npm - @haaaiawd/second-nature - Versions diffs - 0.1.24 → 0.1.26 - Mend

@haaaiawd/second-nature 0.1.24 → 0.1.26

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (47) hide show

package/runtime/guidance/outreach-draft-schema.d.ts CHANGED Viewed

@@ -97,6 +97,46 @@ export declare const sceneGuidanceRequestSchema: z.ZodObject<{
         "zh-CN": "zh-CN";
     }>>;
 }, z.core.$strip>;
+export declare const outreachNarrativeContextSchema: z.ZodObject<{
+    focus: z.ZodOptional<z.ZodString>;
+    progress: z.ZodOptional<z.ZodArray<z.ZodString>>;
+    nextIntent: z.ZodOptional<z.ZodString>;
+    sourceRefs: z.ZodOptional<z.ZodArray<z.ZodObject<{
+        id: z.ZodString;
+        kind: z.ZodEnum<{
+            platform_item: "platform_item";
+            workspace_artifact: "workspace_artifact";
+            decision_record: "decision_record";
+            user_anchor: "user_anchor";
+            connector_result: "connector_result";
+            host_report: "host_report";
+            fallback_artifact: "fallback_artifact";
+        }>;
+        uri: z.ZodString;
+        excerptHash: z.ZodOptional<z.ZodString>;
+        observedAt: z.ZodOptional<z.ZodString>;
+    }, z.core.$strip>>>;
+}, z.core.$strip>;
+export declare const outreachRelationshipContextSchema: z.ZodObject<{
+    tone: z.ZodOptional<z.ZodString>;
+    topicAffinities: z.ZodOptional<z.ZodArray<z.ZodString>>;
+    avgAffinity: z.ZodOptional<z.ZodNumber>;
+    sourceRefs: z.ZodOptional<z.ZodArray<z.ZodObject<{
+        id: z.ZodString;
+        kind: z.ZodEnum<{
+            platform_item: "platform_item";
+            workspace_artifact: "workspace_artifact";
+            decision_record: "decision_record";
+            user_anchor: "user_anchor";
+            connector_result: "connector_result";
+            host_report: "host_report";
+            fallback_artifact: "fallback_artifact";
+        }>;
+        uri: z.ZodString;
+        excerptHash: z.ZodOptional<z.ZodString>;
+        observedAt: z.ZodOptional<z.ZodString>;
+    }, z.core.$strip>>>;
+}, z.core.$strip>;
 export declare const outreachDraftRequestSchema: z.ZodObject<{
     requestId: z.ZodString;
     runtimeScope: z.ZodEnum<{
@@ -177,6 +217,46 @@ export declare const outreachDraftRequestSchema: z.ZodObject<{
         excerptHash: z.ZodOptional<z.ZodString>;
         observedAt: z.ZodOptional<z.ZodString>;
     }, z.core.$strip>>;
+    narrativeContext: z.ZodOptional<z.ZodObject<{
+        focus: z.ZodOptional<z.ZodString>;
+        progress: z.ZodOptional<z.ZodArray<z.ZodString>>;
+        nextIntent: z.ZodOptional<z.ZodString>;
+        sourceRefs: z.ZodOptional<z.ZodArray<z.ZodObject<{
+            id: z.ZodString;
+            kind: z.ZodEnum<{
+                platform_item: "platform_item";
+                workspace_artifact: "workspace_artifact";
+                decision_record: "decision_record";
+                user_anchor: "user_anchor";
+                connector_result: "connector_result";
+                host_report: "host_report";
+                fallback_artifact: "fallback_artifact";
+            }>;
+            uri: z.ZodString;
+            excerptHash: z.ZodOptional<z.ZodString>;
+            observedAt: z.ZodOptional<z.ZodString>;
+        }, z.core.$strip>>>;
+    }, z.core.$strip>>;
+    relationshipContext: z.ZodOptional<z.ZodObject<{
+        tone: z.ZodOptional<z.ZodString>;
+        topicAffinities: z.ZodOptional<z.ZodArray<z.ZodString>>;
+        avgAffinity: z.ZodOptional<z.ZodNumber>;
+        sourceRefs: z.ZodOptional<z.ZodArray<z.ZodObject<{
+            id: z.ZodString;
+            kind: z.ZodEnum<{
+                platform_item: "platform_item";
+                workspace_artifact: "workspace_artifact";
+                decision_record: "decision_record";
+                user_anchor: "user_anchor";
+                connector_result: "connector_result";
+                host_report: "host_report";
+                fallback_artifact: "fallback_artifact";
+            }>;
+            uri: z.ZodString;
+            excerptHash: z.ZodOptional<z.ZodString>;
+            observedAt: z.ZodOptional<z.ZodString>;
+        }, z.core.$strip>>>;
+    }, z.core.$strip>>;
 }, z.core.$strip>;
 export type SceneGuidanceRequest = z.infer<typeof sceneGuidanceRequestSchema>;
 export type OutreachDraftRequest = z.infer<typeof outreachDraftRequestSchema>;
@@ -212,6 +292,30 @@ export declare function safeParseOutreachDraftRequest(input: unknown): z.ZodSafe
         fallbackRef?: string | undefined;
     } | undefined;
     language?: "en-US" | "zh-CN" | undefined;
+    narrativeContext?: {
+        focus?: string | undefined;
+        progress?: string[] | undefined;
+        nextIntent?: string | undefined;
+        sourceRefs?: {
+            id: string;
+            kind: "platform_item" | "workspace_artifact" | "decision_record" | "user_anchor" | "connector_result" | "host_report" | "fallback_artifact";
+            uri: string;
+            excerptHash?: string | undefined;
+            observedAt?: string | undefined;
+        }[] | undefined;
+    } | undefined;
+    relationshipContext?: {
+        tone?: string | undefined;
+        topicAffinities?: string[] | undefined;
+        avgAffinity?: number | undefined;
+        sourceRefs?: {
+            id: string;
+            kind: "platform_item" | "workspace_artifact" | "decision_record" | "user_anchor" | "connector_result" | "host_report" | "fallback_artifact";
+            uri: string;
+            excerptHash?: string | undefined;
+            observedAt?: string | undefined;
+        }[] | undefined;
+    } | undefined;
 }>;
 /** Async seam for generative outreach copy (implementation lives outside control-plane). */
 export interface GuidanceDraftPort {

