npm - @joshuaswarren/openclaw-engram - Versions diffs - 9.0.32 → 9.0.34 - Mend

@joshuaswarren/openclaw-engram 9.0.32 → 9.0.34

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/README.md CHANGED Viewed

@@ -36,7 +36,7 @@ AI agents forget everything between conversations. Engram fixes that.
 - **Causal trajectory recall** — Engram can now, when `causalTrajectoryRecallEnabled` is enabled, inject prompt-relevant causal chains back into recall context as a separate `Causal Trajectories` section with lightweight match explainability.
 - **Trust-zone promotion path** — Engram can now, when `trustZonesEnabled` and `quarantinePromotionEnabled` are enabled, persist typed quarantine, working, and trusted records, plan explicit promotions, block direct `quarantine -> trusted` jumps, and require anchored provenance before promoting risky working records into `trusted`.
 - **Trust-zone recall** — Engram can now, when `trustZoneRecallEnabled` is enabled, inject prompt-relevant `working` and `trusted` trust-zone records into recall context as a separate `Trust Zones` section while keeping `quarantine` material out of recall by default.
-- **Provenance trust scoring** — Engram can now, when `memoryPoisoningDefenseEnabled` is enabled, score trust-zone provenance deterministically from source class and evidence anchors so poisoning defenses start with measurable trust signals instead of opaque heuristics.
+- **Poisoning-defense corroboration** — Engram can now, when `memoryPoisoningDefenseEnabled` is enabled, score trust-zone provenance deterministically and require independent non-quarantine corroboration before risky `working -> trusted` promotions succeed.
 - **Zero-config start** — Install, add an API key, restart. Engram works out of the box with sensible defaults and progressively unlocks advanced features as you enable them.
 ## Quick Start
@@ -163,7 +163,7 @@ openclaw engram benchmark-ci-gate            # Compare base vs candidate eval st
 openclaw engram objective-state-status       # Objective-state snapshot counts and latest stored snapshot
 openclaw engram causal-trajectory-status    # Causal-trajectory record counts and latest stored chain
 openclaw engram trust-zone-status           # Trust-zone record counts and latest stored record
-openclaw engram trust-zone-promote          # Dry-run or apply a trust-zone promotion with provenance enforcement
+openclaw engram trust-zone-promote          # Dry-run or apply a trust-zone promotion with provenance/corroboration enforcement
 openclaw engram conversation-index-health    # Conversation index status
 openclaw engram graph-health                 # Entity graph status
 openclaw engram tier-status                  # Hot/cold tier metrics
@@ -198,7 +198,7 @@ Key settings:
 | `quarantinePromotionEnabled` | `false` | Allow explicit trust-zone promotions such as `quarantine -> working` and guarded `working -> trusted` |
 | `trustZoneStoreDir` | `{memoryDir}/state/trust-zones` | Root directory for trust-zone records |
 | `trustZoneRecallEnabled` | `false` | Inject prompt-relevant working and trusted trust-zone records into recall context |
-| `memoryPoisoningDefenseEnabled` | `false` | Enable deterministic provenance trust scoring in trust-zone status output as the first poisoning-defense signal |
+| `memoryPoisoningDefenseEnabled` | `false` | Enable deterministic provenance trust scoring and corroboration requirements for risky trusted promotions |
 Full reference: [Config Reference](docs/config-reference.md)

