@mindrian_os/install 1.13.0-beta.12 → 1.13.0-beta.13

package/lib/memory/run-feynman-tests.cjs

@@ -1174,6 +1174,41 @@ const TEST_FILES = [
   // (migration used to crash openRoomDb for any room.db carrying the Phase-89
   // rs_discoveries view: "error in view rs_discoveries: no such table: main.nodes").
   path.join(REPO_ROOT, 'tests', 'test-navigation-migration-views.cjs'),
+  // Phase 109 SQL Context-Memory Navigation Spine: the 15 test suites that the
+  // Plan 109-00 Task 4 registration originally specified but that a later refactor
+  // dropped from this array before main HEAD (the originals ran via direct
+  // `node tests/test-*.cjs` and `bash tests/run-all.sh` throughout the phase).
+  // Re-registered by Plan 109-12 (bookkeeping reconciliation). Mapping:
+  //   test-navigation-acceptance.cjs                          -> 109-10 (NAV-109-09 load-bearing acceptance gate; zero non-SQLite reads)
+  //   test-navigation-focus.cjs                               -> 109-02 (NAV-109-01 session_focus + auto-focus cascade)
+  //   test-navigation-neighborhood.cjs                        -> 109-04 (NAV-109-02 recursive-CTE ranking correctness)
+  //   test-navigation-perf-10k.cjs                            -> 109-04 (NAV-109-02 perf: cold p95 <200ms / warm <50ms)
+  //   test-navigation-memory-events.cjs                       -> 109-03 (NAV-109-03 closed-15 event enum + findRecentChanges)
+  //   test-navigation-insights.cjs                            -> 109-05 (NAV-109-04 7 insight primitives + templated explanations)
+  //   test-navigation-chokepoint-hook.cjs                     -> 109-06 (NAV-109-05 no direct room-db.cjs imports outside allow-list)
+  //   test-navigation-packet-builder.cjs                      -> 109-07 (NAV-109-06 buildBrainPacket shape per D-06)
+  //   test-navigation-packet-part8-leak.cjs                   -> 109-07 (NAV-109-06 Part 8 JSON.stringify leak tripwires)
+  //   test-brain-ingestion-part-9-invariant.cjs               -> 109-08 (NAV-109-07 storeBrainSuggestions proposed-only + invariant SQL = 0)
+  //   test-room-home-vs-brain-derivation-regression.cjs       -> 109-09 (NAV-109-08 getRoomHomeView + Phase 90 deriveSection regression fence)
+  //   test-canon-part-9-ratification.cjs                      -> 109-11 (NAV-109-09 Canon Part 9 structural assertions)
+  //   test-navigation-migration-idempotent.cjs                -> 109-01 (migration twice = no-op; 12-column nodes schema)
+  //   test-navigation-migration-backfill.cjs                  -> 109-01 (properties JSON backfill + status_aliases mapping)
+  //   test-navigation-migration-coexistence.cjs               -> 109-01 (navigation API + assumptions.validity coexist mid-migration)
+  path.join(REPO_ROOT, 'tests', 'test-navigation-acceptance.cjs'),
+  path.join(REPO_ROOT, 'tests', 'test-navigation-focus.cjs'),
+  path.join(REPO_ROOT, 'tests', 'test-navigation-neighborhood.cjs'),
+  path.join(REPO_ROOT, 'tests', 'test-navigation-perf-10k.cjs'),
+  path.join(REPO_ROOT, 'tests', 'test-navigation-memory-events.cjs'),
+  path.join(REPO_ROOT, 'tests', 'test-navigation-insights.cjs'),
+  path.join(REPO_ROOT, 'tests', 'test-navigation-chokepoint-hook.cjs'),
+  path.join(REPO_ROOT, 'tests', 'test-navigation-packet-builder.cjs'),
+  path.join(REPO_ROOT, 'tests', 'test-navigation-packet-part8-leak.cjs'),
+  path.join(REPO_ROOT, 'tests', 'test-brain-ingestion-part-9-invariant.cjs'),
+  path.join(REPO_ROOT, 'tests', 'test-room-home-vs-brain-derivation-regression.cjs'),
+  path.join(REPO_ROOT, 'tests', 'test-canon-part-9-ratification.cjs'),
+  path.join(REPO_ROOT, 'tests', 'test-navigation-migration-idempotent.cjs'),
+  path.join(REPO_ROOT, 'tests', 'test-navigation-migration-backfill.cjs'),
+  path.join(REPO_ROOT, 'tests', 'test-navigation-migration-coexistence.cjs'),
   // Phase 89-07 Wave 0 (graph-native HARD RULE; ReverseSalientAgent dual-surface).
   path.join(REPO_ROOT, 'tests', 'test-reverse-salient-agent.cjs'),
   path.join(REPO_ROOT, 'tests', 'test-reverse-salient-cascade-emit.cjs'),
@@ -1225,6 +1260,56 @@ const TEST_FILES = [
