git', [...], { shell: false })` with an argv array, which
-  avoids the POSIX `2>/dev/null` redirection that cmd.exe rejected. Failed
-  invocations (e.g. `HEAD~1` in a fresh repo) are detected by reading
-  `res.status` explicitly instead of relying on stderr suppression.
-
-- **`setup-hooks --uninstall` now cleans up everything it installed
-  (#538).** Three regressions fixed:
-  - The Codex adapter now removes the `codex_hooks = true` line from
-    `~/.codex/config.toml` and drops the surrounding `[features]` block
-    when it becomes empty. Other unrelated entries under `[features]` are
-    preserved.
-  - All four markdown-injecting adapters (Claude Code, Codex, Kiro,
-    opencode) share a new `removeMarkedSection()` helper that correctly
-    skips the evolver-owned `## Evolution Memory` heading before searching
-    for the next H2. The previous inline implementations matched evolver's
-    own heading and left the entire injected section in CLAUDE.md /
-    AGENTS.md.
-  - `removeHookScripts()` now `console.warn`s when an `unlink` fails so
-    Windows file-locking and permission failures stop being silent.
-  - The Claude Code and Codex `uninstall` paths filter evolver-owned
-    entries by command match even when the `_evolver_managed` marker is
-    missing (older installs, hand-edited files), preventing stale
-    `evolver-session-*` entries from being stranded.
-
-- **`setup-hooks` no longer overwrites existing user hooks under the same
-  event (#539).** The new `mergeWithHooksUnion()` keeps the user's own
-  Stop / SessionStart / PostToolUse entries while adding (or refreshing)
-  evolver-owned entries, identified by the command containing
-  `evolver-session` or `evolver-signal`. Reinstalls refresh the evolver
-  entry instead of duplicating it. This applies to both the matcher shape
-  used by Claude Code (`{matcher, hooks: [{type, command}]}`) and the
-  flat shape used by Codex (`{type, command}`).
-
-### Removed
-
-- **`FEISHU_EVOLVER_INTERVAL` env fallback for `pendingSleepMs` is no longer
-  read.** Part of removing all Feishu-specific naming from evolver core (#65).
-  Users who relied on this variable to override the pending-sleep interval
-  must switch to `EVOLVE_PENDING_SLEEP_MS` (or its older alias
-  `EVOLVE_MIN_INTERVAL`); both are still honored and have been the
-  documented names for this knob. Without an override, `pendingSleepMs`
-  now falls back to its existing 120000 ms default.
-
-### Security
-
-- **All Hub-facing HTTP calls now go through `hubFetch()`, a single
-  chokepoint that enforces both `https://` schema and TLS certificate
-  verification (C1 PR-2 Step 2).** `src/gep/hubFetch.js` rejects any URL
-  that does not parse as `https://` and passes an explicit
-  `undici.Agent({ connect: { rejectUnauthorized: true } })` as the request
-  dispatcher, making certificate verification immune to
-  `NODE_TLS_REJECT_UNAUTHORIZED=0`. Schema validation lives in `hubFetch`
-  itself (not only in `resolveHubUrl()`) because several hot paths —
-  `httpTransportSend`, `getHubUrl()`, per-call `opts.hubUrl`, proxy
-  `this.hubUrl` — bypass `resolveHubUrl()` and read env vars directly;
-  putting the check in the fetch wrapper means it cannot be bypassed.
-  Affected modules: `a2aProtocol`, `hubVerify`, `directoryClient`,
-  `hubReview`, `hubSearch`, `taskReceiver`, `skillPublisher`,
-  `validator/index`, `validator/reporter`, `validator/stakeBootstrap`,
-  `memoryGraph`, `proxy/lifecycle/manager`, `proxy/sync/inbound`,
-  `proxy/sync/outbound` (14 modules, 22 call sites). New runtime
-  dependency: `undici` (Node bundles it internally but its `Agent` is
-  not interface-compatible with the global `fetch` — both must come from
-  the same package, hence the explicit dep). Set
-  `EVOMAP_HUB_ALLOW_INSECURE=1` to bypass BOTH protections (local dev /
-  mock hub on http:// or self-signed cert; same gate as Step 1).