package/runtime/guidance/outreach-draft-schema.js CHANGED Viewed

@@ -54,6 +54,18 @@ export const sceneGuidanceRequestSchema = z.object({
     deliveryContext: deliveryExpressionContextSchema.optional(),
     language: z.enum(["zh-CN", "en-US"]).optional(),
 });
+export const outreachNarrativeContextSchema = z.object({
+    focus: z.string().optional(),
+    progress: z.array(z.string()).optional(),
+    nextIntent: z.string().optional(),
+    sourceRefs: z.array(guidanceSourceRefSchema).optional(),
+});
+export const outreachRelationshipContextSchema = z.object({
+    tone: z.string().optional(),
+    topicAffinities: z.array(z.string()).optional(),
+    avgAffinity: z.number().optional(),
+    sourceRefs: z.array(guidanceSourceRefSchema).optional(),
+});
 export const outreachDraftRequestSchema = sceneGuidanceRequestSchema
     .extend({
     sceneType: z.enum(["outreach", "fallback_candidate"]),
@@ -62,6 +74,8 @@ export const outreachDraftRequestSchema = sceneGuidanceRequestSchema
     judgmentVerdict: z.enum(["allow", "deny", "defer"]),
     valueScore: z.number(),
     interestRefs: z.array(guidanceSourceRefSchema),
+    narrativeContext: outreachNarrativeContextSchema.optional(),
+    relationshipContext: outreachRelationshipContextSchema.optional(),
 })
     .superRefine((val, ctx) => {
     if (!val.deliveryContext) {