   // -> validateChainAutonomy stop-point) + the Canon Part 8 zero-Brain-mutation
   // grep sweep.
   path.join(REPO_ROOT, 'lib', 'memory', 'workflow-layer-e2e.test.cjs'),
+  // Phase 110-00: Brain Context Packet Contract Wave 0 substrate (4 stubs filled by Plans 110-01 / 110-04 / 110-05).
+  //   test-brain-packet-schema-check.cjs              -> 110-01 (PACKET-110-01 + -02: the --check schema tripwire)
+  //   test-brain-packet-validation-per-job.cjs        -> 110-05 (PACKET-110-03 + -04 + -07 + -08: 12-job in/out + privacy + dual-path)
+  //   test-brain-packet-part8-invariant-per-job.cjs   -> 110-05 (PACKET-110-06 round-trip + D-11(d) adversarial sweep)
+  //   test-brain-packet-precommit-hook.cjs            -> 110-04 (PACKET-110-05 D-08 layer-2 hook)
+  path.join(REPO_ROOT, 'tests', 'test-brain-packet-schema-check.cjs'),
+  path.join(REPO_ROOT, 'tests', 'test-brain-packet-validation-per-job.cjs'),
+  path.join(REPO_ROOT, 'tests', 'test-brain-packet-part8-invariant-per-job.cjs'),
+  path.join(REPO_ROOT, 'tests', 'test-brain-packet-precommit-hook.cjs'),
+  // Phase 123 (install-lifecycle-harness) block.
+  //   Plan 123-01: release.sh semver bump algebra + two-commit form + dirty-repo guard + Step 9.5 rename.
+  //     Tests A-E (semver assertions) GREEN immediately; Tests F/G (release.sh
+  //     structural) RED until Plan 123-01 Task 2 rewrites release.sh -- intended RED->GREEN.
+  //   Plan 123-02: install-state record + data/deployment-surfaces.json manifest +
+  //     active-plugin-root.cjs topology classification. Tests 1+4+6 (topology /
+  //     Canon Part 8 / early-write ordering) GREEN after Task 1; Tests 2+3
+  //     (record write hermetic / idempotent re-run) GREEN after Task 2;
+  //     Test 5 (manifest schema) GREEN after Task 3.
+  //   Plan 123-03: doctor classes I (install-state + topology + 6-way version-
+  //     of-record consistency) + J (deployment-surface manifest reconciliation)
+  //     + aggressive --fix (legacy migration backup-verify-remove; never
+  //     touches a dev-clone) + Bug-7 fix (marketplace-cache topology is
+  //     HEALTHY, not drift). Tests RED until Task 2 lands class I + class J
+  //     in scripts/doctor.cjs -- intended RED->GREEN.
+  //   Plan 123-04: doctor --acceptance (release-gate-as-a-command) -- 5-point
+  //     pre-tag checklist + 7-point full checklist + --light-npx opt-in; wired
+  //     into release.sh as hard aborts (Step 6.6 pre-tag, Step 9.6 post-publish);
+  //     scripts/release-beta-smoke.sh retired. Tests RED until Task 2 lands
+  //     --acceptance in scripts/doctor.cjs AND Task 3 wires release.sh + deletes
+  //     release-beta-smoke.sh -- intended RED->GREEN.
+  //   Plan 123-05: cache-prune helper (HARNESS-123-13) + doc/test sweep
+  //     (HARNESS-123-14). 6 hermetic scenarios for pruneMarketplaceCache
+  //     (active + N most-recent kept; corrupt installed_plugins.json -> skip;
+  //     dryRun -> no mutation; belt+suspenders active-dir protection; Canon
+  //     Part 8 grep clean). Tests GREEN after Task 1 lands
+  //     lib/core/cache-prune.cjs.
+  //   Plan 123-07: resolve-brain-key.cjs (HARNESS-123-15) + brain-client.cjs
+  //     getApiKey() delegation (HARNESS-123-16). 9 hermetic scenarios cover
+  //     order (env -> ~/.mindrian.env -> CWD .env -> not-found), SEC-02
+  //     POSIX 0o077 reject, Canon Part 8 zero-network grep, the brain-client
+  //     delegation spy, brain-client preconditions, and the FLAG-3
+  //     env-aware-home structural assertion. rbk.1-6 + rbk.9 GREEN after
+  //     Task 1; rbk.7 + rbk.8 GREEN after Task 2 (brain-client rewire).
+  path.join(REPO_ROOT, 'tests', 'test-release-bump-algebra.cjs'),
+  path.join(REPO_ROOT, 'tests', 'test-install-state-record.cjs'),
+  path.join(REPO_ROOT, 'tests', 'test-doctor-class-i.cjs'),
+  path.join(REPO_ROOT, 'tests', 'test-doctor-class-j.cjs'),
+  path.join(REPO_ROOT, 'tests', 'test-doctor-acceptance.cjs'),
+  path.join(REPO_ROOT, 'tests', 'test-cache-prune.cjs'),
+  path.join(REPO_ROOT, 'tests', 'test-resolve-brain-key.cjs'),
 ];
 
