@metaharness/darwin 0.1.0

package/dist/openrouter-mutator.js

@@ -0,0 +1,81 @@
+// SPDX-License-Identifier: MIT
+//
+// OpenRouter-backed CodeGenerator (ADR-071 §contract) — the LLM mutator that
+// "slots in behind the SAME validateGeneratedCode gate" as the DeterministicMutator.
+// It asks a model to regenerate ONE surface file, improving it while preserving
+// exported signatures and introducing NO new capabilities (so it survives the
+// safety gate in createChildVariant). Real OpenRouter calls; no fabrication.
+//
+// Key: OPENROUTER_API_KEY env, or falls back to /tmp/.orkey. Model: env
+// DARWIN_MUTATOR_MODEL (default anthropic/claude-haiku-4.5 — cheap tier).
+import { readFileSync } from 'node:fs';
+function apiKey() {
+    const env = (process.env.OPENROUTER_API_KEY || '').trim();
+    if (env)
+        return env;
+    try {
+        return readFileSync('/tmp/.orkey', 'utf8').trim();
+    }
+    catch {
+        throw new Error('OpenRouterMutator: no OPENROUTER_API_KEY (env or /tmp/.orkey)');
+    }
+}
+/** Strip a fenced code block if the model wrapped its output. */
+function unfence(text) {
+    const m = text.match(/```(?:[a-zA-Z0-9]+)?\n([\s\S]*?)\n```/);
+    return (m ? m[1] : text).trim() + '\n';
+}
+export class OpenRouterMutator {
+    model;
+    maxTokens;
+    temperature;
+    telemetry = { calls: 0, promptTokens: 0, completionTokens: 0, costUSD: 0 };
+    constructor(opts = {}) {
+        this.model = opts.model ?? process.env.DARWIN_MUTATOR_MODEL ?? 'anthropic/claude-haiku-4.5';
+        this.maxTokens = opts.maxTokens ?? 2000;
+        this.temperature = opts.temperature ?? 0.4;
+    }
+    async generateMutation(input) {
+        const sys = 'You improve ONE file of an AI agent harness. Output ONLY the full replacement file — no prose, no fences. ' +
+            'HARD RULES: keep every exported name and signature identical; introduce NO new capabilities, imports, network, ' +
+            'filesystem, shell, or env access; no new dependencies; pure refactor/tuning only (it must pass a static safety ' +
+            'validator that rejects added capabilities). Make a small, plausibly score-improving change to the "' +
+            input.surface + '" surface.';
+        const user = `Surface: ${input.surface}\nParent score: ${input.parentScore}\n` +
+            (input.repoSummary ? `Repo: ${input.repoSummary}\n` : '') +
+            (input.failedTraces.length ? `Recent failures:\n${input.failedTraces.slice(0, 5).join('\n')}\n` : '') +
+            `\n--- current file ---\n${input.parentCode}\n--- end ---\nReturn the improved full file.`;
+        let res;
+        try {
+            res = await fetch('https://openrouter.ai/api/v1/chat/completions', {
+                method: 'POST',
+                headers: { Authorization: `Bearer ${apiKey()}`, 'Content-Type': 'application/json' },
+                body: JSON.stringify({
+                    model: this.model,
+                    messages: [{ role: 'system', content: sys }, { role: 'user', content: user }],
+                    max_tokens: this.maxTokens,
+                    temperature: this.temperature,
+                }),
+            });
+        }
+        catch (e) {
+            // Network failure → safe no-op (return parent unchanged; the gate sees identity).
+            return { code: input.parentCode, summary: `openrouter:${this.model} unreachable (${e.message}) — no-op` };
+        }
+        const j = await res.json();
+        if (!j.choices?.[0]?.message?.content) {
+            return { code: input.parentCode, summary: `openrouter:${this.model} no content — no-op` };
+        }
+        this.telemetry.calls += 1;
+        if (j.usage) {
+            this.telemetry.promptTokens += j.usage.prompt_tokens ?? 0;
+            this.telemetry.completionTokens += j.usage.completion_tokens ?? 0;
+            this.telemetry.costUSD += j.usage.cost ?? 0;
+        }
+        return {
+            code: unfence(j.choices[0].message.content),
+            summary: `openrouter:${this.model} regenerated ${input.surface}`,
+        };
+    }
+}
+//# sourceMappingURL=openrouter-mutator.js.map