-  Integration test in `test/hubFetch.test.js` spins up a real HTTPS
-  server with a self-signed cert and asserts `hubFetch` rejects even
-  when `NODE_TLS_REJECT_UNAUTHORIZED=0` is set globally — proving the
-  documented attack is blocked end-to-end.
-
-- **`resolveHubUrl()` now rejects non-`https://` Hub URLs (C1 PR-2 Step 1).**
-  Passing an `http://`, `ws://`, or unparseable string as `A2A_HUB_URL` /
-  `EVOMAP_HUB_URL` / `EVOLVER_DEFAULT_HUB_URL` now throws at call time rather
-  than silently returning a plaintext URL. This prevents a misconfigured or
-  attacker-controlled env var from downgrading heartbeat + capsule-publish
-  traffic to cleartext (MITM → arbitrary code injection via hub directives).
-  Local dev and mock-hub integration tests that need a non-TLS endpoint must
-  set `EVOMAP_HUB_ALLOW_INSECURE=1`; any value other than exactly `"1"` is
-  treated as absent. Do **not** use `NODE_ENV` for this gate — it is not stable
-  in `npm`-global installs.
-
-### Changed
-
-- **`--loop` daemon now defaults `EVOLVE_BRIDGE` to `'true'` (#96).**
-  The previous default of `'false'` made the daemon observe-only by
-  default: every cycle hit `rejectPendingRun(reason=loop_bridge_disabled_autoreject_no_rollback)`
-  and produced no `EvolutionEvent`. On Aurora this manifested as 33 days
-  of empty cycling. With the new default, the daemon actually applies
-  pending runs to the working tree. Failed cycles still recover safely
-  via `rollbackTracked` (mode=stash by default since v1.81.0): the
-  partial diff gets pushed to a stash entry the user can recover with
-  `git stash list | grep evolver-rollback` followed by `git stash pop`.
-  The daemon prints a safety banner on start documenting both the new
-  default and the recovery breadcrumb. Set `EVOLVE_BRIDGE=false`
-  explicitly to opt back into observe-only mode (the banner reflects
-  this choice as well). Operators upgrading should be aware that
-  `--loop` is no longer side-effect-free by default.
-- **Daemon-mode `unhandledRejection` handler uses a sliding window (5
-  rejections within 5 minutes) instead of a cumulative process-lifetime
-  counter (#70).** Previously, four harmless rejections spread over days
-  plus a fifth unrelated one would terminate a long-running daemon for
-  noise; a cluster within a short window is the actual failure-cascade
-  signal. The stderr format also changed: each rejection log now reads
-  `Unhandled promise rejection (N in window):` and the exit line reads
-  `N unhandled rejections within 300s. Exiting...` — operators parsing
-  these lines should update their match patterns.
-- **First-run `getNodeId()` fallback now generates a random ID instead of
-  hashing the device fingerprint (#71).** Previously, two installs cloned
-  from the same VM image before either had run evolver would compute
-  identical node IDs (same hostname / MAC / agent name / cwd → same
-  SHA-256). The new fallback emits 12 random hex characters; format and
-  persistence behaviour are unchanged. Existing installs already have a
-  persisted node ID from a prior run and never re-enter this path, so this
-  is not a migration. The startup warning text changed accordingly — any
-  log scraper matching `"Computing node ID from device fingerprint"`
-  should switch to `"Generating a fresh node ID"`.
-- **`engines.node` tightened from `>=22` to `>=22.12`.** This release switches
-  `src/gep/contentHash.js` from an inlined SHA-256/canonicalize implementation
-  to a thin facade that `require()`s `@evomap/gep-sdk` (an ESM-only package).