 // Exit code convention for child tests:

package/lib/memory/security-trifecta.test.cjs

@@ -290,14 +290,31 @@ test('brain-client.cjs has zero legacy .replace(/"/g, ...) injection patterns',
   );
 });
 
-test('brain-client.cjs guards .env reads with checkFilePermissions', () => {
+test('SEC-02 .env gating lives in resolve-brain-key.cjs (Phase 123 Plan-07)', () => {
+  // Phase 123 Plan-07: getApiKey() now delegates to lib/core/resolve-brain-key.cjs,
+  // which owns the SEC-02 POSIX 0o077 permission check for both ~/.mindrian.env
+  // and CWD .env. The brain-client.cjs::checkFilePermissions() helper remains
+  // exported via _test for backward-compat (and unit-test surface above), but
+  // the live gating call sites moved one layer down. The invariant is:
+  //   1. brain-client.cjs requires resolve-brain-key.cjs (delegation lives).
+  //   2. resolve-brain-key.cjs contains the 0o077 mask check (SEC-02 lives).
+  // Both must hold; either failure is a regression that re-introduces the
+  // pre-Plan-07 multiple-resolver disease.
   const brainPath = path.resolve(__dirname, '..', 'core', 'brain-client.cjs');
-  const src = fs.readFileSync(brainPath, 'utf8');
-  const matches = src.match(/checkFilePermissions\s*\(/g) || [];
-  // 1 definition + 2 getApiKey call sites (cwd .env + ~/.mindrian.env) = 3.
+  const resolverPath = path.resolve(__dirname, '..', 'core', 'resolve-brain-key.cjs');
+  const brainSrc = fs.readFileSync(brainPath, 'utf8');
+  const resolverSrc = fs.readFileSync(resolverPath, 'utf8');
   assert.ok(
-    matches.length >= 3,
-    `expected >= 3 checkFilePermissions occurrences, got ${matches.length}`
+    /require\(['"][^'"]*resolve-brain-key[^'"]*['"]\)/.test(brainSrc),
+    'brain-client.cjs must require resolve-brain-key.cjs (Phase 123 Plan-07 delegation)'
+  );
+  assert.ok(
+    /0o077/.test(resolverSrc),
+    'resolve-brain-key.cjs must contain the SEC-02 0o077 mask check'
+  );
+  assert.ok(
+    /process\.platform/.test(resolverSrc),
+    'resolve-brain-key.cjs must short-circuit the SEC-02 check on Windows (process.platform)'
   );
 });
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@mindrian_os/install",
-  "version": "1.13.0-beta.12",
+  "version": "1.13.0-beta.13",
   "description": "Install MindrianOS into Claude Code with one command -- `npx @mindrian_os/install`. Ships the MindrianOS plugin (Larry + PWS methodology + Data Room) plus a setup/diagnostics CLI (install/doctor/update).",
   "scripts": {
     "mcp": "node bin/mindrian-mcp-server.cjs",
@@ -37,6 +37,9 @@
     "markdown-it": "^14.1.0",
     "zod": "^3.25.76"
   },
+  "devDependencies": {
+    "semver": "^7.7.4"
+  },
   "engines": {
     "node": ">=22.5.0"
   },

