@mindrian_os/install 1.13.0-beta.12 → 1.13.0-beta.14

package/lib/core/resolve-brain-key.cjs

@@ -0,0 +1,201 @@
+'use strict';
+/*
+ * lib/core/resolve-brain-key.cjs -- the ONE resolver for "where is the Brain
+ * API key on this machine?" (Phase 123 Plan-07).
+ *
+ * Background: before this module, three different places guessed independently
+ * how to discover the Brain key (brain-client.cjs::getApiKey, session-start's
+ * shell test of MINDRIAN_BRAIN_KEY, brain-connector's skill detection). Three
+ * guessers, three failure modes -- a standard install with the key in
+ * ~/.mindrian.env was visible to brain-client but invisible to session-start,
+ * so a working HTTP-path Brain still printed a Tier-0 MCP warning. This
+ * collapses them into one source of truth. Mirrors active-plugin-root.cjs
+ * (the resolver this one is patterned on).
+ *
+ * Precedence (first hit wins) per D-31:
+ *   1. MINDRIAN_BRAIN_KEY env var     -- explicit operator intent, highest.
+ *   2. <home>/.mindrian.env           -- global backup, persists across CWDs.
+ *   3. <cwd>/.env                     -- project-local override.
+ *   4. not-found.
+ *
+ * IMPORTANT (FLAG-3 fix). The default for `home` is
+ *   process.env.HOME || process.env.USERPROFILE || os.homedir()
+ * -- NOT bare os.homedir(). On Linux/POSIX, os.homedir() reads /etc/passwd and
+ * IGNORES process.env.HOME, which breaks hermetic tests that override HOME to
+ * a scratch directory. The env-aware default matches the precedent in
+ * scripts/doctor.cjs, scripts/session-start, and lib/core/active-plugin-root.cjs.
+ *
+ * Returns { key, source, available, reason }:
+ *   - available=true:  key is the trimmed value, reason is null.
+ *   - available=false: key is null, reason is the explicit cause string
+ *                      (never a silent null -- SEC-02 rejections route here too).
+ *
+ * SEC-02 permission check (POSIX-only, no-op on Windows). When the resolved
+ * source is a key file (~/.mindrian.env or CWD .env), stat the mode. If any
+ * group or world bit is set (mode & 0o077), return available:false with the
+ * explicit reason "permissions too open: <path> is mode 0NNN, must be 0600".
+ *
+ * Use as a module:
+ *   const { resolveBrainKey } = require('<...>/lib/core/resolve-brain-key.cjs');
+ *   const r = resolveBrainKey();           // r.key, r.source, r.available, r.reason
+ *
+ * Use as a CLI (so scripts/session-start can shell out without a JSON parser
+ * in bash):
+ *   node lib/core/resolve-brain-key.cjs          -> prints JSON, exits 0
+ *
+ * Canon Part 8: this reads LOCAL files and env only. Zero network surface.
+ * The plan's verification grep against this file's source returns nothing
+ * -- no network markers in this resolver, ever. The actual Brain call is
+ * brain-client.cjs's job; this module only DISCOVERS whether a key exists.
+ */
+
+const fs = require('node:fs');
+const path = require('node:path');
+const os = require('node:os');
+
+/**
+ * SEC-02 permission gate. POSIX-only -- on Windows POSIX mode bits do not
+ * translate to NTFS ACLs, so we return ok unconditionally there (a single
+ * stderr note would couple this resolver to a side-effect; the calling layer
+ * is the right place to surface that one-time note).
+ *
+ *   mode & 0o077 !== 0   =>   any group or world bit set   =>   reject.
+ *   0o600 / 0o400 pass; 0o644 / 0o664 / 0o666 fail.
+ *
+ * On stat failure (file vanished between exists() and stat() -- rare but
+ * possible) we treat it as not-ok with an explanatory reason rather than
+ * pretending the file is fine.
+ *
+ * @param {string} p   the file path
+ * @returns {{ok: boolean, reason: string|null}}
+ */
+function checkFilePermissions(p) {
+  if (process.platform === 'win32') {
+    return { ok: true, reason: null };
+  }
+  let stat;
+  try {
+    stat = fs.statSync(p);
+  } catch (e) {
+    return { ok: false, reason: 'unable to stat ' + p + ': ' + (e && e.code || String(e)) };
+  }
+  const mode = stat.mode & 0o777;
+  if ((mode & 0o077) !== 0) {
+    const modeStr = mode.toString(8).padStart(3, '0');
+    return {
+      ok: false,
+      reason: 'permissions too open: ' + p + ' is mode 0' + modeStr + ', must be 0600',
+    };
+  }
+  return { ok: true, reason: null };
+}
+
+/**
+ * Parse a single MINDRIAN_BRAIN_KEY=... line out of a (possibly multi-line)
+ * env-file body. Returns the trimmed value, or null if the line is absent or
+ * the value is empty. We deliberately do NOT use a full dotenv parser -- one
+ * variable, one regex, no transitive dependency.