package/dist/openrouter-mutator.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"openrouter-mutator.js","sourceRoot":"","sources":["../src/openrouter-mutator.ts"],"names":[],"mappings":"AAAA,+BAA+B;AAC/B,EAAE;AACF,6EAA6E;AAC7E,qFAAqF;AACrF,gFAAgF;AAChF,8EAA8E;AAC9E,6EAA6E;AAC7E,EAAE;AACF,wEAAwE;AACxE,0EAA0E;AAE1E,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAIvC,SAAS,MAAM;IACb,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IAC1D,IAAI,GAAG;QAAE,OAAO,GAAG,CAAC;IACpB,IAAI,CAAC;QACH,OAAO,YAAY,CAAC,aAAa,EAAE,MAAM,CAAC,CAAC,IAAI,EAAE,CAAC;IACpD,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,KAAK,CAAC,+DAA+D,CAAC,CAAC;IACnF,CAAC;AACH,CAAC;AAED,iEAAiE;AACjE,SAAS,OAAO,CAAC,IAAY;IAC3B,MAAM,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,uCAAuC,CAAC,CAAC;IAC9D,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,GAAG,IAAI,CAAC;AACzC,CAAC;AAgBD,MAAM,OAAO,iBAAiB;IACnB,KAAK,CAAS;IACN,SAAS,CAAS;IAClB,WAAW,CAAS;IAC5B,SAAS,GAAqB,EAAE,KAAK,EAAE,CAAC,EAAE,YAAY,EAAE,CAAC,EAAE,gBAAgB,EAAE,CAAC,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC;IAEtG,YAAY,OAAiC,EAAE;QAC7C,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,IAAI,OAAO,CAAC,GAAG,CAAC,oBAAoB,IAAI,4BAA4B,CAAC;QAC5F,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC;QACxC,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,WAAW,IAAI,GAAG,CAAC;IAC7C,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,KAMtB;QACC,MAAM,GAAG,GACP,4GAA4G;YAC5G,iHAAiH;YACjH,iHAAiH;YACjH,qGAAqG;YACrG,KAAK,CAAC,OAAO,GAAG,YAAY,CAAC;QAC/B,MAAM,IAAI,GACR,YAAY,KAAK,CAAC,OAAO,mBAAmB,KAAK,CAAC,WAAW,IAAI;YACjE,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,KAAK,CAAC,WAAW,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;YACzD,CAAC,KAAK,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,qBAAqB,KAAK,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;YACrG,2BAA2B,KAAK,CAAC,UAAU,+CAA+C,CAAC;QAE7F,IAAI,GAAa,CAAC;QAClB,IAAI,CAAC;YACH,GAAG,GAAG,MAAM,KAAK,CAAC,+CAA+C,EAAE;gBACjE,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,MAAM,EAAE,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;gBACpF,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;oBACnB,KAAK,EAAE,IAAI,CAAC,KAAK;oBACjB,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,GAAG,EAAE,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;oBAC7E,UAAU,EAAE,IAAI,CAAC,SAAS;oBAC1B,WAAW,EAAE,IAAI,CAAC,WAAW;iBAC9B,CAAC;aACH,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,kFAAkF;YAClF,OAAO,EAAE,IAAI,EAAE,KAAK,CAAC,UAAU,EAAE,OAAO,EAAE,cAAc,IAAI,CAAC,KAAK,iBAAkB,CAAW,CAAC,OAAO,WAAW,EAAE,CAAC;QACvH,CAAC;QACD,MAAM,CAAC,GAAQ,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;QAChC,IAAI,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC;YACtC,OAAO,EAAE,IAAI,EAAE,KAAK,CAAC,UAAU,EAAE,OAAO,EAAE,cAAc,IAAI,CAAC,KAAK,qBAAqB,EAAE,CAAC;QAC5F,CAAC;QACD,IAAI,CAAC,SAAS,CAAC,KAAK,IAAI,CAAC,CAAC;QAC1B,IAAI,CAAC,CAAC,KAAK,EAAE,CAAC;YACZ,IAAI,CAAC,SAAS,CAAC,YAAY,IAAI,CAAC,CAAC,KAAK,CAAC,aAAa,IAAI,CAAC,CAAC;YAC1D,IAAI,CAAC,SAAS,CAAC,gBAAgB,IAAI,CAAC,CAAC,KAAK,CAAC,iBAAiB,IAAI,CAAC,CAAC;YAClE,IAAI,CAAC,SAAS,CAAC,OAAO,IAAI,CAAC,CAAC,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC;QAC9C,CAAC;QACD,OAAO;YACL,IAAI,EAAE,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC;YAC3C,OAAO,EAAE,cAAc,IAAI,CAAC,KAAK,gBAAgB,KAAK,CAAC,OAAO,EAAE;SACjE,CAAC;IACJ,CAAC;CACF"}

package/dist/repo_profiler.d.ts

@@ -0,0 +1,8 @@
+import type { RepoProfile } from './types.js';
+/**
+ * Profile a repository at `root`. Walks the tree (skipping node_modules, .git,
+ * .metaharness, dist), collects source/doc/json files, reads package.json if
+ * present for tooling, and flags risk files. Never throws on an unreadable tree.
+ */
+export declare function profileRepo(root: string): Promise<RepoProfile>;
+//# sourceMappingURL=repo_profiler.d.ts.map

package/dist/repo_profiler.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"repo_profiler.d.ts","sourceRoot":"","sources":["../src/repo_profiler.ts"],"names":[],"mappings":"AAYA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AA4F9C;;;;GAIG;AACH,wBAAsB,WAAW,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC,CA6BpE"}

