@mindrian_os/install 1.13.0-beta.22 → 1.13.0-beta.26

package/lib/core/rs-chain-feeder.cjs

@@ -128,35 +128,32 @@ const SKILL_SPAWN_RULES = Object.freeze([
 
 // ---------- Internal helpers ----------
 
-// Sanitize a string for embedding in a Cypher query. Mirrors the byte-
-// for-byte whitelist from brain-client.cjs::sanitizeCypherInput
-// ([a-zA-Z0-9 ._-]). We do NOT call brainClient._test.sanitizeCypherInput
-// directly so this module remains testable with a stub brainClient.
-function _sanitizeCypher(value) {
+// Sanitize a string to a safe generic handle suitable for embedding in a
+// NL question sent to brain_ask. Mirrors the whitelist from brain-client.cjs
+// ([a-zA-Z0-9 ._-]) so only generic methodology handles pass through.
+// Canon Part 8: no user content ever flows into the NL question.
+function _sanitizeHandle(value) {
   if (value === null || value === undefined) return '';
   const s = typeof value === 'string' ? value : String(value);
   return s.replace(/[^a-zA-Z0-9 ._-]/g, '');
 }
 
-// Build the Brain Cypher query asking for upstream FEEDS_INTO frameworks
-// for the reverse-salient engine, parameterized (defensively sanitized)
-// by problem_type + stage for forward-compat (89.5 may bind these via
-// Brain's parameterized query path).
-function _buildUpstreamCypher(problem_type, stage) {
-  const safeProblem = _sanitizeCypher(problem_type);
-  const safeStage = _sanitizeCypher(stage);
-  // Note: safeProblem / safeStage are intentionally embedded in a
-  // comment line so they participate in the query text without
-  // affecting the MATCH semantics. The authoritative Brain edge query
-  // is for upstream frameworks pointing at the reverse-salient node.
-  return (
-    '// chain-feeder upstream lookup (problem_type=' + safeProblem +
-    ' stage=' + safeStage + ')\n' +
-    'MATCH (rs:Framework {id: "reverse-salient-framework"}) ' +
-    '<-[:FEEDS_INTO]-(upstream:Framework) ' +
-    'WHERE rs.id IS NOT NULL ' +
-    'RETURN upstream.name AS name LIMIT 10'
-  );
+// Build the NL question for brain_ask asking for upstream FEEDS_INTO
+// frameworks for the reverse-salient engine.
+// BUG 2 fix: replaced the former admin-gated raw-Cypher brain_query path
+// with a brain_ask question (ungated -- valid for all API keys).
+// Canon Part 8: the question carries only sanitized generic enum handles,
+// never user content, never artifact text.
+function _buildUpstreamQuestion(problem_type, stage) {
+  const safeProblem = _sanitizeHandle(problem_type);
+  const safeStage = _sanitizeHandle(stage);
+  // Generic NL question: asks for frameworks that feed into the
+  // reverse-salient framework for the given problem type and stage.
+  let q = 'what frameworks feed into the reverse salient framework';
+  if (safeProblem) q += ' for a ' + safeProblem + ' problem';
+  if (safeStage) q += ' at the ' + safeStage + ' stage';
+  q += '?';
+  return q;
 }
 
 // Defensively pull the framework name from a Brain record. Brain
@@ -187,18 +184,53 @@ async function lookupUpstream(problem_type, stage, opts) {
     return { state: 'ready' };
   }
 
-  let result;
+  // BUG 2 fix: use brain_ask (ungated) instead of brain_query (admin-gated).
+  // brain.ask() returns a DirectiveEnvelope; we read next_gate.options[].framework
+  // for the upstream framework names, mirroring the old record.name extraction.
+  if (typeof brainClient.ask !== 'function') {
+    process.stderr.write('chain-feeder: brainClient.ask not available; assuming upstream ready\n');
+    return { state: 'ready' };
+  }
+
+  let askResult;
   try {
-    const cypher = _buildUpstreamCypher(problem_type, stage);
-    result = await brainClient.query(cypher);
+    const nlQuestion = _buildUpstreamQuestion(problem_type, stage);
+    askResult = await brainClient.ask(nlQuestion);
   } catch (_err) {
-    process.stderr.write('chain-feeder: Brain query threw; assuming upstream ready\n');
+    process.stderr.write('chain-feeder: Brain ask threw; assuming upstream ready\n');
+    return { state: 'ready' };
+  }
+
+  if (!askResult) {
+    process.stderr.write(
+      'chain-feeder: Brain ask returned null; assuming upstream ready\n'
+    );
     return { state: 'ready' };
   }
 