+ *
+ * @param {string} body
+ * @returns {string|null}
+ */
+function _parseKey(body) {
+  const m = body.match(/^MINDRIAN_BRAIN_KEY\s*=\s*(.+?)\s*$/m);
+  if (!m) return null;
+  const v = m[1].trim();
+  return v.length > 0 ? v : null;
+}
+
+/**
+ * Resolve the Brain API key from the standard precedence chain.
+ *
+ * The `home` and `cwd` parameters exist as test seams. Their defaults match
+ * the precedent across the rest of the plugin (scripts/doctor.cjs, scripts/
+ * session-start, lib/core/active-plugin-root.cjs): env-aware home resolution
+ * so hermetic tests overriding process.env.HOME actually work on Linux/POSIX,
+ * where os.homedir() reads /etc/passwd and ignores the env override.
+ *
+ * @param {{home?: string, cwd?: string}} [opts]
+ * @returns {{key: string|null, source: 'env'|'mindrian-env-file'|'cwd-env-file'|'not-found', available: boolean, reason: string|null}}
+ */
+function resolveBrainKey(opts) {
+  const o = opts || {};
+  const home = o.home || process.env.HOME || process.env.USERPROFILE || os.homedir();
+  const cwd = o.cwd || process.cwd();
+
+  // (1) Env var wins.
+  if (process.env.MINDRIAN_BRAIN_KEY) {
+    const v = String(process.env.MINDRIAN_BRAIN_KEY).trim();
+    if (v.length > 0) {
+      return { key: v, source: 'env', available: true, reason: null };
+    }
+  }
+
+  // (2) <home>/.mindrian.env
+  const mindrianEnvPath = path.join(home, '.mindrian.env');
+  if (fs.existsSync(mindrianEnvPath)) {
+    const perms = checkFilePermissions(mindrianEnvPath);
+    if (!perms.ok) {
+      return { key: null, source: 'mindrian-env-file', available: false, reason: perms.reason };
+    }
+    try {
+      const body = fs.readFileSync(mindrianEnvPath, 'utf8');
+      const v = _parseKey(body);
+      if (v) {
+        return { key: v, source: 'mindrian-env-file', available: true, reason: null };
+      }
+    } catch (e) {
+      return {
+        key: null,
+        source: 'mindrian-env-file',
+        available: false,
+        reason: 'unable to read ' + mindrianEnvPath + ': ' + (e && e.code || String(e)),
+      };
+    }
+  }
+
+  // (3) <cwd>/.env
+  const cwdEnvPath = path.join(cwd, '.env');
+  if (fs.existsSync(cwdEnvPath)) {
+    const perms = checkFilePermissions(cwdEnvPath);
+    if (!perms.ok) {
+      return { key: null, source: 'cwd-env-file', available: false, reason: perms.reason };
+    }
+    try {
+      const body = fs.readFileSync(cwdEnvPath, 'utf8');
+      const v = _parseKey(body);
+      if (v) {
+        return { key: v, source: 'cwd-env-file', available: true, reason: null };
+      }
+    } catch (e) {
+      return {
+        key: null,
+        source: 'cwd-env-file',
+        available: false,
+        reason: 'unable to read ' + cwdEnvPath + ': ' + (e && e.code || String(e)),
+      };
+    }
+  }
+
+  // (4) not-found.
+  return {
+    key: null,
+    source: 'not-found',
+    available: false,
+    reason: 'MINDRIAN_BRAIN_KEY not set (env), and neither ' + mindrianEnvPath
+      + ' nor ' + cwdEnvPath + ' contains a MINDRIAN_BRAIN_KEY line',
+  };
+}
+
+module.exports = { resolveBrainKey, checkFilePermissions };
+
+// CLI entry point. session-start shells out via:
+//   node lib/core/resolve-brain-key.cjs
+// and parses the JSON. Exit 0 always (the consumer reads the JSON to learn
+// available/reason); a non-zero exit here would surface as "resolver failed"
+// rather than the clearer not-found / permissions-too-open branches.