package/runtime/observability/audit/audit-envelope.d.ts CHANGED Viewed

@@ -1,6 +1,6 @@
 import { type RedactionManifest as FieldRedactionManifest } from "../redaction/manifest.js";
 export type AuditPlane = "decision" | "delivery" | "source_coverage" | "governance" | "telemetry";
-export type AuditEventFamily = "heartbeat.decision" | "delivery" | "source_coverage" | "guidance.grounding" | "host_capability" | "connector.attempt" | "state.governance";
+export type AuditEventFamily = "heartbeat.decision" | "delivery" | "source_coverage" | "guidance.grounding" | "host_capability" | "connector.attempt" | "state.governance" | "narrative.trace" | "dream.trace";
 export type AuditEnvelopeSensitivity = "public" | "internal" | "private" | "credential" | "sensitive";
 export interface AuditRedactionManifest {
     manifestId: string;

package/runtime/observability/query/explain-query.d.ts CHANGED Viewed

@@ -25,6 +25,9 @@ export type ExplainQuery = {
 } | {
     kind: "source_ref";
     sourceRefId: string;
+} | {
+    kind: "relationship";
+    relationshipId: string;
 };
 export interface RedactedExplainEvent {
     eventId: string;

package/runtime/observability/query/explain-query.js CHANGED Viewed

@@ -60,6 +60,15 @@ function eventMatchesQuery(envelope, query) {
                 return false;
             }
         }
+        case "relationship": {
+            const needle = query.relationshipId;
+            try {
+                return JSON.stringify(payload).includes(needle);
+            }
+            catch {
+                return false;
+            }
+        }
     }
 }
 function summarizeEnvelope(e) {

package/runtime/observability/services/lived-experience-audit.d.ts CHANGED Viewed

@@ -1,5 +1,6 @@
 import { AppendOnlyAuditStore } from "../audit/append-only-audit-store.js";
 import type { SourceRef } from "../../storage/life-evidence/types.js";
+import type { DreamTrace } from "../../dream/types.js";
 export type RuntimeScope = "rhythm" | "user_task" | "user_reply";
 export type HeartbeatOutcome = "heartbeat_ok" | "intent_selected" | "denied" | "deferred" | "runtime_carrier_only" | "delivery_unavailable";
 export type DeliveryAuditStatus = "not_requested" | "target_available" | "target_none" | "channel_missing" | "host_unsupported" | "ack_dropped" | "sent" | "failed" | "not_sent_fallback";
@@ -66,6 +67,21 @@ export interface GuidanceGroundingAuditPayload {
     deliveryWording?: "sendable" | "not_sent_fallback_candidate";
     createdAt: string;
 }
+export interface NarrativeTracePayload {
+    traceId: string;
+    narrativeId: string;
+    revision: number;
+    updateSource: "heartbeat" | "dream" | "owner" | "maintenance";
+    sourceRefs: Array<{
+        id: string;
+        kind: string;
+        uri?: string;
+    }>;
+    unsupportedClaims: string[];
+    groundingStatus: GroundingStatus;
+    goalInfluenceRefs: string[];
+    createdAt: string;
+}
 export interface ExplainLinkageSummary {
     decisionId: string;
     summary: string;
@@ -92,6 +108,12 @@ export declare class LivedExperienceAuditRecorder {
     recordGuidanceGrounding(payload: GuidanceGroundingAuditPayload): {
         eventId: string;
     };
+    recordNarrativeTrace(payload: NarrativeTracePayload): {
+        eventId: string;
+    };
+    recordDreamTrace(payload: DreamTrace): {
+        eventId: string;
+    };
     explainLinkageForDecision(decisionId: string): ExplainLinkageSummary;
 }
 export declare function createLivedExperienceAuditRecorder(store?: AppendOnlyAuditStore): LivedExperienceAuditRecorder;