-  `require()` of synchronous ESM was only unflagged in Node 22.12.0 (Dec
-  2024); on 22.0–22.11 the call throws `ERR_REQUIRE_ESM` without
-  `--experimental-require-module`. Users on those versions must upgrade Node
-  before installing `@evomap/evolver` 1.84.0+.
-- **New runtime dependency: `@evomap/gep-sdk@^1.2.0`.** This package now owns
-  the GEP protocol surface (schemas, spec, `SCHEMA_VERSION`, `canonicalize`,
-  `computeAssetId`, `verifyAssetId`) for every implementation in the
-  ecosystem. Replaces four hand-maintained copies that drove the v1.80.8
-  `"explore"` enum drift incident. The 13 internal callsites that
-  `require('./contentHash')` keep working unchanged via a re-export facade.
-- **`EVOLVER_ROLLBACK_MODE` default is now `stash` (was `hard`).** Previously a
-  failed solidify cycle ran `git reset --hard`, silently discarding uncommitted
-  work in the host repo. The `stash` branch always existed and was the safer
-  choice; only the default needed flipping. To restore the prior destructive
-  behaviour explicitly, set `EVOLVER_ROLLBACK_MODE=hard`.
-
-### Fixed
-
-- **`buildAutoGene` no longer emits evolver-internal validation commands when
-  running in non-evolver host repos.** Auto-generated genes used to embed
-  `node scripts/validate-modules.js …` and `node scripts/validate-suite.js`,
-  paths that only exist inside the evolver repo itself. In any third-party host
-  those scripts are missing, so validation always failed → soft-failure →
-  rollback discarded the user's working tree. New helper
-  `isInsideEvolverRepo(repoRoot)` (detected via `package.json` name
-  `@evomap/evolver`) gates this behaviour; in foreign repos validation falls
-  back to the portable `git diff --check`.
-- **`rollbackNewUntrackedFiles` now skips files whose mtime predates the cycle
-  start.** The previous baseline-only filter could delete files the user
-  created in a parallel editor between baseline capture and rollback.
-  `cycleStartedAt` (sourced from `last_run.created_at`) is now passed through
-  from the solidify call site as an mtime guard. Behaviour is unchanged when
-  the parameter is omitted (legacy callers, unit tests).
-
-## [1.80.7] - 2026-05-15
-
-### Added
-
-- **Formally declare Node.js >=22 engine requirement (`package.json`).** The
-  test suite uses `--test-isolation=process` (Node 22+). This field makes the
-  constraint explicit to package managers and CI environments so they surface
-  a clear error instead of a cryptic flag-not-found failure.
-
-### Fixed
-
-- **A2A inbound integrity filter: restore symmetric `asset_id` verification.**
-  `httpTransportReceive` was excluding the `a2a` field when recomputing the
-  `asset_id` of received assets, creating an asymmetry with the publish path
-  where `solidify` sets `capsule.a2a` *before* `buildPublishBundle` hashes the
-  asset. This caused every legitimately published capsule to fail the integrity
-  check and be silently discarded. The filter now calls `computeAssetId(asset)`
-  with only `asset_id` excluded (matching the publish-side default), and the
-  comment clarifies that `lowerConfidence` annotations are applied client-side
-  *after* verification, not by the Hub on stored assets.
-
-- **GEP test isolation: scope `--test-isolation=process` to
-  `solidifyIntegration.test.js` only.** Previously the flag ran across all
-  test files, which doubled wall-clock time on CI for no benefit. Other test
-  files run in the same process and share setup cleanly.
-
-- **HUB_DRY_RUN single source of truth.** Extracted `_isDryRun()` helper in
-  `a2aProtocol.js`; `publishSkillChannel` in `skill2gep.js` now delegates to
-  `a2a._isDryRun()` instead of duplicating the env-var check inline.
