npm - @evomap/evolver - Versions diffs - 1.89.4 → 1.89.5 - Mend

@evomap/evolver 1.89.4 → 1.89.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (105) hide show

package/CONTRIBUTING.md +19 -0
package/README.md +536 -86
package/assets/cover.png +0 -0
package/index.js +87 -7
package/package.json +17 -6
package/scripts/a2a_export.js +63 -0
package/scripts/a2a_ingest.js +79 -0
package/scripts/a2a_promote.js +118 -0
package/scripts/analyze_by_skill.js +121 -0
package/scripts/build_binaries.js +479 -0
package/scripts/check-changelog.js +166 -0
package/scripts/extract_log.js +85 -0
package/scripts/generate_history.js +75 -0
package/scripts/gep_append_event.js +96 -0
package/scripts/gep_personality_report.js +234 -0
package/scripts/human_report.js +147 -0
package/scripts/recall-verify-report.js +234 -0
package/scripts/recover_loop.js +61 -0
package/scripts/refresh_stars_badge.js +168 -0
package/scripts/seed-merchants.js +91 -0
package/scripts/suggest_version.js +89 -0
package/scripts/validate-modules.js +38 -0
package/scripts/validate-suite.js +78 -0
package/skills/index.json +14 -0
package/src/adapters/scripts/_runtimePaths.js +1 -0
package/src/adapters/scripts/evolver-session-end.js +1 -0
package/src/adapters/scripts/evolver-session-start.js +1 -0
package/src/evolve/guards.js +1 -721
package/src/evolve/pipeline/collect.js +1 -1283
package/src/evolve/pipeline/dispatch.js +1 -421
package/src/evolve/pipeline/enrich.js +1 -440
package/src/evolve/pipeline/hub.js +1 -319
package/src/evolve/pipeline/select.js +1 -274
package/src/evolve/pipeline/signals.js +1 -206
package/src/evolve/utils.js +1 -264
package/src/evolve.js +1 -350
package/src/gep/a2aProtocol.js +1 -4455
package/src/gep/antiAbuseTelemetry.js +1 -233
package/src/gep/autoDistillConv.js +1 -205
package/src/gep/autoDistillLlm.js +1 -315
package/src/gep/candidateEval.js +1 -92
package/src/gep/candidates.js +1 -198
package/src/gep/contentHash.js +1 -30
package/src/gep/conversationSniffer.js +1 -266
package/src/gep/crypto.js +1 -89
package/src/gep/curriculum.js +1 -163
package/src/gep/deviceId.js +1 -218
package/src/gep/envFingerprint.js +1 -118
package/src/gep/epigenetics.js +1 -31
package/src/gep/execBridge.js +1 -711
package/src/gep/explore.js +1 -289
package/src/gep/hash.js +1 -15
package/src/gep/hubFetch.js +1 -359
package/src/gep/hubReview.js +1 -207
package/src/gep/hubSearch.js +1 -526
package/src/gep/hubVerify.js +1 -306
package/src/gep/idleScheduler.js +6 -1
package/src/gep/learningSignals.js +1 -89
package/src/gep/memoryGraph.js +1 -1374
package/src/gep/memoryGraphAdapter.js +1 -203
package/src/gep/mutation.js +1 -203
package/src/gep/narrativeMemory.js +1 -108
package/src/gep/openPRRegistry.js +1 -205
package/src/gep/personality.js +1 -423
package/src/gep/policyCheck.js +1 -599
package/src/gep/prompt.js +1 -836
package/src/gep/recallInject.js +1 -409
package/src/gep/recallVerifier.js +1 -318
package/src/gep/reflection.js +1 -177
package/src/gep/selector.js +1 -602
package/src/gep/skillDistiller.js +1 -1294
package/src/gep/solidify.js +1 -1699
package/src/gep/strategy.js +1 -136
package/src/gep/tokenSavings.js +1 -88
package/src/gep/workspaceKeychain.js +1 -174
package/src/ops/lifecycle.js +17 -4
package/src/proxy/extensions/traceControl.js +1 -99
package/src/proxy/index.js +206 -1
package/src/proxy/inject.js +1 -52
package/src/proxy/lifecycle/manager.js +12 -0
package/src/proxy/mailbox/store.js +29 -6
package/src/proxy/router/responses_route.js +157 -0
package/src/proxy/server/http.js +13 -4
package/src/proxy/server/routes.js +11 -1
package/src/proxy/sync/engine.js +7 -1
package/src/proxy/sync/outbound.js +32 -4
package/src/proxy/trace/extractor.js +1 -646
package/src/proxy/trace/usage.js +1 -105
package/.cursor/BUGBOT.md +0 -182
package/.env.example +0 -68
package/.git-commit-guard-token +0 -1
package/.github/CODEOWNERS +0 -63
package/.github/ISSUE_TEMPLATE/good_first_issue.md +0 -23
package/.github/pull_request_template.md +0 -45
package/.github/workflows/test.yml +0 -75
package/CHANGELOG.md +0 -1237
package/README.public.md +0 -569
package/SECURITY.md +0 -108
package/assets/gep/events.jsonl +0 -3
package/examples/atp-consumer-quickstart.md +0 -100
package/examples/hello-world.md +0 -38
package/proxy-package.json +0 -39
package/public.manifest.json +0 -143
/package/assets/gep/{genes.json → genes.seed.json} +0 -0
/package/{bundled-skills → skills}/_meta/SKILL.md +0 -0

package/CONTRIBUTING.md ADDED Viewed

@@ -0,0 +1,19 @@
+## Contributing
+Thank you for contributing. Please follow these rules:
+- Do not use emoji (except the DNA emoji in documentation if needed).
+- Keep changes small and reviewable.
+- Update related documentation when you change behavior.
+- Run `node index.js` for a quick sanity check.
+Submit PRs with clear intent and scope.
+### Engineering conventions
+- **Spawn child CLIs as `node <entry.js>` — never via a `.cmd` shim, npm symlink, or bare command name.** When launching a harness/tool subprocess (claude-code, openclaw, codex, ...), resolve the JS entry behind the launcher and hand it to `node` directly. Two reasons:
+  1. On Windows, `child_process.spawn` without `shell:true` on a `.cmd`/`.bat` throws `EINVAL` since the CVE-2024-27980 fix (Node >=18.20.2 / 20.12.2 / 21.7.3) — this silently broke the auto-exec bridge on Windows.
+  2. Across platforms, shims/wrappers can emit warnings or silently exit on some machines. `node <entry>` is zero-shell, deterministic, and passes args via argv (no shell-injection surface).
+  `runChild` in `src/gep/execBridge.js` implements this for Windows npm shims (`_resolveNpmCmdShim`: parse the shim's `"%dp0%\<entry>" %*` exec line and rewrite `(bin, args)` -> `(process.execPath, [<entry>, ...args])`), falling back to the original target when it is not a recognized npm shim. POSIX binaries / wrappers spawn natively and are left unchanged. A unit test (`test/execBridgeSpawnNpmShim.test.js`) enforces the parser.