-  if (!result || !Array.isArray(result.records)) {
+  // Translate the brain_ask response into the framework-name list shape
+  // the upstream-freshness check expects. next_gate.options[].framework
+  // carries the framework names; fall back to directive.guided.framework.
+  // Build a synthetic result.records array for the existing freshness loop.
+  const frameworkNames = [];
+  if (askResult.next_gate && Array.isArray(askResult.next_gate.options)) {
+    for (const opt of askResult.next_gate.options) {
+      if (opt && typeof opt.framework === 'string' && opt.framework.length > 0) {
+        frameworkNames.push(opt.framework);
+      }
+    }
+  }
+  if (askResult.directive && askResult.directive.guided && askResult.directive.guided.framework) {
+    const anchor = askResult.directive.guided.framework;
+    if (!frameworkNames.includes(anchor)) frameworkNames.unshift(anchor);
+  }
+
+  // Wrap in the shape the downstream freshness loop already handles.
+  const result = { records: frameworkNames.map(function (n) { return { name: n }; }) };
+
+  if (!Array.isArray(result.records)) {
     process.stderr.write(
-      'chain-feeder: Brain query returned unexpected shape; assuming upstream ready\n'
+      'chain-feeder: Brain ask returned unexpected shape; assuming upstream ready\n'
     );
     return { state: 'ready' };
   }

package/lib/core/rs-nl-to-query.cjs

@@ -182,9 +182,14 @@ const ALLOW_LIST_INTENTS = Object.freeze([
       /downstream\s+of/i,
       /what\s+chains?\s+into/i,
     ],
-    brain_template:
-      'MATCH (m:Methodology {id: $target_framework})-[:FEEDS_INTO*0..1]-(t:Methodology) '
-      + 'RETURN t.name AS name, t.id AS id LIMIT 10',
+    // BUG 2 fix: brain_template is now null so buildBrainQueryFromNL returns
+    // null (the safe default) and does NOT attempt raw admin-gated Cypher.
+    // The brain_ask NL question is synthesized in executeBundle (rs-explain-
+    // command.cjs) from intent_id + params.target_framework (enum handle only;
+    // Canon Part 8 preserved). brain_ask is ungated; brain_query was admin-gated.
+    brain_template: null,
+    // brain_ask_template documents the NL question shape used at runtime.
+    brain_ask_template: 'what frameworks chain from {target_framework} via FEEDS_INTO?',
     sql_template: null,
     cypher_template: null,
     params_extractor: extractFrameworkParam,
@@ -221,9 +226,14 @@ const ALLOW_LIST_INTENTS = Object.freeze([
       /what\s+comes\s+after/i,
       /chains?\s+from\s+(?:jtbd|persona|swot|porter)/i,
     ],
-    brain_template:
-      'MATCH (m:Methodology {id: $source_id})-[:FEEDS_INTO*1..3]->(t:Methodology) '
-      + 'RETURN t.name AS name, t.id AS id LIMIT 10',
+    // BUG 2 fix: brain_template is now null so buildBrainQueryFromNL returns
+    // null (the safe default) and does NOT attempt raw admin-gated Cypher.
+    // The brain_ask NL question is synthesized in executeBundle (rs-explain-
+    // command.cjs) from intent_id + params.source_id (enum handle only;
+    // Canon Part 8 preserved). brain_ask is ungated; brain_query was admin-gated.
+    brain_template: null,
+    // brain_ask_template documents the NL question shape used at runtime.
+    brain_ask_template: 'what methodology chain follows {source_id}?',
     sql_template: null,
     cypher_template: null,
     params_extractor: extractMethodologyParam,

