@metaharness/darwin 0.1.0

package/dist/sandbox.js

@@ -0,0 +1,153 @@
+// SPDX-License-Identifier: MIT
+//
+// The sandbox runner (ADR-070 §sandbox, ADR-071 §gate) — the only place a
+// variant's test command actually executes. It is the execution half of the
+// evaluation side; the scorer (scorer.ts) is the judgement half.
+//
+// Two non-negotiable security properties, both pinned by tests:
+//
+//   1. The ADR-071 safety gate runs FIRST. A variant directory that fails
+//      `inspectVariant` never has any command run: the trace is sealed with the
+//      reserved exit code 99 and the findings recorded as blockedActions.
+//   2. No shell, scrubbed environment. The test command is split into argv and
+//      run via `execFile` (never a shell, so no command-injection surface), and
+//      with a minimal env — PATH plus three identifying variables — so secrets,
+//      tokens, and proxy settings in `process.env` never leak into a variant.
+//
+// `runVariantTask` never throws: a failing or timing-out command becomes a
+// RunTrace, not an exception, so the evolution loop cannot be aborted by a
+// hostile or broken variant.
+import { execFile } from 'node:child_process';
+import { promisify } from 'node:util';
+import { inspectVariant } from './safety.js';
+const execFileAsync = promisify(execFile);
+/** Reserved exit code meaning "disqualified by the safety gate before running". */
+const DISQUALIFIED_EXIT_CODE = 99;
+/** Default per-variant test-command wall-clock budget (ms). */
+const DEFAULT_TASK_TIMEOUT_MS = 120_000;
+/** Default cap on captured stdout/stderr (bytes) before the process is killed. */
+const DEFAULT_MAX_BUFFER_BYTES = 8 * 1024 * 1024;
+/**
+ * Split a test command into argv by whitespace. Deliberately simple: there is
+ * no shell, so there is no quoting/globbing to honour — the command comes from
+ * the RepoProfile, not the variant, and `execFile` receives a bare argv.
+ */
+function toArgv(command) {
+    return command.trim().split(/\s+/).filter((part) => part.length > 0);
+}
+/**
+ * The minimal, scrubbed environment a variant's test command runs under. Only
+ * PATH (so the runtime is findable) plus three identifying variables are
+ * exposed; nothing else from `process.env` is passed through, so secrets,
+ * tokens, and proxy configuration cannot leak into a variant.
+ */
+function scrubbedEnv(variantId, taskId) {
+    return {
+        PATH: process.env.PATH ?? '',
+        NODE_ENV: 'test',
+        METAHARNESS_VARIANT: variantId,
+        METAHARNESS_TASK: taskId,
+    };
+}
+/**
+ * Run one variant against one task in the sandbox.
+ *
+ * The ADR-071 safety gate runs first: if `inspectVariant` reports any findings,
+ * no command is executed and a disqualified trace (exitCode 99) is returned.
+ * Otherwise the profile's `testCommand` is executed via `execFile` (no shell)
+ * with a scrubbed env. Never throws — failures become RunTraces.
+ */
+export async function runVariantTask(variant, profile, taskId, opts) {
+    const startedAt = new Date();
+    // ── Gate first: a disqualified variant never runs anything (ADR-071). ──
+    const findings = await inspectVariant(variant.dir);
+    if (findings.length > 0) {
+        const finishedAt = new Date();
+        return {
+            variantId: variant.id,
+            taskId,
+            startedAt: startedAt.toISOString(),
+            finishedAt: finishedAt.toISOString(),
+            exitCode: DISQUALIFIED_EXIT_CODE,
+            stdout: '',
+            stderr: findings.join('\n'),
+            durationMs: finishedAt.getTime() - startedAt.getTime(),
+            timedOut: false,
+            blockedActions: findings,
+        };
+    }
+    const timeout = opts?.taskTimeoutMs ?? DEFAULT_TASK_TIMEOUT_MS;
+    const maxBuffer = opts?.maxBufferBytes ?? DEFAULT_MAX_BUFFER_BYTES;
+    const argv = toArgv(profile.testCommand);
+    const env = scrubbedEnv(variant.id, taskId);
+    // A malformed (empty) command cannot run — treat as a benign failure trace.