package/dist/repo_profiler.js

@@ -0,0 +1,127 @@
+// SPDX-License-Identifier: MIT
+//
+// Repo profiler (ADR-070 §profile) — distil a repository into the small set of
+// signals Darwin Mode needs: which files exist, how to run its tests, which
+// package manager it uses, and which files are too risky to ever touch.
+//
+// Dependency-free (Node built-ins only). The walk is resilient: an unreadable
+// directory is skipped rather than fatal, so a hostile or partial tree cannot
+// abort a profile.
+import { readdir, readFile } from 'node:fs/promises';
+import { join, relative, sep } from 'node:path';
+/** Directories never descended into during a profile walk. */
+const SKIP_DIRS = new Set([
+    'node_modules',
+    '.git',
+    '.metaharness',
+    'dist',
+]);
+/** File extensions collected by the profiler. */
+const COLLECT_EXTENSIONS = [
+    '.ts',
+    '.tsx',
+    '.js',
+    '.jsx',
+    '.json',
+    '.md',
+];
+/** Paths that look like they hold deployment, infra, or sensitive material. */
+const RISK_PATTERN = /(\.env|secret|credential|token|key|deploy|release|infra)/i;
+/** True if a relative path should be collected (by extension). */
+function isCollectable(relPath) {
+    const lower = relPath.toLowerCase();
+    return COLLECT_EXTENSIONS.some((ext) => lower.endsWith(ext));
+}
+/**
+ * Recursively walk `dir`, pushing collectable file paths (relative to `root`)
+ * into `out`. Unreadable directories are skipped silently.
+ */
+async function walk(root, dir, out) {
+    let entries;
+    try {
+        entries = await readdir(dir, { withFileTypes: true });
+    }
+    catch {
+        return; // unreadable directory — skip, do not fail the profile
+    }
+    for (const entry of entries) {
+        const name = entry.name;
+        if (entry.isDirectory()) {
+            if (SKIP_DIRS.has(name))
+                continue;
+            await walk(root, join(dir, name), out);
+        }
+        else if (entry.isFile()) {
+            const rel = relative(root, join(dir, name));
+            if (isCollectable(rel))
+                out.push(rel.split(sep).join('/'));
+        }
+    }
+}
+/**
+ * Resolve the package manager and test command from a parsed package.json.
+ * Falls back to 'unknown' / 'npm test' when fields are absent or malformed.
+ */
+function resolveTooling(pkg) {
+    let packageManager = 'unknown';
+    let hasTestScript = false;
+    if (pkg && typeof pkg === 'object') {
+        const obj = pkg;
+        const pm = obj.packageManager;
+        if (typeof pm === 'string') {
+            if (pm.startsWith('pnpm'))
+                packageManager = 'pnpm';
+            else if (pm.startsWith('yarn'))
+                packageManager = 'yarn';
+            else if (pm.startsWith('npm'))
+                packageManager = 'npm';
+        }
+        const scripts = obj.scripts;
+        if (scripts && typeof scripts === 'object') {
+            const test = scripts.test;
+            if (typeof test === 'string' && test.trim().length > 0)
+                hasTestScript = true;
+        }
+    }
+    let testCommand = 'npm test';
+    if (hasTestScript) {
+        const runner = packageManager === 'pnpm'
+            ? 'pnpm'
+            : packageManager === 'yarn'
+                ? 'yarn'
+                : 'npm';
+        testCommand = `${runner} test`;
+    }
+    return { packageManager, testCommand };
+}
+/**
+ * Profile a repository at `root`. Walks the tree (skipping node_modules, .git,
+ * .metaharness, dist), collects source/doc/json files, reads package.json if
+ * present for tooling, and flags risk files. Never throws on an unreadable tree.
+ */
+export async function profileRepo(root) {
+    const sourceFiles = [];
+    await walk(root, root, sourceFiles);
+    sourceFiles.sort();
+    let pkg = null;
+    try {
+        const raw = await readFile(join(root, 'package.json'), 'utf8');
+        pkg = JSON.parse(raw);
+    }
+    catch {
+        pkg = null; // no package.json, or it is unreadable / malformed
+    }
+    const { packageManager, testCommand } = resolveTooling(pkg);
+    const riskFiles = sourceFiles.filter((f) => RISK_PATTERN.test(f));
+    const summary = `${sourceFiles.length} files, ${packageManager} package manager, ` +
+        `test via "${testCommand}", ${riskFiles.length} risk file(s)`;
+    return {
+        root,
+        packageManager,
+        testCommand,
+        sourceFiles,
+        riskFiles,
+        summary,
+    };
+}
+//# sourceMappingURL=repo_profiler.js.map