-
-## [1.80.1] - 2026-05-07
-
-### Fixed
-
-- **Validator: stop flooding the Hub with `env_fail` reports when the local
-  toolchain cannot run `node <script>` (issues #11, #15).** The validator
-  daemon now runs a one-shot preflight self-test on startup
-  (`runPreflight()` in `sandboxExecutor.js`) that writes a trivial script to
-  the sandbox and confirms `spawn('node', [...])` exits with code 0. If the
-  preflight fails (no `node` on PATH for headless invocations, missing exec
-  perm, unwritable TMPDIR, ...) the validator role is **skipped** instead of
-  posting `commands_passed=0, duration_ms=1` reports for every Hub-issued
-  task. A user-visible warning is printed once with the diagnostic stderr
-  tail so the operator can fix the host. Restart `evolver` after fixing PATH
-  to re-enable the validator role. Validator preflight result is exposed via
-  `getValidatorDaemonStats().preflight`.
-
-### Added
-
-- **Validator report diagnostics: per-command summaries + `failure_class`
-  on every `ValidationReport` (issues #11, #15).** Each report now carries
-  a top-level `failure_class` (one of `ok`, `parse_failed`,
-  `executable_not_allowed`, `sandbox_block_node_flag`, `spawn_failed`,
-  `timeout`, `exit_nonzero`, `unknown`) and a bounded `commands` array
-  (capped at 8 entries) where each entry has `cmd`, `ok`, `exit_code`,
-  `duration_ms`, `timed_out`, `failure_class`, and a 240-char `stderr_tail`.
-  This lets the Hub-side classifier distinguish "Gene shipped legacy
-  `node -e \"...\"` and the hardened sandbox rejected it" (a Hub/Gene
-  incompatibility, route via `sandbox_block_node_flag`) from "validator
-  host has no `node` binary" (genuine `env_fail`) instead of lumping both
-  together. Older Hubs that ignore unknown payload fields keep working
-  unchanged.
-
-## [1.80.0] - 2026-05-07
-
-### Added
-
-- **First-party opencode adapter (issue #523).** `evolver setup-hooks
-  --platform=opencode` now installs a managed plugin at
-  `.opencode/plugins/evolver.js` plus the three evolver hook scripts in
-  `.opencode/hooks/`. The plugin wires opencode's `session.created`,
-  `session.idle`, and `tool.execute.after` events to the existing
-  `evolver-session-start.js` / `evolver-session-end.js` /
-  `evolver-signal-detect.js` filters, so the runtime behavior matches
-  Cursor / Claude Code / Codex / Kiro.
-
-  Works with both project-level (`./.opencode/`) and user-level
-  (`~/.opencode/`) installs. The plugin file is marked
-  `_evolver_managed: true` on the first line so `--uninstall` only
-  removes evolver-managed files and leaves user-authored plugins in
-  `.opencode/plugins/` alone. Restart opencode after install to load
-  the plugin.
-
-  See README for the platform table.
-
-## [1.79.1] - 2026-05-06
-
-### Fixed
-
-- **Windows cmd-popup loop on suicide-respawn (issue #528).** On Windows,
-  `child_process.spawn(detached: true, windowsHide: true)` allocates a new
-  conhost (cmd) window every time -- `windowsHide` is silently ignored in
-  detached mode, see Node.js child_process docs. So every time the daemon
-  hit `EVOLVER_MAX_CYCLES` (default 100) or `EVOLVER_MAX_RSS_MB` (default
-  500) and ran the suicide-respawn, Windows users saw a new cmd popup.
-  v1.79.0 made this worse by adding a third spawn site for the cycle
-  hard-timeout, copying the same buggy options.
-
-  The two in-process spawn sites are now consolidated into one helper
-  `spawnReplacementProcess()` that, on Windows, defaults to *not*
-  spawning. Instead the daemon `process.exit(1)`s and lets an external
-  supervisor restart it. Compatible supervisors:
-
-  - NSSM (Non-Sucking Service Manager).
-  - pm2-windows-startup.
-  - Windows Task Scheduler with "On failure: restart" rule.
-
-  Users who explicitly want the in-process respawn (and accept the cmd
-  popups) can opt back in with `EVOLVER_SUICIDE_WINDOWS=true`.