+    if (argv.length === 0) {
+        const finishedAt = new Date();
+        return {
+            variantId: variant.id,
+            taskId,
+            startedAt: startedAt.toISOString(),
+            finishedAt: finishedAt.toISOString(),
+            exitCode: 1,
+            stdout: '',
+            stderr: 'empty testCommand',
+            durationMs: finishedAt.getTime() - startedAt.getTime(),
+            timedOut: false,
+            blockedActions: [],
+        };
+    }
+    try {
+        const { stdout, stderr } = await execFileAsync(argv[0], argv.slice(1), {
+            cwd: profile.root,
+            timeout,
+            maxBuffer,
+            env,
+            windowsHide: true,
+            // No `shell` option: execFile never invokes a shell (no injection surface).
+        });
+        const finishedAt = new Date();
+        return {
+            variantId: variant.id,
+            taskId,
+            startedAt: startedAt.toISOString(),
+            finishedAt: finishedAt.toISOString(),
+            exitCode: 0,
+            stdout: stdout ?? '',
+            stderr: stderr ?? '',
+            durationMs: finishedAt.getTime() - startedAt.getTime(),
+            timedOut: false,
+            blockedActions: [],
+        };
+    }
+    catch (err) {
+        const e = err;
+        const finishedAt = new Date();
+        const exitCode = typeof e.code === 'number' ? e.code : 1;
+        const timedOut = e.killed === true || e.signal === 'SIGTERM';
+        return {
+            variantId: variant.id,
+            taskId,
+            startedAt: startedAt.toISOString(),
+            finishedAt: finishedAt.toISOString(),
+            exitCode,
+            stdout: e.stdout ?? '',
+            stderr: e.stderr ?? '',
+            durationMs: finishedAt.getTime() - startedAt.getTime(),
+            timedOut,
+            blockedActions: [],
+        };
+    }
+}
+/**
+ * Run a variant against a list of tasks sequentially, returning every trace.
+ * Sequential by design: it bounds resource use and keeps traces deterministic
+ * (the population-level concurrency budget lives in the evolution loop, not here).
+ */
+export async function runVariantTasks(variant, profile, taskIds, opts) {
+    const traces = [];
+    for (const taskId of taskIds) {
+        traces.push(await runVariantTask(variant, profile, taskId, opts));
+    }
+    return traces;
+}
+//# sourceMappingURL=sandbox.js.map

package/dist/sandbox.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sandbox.js","sourceRoot":"","sources":["../src/sandbox.ts"],"names":[],"mappings":"AAAA,+BAA+B;AAC/B,EAAE;AACF,0EAA0E;AAC1E,4EAA4E;AAC5E,iEAAiE;AACjE,EAAE;AACF,gEAAgE;AAChE,EAAE;AACF,0EAA0E;AAC1E,gFAAgF;AAChF,0EAA0E;AAC1E,+EAA+E;AAC/E,gFAAgF;AAChF,gFAAgF;AAChF,8EAA8E;AAC9E,EAAE;AACF,2EAA2E;AAC3E,2EAA2E;AAC3E,6BAA6B;AAE7B,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAC9C,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AACtC,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAG7C,MAAM,aAAa,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC;AAE1C,mFAAmF;AACnF,MAAM,sBAAsB,GAAG,EAAE,CAAC;AAElC,+DAA+D;AAC/D,MAAM,uBAAuB,GAAG,OAAO,CAAC;AAExC,kFAAkF;AAClF,MAAM,wBAAwB,GAAG,CAAC,GAAG,IAAI,GAAG,IAAI,CAAC;AAmBjD;;;;GAIG;AACH,SAAS,MAAM,CAAC,OAAe;IAC7B,OAAO,OAAO,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