+if (require.main === module) {
+  const r = resolveBrainKey();
+  process.stdout.write(JSON.stringify(r) + '\n');
+  process.exit(0);
+}

package/lib/mcp/larry-server-instructions.md

@@ -1,6 +1,6 @@
 # Larry -- MCP Server Instructions
 
-You are Larry, a thinking partner modeled on Prof. Lawrence Aronhime (30+ years teaching innovation at Johns Hopkins). NOT a textbook, NOT a framework dispenser. If your response looks like a PDF, start over.
+You are Larry, a thinking partner modeled on Prof. Lawrence Aronhime (30+ years teaching innovation). NOT a textbook, NOT a framework dispenser. If your response looks like a PDF, start over.
 
 ## Voice
 

package/lib/memory/brain-cypher-chain-slice.test.cjs

@@ -0,0 +1,368 @@
+#!/usr/bin/env node
+'use strict';
+
+/**
+ * Phase 125-02 -- Brain Cypher chain slice (framework_chain_hint) tests.
+ *
+ * Run: node --test lib/memory/brain-cypher-chain-slice.test.cjs
+ * Exit 0 on pass. Uses node:test + node:assert/strict.
+ *
+ * Coverage maps 1:1 to 125-02-PLAN.md Task 1 <behavior> Tests 1-10:
+ *   1. Happy-path: 3 rows -> 3 edges, slice_scope=2, snapshot_id non-null.
+ *   2. LIMIT 50 verbatim in the Cypher template constant.
+ *   3. Sanitization called on each framework name; bound value is sanitized.
+ *   4. max_hops bound to 1..3 enum (0 and 4 degrade; 1, 2, 3 valid).
+ *   5. Empty active_frameworks short-circuits (no Brain call).
+ *   6. Brain unreachable (isAvailable=false) degrades.
+ *   7. Brain throws degrades (slice_rationale carries brain_query_failed).
+ *   8. Result mapping: 5 fields propagate verbatim.
+ *   9. Null tolerance (G-05): null confidence + null transform_description preserved.
+ *  10. brain_snapshot_id is sha256 hash of the JSON-stringified raw rows.
+ *
+ * Plus Canon Part 8 grep audit: the Cypher template contains zero user-content
+ * tokens (no roomDir, no artifact, no body, no transcript token).
+ */
+
+const { test } = require('node:test');
+const assert = require('node:assert/strict');
+const crypto = require('node:crypto');
+const fs = require('node:fs');
+
+const {
+  fetchFrameworkChainSlice,
+  FRAMEWORK_CHAIN_SLICE_CYPHER,
+  _test,
+} = require('/home/jsagi/MindrianOS-Plugin/lib/brain/framework-chain-slice.cjs');
+
+// Build a mock brainClient with stubbed isAvailable + query + _test seam.
+// sanitizationCalls records every arg passed to sanitizeCypherInput so the
+// test can assert call counts + bound-value equivalence.
+function makeMockClient(opts) {
+  const o = opts || {};
+  const sanitizationCalls = [];
+  const queryInvocations = [];
+  const sanitizer = function (v) {
+    sanitizationCalls.push(v);
+    // Match the shipped whitelist exactly: [a-zA-Z0-9 ._-]
+    return String(v == null ? '' : v).replace(/[^a-zA-Z0-9 ._-]/g, '');
+  };
+  const isAvailable = (typeof o.available === 'boolean') ? o.available : true;
+  const queryFn = (typeof o.queryFn === 'function')
+    ? o.queryFn
+    : (async function () { return []; });
+  return {
+    isAvailable: function () { return isAvailable; },
+    query: async function (cypher, params) {
+      queryInvocations.push({ cypher: cypher, params: params });
+      return queryFn(cypher, params);
+    },
+    _test: {
+      sanitizeCypherInput: sanitizer,
+    },
+    // Exposed on the mock for the test to inspect (not on real brain-client).
+    _sanitizationCalls: sanitizationCalls,
+    _queryInvocations: queryInvocations,
+  };
+}
+
+// ---------------------------------------------------------------- Test 2 (FIRST,
+// pure-constant check; runs without any async).
+
+test('Test 2: Cypher template constant contains LIMIT 50 verbatim', function () {
+  assert.ok(
+    typeof FRAMEWORK_CHAIN_SLICE_CYPHER === 'string'
+      && FRAMEWORK_CHAIN_SLICE_CYPHER.length > 0,
+    'FRAMEWORK_CHAIN_SLICE_CYPHER must be a non-empty string'
+  );
+  assert.ok(
+    FRAMEWORK_CHAIN_SLICE_CYPHER.includes('LIMIT 50'),
+    'FRAMEWORK_CHAIN_SLICE_CYPHER must contain literal "LIMIT 50"'
+  );
+  // Bonus: the parameterized hop range marker.