package/lib/hmi/cross-room-memory.cjs

@@ -261,18 +261,35 @@ function buildBrainQueryContext(localContext) {
 }
 
 // ============================================================
-// Brain query -- SINGLE chokepoint (Tripwire #2).
+// Brain search -- SINGLE chokepoint (Tripwire #2).
 // ============================================================
 //
 // The ONE AND ONLY function in this module that reaches Brain. Every
 // other code path that wants Brain enrichment routes through here.
+//
+// BUG FIX 2026-05-22: the former implementation called client.query(payload)
+// where payload was a plain OBJECT (assembled by tryBrainHints). brain_query
+// requires a Cypher STRING; passing an object causes MCP input validation to
+// fail silently, making Mode A cross-room enrichment dead for all users.
+//
+// Fix: route the JTBD co-occurrence hint lookup through the UNGATED
+// brain_search (semantic) instead. We build a generic methodology query
+// string from the allow-listed context keys and call client.search().
+// brain_search accepts a free-text query string and returns semantic
+// matches from the Pinecone index -- no admin gate, no Cypher string
+// required, no user content (the query string is derived ONLY from
+// allow-listed enums and slugs per Canon Part 8).
+//
+// Result shape from brain_search: { matches: Array<{title,score,...}> }
+// or { records: Array<...> } depending on the server version. We adapt
+// both shapes in tryBrainHints below.
 
-async function tryBrainQuery(payload) {
+async function tryBrainSearch(queryText) {
   const client = getBrainClient();
-  if (!client || typeof client.query !== 'function') return null;
+  if (!client || typeof client.search !== 'function') return null;
   // The single Brain call site. (Tripwire #2: exactly one match for
-  // /(?:brainClient|brain|client)\.query\(/ in the entire module.)
-  return await client.query(payload);
+  // /(?:tryBrainSearch|client\.search)\(/ in the entire module.)
+  return await client.search(queryText, { topK: 3 });
 }
 
 // ============================================================
@@ -411,32 +428,58 @@ async function tryBrainHints(byJtbd) {
   const jtbds = Object.keys(byJtbd);
   if (jtbds.length === 0) return null;
 
-  const hints = {};
-  for (const jtbd of jtbds) {
-    const ctx = buildBrainQueryContext({
-      jtbd_id: jtbd,
-      jtbd_state_enum: 'in_flight',
-    });
-    const payload = Object.assign({ query_type: 'jtbd_cooccurrence' }, ctx);
+  // Build a SINGLE generic methodology query string from the JTBD slugs.
+  // The query string is derived from allow-listed slug tokens only (no user
+  // prose, no artifact bodies, no room names). Canon Part 8 safe.
+  //
+  // We send ONE search call for all JTBDs together (rather than one per JTBD)
+  // to minimize Brain round-trips; the semantic results are generic methodology
+  // patterns applicable to any venture doing these jobs.
+  const safeJtbdList = jtbds
+    .filter(function (j) { return typeof j === 'string' && /^[a-z0-9-]{1,64}$/.test(j); })
+    .slice(0, 8);
+
+  if (safeJtbdList.length === 0) return null;
+
+  // Query string: fully generic methodology language (no user content).
+  // e.g. "methodology patterns for jtbd: prepare-pitch find-bottleneck"
+  const queryText = 'methodology patterns for jtbd: ' + safeJtbdList.join(' ');
+
+  // Tripwire #4: scan the outgoing query string before send.
+  const queryPayload = { q: queryText };
+  if (!payloadIsClean(queryPayload)) {
+    // Query audit failed; abort Mode A.
+    return null;
+  }
 
-    // Tripwire #4: scan before send
-    if (!payloadIsClean(payload)) {
-      // payload audit failed; abort Mode A (pretend Brain unreachable)
-      return null;
-    }
+  let r;
+  try {
+    r = await tryBrainSearch(queryText);
+  } catch (err) {
+    // Re-throw so outer aggregateAcrossRooms can record the warning
+    // row. This is the "read-only Brain failure mid-render" case --
+    // we degrade to Mode B but stamp a single warning row.
+    throw err;
+  }
 