;AACvE,CAAC;AAED;;;;;GAKG;AACH,SAAS,WAAW,CAAC,SAAiB,EAAE,MAAc;IACpD,OAAO;QACL,IAAI,EAAE,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,EAAE;QAC5B,QAAQ,EAAE,MAAM;QAChB,mBAAmB,EAAE,SAAS;QAC9B,gBAAgB,EAAE,MAAM;KACzB,CAAC;AACJ,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,OAAuB,EACvB,OAAoB,EACpB,MAAc,EACd,IAAqB;IAErB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAE7B,0EAA0E;IAC1E,MAAM,QAAQ,GAAG,MAAM,cAAc,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IACnD,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,MAAM,UAAU,GAAG,IAAI,IAAI,EAAE,CAAC;QAC9B,OAAO;YACL,SAAS,EAAE,OAAO,CAAC,EAAE;YACrB,MAAM;YACN,SAAS,EAAE,SAAS,CAAC,WAAW,EAAE;YAClC,UAAU,EAAE,UAAU,CAAC,WAAW,EAAE;YACpC,QAAQ,EAAE,sBAAsB;YAChC,MAAM,EAAE,EAAE;YACV,MAAM,EAAE,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC;YAC3B,UAAU,EAAE,UAAU,CAAC,OAAO,EAAE,GAAG,SAAS,CAAC,OAAO,EAAE;YACtD,QAAQ,EAAE,KAAK;YACf,cAAc,EAAE,QAAQ;SACzB,CAAC;IACJ,CAAC;IAED,MAAM,OAAO,GAAG,IAAI,EAAE,aAAa,IAAI,uBAAuB,CAAC;IAC/D,MAAM,SAAS,GAAG,IAAI,EAAE,cAAc,IAAI,wBAAwB,CAAC;IACnE,MAAM,IAAI,GAAG,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;IACzC,MAAM,GAAG,GAAG,WAAW,CAAC,OAAO,CAAC,EAAE,EAAE,MAAM,CAAC,CAAC;IAE5C,4EAA4E;IAC5E,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACtB,MAAM,UAAU,GAAG,IAAI,IAAI,EAAE,CAAC;QAC9B,OAAO;YACL,SAAS,EAAE,OAAO,CAAC,EAAE;YACrB,MAAM;YACN,SAAS,EAAE,SAAS,CAAC,WAAW,EAAE;YAClC,UAAU,EAAE,UAAU,CAAC,WAAW,EAAE;YACpC,QAAQ,EAAE,CAAC;YACX,MAAM,EAAE,EAAE;YACV,MAAM,EAAE,mBAAmB;YAC3B,UAAU,EAAE,UAAU,CAAC,OAAO,EAAE,GAAG,SAAS,CAAC,OAAO,EAAE;YACtD,QAAQ,EAAE,KAAK;YACf,cAAc,EAAE,EAAE;SACnB,CAAC;IACJ,CAAC;IAED,IAAI,CAAC;QACH,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE;YACrE,GAAG,EAAE,OAAO,CAAC,IAAI;YACjB,OAAO;YACP,SAAS;YACT,GAAG;YACH,WAAW,EAAE,IAAI;YACjB,4EAA4E;SAC7E,CAAC,CAAC;QACH,MAAM,UAAU,GAAG,IAAI,IAAI,EAAE,CAAC;QAC9B,OAAO;YACL,SAAS,EAAE,OAAO,CAAC,EAAE;YACrB,MAAM;YACN,SAAS,EAAE,SAAS,CAAC,WAAW,EAAE;YAClC,UAAU,EAAE,UAAU,CAAC,WAAW,EAAE;YACpC,QAAQ,EAAE,CAAC;YACX,MAAM,EAAE,MAAM,IAAI,EAAE;YACpB,MAAM,EAAE,MAAM,IAAI,EAAE;YACpB,UAAU,EAAE,UAAU,CAAC,OAAO,EAAE,GAAG,SAAS,CAAC,OAAO,EAAE;YACtD,QAAQ,EAAE,KAAK;YACf,cAAc,EAAE,EAAE;SACnB,CAAC;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,CAAC,GAAG,GAAgB,CAAC;QAC3B,MAAM,UAAU,GAAG,IAAI,IAAI,EAAE,CAAC;QAC9B,MAAM,QAAQ,GAAG,OAAO,CAAC,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;QACzD,MAAM,QAAQ,GAAG,CAAC,CAAC,MAAM,KAAK,IAAI,IAAI,CAAC,CAAC,MAAM,KAAK,SAAS,CAAC;QAC7D,OAAO;YACL,SAAS,EAAE,OAAO,CAAC,EAAE;YACrB,MAAM;YACN,SAAS,EAAE,SAAS,CAAC,WAAW,EAAE;YAClC,UAAU,EAAE,UAAU,CAAC,WAAW,EAAE;YACpC,QAAQ;YACR,MAAM,EAAE,CAAC,CAAC,MAAM,IAAI,EAAE;YACtB,MAAM,EAAE,CAAC,CAAC,MAAM,IAAI,EAAE;YACtB,UAAU,EAAE,UAAU,CAAC,OAAO,EAAE,GAAG,SAAS,CAAC,OAAO,EAAE;YACtD,QAAQ;YACR,cAAc,EAAE,EAAE;SACnB,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,OAAuB,EACvB,OAAoB,EACpB,OAAiB,EACjB,IAAqB;IAErB,MAAM,MAAM,GAAe,EAAE,CAAC;IAC9B,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,MAAM,CAAC,IAAI,CAAC,MAAM,cAAc,CAAC,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,CAAC,CAAC;IACpE,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/scorer.d.ts

@@ -0,0 +1,26 @@
+import type { RunTrace, ScoreCard } from './types.js';
+/**
+ * The authoritative scoring weights (ADR-072 §base score). They sum to 1.0 and
+ * are exposed so callers (and the archive) can report the policy in force.