+  assert.ok(
+    FRAMEWORK_CHAIN_SLICE_CYPHER.includes('FEEDS_INTO*1..$max_hops'),
+    'Cypher must include parameterized hop range "FEEDS_INTO*1..$max_hops"'
+  );
+  // Canon Part 8 grep: no user-content tokens in the template.
+  const forbidden = ['roomDir', 'artifact', 'body', 'transcript', 'roomSlug'];
+  for (const tok of forbidden) {
+    assert.ok(
+      !FRAMEWORK_CHAIN_SLICE_CYPHER.includes(tok),
+      'Cypher must not contain user-content token "' + tok + '"'
+    );
+  }
+  // Read-only: no write keywords in the Cypher template.
+  const writeKeywords = ['MERGE', 'CREATE', 'DELETE', 'SET ', 'REMOVE'];
+  for (const kw of writeKeywords) {
+    assert.ok(
+      !FRAMEWORK_CHAIN_SLICE_CYPHER.includes(kw),
+      'Cypher must be read-only (no "' + kw + '")'
+    );
+  }
+});
+
+// ---------------------------------------------------------------- Test 1
+
+test('Test 1: happy-path returns 3 mapped edges + slice_scope=2 + non-null snapshot_id', async function () {
+  const rows = [
+    { from: 'A', to: 'B', confidence: 0.9, transform_description: 'a->b', hop_distance: 1 },
+    { from: 'A', to: 'C', confidence: 0.7, transform_description: 'a->c', hop_distance: 2 },
+    { from: 'B', to: 'D', confidence: 0.8, transform_description: 'b->d', hop_distance: 2 },
+  ];
+  const mock = makeMockClient({ queryFn: async function () { return rows; } });
+  const result = await fetchFrameworkChainSlice({
+    active_frameworks: ['Beautiful Question Framework'],
+    max_hops: 2,
+    brainClient: mock,
+  });
+  assert.equal(Array.isArray(result.edges), true);
+  assert.equal(result.edges.length, 3);
+  assert.equal(result.slice_scope, 2);
+  assert.equal(typeof result.brain_snapshot_id, 'string');
+  assert.equal(result.brain_snapshot_id.length, 64); // sha256 hex
+  assert.ok(result.slice_rationale.includes('brain_reachable'));
+  assert.equal(typeof result.fetched_at, 'string');
+  // ISO 8601 sanity check.
+  assert.ok(/^\d{4}-\d{2}-\d{2}T/.test(result.fetched_at));
+});
+
+// ---------------------------------------------------------------- Test 3
+
+test('Test 3: sanitization called for every framework name; bound value is sanitized', async function () {
+  const mock = makeMockClient({ queryFn: async function () { return []; } });
+  const dangerous = "SWOT; DROP TABLE x";
+  await fetchFrameworkChainSlice({
+    active_frameworks: [dangerous, 'Beautiful Question Framework'],
+    max_hops: 1,
+    brainClient: mock,
+  });
+  // Sanitizer was called on each name.
+  assert.equal(mock._sanitizationCalls.length, 2);
+  assert.equal(mock._sanitizationCalls[0], dangerous);
+  // The bound active_frameworks param contains the SANITIZED string (no `;`).
+  assert.equal(mock._queryInvocations.length, 1);
+  const bound = mock._queryInvocations[0].params.active_frameworks;
+  assert.ok(Array.isArray(bound));
+  assert.ok(!bound[0].includes(';'), 'sanitized value must not contain ";"');
+  // The whitelist is [a-zA-Z0-9 ._-] -- letters survive, only the metacharacter
+  // `;` is stripped. The injection vector dies because the bound value is the
+  // sanitizer output (a plain identifier string), not raw user input.
+  assert.equal(bound[0], 'SWOT DROP TABLE x'); // ';' stripped, kept word chars
+  // The second framework name (clean) passes through unchanged.
+  assert.equal(bound[1], 'Beautiful Question Framework');
+});
+
+// ---------------------------------------------------------------- Test 4
+
+test('Test 4: max_hops bound to 1..3 enum; 0 and 4 degrade; 1, 2, 3 valid', async function () {
+  const mock = makeMockClient({ queryFn: async function () { return []; } });
+  // max_hops = 0 -> degraded, no Brain call.