-
-  No behavior change on macOS/Linux.
-
-### Notes on the original report
-
-The reporter's auto-generated diagnosis attributed a separate symptom
-("`evolver buy/orders/publish` subcommands break the daemon") to lock
-contention on `evolver.pid`. That hypothesis is incorrect: subcommands
-do not call `acquireLock()` -- only `--loop` does. What the reporter
-observed was the same suicide-respawn cycle ending exactly when a
-subcommand happened to run, and the new conhost popup made it look like
-the subcommand caused it. Fixing the popup also fixes the perceived
-"daemon got killed" symptom.
-
-## [1.79.0] - 2026-05-06
-
-### Fixed
-
-- **Cycle hard-timeout watchdog (issue #19).** The daemon main loop in
-  `index.js` previously called `await evolve.run()` with no upper bound,
-  so a single hung cycle (unclosed socket, stalled LLM call, etc.) could
-  freeze the process indefinitely. One reporter observed cycle #5372
-  stuck for 22 days at 0% CPU.
-
-  `evolve.run()` is now wrapped in `Promise.race(evolvePromise,
-  cycleTimeoutPromise)`. When the timeout fires, the daemon emits a
-  `[Daemon] Cycle hard-timeout exceeded after Nms (cycle=N, phase=Y)`
-  diagnostic, force-spawns a replacement process, and exits with code 1
-  so a host wrapper observes the dead pid.
-
-  New environment variables (both opt-out, default-on):
-
-  - `EVOLVER_CYCLE_TIMEOUT_ENABLED` (default `true`).
-  - `EVOLVER_CYCLE_TIMEOUT_MS` (default `2700000`, i.e. 45 minutes).
-  - `EVOLVER_PROGRESS_UPDATE_MS` (default `60000`).
-
-### Added
-
-- **`memory/evolution/cycle_progress.json` heartbeat.** The daemon now
-  atomically writes a small JSON heartbeat at cycle start, every 60s
-  while `evolve.run()` is in flight, and again at sleep entry. External
-  watchdogs can poll `updated_at` to detect a true freeze (the file
-  stays stale for >30 minutes only when the inner event loop is
-  genuinely hung; normal long LLM cycles still refresh it via the
-  60-second ticker).
-
-  Schema:
-
-  ```json
-  { "pid": 12345, "outer_cycle": 5372, "inner_cycle": 17,
-    "started_at": 1746543112000, "phase": "evolve.run|sleep|cycle_timeout_respawn",
-    "updated_at": 1746543210000 }
-  ```
-
-  Regression tests: `test/cycleHardTimeout.test.js` (11 cases) and
-  `test/cycleProgressFile.test.js` (4 cases).
-
-
-## [1.78.9] - 2026-05-04
-
-### Fixed
-
-- **`AGENT_SESSIONS_DIR` override silently ignored (issue #527).**
-  `src/evolve.js` resolved the OpenClaw sessions directory at module
-  load time with a hard-coded `os.homedir()/.openclaw/agents/<name>/sessions`
-  path, bypassing `process.env.AGENT_SESSIONS_DIR` and
-  `EVOLVER_SESSION_SCOPE`. On Windows and any non-standard OpenClaw
-  layout (including `D:\openclaw\data\.openclaw\agents\...`), session
-  logs were never read and every cycle surfaced
-  `[NO SESSION LOGS FOUND]`, forcing the LLM to fall back to its own
-  memory and appear to "cycle emptily".
-
-  The module-level `AGENT_SESSIONS_DIR` now delegates to
-  `getAgentSessionsDir()` from `src/gep/paths.js`, which was already the
-  intended single source of truth. `diagnoseSessionSourceEmpty()` reuses
-  the same resolution when the caller does not inject a custom
-  `homedir` / `agentName` pair, so diagnostic output now matches what
-  the runtime actually reads.
