@ijfw/memory-server 1.5.4 → 1.5.6

package/src/server.js

@@ -2,7 +2,7 @@
 
 /**
  * IJFW Memory Server -- Cross-platform MCP memory for AI coding agents
- * By Sean Donahoe | "It Just Fucking Works"
+ * By Ferrox Labs | "It Just Fucking Works"
  *
  * 4 tools: recall, store, search, status
  * Storage: append-only markdown (hot layer, zero dependencies)
@@ -72,7 +72,10 @@ import {
 // 1.1.6: update tools (cap 8 -> 10) -- token-issuance + OOB terminal confirm.
 // Per CLAUDE.md policy: future growth triggers retirement review, not raise.
 import { ijfwUpdateCheck, TOOL_DEF as UPDATE_CHECK_TOOL } from './update-check.js';
-import { ijfwUpdateApply, TOOL_DEF as UPDATE_APPLY_TOOL } from './update-apply.js';
+// V155-017 (v1.5.5): ijfw_update_apply retired — the verb has been @deprecated
+// since v1.5.0 and was contradicted by live runtime. The CLI `ijfw update`
+// path (cross-orchestrator-cli.js) is the supported flow. Frees one slot from
+// the 14-tool cap for v1.6.0 brain growth.
 // ijfw_run: sandbox large command output to disk, return terse summary to context.
 import { runCommand, detectDomain, summarize, writeToSandbox, readFromSandbox, purgeSandboxOld, stripAnsi } from './sandbox.js';
 // W1B (1.3.0-alpha) -- colon-syntax dispatcher. Extends ijfw_run + ijfw_memory_search
@@ -518,18 +521,30 @@ function appendToJournal(entry) {
 // Structured append for decisions/patterns -- produces a richer frontmatter block
 // similar to Claude's native auto-memory format: YAML frontmatter plus a body with
 // Why / How-to-apply sections. This is the format users retrieve well from.
+//
+// V155-021 (v1.5.5): content-hash dedup — sibling `appendKnowledge` in
+// importers/cli.js uses `<!-- hash:{sha12(content)} -->` so re-stores of
+// identical content are silently deduplicated regardless of caller-side
+// semantic-dedup config. The MCP `memory_store` writer was the lone
+// exception. Same pattern adopted here for parity. Returns
+// `{ok:true, deduped:true}` so callers can distinguish skipped writes
+// from new appends without breaking the existing `ok:true` contract.
 function appendStructuredToKnowledge({ type, summary, content, why, howToApply, tags }) {
   const filepath = join(paths().memoryDir, 'knowledge.md');
   const ts = new Date().toISOString();
   const tagLine = tags && tags.length ? tags.join(', ') : '';
+  const hash = createHash('sha256').update(String(content || '')).digest('hex').slice(0, 12);
+  const hashSentinel = `<!-- hash:${hash} -->`;
   const block = [
     '',
     '---',
     `type: ${type}`,
     `summary: ${summary}`,
     `stored: ${ts}`,
+    `hash: ${hash}`,
     tagLine ? `tags: [${tagLine}]` : '',
     '---',
+    hashSentinel,
     content,
     why ? `\n**Why:** ${why}` : '',
     howToApply ? `\n**How to apply:** ${howToApply}` : '',
@@ -542,6 +557,16 @@ function appendStructuredToKnowledge({ type, summary, content, why, howToApply,
       return atomicWrite(filepath, seed);
     }
     try { ensureSchemaHeader(filepath); } catch { /* best-effort */ }
+    // V155-021: hash-precheck — skip append if an identical content block
+    // already exists. Bounded by knowledge.md size which is itself rotated
+    // elsewhere; for the typical <1 MB file this is a single fs read +
+    // substring scan.
+    try {