+  let r = await fetchFrameworkChainSlice({
+    active_frameworks: ['X'], max_hops: 0, brainClient: mock,
+  });
+  assert.equal(r.edges.length, 0);
+  assert.ok(r.slice_rationale.includes('invalid_max_hops'));
+  // max_hops = 4 -> degraded.
+  r = await fetchFrameworkChainSlice({
+    active_frameworks: ['X'], max_hops: 4, brainClient: mock,
+  });
+  assert.ok(r.slice_rationale.includes('invalid_max_hops'));
+  // No Brain call should have been made for the two invalid hop counts.
+  assert.equal(mock._queryInvocations.length, 0);
+  // max_hops = 1, 2, 3 -> valid (Brain query issued).
+  for (const hops of [1, 2, 3]) {
+    const m2 = makeMockClient({ queryFn: async function () { return []; } });
+    const ok = await fetchFrameworkChainSlice({
+      active_frameworks: ['X'], max_hops: hops, brainClient: m2,
+    });
+    assert.equal(ok.slice_scope, hops);
+    assert.equal(m2._queryInvocations.length, 1);
+    assert.equal(m2._queryInvocations[0].params.max_hops, hops);
+  }
+});
+
+// ---------------------------------------------------------------- Test 5
+
+test('Test 5: empty active_frameworks short-circuits without Brain call', async function () {
+  const mock = makeMockClient({ queryFn: async function () { return []; } });
+  const r = await fetchFrameworkChainSlice({
+    active_frameworks: [], max_hops: 2, brainClient: mock,
+  });
+  assert.equal(r.edges.length, 0);
+  assert.equal(r.slice_scope, 2);
+  assert.ok(r.slice_rationale.includes('empty active_frameworks'));
+  assert.equal(r.brain_snapshot_id, null);
+  // Brain query NOT called.
+  assert.equal(mock._queryInvocations.length, 0);
+  assert.equal(mock._sanitizationCalls.length, 0);
+});
+
+// ---------------------------------------------------------------- Test 6
+
+test('Test 6: Brain unreachable (isAvailable=false) degrades; no query call', async function () {
+  const mock = makeMockClient({ available: false });
+  const r = await fetchFrameworkChainSlice({
+    active_frameworks: ['Beautiful Question Framework'],
+    max_hops: 3,
+    brainClient: mock,
+  });
+  assert.equal(r.edges.length, 0);
+  assert.equal(r.slice_scope, 3);
+  assert.equal(r.slice_rationale, 'brain_unreachable');
+  assert.equal(r.brain_snapshot_id, null);
+  assert.equal(typeof r.fetched_at, 'string');
+  assert.equal(mock._queryInvocations.length, 0);
+});
+
+// ---------------------------------------------------------------- Test 7
+
+test('Test 7: Brain query throws -> degraded; no exception propagates', async function () {
+  const mock = makeMockClient({
+    queryFn: async function () { throw new Error('connection refused'); },
+  });
+  const r = await fetchFrameworkChainSlice({
+    active_frameworks: ['X'],
+    max_hops: 2,
+    brainClient: mock,
+  });
+  assert.equal(r.edges.length, 0);
+  assert.equal(r.slice_scope, 2);
+  assert.ok(
+    r.slice_rationale.includes('brain_query_failed'),
+    'rationale must include brain_query_failed; got: ' + r.slice_rationale
+  );
+  assert.ok(r.slice_rationale.includes('connection refused'));
+  assert.equal(r.brain_snapshot_id, null);
+});
+
+// ---------------------------------------------------------------- Test 8
+
+test('Test 8: result mapping preserves all 5 fields verbatim', async function () {
+  const row = {
+    from: 'SWOT',
+    to: 'Porter Five Forces',
+    confidence: 0.85,
+    transform_description: 'analysis -> strategy',
+    hop_distance: 1,
+  };
+  const mock = makeMockClient({ queryFn: async function () { return [row]; } });
+  const r = await fetchFrameworkChainSlice({
+    active_frameworks: ['SWOT'],
+    max_hops: 1,
+    brainClient: mock,
+  });
+  assert.equal(r.edges.length, 1);
+  const e = r.edges[0];
+  assert.equal(e.from, 'SWOT');
+  assert.equal(e.to, 'Porter Five Forces');
+  assert.equal(e.confidence, 0.85);
+  assert.equal(e.transform_description, 'analysis -> strategy');
+  assert.equal(e.hop_distance, 1);
+});
+
+// ---------------------------------------------------------------- Test 9 (G-05)
+
+test('Test 9: null confidence + null transform_description preserved (not defaulted)', async function () {
+  const row = {
+    from: 'A',
+    to: 'B',
+    confidence: null,
+    transform_description: null,
+    hop_distance: 2,
+  };
+  const mock = makeMockClient({ queryFn: async function () { return [row]; } });
+  const r = await fetchFrameworkChainSlice({
+    active_frameworks: ['A'],
+    max_hops: 2,
+    brainClient: mock,
+  });
+  assert.equal(r.edges.length, 1);
+  const e = r.edges[0];
+  assert.equal(e.from, 'A');
+  assert.equal(e.to, 'B');
+  // Explicit null preservation per CONTEXT.md G-05 + Plan 04 schema.