package/dist/repo_profiler.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"repo_profiler.js","sourceRoot":"","sources":["../src/repo_profiler.ts"],"names":[],"mappings":"AAAA,+BAA+B;AAC/B,EAAE;AACF,+EAA+E;AAC/E,4EAA4E;AAC5E,wEAAwE;AACxE,EAAE;AACF,8EAA8E;AAC9E,8EAA8E;AAC9E,mBAAmB;AAEnB,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AACrD,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,EAAE,MAAM,WAAW,CAAC;AAGhD,8DAA8D;AAC9D,MAAM,SAAS,GAAwB,IAAI,GAAG,CAAC;IAC7C,cAAc;IACd,MAAM;IACN,cAAc;IACd,MAAM;CACP,CAAC,CAAC;AAEH,iDAAiD;AACjD,MAAM,kBAAkB,GAAsB;IAC5C,KAAK;IACL,MAAM;IACN,KAAK;IACL,MAAM;IACN,OAAO;IACP,KAAK;CACN,CAAC;AAEF,+EAA+E;AAC/E,MAAM,YAAY,GAAG,2DAA2D,CAAC;AAEjF,kEAAkE;AAClE,SAAS,aAAa,CAAC,OAAe;IACpC,MAAM,KAAK,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC;IACpC,OAAO,kBAAkB,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC;AAC/D,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,IAAI,CAAC,IAAY,EAAE,GAAW,EAAE,GAAa;IAC1D,IAAI,OAAO,CAAC;IACZ,IAAI,CAAC;QACH,OAAO,GAAG,MAAM,OAAO,CAAC,GAAG,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;IACxD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,CAAC,uDAAuD;IACjE,CAAC;IAED,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC5B,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC;QACxB,IAAI,KAAK,CAAC,WAAW,EAAE,EAAE,CAAC;YACxB,IAAI,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC;gBAAE,SAAS;YAClC,MAAM,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,GAAG,EAAE,IAAI,CAAC,EAAE,GAAG,CAAC,CAAC;QACzC,CAAC;aAAM,IAAI,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC;YAC1B,MAAM,GAAG,GAAG,QAAQ,CAAC,IAAI,EAAE,IAAI,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC,CAAC;YAC5C,IAAI,aAAa,CAAC,GAAG,CAAC;gBAAE,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;QAC7D,CAAC;IACH,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,SAAS,cAAc,CAAC,GAAY;IAIlC,IAAI,cAAc,GAAkC,SAAS,CAAC;IAC9D,IAAI,aAAa,GAAG,KAAK,CAAC;IAE1B,IAAI,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;QACnC,MAAM,GAAG,GAAG,GAA8B,CAAC;QAC3C,MAAM,EAAE,GAAG,GAAG,CAAC,cAAc,CAAC;QAC9B,IAAI,OAAO,EAAE,KAAK,QAAQ,EAAE,CAAC;YAC3B,IAAI,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC;gBAAE,cAAc,GAAG,MAAM,CAAC;iBAC9C,IAAI,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC;gBAAE,cAAc,GAAG,MAAM,CAAC;iBACnD,IAAI,EAAE,CAAC,UAAU,CAAC,KAAK,CAAC;gBAAE,cAAc,GAAG,KAAK,CAAC;QACxD,CAAC;QACD,MAAM,OAAO,GAAG,GAAG,CAAC,OAAO,CAAC;QAC5B,IAAI,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;YAC3C,MAAM,IAAI,GAAI,OAAmC,CAAC,IAAI,CAAC;YACvD,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC;gBAAE,aAAa,GAAG,IAAI,CAAC;QAC/E,CAAC;IACH,CAAC;IAED,IAAI,WAAW,GAAG,UAAU,CAAC;IAC7B,IAAI,aAAa,EAAE,CAAC;QAClB,MAAM,MAAM,GACV,cAAc,KAAK,MAAM;YACvB,CAAC,CAAC,MAAM;YACR,CAAC,CAAC,cAAc,KAAK,MAAM;gBACzB,CAAC,CAAC,MAAM;gBACR,CAAC,CAAC,KAAK,CAAC;QACd,WAAW,GAAG,GAAG,MAAM,OAAO,CAAC;IACjC,CAAC;IACD,OAAO,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC;AACzC,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAAC,IAAY;IAC5C,MAAM,WAAW,GAAa,EAAE,CAAC;IACjC,MAAM,IAAI,CAAC,IAAI,EAAE,IAAI,EAAE,WAAW,CAAC,CAAC;IACpC,WAAW,CAAC,IAAI,EAAE,CAAC;IAEnB,IAAI,GAAG,GAAY,IAAI,CAAC;IACxB,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,IAAI,EAAE,cAAc,CAAC,EAAE,MAAM,CAAC,CAAC;QAC/D,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACxB,CAAC;IAAC,MAAM,CAAC;QACP,GAAG,GAAG,IAAI,CAAC,CAAC,mDAAmD;IACjE,CAAC;IAED,MAAM,EAAE,cAAc,EAAE,WAAW,EAAE,GAAG,cAAc,CAAC,GAAG,CAAC,CAAC;IAE5D,MAAM,SAAS,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;IAElE,MAAM,OAAO,GACX,GAAG,WAAW,CAAC,MAAM,WAAW,cAAc,oBAAoB;QAClE,aAAa,WAAW,MAAM,SAAS,CAAC,MAAM,eAAe,CAAC;IAEhE,OAAO;QACL,IAAI;QACJ,cAAc;QACd,WAAW;QACX,WAAW;QACX,SAAS;QACT,OAAO;KACR,CAAC;AACJ,CAAC"}

package/dist/safety.d.ts

@@ -0,0 +1,45 @@
+import type { MutationSurface } from './types.js';
+/** The seven approved mutation surfaces, in canonical order (ADR-071). */
+export declare const SURFACES: readonly MutationSurface[];
+/** Surface → the single file it owns. The ONLY files a variant may contain. */
+export declare const FILE_BY_SURFACE: Readonly<Record<MutationSurface, string>>;
+/** The exact set of filenames permitted inside a variant directory. */
+export declare const APPROVED_FILES: ReadonlySet<string>;
+/**
+ * Blocked filename substrings (case-insensitive). A variant directory must never
+ * contain a file whose name hints at secrets, VCS, or keys (ADR-071).
+ */
+export declare const BLOCKED_FILENAME_PATTERNS: readonly string[];
+/**
+ * Blocked code-content patterns (case-insensitive). If a variant file's text
+ * matches any of these, the variant is disqualified. This is intentionally
+ * broad: a harness mutation surface is pure policy logic — it has no business
+ * spawning processes, touching the network, reading the environment, the file
+ * system, or evaluating dynamic code.
+ */
+export declare const BLOCKED_CONTENT_PATTERNS: ReadonlyArray<{
+    re: RegExp;
+    reason: string;
+}>;
+/**
+ * Statically inspect a variant directory BEFORE it is allowed to run.
+ * Returns a list of blocking findings; an empty list means the variant is clean.
+ *
+ * Disqualifying conditions:
+ *   - a nested directory, a symlink, or any non-regular-file entry;
+ *   - a file that is not one of the seven approved filenames;
+ *   - a filename matching a blocked pattern;
+ *   - a file exceeding the size cap, or the directory exceeding the file cap;
+ *   - file content matching a blocked-capability pattern.
+ */
+export declare function inspectVariant(dir: string): Promise<string[]>;
+/**
+ * Validate LLM/agent-generated code BEFORE it is written to a variant file.
+ * Independent of inspectVariant (defense in depth). Returns a list of violations;
+ * an empty list means the generated code is admissible. A generation that
+ * violates this is DISCARDED, never repaired in place (ADR-071).
+ */
+export declare function validateGeneratedCode(code: string): string[];
+/** Convenience: a variant is admissible iff inspectVariant finds nothing. */
+export declare function isVariantSafe(dir: string): Promise<boolean>;
+//# sourceMappingURL=safety.d.ts.map