package/dist/index.js CHANGED Viewed

@@ -6333,7 +6333,7 @@ import path6 from "path";
 import { mkdir as mkdir2, readFile as readFile3, stat, writeFile as writeFile2 } from "fs/promises";
 import path5 from "path";
 function toSafeTimestamp(ts) {
-  return ts.toISOString().replace(/[:.]/g, "").replace("Z", "Z");
+  return ts.toISOString().replace(/[:.]/g, "");
 }
 async function lintWorkspaceFiles(opts) {
   const warnings = [];
@@ -14673,6 +14673,27 @@ function dedupeStrings(values) {
   if (out.length === 0) return void 0;
   return [...new Set(out)];
 }
+function hasOverlap(left, right) {
+  if (!left || !right || left.length === 0 || right.length === 0) return false;
+  const rightSet = new Set(right);
+  return left.some((value) => rightSet.has(value));
+}
+function requiresCorroboration(record, targetZone, poisoningDefenseEnabled) {
+  return poisoningDefenseEnabled === true && targetZone === "trusted" && record.zone === "working" && ["tool_output", "web_content", "subagent_trace"].includes(record.provenance.sourceClass);
+}
+function summarizeCorroboration(options) {
+  const corroborating = options.records.filter((candidate) => {
+    if (candidate.recordId === options.sourceRecord.recordId) return false;
+    if (candidate.zone === "quarantine") return false;
+    if (hasAnchoredProvenance(candidate) !== true) return false;
+    if (candidate.provenance.sourceClass === options.sourceRecord.provenance.sourceClass) return false;
+    return hasOverlap(candidate.entityRefs, options.sourceRecord.entityRefs) || hasOverlap(candidate.tags, options.sourceRecord.tags);
+  });
+  return {
+    count: corroborating.length,
+    sourceClasses: [...new Set(corroborating.map((record) => record.provenance.sourceClass))]
+  };
+}
 var SOURCE_CLASS_WEIGHTS = {
   manual: 0.9,
   system_memory: 0.85,
@@ -14768,6 +14789,16 @@ async function promoteTrustZoneRecord(options) {
   if (!plan.allowed) {
     throw new Error(`trust-zone promotion denied: ${plan.reasons.join("; ")}`);
   }
+  const corroboration = requiresCorroboration(sourceRecord, options.targetZone, options.poisoningDefenseEnabled === true) ? summarizeCorroboration({
+    sourceRecord,
+    records: (await readTrustZoneRecords({
+      memoryDir: options.memoryDir,
+      trustZoneStoreDir: options.trustZoneStoreDir
+    })).records
+  }) : null;
+  if (corroboration && corroboration.count === 0) {
+    throw new Error("trust-zone promotion denied: corroboration is required for risky trusted promotions");
+  }
   const recordedAt = assertIsoRecordedAt(assertString2(options.recordedAt, "recordedAt"));
   const promotionReason = assertString2(options.promotionReason, "promotionReason");
   const nextRecord = {
@@ -14784,7 +14815,12 @@ async function promoteTrustZoneRecord(options) {
     metadata: {
       ...sourceRecord.metadata ?? {},
       sourceRecordId: sourceRecord.recordId,
-      promotionReason
+      promotionReason,
+      ...corroboration ? {
+        corroborated: "true",
+        corroborationCount: String(corroboration.count),
+        corroborationSources: corroboration.sourceClasses.join(",")
+      } : {}
     }
   };
   if (options.dryRun === true) {
@@ -26866,6 +26902,7 @@ async function runTrustZonePromoteCliCommand(options) {
     trustZoneStoreDir: options.trustZoneStoreDir,
     enabled: options.trustZonesEnabled,
     promotionEnabled: options.quarantinePromotionEnabled,
+    poisoningDefenseEnabled: options.memoryPoisoningDefenseEnabled,
     sourceRecordId: options.sourceRecordId,
     targetZone: options.targetZone,
     recordedAt: options.recordedAt ?? (/* @__PURE__ */ new Date()).toISOString(),
@@ -28054,6 +28091,7 @@ function registerCli(api, orchestrator) {
           trustZoneStoreDir: orchestrator.config.trustZoneStoreDir,
           trustZonesEnabled: orchestrator.config.trustZonesEnabled,
           quarantinePromotionEnabled: orchestrator.config.quarantinePromotionEnabled,
+          memoryPoisoningDefenseEnabled: orchestrator.config.memoryPoisoningDefenseEnabled,
           sourceRecordId: String(options.recordId ?? ""),
           targetZone: String(options.targetZone ?? ""),
           promotionReason: String(options.reason ?? ""),