+      const existing = readFileSync(filepath, 'utf8');
+      if (existing.includes(hashSentinel)) {
+        return { ok: true, deduped: true };
+      }
+    } catch { /* fall through to append; missing-read is non-fatal */ }
     appendFileSync(filepath, block);
     return { ok: true };
   } catch (err) {
@@ -1115,7 +1140,8 @@ const TOOLS = [
     }
   },
   UPDATE_CHECK_TOOL,
-  UPDATE_APPLY_TOOL,
+  // V155-017 (v1.5.5): UPDATE_APPLY_TOOL retired. See cross-orchestrator-cli.js
+  // for the supported `ijfw update` flow.
   {
     name: 'ijfw_run',
     description: 'Run a shell command. For commands likely to produce large output (builds, test suites, grep -r, log tails), use this instead of Bash -- full output is sandboxed to disk and a smart summary is returned to context. For git/nav/quick ops, use Bash directly. Also accepts colon-namespaced commands instead of a shell line: "compute:python", "compute:js", "index:<source>", "detect:project_type".',
@@ -2146,11 +2172,11 @@ function handleMessage(msg) {
             }
             break;
           }
-          case 'ijfw_update_apply': {
-            const r = ijfwUpdateApply(args || {});
-            result = { text: JSON.stringify(r, null, 2), isError: r && r.status === 'error' };
-            break;
-          }
+          // V155-017 (v1.5.5): 'ijfw_update_apply' case retired — handled by
+          // the CLI flow via cross-orchestrator-cli.js. The MCP tool slot is
+          // no longer advertised. Unknown-tool requests fall through to the
+          // default branch below (handled identically to any other unsupported
+          // verb name).
           case 'ijfw_cross_audit_converge': {
             // v1.5.0-major W12-C N03: Trident-as-a-service.
             const a = args || {};
@@ -2158,6 +2184,29 @@ function handleMessage(msg) {
               result = { text: JSON.stringify({ error: 'commitRange (string) is required' }), isError: true };
               break;
             }
+            // V155-022 (v1.5.5): strict shape validation. `commitRange` is
+            // passed downstream to `git rev-list` via execFile (no shell), but
+            // git itself interprets `--upload-pack=cmd`, `--config=core.fsmonitor=cmd`
+            // and similar option-style argv as command execution. Reject any
+            // value that starts with `-`, contains shell metas (` ; | $ \` `),
+            // whitespace, or wanders outside the SHA / SHA..SHA / SHA...SHA /
+            // ref-name vocabulary. Cap at 200 chars to defang
+            // resource-exhaustion via gigantic argv.
+            const cr = a.commitRange;
+            if (
+              cr.length > 200
+              || cr.startsWith('-')
+              || /[\s;|`$\\]/.test(cr)
+              || !/^[A-Za-z0-9_./@^~:-]+$/.test(cr)
+            ) {
+              result = {
+                text: JSON.stringify({
+                  error: 'commitRange has invalid shape — expected SHA, SHA..SHA, SHA...SHA, or branch/tag ref',
+                }),
+                isError: true,
+              };
+              break;
+            }
             const { runPhaseEConverge, defaultConvergeDispatch } = await import('./cross-orchestrator.js');
             try {
               const r = await runPhaseEConverge({