+  assert.equal(e.confidence, null);
+  assert.equal(e.transform_description, null);
+  // hop_distance still propagates.
+  assert.equal(e.hop_distance, 2);
+});
+
+// ---------------------------------------------------------------- Test 10
+
+test('Test 10: brain_snapshot_id is sha256 of JSON.stringify(raw rows)', async function () {
+  const rows = [
+    { from: 'A', to: 'B', confidence: 0.5, transform_description: 't', hop_distance: 1 },
+  ];
+  const mock = makeMockClient({ queryFn: async function () { return rows; } });
+  const r = await fetchFrameworkChainSlice({
+    active_frameworks: ['A'],
+    max_hops: 1,
+    brainClient: mock,
+  });
+  // Expected hash: sha256 of JSON.stringify(rows) exactly as the implementation
+  // computes it (it is the raw rows after Cypher, before edge-shape mapping).
+  const expected = crypto.createHash('sha256')
+    .update(JSON.stringify(rows), 'utf8')
+    .digest('hex');
+  assert.equal(r.brain_snapshot_id, expected);
+});
+
+// ---------------------------------------------------------------- Bonus: shape-tolerant
+// (the live brain-client returns { records: [] }; this verifies both shapes work).
+
+test('Bonus: { records: [...] } wrapper from brain-client.query is unwrapped', async function () {
+  const rows = [
+    { from: 'X', to: 'Y', confidence: 0.6, transform_description: 'x->y', hop_distance: 1 },
+  ];
+  const mock = makeMockClient({
+    queryFn: async function () { return { records: rows }; },
+  });
+  const r = await fetchFrameworkChainSlice({
+    active_frameworks: ['X'],
+    max_hops: 1,
+    brainClient: mock,
+  });
+  assert.equal(r.edges.length, 1);
+  assert.equal(r.edges[0].from, 'X');
+});
+
+// ---------------------------------------------------------------- Bonus: non-array
+// Brain return (e.g. an error payload like { error: 'foo' }) degrades cleanly.
+
+test('Bonus: non-array Brain return degrades cleanly', async function () {
+  const mock = makeMockClient({
+    queryFn: async function () { return { error: 'whatever' }; },
+  });
+  const r = await fetchFrameworkChainSlice({
+    active_frameworks: ['X'],
+    max_hops: 1,
+    brainClient: mock,
+  });
+  assert.equal(r.edges.length, 0);
+  assert.ok(r.slice_rationale.includes('brain_returned_non_array'));
+});
+
+// ---------------------------------------------------------------- Canon Part 8:
+// re-read the module source and grep it for forbidden tokens (defence in depth).
+
+test('Canon Part 8: module source contains zero user-content tokens', function () {
+  const src = fs.readFileSync(
+    '/home/jsagi/MindrianOS-Plugin/lib/brain/framework-chain-slice.cjs',
+    'utf8'
+  );
+  // The Cypher constant has been validated above. Here we audit that the
+  // module never builds the query with user-content fields. The only tokens
+  // forbidden in the Cypher *template* + *param-binding* are listed below.
+  // We scan only the Cypher constant + the param object site.
+  const cypherIdx = src.indexOf('FRAMEWORK_CHAIN_SLICE_CYPHER =');
+  assert.ok(cypherIdx > 0);
+  const cypherBlock = src.slice(cypherIdx, src.indexOf('}', cypherIdx + 200));
+  // Cypher must not embed any user-content token literally.
+  const forbidden = ['roomDir', 'roomSlug', 'transcript', 'artifact_body'];
+  for (const tok of forbidden) {
+    assert.ok(
+      !cypherBlock.includes(tok),
+      'Cypher block must not embed user-content token "' + tok + '"'
+    );
+  }
+});