package/runtime/observability/services/lived-experience-audit.js CHANGED Viewed

@@ -133,6 +133,36 @@ export class LivedExperienceAuditRecorder {
         }
         return { eventId: envelope.eventId };
     }
+    recordNarrativeTrace(payload) {
+        const seq = this.bumpSequence();
+        const envelope = buildAuditEnvelope({
+            family: "narrative.trace",
+            plane: "source_coverage",
+            traceId: payload.traceId,
+            sequence: seq,
+            payload,
+            previousHash: this.store.lastRecordHash(),
+            eventId: crypto.randomUUID(),
+            createdAt: payload.createdAt,
+        });
+        this.store.append(envelope);
+        return { eventId: envelope.eventId };
+    }
+    recordDreamTrace(payload) {
+        const seq = this.bumpSequence();
+        const envelope = buildAuditEnvelope({
+            family: "dream.trace",
+            plane: "telemetry",
+            traceId: payload.traceId,
+            sequence: seq,
+            payload,
+            previousHash: this.store.lastRecordHash(),
+            eventId: crypto.randomUUID(),
+            createdAt: payload.finishedAt,
+        });
+        this.store.append(envelope);
+        return { eventId: envelope.eventId };
+    }
     explainLinkageForDecision(decisionId) {
         const entry = this.explainIndex.get(decisionId);
         const warnings = [];

package/runtime/shared/types/credential.d.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-export type CredentialState = "missing" | "pending_verification" | "active" | "expired" | "revoked" | "failed";
+export type CredentialState = "missing" | "pending_verification" | "active" | "expired" | "revoked" | "failed" | "decrypt_failed";
 export type CredentialType = "api_key" | "oauth_token" | "node_secret" | "verification_code";
 export interface CredentialContext {
     platformId: string;

package/runtime/storage/chronicle/session-chronicle-store.d.ts CHANGED Viewed

@@ -1,5 +1,5 @@
 import type { StateDatabase } from "../db/index.js";
-export type ChronicleEventKind = "heartbeat" | "connector_action" | "outreach" | "owner_reply" | "dream_run" | "maintenance";
+export type ChronicleEventKind = "heartbeat" | "connector_action" | "outreach" | "owner_reply" | "dream_run" | "maintenance" | "system_notice";
 export interface SourceRef {
     sourceId: string;
     kind: string;

package/runtime/storage/db/schema/narrative-state.d.ts CHANGED Viewed

@@ -99,7 +99,7 @@ export declare const narrativeState: import("drizzle-orm/sqlite-core").SQLiteTab
             name: "confidence";
             tableName: "narrative_state";
             dataType: "number";
-            columnType: "SQLiteInteger";
+            columnType: "SQLiteReal";
             data: number;
             driverParam: number;
             notNull: true;

package/runtime/storage/db/schema/narrative-state.js CHANGED Viewed

@@ -1,11 +1,11 @@
-import { index, sqliteTable, text, integer } from "drizzle-orm/sqlite-core";
+import { index, sqliteTable, text, integer, real } from "drizzle-orm/sqlite-core";
 export const narrativeState = sqliteTable("narrative_state", {
     narrativeId: text("narrative_id").primaryKey(),
     revision: integer("revision").notNull().default(1),
     focus: text("focus").notNull(),
     progressJson: text("progress_json").notNull(),
     nextIntent: text("next_intent").notNull(),
-    confidence: integer("confidence").notNull().default(0),
+    confidence: real("confidence").notNull().default(0),
     sourceRefsJson: text("source_refs_json").notNull(),
     unsupportedClaimsJson: text("unsupported_claims_json").notNull(),
     status: text("status").notNull(),

package/runtime/storage/services/credential-vault.d.ts CHANGED Viewed

@@ -10,4 +10,22 @@ export interface CredentialVault {
     loadCredentialContext(platformId: string): Promise<CredentialContext | null>;
     getCredentialState(platformId: string): Promise<CredentialState>;
 }
+/** T1.4.1 — runtime secret health probe result for a single credential row. */
+export interface CredentialHealthProbe {
+    platformId: string;
+    state: CredentialState | "decrypt_failed";
+    keyHealth: "missing_key" | "wrong_key" | "ok";
+    hasBaseUrl: boolean;
+    diagnosticCode: "missing_runtime_secret" | "credential_recovery_required" | "ok";
+}
+/**
+ * T1.4.1 — probe a credential record for runtime secret health.
+ *
+ * Given a raw encrypted value from the DB, this function checks:
+ * 1. Is SECOND_NATURE_ENCRYPTION_KEY present and >= 32 chars?
+ * 2. Can the ciphertext be decrypted with that key?
+ *
+ * It never throws; all failures are encoded in the returned state.
+ */
+export declare function probeCredentialHealth(platformId: string, encryptedValue: string | undefined | null, baseUrl: string | undefined | null): CredentialHealthProbe;
 export declare function createCredentialVault(db: StateDatabase["db"]): CredentialVault;