package/dist/safety.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"safety.d.ts","sourceRoot":"","sources":["../src/safety.ts"],"names":[],"mappings":"AAqBA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAElD,0EAA0E;AAC1E,eAAO,MAAM,QAAQ,EAAE,SAAS,eAAe,EAQrC,CAAC;AAEX,+EAA+E;AAC/E,eAAO,MAAM,eAAe,EAAE,QAAQ,CAAC,MAAM,CAAC,eAAe,EAAE,MAAM,CAAC,CAQrE,CAAC;AAEF,uEAAuE;AACvE,eAAO,MAAM,cAAc,EAAE,WAAW,CAAC,MAAM,CAE9C,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,yBAAyB,EAAE,SAAS,MAAM,EAatD,CAAC;AAEF;;;;;;GAMG;AACH,eAAO,MAAM,wBAAwB,EAAE,aAAa,CAAC;IAAE,EAAE,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,CAwBlF,CAAC;AAMF;;;;;;;;;;GAUG;AACH,wBAAsB,cAAc,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,CAkEnE;AAED;;;;;GAKG;AACH,wBAAgB,qBAAqB,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,EAAE,CAO5D;AAED,6EAA6E;AAC7E,wBAAsB,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAEjE"}

package/dist/safety.js

@@ -0,0 +1,191 @@
+// SPDX-License-Identifier: MIT
+//
+// The safety layer (ADR-071) — the load-bearing security boundary of Darwin Mode.
+//
+// A self-modifying agent that can edit anything is a liability. Darwin Mode's
+// bound is enforced HERE, with two independent, defense-in-depth checks:
+//
+//   inspectVariant(dir)      — runs BEFORE any variant executes. Disqualifies a
+//                              variant whose directory contains anything other
+//                              than the seven approved files, a blocked filename,
+//                              a symlink, or blocked content.
+//   validateGeneratedCode()  — runs BEFORE generated code is written to disk
+//                              (the LLM-mutator path). Independent pattern set.
+//
+// Both are CODE, not comments. The gate precedes execution; a disqualified
+// variant never has its test command run (sandbox returns exitCode 99). A
+// variant with any blocked action scores safetyScore 0 and cannot be promoted
+// (ADR-072 requires safetyScore ≥ 0.95).
+import { lstat, readdir, readFile } from 'node:fs/promises';
+import { join } from 'node:path';
+/** The seven approved mutation surfaces, in canonical order (ADR-071). */
+export const SURFACES = [
+    'planner',
+    'contextBuilder',
+    'reviewer',
+    'retryPolicy',
+    'toolPolicy',
+    'memoryPolicy',
+    'scorePolicy',
+];
+/** Surface → the single file it owns. The ONLY files a variant may contain. */
+export const FILE_BY_SURFACE = {
+    planner: 'planner.ts',
+    contextBuilder: 'context_builder.ts',
+    reviewer: 'reviewer.ts',
+    retryPolicy: 'retry_policy.ts',
+    toolPolicy: 'tool_policy.ts',
+    memoryPolicy: 'memory_policy.ts',
+    scorePolicy: 'score_policy.ts',
+};
+/** The exact set of filenames permitted inside a variant directory. */
+export const APPROVED_FILES = new Set(Object.values(FILE_BY_SURFACE));
+/**
+ * Blocked filename substrings (case-insensitive). A variant directory must never
+ * contain a file whose name hints at secrets, VCS, or keys (ADR-071).
+ */
+export const BLOCKED_FILENAME_PATTERNS = [
+    '.env',
+    'secret',
+    'credential',
+    'token',
+    'private_key',
+    'id_rsa',
+    '.git',
+    '.npmrc',
+    'package.json',
+    'package-lock',
+    'yarn.lock',
+    'pnpm-lock',
+];
+/**
+ * Blocked code-content patterns (case-insensitive). If a variant file's text
+ * matches any of these, the variant is disqualified. This is intentionally
+ * broad: a harness mutation surface is pure policy logic — it has no business
+ * spawning processes, touching the network, reading the environment, the file
+ * system, or evaluating dynamic code.
+ */
+export const BLOCKED_CONTENT_PATTERNS = [
+    // Environment access — both dotted (`process.env`) and computed-member forms
+    // (`process['env']`, `process[`env`]`, `process . env`). The char class
+    // `[.[]` covers the dot and the opening bracket; `['"\x60]?` the optional quote.
+    { re: /process\s*[.[]\s*['"\x60]?\s*env/i, reason: 'environment access (process.env)' },
+    { re: /\bReflect\s*\.\s*get\s*\(\s*process/i, reason: 'environment access (Reflect.get(process))' },
+    { re: /process\s*[.[]\s*['"\x60]?\s*binding/i, reason: 'process.binding' },
+    { re: /\bchild_process\b/i, reason: 'process spawning (child_process)' },
+    { re: /\bexecSync\b|\bexecFileSync\b|\bspawnSync\b|\bspawn\b|\bexec\s*\(/i, reason: 'process execution' },
+    { re: /\brequire\s*\(/i, reason: 'dynamic require()' },
+    { re: /\bimport\s*\(/i, reason: 'dynamic import()' },
+    { re: /\beval\s*\(/i, reason: 'eval()' },
+    { re: /\bnew\s+Function\b/i, reason: 'new Function()' },
+    { re: /\bfetch\s*\(/i, reason: 'network access (fetch)' },