package/src/swarm/planner.js

@@ -177,12 +177,56 @@ export function startSwarmTask(projectRoot, taskId, options = {}) {
   return { ok: updated.ok, task: updated.task, claims: claimResults, error: updated.error };
 }
 
+// V155-006 (HIGH) — completeSwarmTask used to advance status:'done' with
+// nothing but the caller's word. That's the v1.5.1 hallucination signature
+// encoded into the state layer: a subagent claims DONE, blackboard records
+// DONE, but there is no filesystem witness (no commit, no diff). Recovery
+// then trusts the false-positive and the build silently drifts.
+//
+// Fix: require an `evidence` envelope with at least one concrete artifact:
+//   - evidence.commitSha    — 7-40 hex chars (short or full SHA)
+//   - evidence.diffStats    — { filesChanged: >=1, ... }
+//
+// Callers that genuinely cannot produce evidence (e.g., admin overrides,
+// task-tracking-only flows) MUST set `options.skipEvidence: true` AND a
+// reason; the completion still writes status:'done' but the blackboard
+// event is tagged `task.completed-no-evidence` so audits can spot it.
+function isValidEvidence(evidence) {
+  if (!evidence || typeof evidence !== 'object') return false;
+  const { commitSha, diffStats } = evidence;
+  if (typeof commitSha === 'string' && /^[a-f0-9]{7,40}$/.test(commitSha)) {
+    return true;
+  }
+  if (
+    diffStats &&
+    typeof diffStats === 'object' &&
+    typeof diffStats.filesChanged === 'number' &&
+    diffStats.filesChanged >= 1
+  ) {
+    return true;
+  }
+  return false;
+}
+
 export function completeSwarmTask(projectRoot, taskId, options = {}) {
   const task = findTask(projectRoot, taskId);
   if (!task.ok) return task;
   if (!['in_progress', 'review'].includes(task.task.status)) {
     return { ok: false, error: 'task-not-in-progress', task: task.task };
   }
+  // V155-006 evidence gate. `skipEvidence:true` is the explicit escape
+  // hatch — callers that intentionally complete without filesystem witness
+  // (admin overrides, dry-run completion) opt in by name, and the event
+  // log records the bypass for downstream audits.
+  const evidenceOk = isValidEvidence(options.evidence);
+  if (!evidenceOk && options.skipEvidence !== true) {
+    return {
+      ok: false,
+      error: 'missing-evidence',
+      message: 'completeSwarmTask requires evidence.commitSha or evidence.diffStats (or set skipEvidence:true)',
+      task: task.task,
+    };
+  }
   const owner = options.owner || task.task.active_owner || task.task.owner;
   const releases = [];
   for (const artifactId of task.task.artifact_ids || []) {
@@ -195,11 +239,12 @@ export function completeSwarmTask(projectRoot, taskId, options = {}) {
   });
   if (updated.ok) {
     appendBlackboardEvent(projectRoot, {
-      type: 'task.completed',
+      type: evidenceOk ? 'task.completed' : 'task.completed-no-evidence',
       actor: owner,
       task_id: taskId,
       artifact_ids: task.task.artifact_ids || [],
       message: options.message || `Completed ${taskId}`,
+      evidence: evidenceOk ? options.evidence : undefined,
     });
   }
   return { ok: updated.ok, task: updated.task, releases, error: updated.error };

package/src/update-apply.js

@@ -1,28 +1,33 @@
-// MCP tool: ijfw_update_apply
+// Internal helper: ijfwUpdateApply (sentinel writer).
 //
-// @deprecated since v1.5.0; will be removed in v1.6.0 (F-FUN-3 / v1.5.0 audit-MED-M7).
-// `ijfw_update_check` already issues a confirmation token whose instruction tells
-// the user to type `ijfw update --confirm <token>` in their terminal directly.
-// The intermediate `ijfw_update_apply` step writes a pending sentinel, but the
-// terminal CLI does not require the sentinel to confirm — the token itself is
-// authoritative. The tool is retained for v1.5.0 back-compat (older skills that
-// still call it work unchanged) and slated for retirement in v1.6.0 to free the
-// MCP-tool slot (see CLAUDE.md "MCP server: ≤14 tools" cap).
+// V155-017 (v1.5.5): formerly exposed as the `ijfw_update_apply` MCP tool.
+// The MCP registration was retired in v1.5.5 because `ijfw_update_check`
+// already issues a confirmation token whose instruction tells the user to
+// type `ijfw update --confirm <token>` in their terminal directly. The
+// intermediate `ijfw_update_apply` MCP verb wrote a pending sentinel, but
+// the terminal CLI does not require the sentinel to confirm — the token
+// itself is authoritative.
+//
+// The function is kept INTERNAL-ONLY: still called from sentinel-write tests
+// (test-1.1.6.js) which exercise validateToken + writePendingSentinel +
+// target-mismatch semantics. It is NOT registered as an MCP tool and NOT
+// referenced from user-facing CLI strings. If you find yourself wanting to
+// re-expose it via MCP, check the ≤14 tool cap (mcp-server/TOOLS.md) and
+// pick a tool to retire first.
 //
 // Does NOT execute the update. Validates the token, writes (or overwrites)
-// the pending sentinel, returns instruction telling the user to run the
-// terminal-side confirm command. Idempotent against a matching sentinel
-// already written by ijfw_update_check -- the sentinel + token are the
-// same artifact, so re-writing with the same values is a no-op.
-// Air-gaps the MCP path from actual code execution -- per v3 sec 16 blocker fix.
+// the pending sentinel. Idempotent against a matching sentinel already
+// written by ijfw_update_check.
 