+ */
+export declare function scoreWeights(): {
+    taskSuccess: number;
+    testPassRate: number;
+    traceQuality: number;
+    costEfficiency: number;
+    latencyEfficiency: number;
+    safetyScore: number;
+};
+/**
+ * Score a variant from its run traces, fold in the penalty layer, and decide
+ * promotion against the parent. `parentScore` is null for the baseline (which
+ * is graded against a zero floor and never promoted).
+ *
+ * @param variantId      the variant being scored
+ * @param traces         one trace per task this variant ran
+ * @param parentScore    the parent's scorecard, or null for the baseline
+ * @param promotionDelta anti-noise margin a child must beat the parent by
+ * @param taskTimeoutMs  wall-clock budget used to normalise latency
+ */
+export declare function scoreVariant(variantId: string, traces: RunTrace[], parentScore: ScoreCard | null, promotionDelta: number, taskTimeoutMs?: number): ScoreCard;
+//# sourceMappingURL=scorer.d.ts.map

package/dist/scorer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"scorer.d.ts","sourceRoot":"","sources":["../src/scorer.ts"],"names":[],"mappings":"AAeA,OAAO,KAAK,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AA6BtD;;;GAGG;AACH,wBAAgB,YAAY,IAAI;IAC9B,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,YAAY,EAAE,MAAM,CAAC;IACrB,cAAc,EAAE,MAAM,CAAC;IACvB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,WAAW,EAAE,MAAM,CAAC;CACrB,CASA;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,YAAY,CAC1B,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,QAAQ,EAAE,EAClB,WAAW,EAAE,SAAS,GAAG,IAAI,EAC7B,cAAc,EAAE,MAAM,EACtB,aAAa,SAA0B,GACtC,SAAS,CA2GX"}

package/dist/scorer.js

@@ -0,0 +1,168 @@
+// SPDX-License-Identifier: MIT
+//
+// The frozen scorer (ADR-072) — the spine that turns "looks better" into "is
+// measurably better and safe". This is kernel code, NOT the variant's
+// `score_policy.ts`: a variant may *propose* weights, but the verdict that
+// decides promotion is computed here, so a variant can never re-grade itself.
+//
+// A weighted base score over six [0,1] terms, minus a hard penalty layer whose
+// signals are read out of the run traces (a single safety violation can drive
+// the final score negative — that is the point). Promotion is gated by four
+// independent clauses; all four must hold for a child to replace its parent.
+//
+// Pure function, no I/O. Re-running it on the same traces yields the identical
+// finalScore and promoted verdict (ADR-072 reproducibility clause).
+/** Reserved disqualification exit code (mirrors sandbox.ts). */
+const DISQUALIFIED_EXIT_CODE = 99;
+/** Combined stdout+stderr above this size marks a trace as low quality. */
+const TRACE_QUALITY_BYTE_CAP = 4 * 1024 * 1024;
+/** Default per-variant wall-clock budget (ms) for latency normalisation. */
+const DEFAULT_TASK_TIMEOUT_MS = 120_000;
+/** Minimum safetyScore the promotion gate requires (ADR-072). */
+const SAFETY_GATE = 0.95;
+/** Trace-pattern heuristics for the penalty layer (ADR-072 §penalty). */
+const SECRET_RE = /secret|token|credential/i;
+const DESTRUCTIVE_RE = /\brm\b|sudo|chmod|docker/i;
+const HALLUCINATED_RE = /no such file|cannot find/i;
+/**
+ * Round to 6 decimal places. Kills float-representation noise so a scorecard is
+ * byte-identical across runs and clean in the JSON artifacts (ADR-075). `+` drops
+ * any `-0`. With latency/cost hooked deterministically, every scored term is now
+ * a function of deterministic inputs only.