+    { re: /\bXMLHttpRequest\b|\bWebSocket\b/i, reason: 'network access (XHR/WebSocket)' },
+    // node: builtins, including subpaths like `node:fs/promises`.
+    { re: /\bnode:(fs|net|http|https|dns|tls|dgram|cluster|vm|worker_threads)(\/|\b)/i, reason: 'restricted node builtin' },
+    // Bare-specifier imports, including subpaths like `fs/promises`, `net/x`.
+    { re: /from\s+['"](fs|net|http|https|dns|tls|dgram|cluster|vm|worker_threads)(\/[^'"]*)?['"]/i, reason: 'restricted module import' },
+    { re: /\bglobalThis\b|\b__proto__\b|\bconstructor\s*\[/i, reason: 'prototype/global escape' },
+    { re: /\bcurl\b|\bwget\b|\bssh\b|\bscp\b|\bsudo\b|\bchmod\b|\bnc\s|\bnetcat\b/i, reason: 'shell command string' },
+    // Destructive fs — any `rm` with a flag OR a path (`rm -rf`, `rm -r`, `rm /etc/x`).
+    { re: /\brm\s+[-/]|\brmdir\b|\bunlink\b|\brmSync\b/i, reason: 'destructive filesystem command' },
+    { re: /\bprivate_key\b|\bcredential\b|\bsecret\b|\btoken\b|BEGIN [A-Z ]*PRIVATE KEY/i, reason: 'secret handling' },
+];
+/** Hard caps to bound a pathological variant directory. */
+const MAX_FILES = 32;
+const MAX_FILE_BYTES = 256 * 1024;
+/**
+ * Statically inspect a variant directory BEFORE it is allowed to run.
+ * Returns a list of blocking findings; an empty list means the variant is clean.
+ *
+ * Disqualifying conditions:
+ *   - a nested directory, a symlink, or any non-regular-file entry;
+ *   - a file that is not one of the seven approved filenames;
+ *   - a filename matching a blocked pattern;
+ *   - a file exceeding the size cap, or the directory exceeding the file cap;
+ *   - file content matching a blocked-capability pattern.
+ */
+export async function inspectVariant(dir) {
+    const blocked = [];
+    let entries;
+    try {
+        entries = await readdir(dir, { withFileTypes: true });
+    }
+    catch {
+        return [`variant directory unreadable: ${dir}`];
+    }
+    if (entries.length > MAX_FILES) {
+        blocked.push(`too many entries (${entries.length} > ${MAX_FILES})`);
+    }
+    for (const entry of entries) {
+        const name = entry.name;
+        const full = join(dir, name);
+        // Reject symlinks and non-regular files via lstat (no symlink escape).
+        let stat;
+        try {
+            stat = await lstat(full);
+        }
+        catch {
+            blocked.push(`unstattable entry ${name}`);
+            continue;
+        }
+        if (stat.isSymbolicLink()) {
+            blocked.push(`symlink not allowed: ${name}`);
+            continue;
+        }
+        if (stat.isDirectory()) {
+            blocked.push(`unexpected directory ${name}`);
+            continue;
+        }
+        if (!stat.isFile()) {
+            blocked.push(`non-regular file ${name}`);
+            continue;
+        }
+        const lower = name.toLowerCase();
+        if (!APPROVED_FILES.has(name)) {
+            blocked.push(`unexpected file ${name} (not in the approved allowlist)`);
+        }
+        for (const pat of BLOCKED_FILENAME_PATTERNS) {
+            if (lower.includes(pat)) {
+                blocked.push(`blocked filename pattern "${pat}" in ${name}`);
+                break;
+            }
+        }
+        if (stat.size > MAX_FILE_BYTES) {
+            blocked.push(`file ${name} too large (${stat.size} > ${MAX_FILE_BYTES} bytes)`);
+            continue; // do not read an oversized file into memory
+        }
+        let content;
+        try {
+            content = await readFile(full, 'utf8');
+        }
+        catch {
+            blocked.push(`unreadable file ${name}`);
+            continue;
+        }
+        for (const { re, reason } of BLOCKED_CONTENT_PATTERNS) {
+            if (re.test(content))
+                blocked.push(`blocked content in ${name}: ${reason}`);
+        }
+    }
+    return blocked;
+}
+/**
+ * Validate LLM/agent-generated code BEFORE it is written to a variant file.
+ * Independent of inspectVariant (defense in depth). Returns a list of violations;
+ * an empty list means the generated code is admissible. A generation that
+ * violates this is DISCARDED, never repaired in place (ADR-071).
+ */
+export function validateGeneratedCode(code) {
+    const violations = [];
+    for (const { re, reason } of BLOCKED_CONTENT_PATTERNS) {
+        if (re.test(code))
+            violations.push(reason);
+    }
+    // De-duplicate (a pattern set can flag the same reason twice).
+    return [...new Set(violations)];
+}
+/** Convenience: a variant is admissible iff inspectVariant finds nothing. */
+export async function isVariantSafe(dir) {
+    return (await inspectVariant(dir)).length === 0;
+}
+//# sourceMappingURL=safety.js.map