-    let r;
-    try {
-      r = await tryBrainQuery(payload);
-    } catch (err) {
-      // Re-throw so outer aggregateAcrossRooms can record the warning
-      // row. This is the "read-only Brain failure mid-render" case --
-      // we degrade to Mode B but stamp a single warning row.
-      throw err;
-    }
-    if (r && r.patterns) {
-      hints[jtbd] = r.patterns;
-    }
+  // brain_search returns { matches: [...] } or { records: [...] }.
+  // Extract the pattern list and assign uniformly across all JTBDs.
+  // (The response is generic -- there are no per-JTBD buckets from semantic
+  // search; we attribute the same hint set to every JTBD in the batch.)
+  const matchItems = (r && Array.isArray(r.matches)) ? r.matches
+    : (r && Array.isArray(r.records)) ? r.records
+    : [];
+
+  if (matchItems.length === 0) return null;
+
+  // Map semantic matches to the patterns shape the caller expects.
+  const patterns = matchItems.slice(0, 5).map(function (m) {
+    return { title: m.title || m.name || 'methodology pattern', score: m.score || 0 };
+  });
+
+  const hints = {};
+  for (const jtbd of safeJtbdList) {
+    hints[jtbd] = patterns;
   }
 
   return Object.keys(hints).length > 0 ? hints : null;

package/lib/mcp/brain-router.cjs

@@ -254,7 +254,13 @@ function localRoute(roomDir, stateContent, intent) {
 // ---------------------------------------------------------------------------
 
 /**
- * Call Brain API for framework recommendation.
+ * Call Brain API for framework recommendation via brain_ask (ungated).
+ * Replaced the former raw-Cypher brain_query path (admin-gated, BUG 2)
+ * with brain.ask(question) -- valid for all API keys.
+ * Reads next_gate.options[].framework for the ranked chain.
+ * Canon Part 8: the NL question carries only the generic problem-type enum,
+ * never user content or artifact text.
+ *
  * @param {string} roomDir
  * @param {string} stateContent
  * @param {string} [intent]
@@ -270,65 +276,73 @@ async function brainRoute(roomDir, stateContent, intent) {
 
   if (!brainClient.isAvailable()) return null;
 
-  // Query Brain for framework recommendations based on room state
+  // Build a generic NL question carrying only the problem-type enum.
+  // Canon Part 8: no user content, no artifact text, no proprietary numbers.
   const { definition, complexity } = extractProblemType(stateContent);
+  const safeDefinition = definition.replace(/[^a-zA-Z-]/g, '') || 'undefined';
+  const safeComplexity = complexity.replace(/[^a-zA-Z-]/g, '') || 'complex';
+  const question = 'recommend a framework for a ' + safeDefinition + ' definition '
+    + safeComplexity + ' problem';
+
+  let brainResult;
+  try {
+    if (typeof brainClient.ask !== 'function') return null;
+    brainResult = await brainClient.ask(question);
+  } catch (_e) {
+    return null;
+  }
+
+  if (!brainResult) return null;
+
+  // Read next_gate.options[] for the ranked framework chain.
+  // Gracefully handle both presence and absence of next_gate.
+  const options = (brainResult.next_gate && Array.isArray(brainResult.next_gate.options))
+    ? brainResult.next_gate.options
+    : [];
 