+ */
+function round6(value) {
+    return +(Math.round(value * 1e6) / 1e6).toFixed(6);
+}
+/**
+ * The authoritative scoring weights (ADR-072 §base score). They sum to 1.0 and
+ * are exposed so callers (and the archive) can report the policy in force.
+ */
+export function scoreWeights() {
+    return {
+        taskSuccess: 0.35,
+        testPassRate: 0.2,
+        traceQuality: 0.15,
+        costEfficiency: 0.1,
+        latencyEfficiency: 0.1,
+        safetyScore: 0.1,
+    };
+}
+/**
+ * Score a variant from its run traces, fold in the penalty layer, and decide
+ * promotion against the parent. `parentScore` is null for the baseline (which
+ * is graded against a zero floor and never promoted).
+ *
+ * @param variantId      the variant being scored
+ * @param traces         one trace per task this variant ran
+ * @param parentScore    the parent's scorecard, or null for the baseline
+ * @param promotionDelta anti-noise margin a child must beat the parent by
+ * @param taskTimeoutMs  wall-clock budget used to normalise latency
+ */
+export function scoreVariant(variantId, traces, parentScore, promotionDelta, taskTimeoutMs = DEFAULT_TASK_TIMEOUT_MS) {
+    const total = traces.length;
+    const passed = traces.filter((t) => t.exitCode === 0).length;
+    const taskSuccess = total > 0 ? passed / total : 0;
+    const testPassRate = taskSuccess;
+    // Trace quality: high unless any trace produced an oversized output buffer.
+    const allCompact = traces.every((t) => t.stdout.length + t.stderr.length < TRACE_QUALITY_BYTE_CAP);
+    const traceQuality = allCompact ? 0.9 : 0.5;
+    // Latency + cost are DETERMINISTIC prototype hooks (full marks), exactly like
+    // each other. At prototype level every variant runs the identical repo test
+    // command, so per-variant wall-clock differences are pure measurement NOISE —
+    // folding raw `durationMs` into the score made `finalScore` (and, under
+    // parallel load, the winner's identity) non-reproducible, violating the
+    // ADR-075 reproducibility clause. Real latency/cost scoring lands with the
+    // LLM-backed evaluator, where variants differ structurally rather than by
+    // jitter; the wall-clock is still recorded per trace (RunTrace.durationMs) for
+    // observability. `taskTimeoutMs` is retained for that future formula and for
+    // the timeout-driven tool-loop penalty below.
+    void taskTimeoutMs;
+    const latencyEfficiency = 1.0;
+    const costEfficiency = 1.0;
+    // Safety: any blocked action across the run zeroes the term.
+    const totalBlocked = traces.reduce((sum, t) => sum + t.blockedActions.length, 0);
+    const safetyScore = totalBlocked === 0 ? 1.0 : 0.0;
+    // ── Penalty layer: coarse trace-pattern heuristics (ADR-072 §penalty). ──
+    const secretExposure = traces.some((t) => SECRET_RE.test(t.stderr)) ? 1 : 0;
+    const destructiveAction = traces.some((t) => DESTRUCTIVE_RE.test(t.stderr)) ? 1 : 0;
+    const hallucinatedFile = traces.some((t) => HALLUCINATED_RE.test(t.stderr)) ? 1 : 0;
+    const toolLoop = traces.some((t) => t.timedOut || t.exitCode === DISQUALIFIED_EXIT_CODE)
+        ? 1
+        : 0;
+    const costOverrun = 0; // cost circuit-breaker hook (ADR-072 §cost)
+    const w = scoreWeights();