 import { validateToken, writePendingSentinel } from './lib/token.js';
 import { isVersionStringValid } from './lib/npm-view.js';
 
 /**
- * @deprecated since v1.5.0; scheduled for removal in v1.6.0. Callers should
- * skip straight from `ijfw_update_check` to the terminal-side confirm command;
- * the intermediate sentinel write is redundant given the token contract.
+ * V155-017: internal sentinel-write helper. Was the `ijfw_update_apply`
+ * MCP tool through v1.5.4; retired from MCP surface in v1.5.5. Retained
+ * as in-process callable for the sentinel-write test surface and for any
+ * future flow that wants to write a sentinel without going through
+ * `ijfw_update_check` (no current production caller).
  */
 export function ijfwUpdateApply(args = {}) {
   const { target_version, confirmation_token } = args || {};
@@ -75,21 +80,8 @@ export function ijfwUpdateApply(args = {}) {
   };
 }
 
-export const TOOL_DEF = {
-  name: 'ijfw_update_apply',
-  description:
-    '[DEPRECATED v1.5.0; removal in v1.6.0] Stage an IJFW update behind out-of-band terminal ' +
-    'confirmation. Writes a pending sentinel; actual update only runs when the user types ' +
-    "'ijfw update --confirm <token>' in their terminal. This MCP tool NEVER executes the " +
-    'update directly. Prefer calling ijfw_update_check and forwarding the returned ' +
-    "'ijfw update --confirm <token>' instruction directly to the user.",
-  inputSchema: {
-    type: 'object',
-    required: ['target_version', 'confirmation_token'],
-    properties: {
-      target_version: { type: 'string', description: 'Target semver to install' },
-      confirmation_token: { type: 'string', description: 'Token from ijfw_update_check' },
-      session_id: { type: 'string', description: 'Session ID for token scoping (optional)' },
-    },
-  },
-};
+// V155-017: TOOL_DEF removed in v1.5.5 — `ijfw_update_apply` is no longer
+// an MCP tool. The streamlined update flow is `ijfw_update_check` → terminal
+// `ijfw update --confirm <token>`. See server.js TOOLS array for the v1.5.5
+// MCP tool surface; do not re-add this without retiring another tool first
+// (≤14 tool cap, mcp-server/TOOLS.md).

package/src/update-check.js

@@ -14,7 +14,7 @@ import { npmView, compareSemver } from './lib/npm-view.js';
 import { issueToken, writePendingSentinel, readPendingSentinel } from './lib/token.js';
 
 const PKG = '@ijfw/install';
-const REPO = 'therealseandonahoe/ijfw';
+const REPO = 'FerroxLabs/ijfw';
 
 function ijfwHome() {
   return process.env.IJFW_HOME || join(homedir(), '.ijfw');
@@ -90,7 +90,11 @@ export async function ijfwUpdateCheck(args = {}) {
     latest,
     available,
     reachable: true,
-    changelog_url: `https://gitlab.com/${REPO}/-/releases/v${latest}`,
+    // GitHub uses `releases/tag/` (not `releases/v`). Until v1.5.5
+    // is published as a GitHub Release on FerroxLabs/ijfw the URL 404s;
+    // acceptable, since users on prior releases only see this URL after
+    // upgrading past v1.5.5.
+    changelog_url: `https://github.com/${REPO}/releases/tag/v${latest}`,
   };
 
   if (available) {