package/dist/safety.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"safety.js","sourceRoot":"","sources":["../src/safety.ts"],"names":[],"mappings":"AAAA,+BAA+B;AAC/B,EAAE;AACF,kFAAkF;AAClF,EAAE;AACF,8EAA8E;AAC9E,yEAAyE;AACzE,EAAE;AACF,gFAAgF;AAChF,+EAA+E;AAC/E,kFAAkF;AAClF,8DAA8D;AAC9D,6EAA6E;AAC7E,gFAAgF;AAChF,EAAE;AACF,2EAA2E;AAC3E,0EAA0E;AAC1E,8EAA8E;AAC9E,yCAAyC;AAEzC,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5D,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAGjC,0EAA0E;AAC1E,MAAM,CAAC,MAAM,QAAQ,GAA+B;IAClD,SAAS;IACT,gBAAgB;IAChB,UAAU;IACV,aAAa;IACb,YAAY;IACZ,cAAc;IACd,aAAa;CACL,CAAC;AAEX,+EAA+E;AAC/E,MAAM,CAAC,MAAM,eAAe,GAA8C;IACxE,OAAO,EAAE,YAAY;IACrB,cAAc,EAAE,oBAAoB;IACpC,QAAQ,EAAE,aAAa;IACvB,WAAW,EAAE,iBAAiB;IAC9B,UAAU,EAAE,gBAAgB;IAC5B,YAAY,EAAE,kBAAkB;IAChC,WAAW,EAAE,iBAAiB;CAC/B,CAAC;AAEF,uEAAuE;AACvE,MAAM,CAAC,MAAM,cAAc,GAAwB,IAAI,GAAG,CACxD,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,CAC/B,CAAC;AAEF;;;GAGG;AACH,MAAM,CAAC,MAAM,yBAAyB,GAAsB;IAC1D,MAAM;IACN,QAAQ;IACR,YAAY;IACZ,OAAO;IACP,aAAa;IACb,QAAQ;IACR,MAAM;IACN,QAAQ;IACR,cAAc;IACd,cAAc;IACd,WAAW;IACX,WAAW;CACZ,CAAC;AAEF;;;;;;GAMG;AACH,MAAM,CAAC,MAAM,wBAAwB,GAAkD;IACrF,6EAA6E;IAC7E,wEAAwE;IACxE,iFAAiF;IACjF,EAAE,EAAE,EAAE,mCAAmC,EAAE,MAAM,EAAE,kCAAkC,EAAE;IACvF,EAAE,EAAE,EAAE,sCAAsC,EAAE,MAAM,EAAE,2CAA2C,EAAE;IACnG,EAAE,EAAE,EAAE,uCAAuC,EAAE,MAAM,EAAE,iBAAiB,EAAE;IAC1E,EAAE,EAAE,EAAE,oBAAoB,EAAE,MAAM,EAAE,kCAAkC,EAAE;IACxE,EAAE,EAAE,EAAE,oEAAoE,EAAE,MAAM,EAAE,mBAAmB,EAAE;IACzG,EAAE,EAAE,EAAE,iBAAiB,EAAE,MAAM,EAAE,mBAAmB,EAAE;IACtD,EAAE,EAAE,EAAE,gBAAgB,EAAE,MAAM,EAAE,kBAAkB,EAAE;IACpD,EAAE,EAAE,EAAE,cAAc,EAAE,MAAM,EAAE,QAAQ,EAAE;IACxC,EAAE,EAAE,EAAE,qBAAqB,EAAE,MAAM,EAAE,gBAAgB,EAAE;IACvD,EAAE,EAAE,EAAE,eAAe,EAAE,MAAM,EAAE,wBAAwB,EAAE;IACzD,EAAE,EAAE,EAAE,mCAAmC,EAAE,MAAM,EAAE,gCAAgC,EAAE;IACrF,8DAA8D;IAC9D,EAAE,EAAE,EAAE,4EAA4E,EAAE,MAAM,EAAE,yBAAyB,EAAE;IACvH,0EAA0E;IAC1E,EAAE,EAAE,EAAE,wFAAwF,EAAE,MAAM,EAAE,0BAA0B,EAAE;IACpI,EAAE,EAAE,EAAE,kDAAkD,EAAE,MAAM,EAAE,yBAAyB,EAAE;IAC7F,EAAE,EAAE,EAAE,yEAAyE,EAAE,MAAM,EAAE,sBAAsB,EAAE;IACjH,oFAAoF;IACpF,EAAE,EAAE,EAAE,8CAA8C,EAAE,MAAM,EAAE,gCAAgC,EAAE;IAChG,EAAE,EAAE,EAAE,+EAA+E,EAAE,MAAM,EAAE,iBAAiB,EAAE;CACnH,CAAC;AAEF,2DAA2D;AAC3D,MAAM,SAAS,GAAG,EAAE,CAAC;AACrB,MAAM,cAAc,GAAG,GAAG,GAAG,IAAI,CAAC;AAElC;;;;;;;;;;GAUG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,GAAW;IAC9C,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,IAAI,OAAO,CAAC;IACZ,IAAI,CAAC;QACH,OAAO,GAAG,MAAM,OAAO,CAAC,GAAG,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;IACxD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,CAAC,iCAAiC,GAAG,EAAE,CAAC,CAAC;IAClD,CAAC;IAED,IAAI,OAAO,CAAC,MAAM,GAAG,SAAS,EAAE,CAAC;QAC/B,OAAO,CAAC,IAAI,CAAC,qBAAqB,OAAO,CAAC,MAAM,MAAM,SAAS,GAAG,CAAC,CAAC;IACtE,CAAC;IAED,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC5B,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC;QACxB,MAAM,IAAI,GAAG,IAAI,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;QAE7B,uEAAuE;QACvE,IAAI,IAAI,CAAC;QACT,IAAI,CAAC;YACH,IAAI,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC,CAAC;QAC3B,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,CAAC,IAAI,CAAC,qBAAqB,IAAI,EAAE,CAAC,CAAC;YAC1C,SAAS;QACX,CAAC;QACD,IAAI,IAAI,CAAC,cAAc,EAAE,EAAE,CAAC;YAC1B,OAAO,CAAC,IAAI,CAAC,wBAAwB,IAAI,EAAE,CAAC,CAAC;YAC7C,SAAS;QACX,CAAC;QACD,IAAI,IAAI,CAAC,WAAW,EAAE,EAAE,CAAC;YACvB,OAAO,CAAC,IAAI,CAAC,wBAAwB,IAAI,EAAE,CAAC,CAAC;YAC7C,SAAS;QACX,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,CAAC;YACnB,OAAO,CAAC,IAAI,CAAC,oBAAoB,IAAI,EAAE,CAAC,CAAC;YACzC,SAAS;QACX,CAAC;QAED,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;QACjC,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;YAC9B,OAAO,CAAC,IAAI,CAAC,mBAAmB,IAAI,kCAAkC,CAAC,CAAC;QAC1E,CAAC;QACD,KAAK,MAAM,GAAG,IAAI,yBAAyB,EAAE,CAAC;YAC5C,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;gBACxB,OAAO,CAAC,IAAI,CAAC,6BAA6B,GAAG,QAAQ,IAAI,EAAE,CAAC,CAAC;gBAC7D,MAAM;YACR,CAAC;QACH,CAAC;QACD,IAAI,IAAI,CAAC,IAAI,GAAG,cAAc,EAAE,CAAC;YAC/B,OAAO,CAAC,IAAI,CAAC,QAAQ,IAAI,eAAe,IAAI,CAAC,IAAI,MAAM,cAAc,SAAS,CAAC,CAAC;YAChF,SAAS,CAAC,4CAA4C;QACxD,CAAC;QAED,IAAI,OAAe,CAAC;QACpB,IAAI,CAAC;YACH,OAAO,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;QACzC,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,CAAC,IAAI,CAAC,mBAAmB,IAAI,EAAE,CAAC,CAAC;YACxC,SAAS;QACX,CAAC;QACD,KAAK,MAAM,EAAE,EAAE,EAAE,MAAM,EAAE,IAAI,wBAAwB,EAAE,CAAC;YACtD,IAAI,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC;gBAAE,OAAO,CAAC,IAAI,CAAC,sBAAsB,IAAI,KAAK,MAAM,EAAE,CAAC,CAAC;QAC9E,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,qBAAqB,CAAC,IAAY;IAChD,MAAM,UAAU,GAAa,EAAE,CAAC;IAChC,KAAK,MAAM,EAAE,EAAE,EAAE,MAAM,EAAE,IAAI,wBAAwB,EAAE,CAAC;QACtD,IAAI,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC;YAAE,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAC7C,CAAC;IACD,+DAA+D;IAC/D,OAAO,CAAC,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC;AAClC,CAAC;AAED,6EAA6E;AAC7E,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,GAAW;IAC7C,OAAO,CAAC,MAAM,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC;AAClD,CAAC"}