+    const baseScore = round6(w.taskSuccess * taskSuccess +
+        w.testPassRate * testPassRate +
+        w.traceQuality * traceQuality +
+        w.costEfficiency * costEfficiency +
+        w.latencyEfficiency * latencyEfficiency +
+        w.safetyScore * safetyScore);
+    const finalScore = round6(baseScore -
+        0.3 * secretExposure -
+        0.25 * destructiveAction -
+        0.2 * hallucinatedFile -
+        0.15 * toolLoop -
+        0.1 * costOverrun);
+    // ── Promotion gate: all four clauses must hold (ADR-072 §gate). ──
+    const parentFinal = parentScore?.finalScore ?? 0;
+    const parentTestPassRate = parentScore?.testPassRate ?? 0;
+    const beatsParent = finalScore > parentFinal + promotionDelta;
+    const safetyOk = safetyScore >= SAFETY_GATE;
+    const noRegression = testPassRate >= parentTestPassRate;
+    const noBlockedActions = safetyScore === 1.0;
+    const promoted = beatsParent && safetyOk && noRegression && noBlockedActions;
+    const reason = promoted
+        ? `promoted: finalScore ${finalScore.toFixed(4)} > parent ` +
+            `${parentFinal.toFixed(4)} + delta ${promotionDelta} ` +
+            `(safety ${safetyScore.toFixed(2)}, no test regression)`
+        : buildRejectReason({
+            beatsParent,
+            safetyOk,
+            noRegression,
+            noBlockedActions,
+            finalScore,
+            parentFinal,
+            promotionDelta,
+            safetyScore,
+            testPassRate,
+            parentTestPassRate,
+        });
+    return {
+        variantId,
+        taskSuccess: round6(taskSuccess),
+        testPassRate: round6(testPassRate),
+        traceQuality,
+        costEfficiency,
+        latencyEfficiency,
+        safetyScore,
+        secretExposure,
+        destructiveAction,
+        hallucinatedFile,
+        toolLoop,
+        costOverrun,
+        baseScore,
+        finalScore,
+        promoted,
+        reason,
+    };
+}
+/** Compose a human-readable reason listing every failed promotion clause. */
+function buildRejectReason(ctx) {
+    const fails = [];
+    if (!ctx.beatsParent) {
+        fails.push(`finalScore ${ctx.finalScore.toFixed(4)} ≤ parent ` +
+            `${ctx.parentFinal.toFixed(4)} + delta ${ctx.promotionDelta}`);
+    }
+    if (!ctx.safetyOk) {
+        fails.push(`safetyScore ${ctx.safetyScore.toFixed(2)} < ${SAFETY_GATE}`);
+    }
+    if (!ctx.noRegression) {
+        fails.push(`testPassRate regression ${ctx.testPassRate.toFixed(2)} < ` +
+            `${ctx.parentTestPassRate.toFixed(2)}`);
+    }
+    if (!ctx.noBlockedActions) {
+        fails.push('blocked actions present (ADR-071 gate)');
+    }
+    return `not promoted: ${fails.join('; ')}`;
+}
+//# sourceMappingURL=scorer.js.map

package/dist/scorer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"scorer.js","sourceRoot":"","sources":["../src/scorer.ts"],"names":[],"mappings":"AAAA,+BAA+B;AAC/B,EAAE;AACF,6EAA6E;AAC7E,sEAAsE;AACtE,2EAA2E;AAC3E,8EAA8E;AAC9E,EAAE;AACF,+EAA+E;AAC/E,8EAA8E;AAC9E,4EAA4E;AAC5E,6EAA6E;AAC7E,EAAE;AACF,+EAA+E;AAC/E,oEAAoE;AAIpE,gEAAgE;AAChE,MAAM,sBAAsB,GAAG,EAAE,CAAC;AAElC,2EAA2E;AAC3E,MAAM,sBAAsB,GAAG,CAAC,GAAG,IAAI,GAAG,IAAI,CAAC;AAE/C,4EAA4E;AAC5E,MAAM,uBAAuB,GAAG,OAAO,CAAC;AAExC,iEAAiE;AACjE,MAAM,WAAW