-  // PIPE-03: Include both CO_OCCURS and FEEDS_INTO relationships
-  // for chain ordering. FEEDS_INTO encodes directional sequences
-  // (e.g., scenario-plan FEEDS_INTO root-cause), while CO_OCCURS
-  // captures frameworks that commonly run together.
-  // I-3 fix: sanitize complexity to prevent Cypher injection from malformed STATE.md
-  const safeComplexity = complexity.replace(/[^a-zA-Z]/g, '');
-  const cypher = `
-    MATCH (pt:ProblemType)<-[:ADDRESSES_PROBLEM_TYPE]-(f:Framework)
-    WHERE pt.name CONTAINS "${safeComplexity}"
-    WITH f, pt
-    OPTIONAL MATCH (f)-[:FEEDS_INTO]->(f_next:Framework)
-    WITH f, pt, collect(DISTINCT f_next.name) AS feeds_chain
-    OPTIONAL MATCH (f)-[:CO_OCCURS]->(f_co:Framework)
-    WITH f, pt, feeds_chain, collect(DISTINCT f_co.name) AS co_chain
-    RETURN f.name AS primary,
-           CASE WHEN size(feeds_chain) > 0 THEN feeds_chain[..3]
-                ELSE co_chain[..3] END AS chain,
-           pt.name AS problem_type,
-           CASE WHEN size(feeds_chain) > 0 THEN 'feeds_into'
-                ELSE 'co_occurs' END AS chain_type
-    LIMIT 3
-  `;
-
-  const result = await brainClient.query(cypher);
-
-  if (result && result.records && result.records.length > 0) {
-    const rec = result.records[0];
-    const primary = rec.primary || rec[0];
-    const chainNames = rec.chain || rec[1] || [];
-    const fullChain = [primary, ...chainNames].filter(Boolean);
-
-    // Map Brain framework names to CLI command names
-    const mappedChain = fullChain
-      .map(name => {
-        const normalized = name.toLowerCase().replace(/[^a-z-]/g, '');
-        return KNOWN_METHODOLOGIES.find(m => m === normalized || normalized.includes(m))
-          || normalized;
-      })
-      .filter(Boolean)
-      .slice(0, 4);
-
-    if (mappedChain.length > 0) {
-      const chainType = rec.chain_type || rec[3] || 'co_occurs';
-      return {
-        chain: mappedChain,
-        confidence: 0.85,
-        source: 'brain',
-        chain_type: chainType,
-        reasoning: `Brain recommends ${mappedChain.join(' -> ')} for ${definition} ${complexity} problem. ` +
-          `Chain derived from ${chainType === 'feeds_into' ? 'FEEDS_INTO (sequential)' : 'CO_OCCURS (complementary)'} relationships.`,
-        target_sections: []
-      };
+  const anchorFramework = (brainResult.directive && brainResult.directive.guided)
+    ? (brainResult.directive.guided.framework || null)
+    : null;
+
+  // Build the chain: anchor first (if present + not already in options), then options[].framework.
+  const rawChain = [];
+  if (anchorFramework && typeof anchorFramework === 'string') rawChain.push(anchorFramework);
+  for (const opt of options) {
+    if (opt && typeof opt.framework === 'string' && opt.framework.length > 0) {
+      if (!rawChain.includes(opt.framework)) rawChain.push(opt.framework);
     }
   }
 
-  return null;
+  if (rawChain.length === 0) return null;
+
+  // Map Brain framework names to CLI methodology names (slug normalization).
+  // This mirrors the previous mapping in the old Cypher path.
+  const mappedChain = rawChain
+    .map(function (name) {
+      const normalized = name.toLowerCase().replace(/[^a-z-]/g, '');
+      return KNOWN_METHODOLOGIES.find(function (m) { return m === normalized || normalized.includes(m); })
+        || normalized;
+    })
+    .filter(Boolean)
+    .slice(0, 4);
+
+  if (mappedChain.length === 0) return null;
+
+  // Derive top confidence from the options array (or default 0.8).
+  const topConf = (options.length > 0 && typeof options[0].confidence === 'number')
+    ? options[0].confidence
+    : 0.8;
+
+  return {
+    chain: mappedChain,
+    confidence: topConf,
+    source: 'brain',
+    chain_type: 'feeds_into',
+    reasoning: 'Brain recommends ' + mappedChain.join(' -> ') + ' for '
+      + safeDefinition + ' ' + safeComplexity + ' problem. '
+      + 'Chain derived from brain_ask FEEDS_INTO recommendations.',
+    target_sections: [],
+  };
 }
 
 // ---------------------------------------------------------------------------