package/dist/sandbox.d.ts

@@ -0,0 +1,24 @@
+import type { HarnessVariant, RepoProfile, RunTrace } from './types.js';
+/** Tunables for one sandboxed run. */
+export interface SandboxOptions {
+    /** Wall-clock budget for the test command (ms). Default 120000. */
+    taskTimeoutMs?: number;
+    /** Max bytes of combined stdout/stderr to buffer. Default 8 MiB. */
+    maxBufferBytes?: number;
+}
+/**
+ * Run one variant against one task in the sandbox.
+ *
+ * The ADR-071 safety gate runs first: if `inspectVariant` reports any findings,
+ * no command is executed and a disqualified trace (exitCode 99) is returned.
+ * Otherwise the profile's `testCommand` is executed via `execFile` (no shell)
+ * with a scrubbed env. Never throws — failures become RunTraces.
+ */
+export declare function runVariantTask(variant: HarnessVariant, profile: RepoProfile, taskId: string, opts?: SandboxOptions): Promise<RunTrace>;
+/**
+ * Run a variant against a list of tasks sequentially, returning every trace.
+ * Sequential by design: it bounds resource use and keeps traces deterministic
+ * (the population-level concurrency budget lives in the evolution loop, not here).
+ */
+export declare function runVariantTasks(variant: HarnessVariant, profile: RepoProfile, taskIds: string[], opts?: SandboxOptions): Promise<RunTrace[]>;
+//# sourceMappingURL=sandbox.d.ts.map

package/dist/sandbox.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sandbox.d.ts","sourceRoot":"","sources":["../src/sandbox.ts"],"names":[],"mappings":"AAuBA,OAAO,KAAK,EAAE,cAAc,EAAE,WAAW,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAC;AAaxE,sCAAsC;AACtC,MAAM,WAAW,cAAc;IAC7B,mEAAmE;IACnE,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,oEAAoE;IACpE,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB;AAmCD;;;;;;;GAOG;AACH,wBAAsB,cAAc,CAClC,OAAO,EAAE,cAAc,EACvB,OAAO,EAAE,WAAW,EACpB,MAAM,EAAE,MAAM,EACd,IAAI,CAAC,EAAE,cAAc,GACpB,OAAO,CAAC,QAAQ,CAAC,CAmFnB;AAED;;;;GAIG;AACH,wBAAsB,eAAe,CACnC,OAAO,EAAE,cAAc,EACvB,OAAO,EAAE,WAAW,EACpB,OAAO,EAAE,MAAM,EAAE,EACjB,IAAI,CAAC,EAAE,cAAc,GACpB,OAAO,CAAC,QAAQ,EAAE,CAAC,CAMrB"}