-
-  `getAgentSessionsDir()` precedence, unchanged:
-  1. `process.env.AGENT_SESSIONS_DIR` (explicit override)
-  2. `workspace-<agent>` prefix in `EVOLVER_SESSION_SCOPE`
-  3. `AGENT_NAME` (defaults to `main`)
-
-  Regression test: `test/evolveSessionsDir.test.js` (8 cases).
-
-
-## [1.78.8] - 2026-05-04
-
-### Added
-
-- **Built-in memory_graph.jsonl rotation (issue #519).** Long-running
-  nodes previously accumulated multi-GB `memory/evolution/memory_graph.jsonl`
-  files; one reporter observed 1.8 GB / 378k lines after 48h. Evolver now
-  rotates the active file when it crosses a size threshold:
-  - `EVOLVER_MEMORY_GRAPH_AUTO_ROTATE` (default `true`) enables rotation.
-  - `EVOLVER_MEMORY_GRAPH_MAX_SIZE_MB` (default `100`) triggers rotation.
-  - `EVOLVER_MEMORY_GRAPH_RETENTION_COUNT` (default `7`) caps how many
-    rotated `memory_graph.jsonl.<ts>.gz` archives are kept on disk.
-  - A startup pass rotates an already-oversized file on the next evolver
-    start, so pre-existing giant files are handled automatically.
-  - Rotation checks are throttled (once every ~30s or every 100 writes)
-    so the write path stays cheap. Pruning and gzip compression run
-    best-effort and never block the write path.
-  - Regression test at `test/memoryGraphRotation.test.js`.
-
-
-## [1.78.7] - 2026-05-03
-
-### Fixed
-
-- **`EVOLVER_REPO_ROOT` set in `.env` is now honored (chicken-and-egg fix).**
-  `index.js` previously called `getRepoRoot()` to locate the `.env` file
-  before `dotenv` had a chance to populate `EVOLVER_REPO_ROOT` from that
-  very file, and `getRepoRoot()` cached the `.git`-walk result on first
-  call -- so any `EVOLVER_REPO_ROOT` declared in `.env` was silently
-  ignored and evolver ran against the wrong repository (often
-  `node_modules/@evomap/evolver` itself on local npm installs). Fix:
-  - Bootstrap now loads `.env` from `process.cwd()` first (independent
-    of any cache) so an `EVOLVER_REPO_ROOT` declared there takes effect
-    immediately.
-  - `getRepoRoot()` re-reads `process.env.EVOLVER_REPO_ROOT` on every
-    call and overrides the cache when the env var is set, so any
-    override populated by a later `.env` load propagates cleanly.
-  - Regression test at `test/paths.test.js` covers the "env set AFTER
-    first getRepoRoot call" path. Reported in #526.
-
-
-## [1.78.1] - 2026-05-02
-
-### Fixed
-
-- **Capsule publish payloads now attach a hub-shape `execution_trace` array**
-  (`src/gep/solidify.js`). Previously the trace object was only written onto
-  the sibling `EvolutionEvent`; the `Capsule` itself went out with no trace,
-  so every Capsule on the hub was flagged `trace_empty` and triggered the
-  `capsule-trace-enforce] would-reject` alert stream (~530 rejects / 15 min
-  in prod). The array form is synthesized from the existing
-  `validation.results`, `blast` and `canary` data -- no new data capture --
-  with each step carrying `stage` + `cmd` + `exit` to satisfy
-  `capsuleTraceQualityService`'s shape check. Anti-pattern publishes
-  (`EVOLVER_PUBLISH_ANTI_PATTERNS=true`) get the same treatment.
-
-### Internal
-
-- New exported helper `buildCapsuleTraceSteps(...)` in `src/gep/solidify.js`
-  with a regression test at `test/capsuleExecutionTrace.test.js` that
-  replicates the hub's shape gates, so a drift on either end breaks CI before
-  it inflates production alerts.
-
-## [1.78.0] - earlier
-
-- `evolver sync --scope` and `--export .gepx` for full-account asset
-  downloads. See `618e451`.