package/skills/brain-connector/SKILL.md

@@ -12,7 +12,10 @@ activation: "env:MINDRIAN_BRAIN_KEY"
 ## Detection
 
 Check Brain availability in order:
-1. `MINDRIAN_BRAIN_KEY` env var (CLI users)
+
+**Step 0 -- HTTP-path detection (Phase 123, the standard install).** Run `node $PLUGIN_ROOT/lib/core/resolve-brain-key.cjs` (or in JS: `require('./lib/core/resolve-brain-key.cjs').resolveBrainKey()`). If the resolver returns `available: true`, the Brain is active via the **HTTP path** -- call into `lib/core/brain-client.cjs`'s `query() / search() / schema() / ask()`, NOT an MCP tool. The HTTP path is the standard install path on Claude Code CLI; the MCP path (steps 1-3 below) is an alternative for operators who bundle `mcp-server-brain/` or point an external Neo4j MCP at the canonical `mindrian-brain` server name. The resolver also surfaces SEC-02 permission failures explicitly (`available: false, reason: 'permissions too open: ...'`) -- treat those as "not loaded, user action needed", not as silent unavailability.
+
+1. `MINDRIAN_BRAIN_KEY` env var (CLI users -- subsumed by step 0; kept for legacy detection)
 2. `mcp__mindrian-brain__brain_schema` tool (Desktop/Cowork MCP)
 3. `mcp__neo4j-brain__get_neo4j_schema` tool (legacy)
 
@@ -108,5 +111,8 @@ Always use `brain_ask` first -- natural language, auto-routes Pinecone/Neo4j, ha
 
 | Surface | Smart | Neo4j | Pinecone | Schema |
 |---------|-------|-------|----------|--------|
-| mindrian-brain | brain_ask | brain_query | brain_search | brain_schema |
-| neo4j-brain (legacy) | N/A | read_neo4j_cypher | search-records | get_neo4j_schema |
+| CLI (HTTP via brain-client.cjs) | `brain-client.ask()` | `brain-client.query()` | `brain-client.search()` | `brain-client.schema()` |
+| mindrian-brain (MCP) | brain_ask | brain_query | brain_search | brain_schema |
+| neo4j-brain (legacy MCP) | N/A | read_neo4j_cypher | search-records | get_neo4j_schema |
+
+The first row is the HTTP path (Phase 123 step 0). When `lib/core/resolve-brain-key.cjs` resolves a key, call directly into `lib/core/brain-client.cjs` -- no MCP server required. The bottom two rows are the MCP-path alternatives.