package/runtime/storage/services/credential-vault.js CHANGED Viewed

@@ -54,6 +54,58 @@ export function decryptCredentialAtRest(ciphertext) {
         return "";
     return decryptInternal(ciphertext);
 }
+/**
+ * T1.4.1 — probe a credential record for runtime secret health.
+ *
+ * Given a raw encrypted value from the DB, this function checks:
+ * 1. Is SECOND_NATURE_ENCRYPTION_KEY present and >= 32 chars?
+ * 2. Can the ciphertext be decrypted with that key?
+ *
+ * It never throws; all failures are encoded in the returned state.
+ */
+export function probeCredentialHealth(platformId, encryptedValue, baseUrl) {
+    // Key availability check
+    const rawKey = process.env.SECOND_NATURE_ENCRYPTION_KEY?.trim();
+    if (!rawKey || rawKey.length < 32) {
+        return {
+            platformId,
+            state: encryptedValue ? "decrypt_failed" : "missing",
+            keyHealth: "missing_key",
+            hasBaseUrl: Boolean(baseUrl),
+            diagnosticCode: "missing_runtime_secret",
+        };
+    }
+    // No encrypted value to test
+    if (!encryptedValue) {
+        return {
+            platformId,
+            state: "missing",
+            keyHealth: "ok",
+            hasBaseUrl: Boolean(baseUrl),
+            diagnosticCode: "ok",
+        };
+    }
+    // Decryption attempt
+    try {
+        decryptCredentialAtRest(encryptedValue);
+        return {
+            platformId,
+            state: "active",
+            keyHealth: "ok",
+            hasBaseUrl: Boolean(baseUrl),
+            diagnosticCode: "ok",
+        };
+    }
+    catch {
+        return {
+            platformId,
+            state: "decrypt_failed",
+            keyHealth: "wrong_key",
+            hasBaseUrl: Boolean(baseUrl),
+            diagnosticCode: "credential_recovery_required",
+        };
+    }
+}
 export function createCredentialVault(db) {
     return {
         async saveCredentialContext(input) {
@@ -89,16 +141,34 @@ export function createCredentialVault(db) {
             if (!record)
                 return null;
             let plain;
+            let status = record.status;
             if (record.encryptedValue) {
                 if (!isCredentialCiphertext(record.encryptedValue)) {
-                    throw new Error("credential_store_plaintext_or_invalid_legacy_record");
+                    // Fail-closed: return decrypt_failed so callers do not crash.
+                    return {
+                        platformId: record.platformId,
+                        credentialType: record.credentialType,
+                        status: "decrypt_failed",
+                        encryptedValue: undefined,
+                        verificationCode: record.verificationCode ?? undefined,
+                        challengeText: record.challengeText ?? undefined,
+                        verificationDeadline: record.expiresAt ?? undefined,
+                        attemptsRemaining: record.attemptsRemaining ?? undefined,
+                    };
+                }
+                try {
+                    plain = decryptCredentialAtRest(record.encryptedValue);
+                }
+                catch {
+                    // Decryption failure must not break the whole state load.
+                    status = "decrypt_failed";
+                    plain = undefined;
                 }
-                plain = decryptCredentialAtRest(record.encryptedValue);
             }
             return {
                 platformId: record.platformId,
                 credentialType: record.credentialType,
-                status: record.status,
+                status,
                 encryptedValue: plain,
                 verificationCode: record.verificationCode ?? undefined,
                 challengeText: record.challengeText ?? undefined,