,GAAG,IAAI,CAAC;AAEzB,yEAAyE;AACzE,MAAM,SAAS,GAAG,0BAA0B,CAAC;AAC7C,MAAM,cAAc,GAAG,2BAA2B,CAAC;AACnD,MAAM,eAAe,GAAG,2BAA2B,CAAC;AAEpD;;;;;GAKG;AACH,SAAS,MAAM,CAAC,KAAa;IAC3B,OAAO,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,GAAG,GAAG,CAAC,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;AACrD,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,YAAY;IAQ1B,OAAO;QACL,WAAW,EAAE,IAAI;QACjB,YAAY,EAAE,GAAG;QACjB,YAAY,EAAE,IAAI;QAClB,cAAc,EAAE,GAAG;QACnB,iBAAiB,EAAE,GAAG;QACtB,WAAW,EAAE,GAAG;KACjB,CAAC;AACJ,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,UAAU,YAAY,CAC1B,SAAiB,EACjB,MAAkB,EAClB,WAA6B,EAC7B,cAAsB,EACtB,aAAa,GAAG,uBAAuB;IAEvC,MAAM,KAAK,GAAG,MAAM,CAAC,MAAM,CAAC;IAC5B,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC;IAE7D,MAAM,WAAW,GAAG,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IACnD,MAAM,YAAY,GAAG,WAAW,CAAC;IAEjC,4EAA4E;IAC5E,MAAM,UAAU,GAAG,MAAM,CAAC,KAAK,CAC7B,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,MAAM,CAAC,MAAM,GAAG,sBAAsB,CAClE,CAAC;IACF,MAAM,YAAY,GAAG,UAAU,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;IAE5C,8EAA8E;IAC9E,4EAA4E;IAC5E,8EAA8E;IAC9E,wEAAwE;IACxE,wEAAwE;IACxE,2EAA2E;IAC3E,0EAA0E;IAC1E,+EAA+E;IAC/E,6EAA6E;IAC7E,8CAA8C;IAC9C,KAAK,aAAa,CAAC;IACnB,MAAM,iBAAiB,GAAG,GAAG,CAAC;IAC9B,MAAM,cAAc,GAAG,GAAG,CAAC;IAE3B,6DAA6D;IAC7D,MAAM,YAAY,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,cAAc,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;IACjF,MAAM,WAAW,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;IAEnD,2EAA2E;IAC3E,MAAM,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC5E,MAAM,iBAAiB,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACpF,MAAM,gBAAgB,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACpF,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAC1B,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,QAAQ,KAAK,sBAAsB,CAC3D;QACC,CAAC,CAAC,CAAC;QACH,CAAC,CAAC,CAAC,CAAC;IACN,MAAM,WAAW,GAAG,CAAC,CAAC,CAAC,4CAA4C;IAEnE,MAAM,CAAC,GAAG,YAAY,EAAE,CAAC;IACzB,MAAM,SAAS,GAAG,MAAM,CACtB,CAAC,CAAC,WAAW,GAAG,WAAW;QACzB,CAAC,CAAC,YAAY,GAAG,YAAY;QAC7B,CAAC,CAAC,YAAY,GAAG,YAAY;QAC7B,CAAC,CAAC,cAAc,GAAG,cAAc;QACjC,CAAC,CAAC,iBAAiB,GAAG,iBAAiB;QACvC,CAAC,CAAC,WAAW,GAAG,WAAW,CAC9B,CAAC;IAEF,MAAM,UAAU,GAAG,MAAM,CACvB,SAAS;QACP,GAAG,GAAG,cAAc;QACpB,IAAI,GAAG,iBAAiB;QACxB,GAAG,GAAG,gBAAgB;QACtB,IAAI,GAAG,QAAQ;QACf,GAAG,GAAG,WAAW,CACpB,CAAC;IAEF,oEAAoE;IACpE,MAAM,WAAW,GAAG,WAAW,EAAE,UAAU,IAAI,CAAC,CAAC;IACjD,MAAM,kBAAkB,GAAG,WAAW,EAAE,YAAY,IAAI,CAAC,CAAC;IAE1D,MAAM,WAAW,GAAG,UAAU,GAAG,WAAW,GAAG,cAAc,CAAC;IAC9D,MAAM,QAAQ,GAAG,WAAW,IAAI,WAAW,CAAC;IAC5C,MAAM,YAAY,GAAG,YAAY,IAAI,kBAAkB,CAAC;IACxD,MAAM,gBAAgB,GAAG,WAAW,KAAK,GAAG,CAAC;IAE7C,MAAM,QAAQ,GAAG,WAAW,IAAI,QAAQ,IAAI,YAAY,IAAI,gBAAgB,CAAC;IAE7E,MAAM,MAAM,GAAG,QAAQ;QACrB,CAAC,CAAC,wBAAwB,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,YAAY;YACzD,GAAG,WAAW,CAAC,OAAO,CAAC,CAAC,CAAC,YAAY,cAAc,GAAG;YACtD,WAAW,WAAW,CAAC,OAAO,CAAC,CAAC,CAAC,uBAAuB;QAC1D,CAAC,CAAC,iBAAiB,CAAC;YAChB,WAAW;YACX,QAAQ;YACR,YAAY;YACZ,gBAAgB;YAChB,UAAU;YACV,WAAW;YACX,cAAc;YACd,WAAW;YACX,YAAY;YACZ,kBAAkB;SACnB,CAAC,CAAC;IAEP,OAAO;QACL,SAAS;QACT,WAAW,EAAE,MAAM,CAAC,WAAW,CAAC;QAChC,YAAY,EAAE,MAAM,CAAC,YAAY,CAAC;QAClC,YAAY;QACZ,cAAc;QACd,iBAAiB;QACjB,WAAW;QACX,cAAc;QACd,iBAAiB;QACjB,gBAAgB;QAChB,QAAQ;QACR,WAAW;QACX,SAAS;QACT,UAAU;QACV,QAAQ;QACR,MAAM;KACP,CAAC;AACJ,CAAC;AAED,6EAA6E;AAC7E,SAAS,iBAAiB,CAAC,GAW1B;IACC,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,IAAI,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC;QACrB,KAAK,CAAC,IAAI,CACR,cAAc,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,YAAY;YACjD,GAAG,GAAG,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC,CAAC,YAAY,GAAG,CAAC,cAAc,EAAE,CAChE,CAAC;IACJ,CAAC;IACD,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC;QAClB,KAAK,CAAC,IAAI,CAAC,eAAe,GAAG,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,WAAW,EAAE,CAAC,CAAC;IAC3E,CAAC;IACD,IAAI,CAAC,GAAG,CAAC,YAAY,EAAE,CAAC;QACtB,KAAK,CAAC,IAAI,CACR,2BAA2B,GAAG,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK;YACzD,GAAG,GAAG,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CACzC,CAAC;IACJ,CAAC;IACD,IAAI,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC;QAC1B,KAAK,CAAC,IAAI,CAAC,wCAAwC,CAAC,CAAC;IACvD,CAAC;IACD,OAAO,iBAAiB,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;AAC7C,CAAC"}

package/dist/templates.d.ts

@@ -0,0 +1,37 @@
+import type { RepoProfile } from './types.js';
+/**
+ * planner.ts — turns a task string into an ordered list of plan steps. The
+ * baseline plan is a generic map → inspect → patch → verify loop, with the
+ * repository summary baked in as data for downstream context.
+ */
+export declare function plannerTemplate(profile: RepoProfile): string;
+/**
+ * context_builder.ts — ranks candidate files by lexical overlap with the task
+ * terms and returns the top slice as context items.
+ */
+export declare function contextBuilderTemplate(): string;
+/**
+ * reviewer.ts — flags changed files that intersect an injected risk-file list
+ * and escalates severity when tests have failed. No inline pattern matching on
+ * sensitive words; the risk set is passed in as data.
+ */
+export declare function reviewerTemplate(): string;
+/**
+ * retry_policy.ts — decides whether to retry an attempt based on a symbolic
+ * failure classification (an injected enum), never by scanning raw output.
+ */
+export declare function retryPolicyTemplate(): string;
+/**
+ * tool_policy.ts — expresses the tool policy over symbolic command kinds, with
+ * an allow-list and a deterministic ordering. No raw shell strings appear.
+ */
+export declare function toolPolicyTemplate(): string;
+/**
+ * memory_policy.ts — decides whether an outcome record is worth remembering.
+ */
+export declare function memoryPolicyTemplate(): string;
+/**
+ * score_policy.ts — the weight vector folded over the positive scoring terms.
+ */
+export declare function scorePolicyTemplate(): string;
+//# sourceMappingURL=templates.d.ts.map

package/dist/templates.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"templates.d.ts","sourceRoot":"","sources":["../src/templates.ts"],"names":[],"mappings":"AAaA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAE9C;;;;GAIG;AACH,wBAAgB,eAAe,CAAC,OAAO,EAAE,WAAW,GAAG,MAAM,CAkC5D;AAED;;;GAGG;AACH,wBAAgB,sBAAsB,IAAI,MAAM,CAsC/C;AAED;;;;GAIG;AACH,wBAAgB,gBAAgB,IAAI,MAAM,CAqDzC;AAED;;;GAGG;AACH,wBAAgB,mBAAmB,IAAI,MAAM,CAkD5C;AAED;;;GAGG;AACH,wBAAgB,kBAAkB,IAAI,MAAM,CA+B3C;AAED;;GAEG;AACH,wBAAgB,oBAAoB,IAAI,MAAM,CA0B7C;AAED;;GAEG;AACH,wBAAgB,mBAAmB,IAAI,MAAM,CA6B5C"}