npm - @pentatonic-ai/ai-agent-sdk - Versions diffs - 0.10.12 → 0.10.13 - Mend

@pentatonic-ai/ai-agent-sdk 0.10.12 → 0.10.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/index.cjs +1 -1
package/dist/index.js +1 -1
package/package.json +1 -1
package/packages/memory-engine-v2/org-model/migrations/007_audit_canonical_no_cascade.sql +22 -0
package/packages/memory-engine-v2/scripts/fusion_drive_fuse.py +34 -1

package/dist/index.cjs CHANGED Viewed

@@ -878,7 +878,7 @@ function fireAndForgetEmit(clientConfig, sessionOpts, messages, result, model) {
 }
 // src/telemetry.js
-var VERSION = "0.10.12";
+var VERSION = "0.10.13";
 var TELEMETRY_URL = "https://sdk-telemetry.philip-134.workers.dev";
 function machineId() {
   const raw = typeof process !== "undefined" ? `${process.env?.USER || process.env?.USERNAME || "u"}:${process.platform || "x"}:${process.arch || "x"}` : "browser";

package/dist/index.js CHANGED Viewed

@@ -847,7 +847,7 @@ function fireAndForgetEmit(clientConfig, sessionOpts, messages, result, model) {
 }
 // src/telemetry.js
-var VERSION = "0.10.12";
+var VERSION = "0.10.13";
 var TELEMETRY_URL = "https://sdk-telemetry.philip-134.workers.dev";
 function machineId() {
   const raw = typeof process !== "undefined" ? `${process.env?.USER || process.env?.USERNAME || "u"}:${process.platform || "x"}:${process.arch || "x"}` : "browser";

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@pentatonic-ai/ai-agent-sdk",
-  "version": "0.10.12",
+  "version": "0.10.13",
   "description": "TES SDK — LLM observability and lifecycle tracking via Pentatonic Thing Event System. Track token usage, tool calls, and conversations. Manage things through event-sourced lifecycle stages with AI enrichment and vector search.",
   "type": "module",
   "main": "./dist/index.cjs",

package/packages/memory-engine-v2/org-model/migrations/007_audit_canonical_no_cascade.sql ADDED Viewed

@@ -0,0 +1,22 @@
+-- Fusion Drive audit integrity: the merge-audit tables must never lose rows
+-- when the row they reference changes.
+--
+-- 002 (entity_merges) and 006 (fact_merges) declared canonical_id as
+--   REFERENCES entities/facts(id) ON DELETE CASCADE
+-- That destroys audit + rollback history on CHAINED merges. When fact/entity A
+-- is merged into canonical K, a receipt is written with canonical_id = K. If K
+-- is itself later merged away (deleted), the ON DELETE CASCADE deletes A's
+-- receipt too — A stays deleted with no record of why, and no rollback payload.
+-- Observed 2026-06-15: a single arena --apply left 4 facts deleted with no
+-- fact_merges row (their canonical was absorbed into a longer "standing by"
+-- statement, cascading the receipts away).
+--
+-- An append-only audit log must outlive its referents. deprecated_id was always
+-- a plain TEXT column (no FK — the row it names is deleted by definition);
+-- canonical_id should be treated the same. Drop the cascading FK and keep
+-- canonical_id as a plain TEXT column. (We deliberately do NOT re-add a
+-- SET NULL FK: canonical_id must stay populated for forensics even after the
+-- canonical row is gone.)
+ALTER TABLE entity_merges DROP CONSTRAINT IF EXISTS entity_merges_canonical_id_fkey;
+ALTER TABLE fact_merges   DROP CONSTRAINT IF EXISTS fact_merges_canonical_id_fkey;

package/packages/memory-engine-v2/scripts/fusion_drive_fuse.py CHANGED Viewed

@@ -386,6 +386,15 @@ def main() -> int:
                 merged += len(loser_ids)
                 return len(loser_ids)
+            # Audit invariant baseline: every entity/fact deletion MUST leave a
+            # rollback receipt. Capture pre-counts; cross-check after the run.
+            def _counts():
+                return {t: cur.execute(
+                            f"SELECT count(*) AS n FROM {t} WHERE arena=%s",
+                            (args.arena,)).fetchone()["n"]
+                        for t in ("entities", "facts", "entity_merges", "fact_merges")}
+            pre_counts = _counts()
             # Tier 1 — deterministic: exact normalized-name dupes only
             # (case/whitespace variants). Co-occurrence is NOT auto-merged.
             for group in _entity_dup_sets(cur, args.arena):
@@ -434,10 +443,26 @@ def main() -> int:
                             conn.commit()
                         llm_fact_merges += len(same) - 1
+            # Audit invariant: deletions must equal receipts written this run.
+            # A mismatch means some rows were deleted with no rollback receipt —
+            # e.g. a chained-merge cascade eating audit rows (fixed in migration
+            # 007, guarded here so it can never recur silently). Detective, not
+            # preventive (merges commit per-group), but it turns a silent leak
+            # into a loud, recorded failure. Holds trivially for dry-run (0==0).
+            post_counts = _counts()
+            ent_deleted = pre_counts["entities"] - post_counts["entities"]
+            fact_deleted = pre_counts["facts"] - post_counts["facts"]
+            ent_audited = post_counts["entity_merges"] - pre_counts["entity_merges"]
+            fact_audited = post_counts["fact_merges"] - pre_counts["fact_merges"]
+            audit_ok = (ent_deleted == ent_audited) and (fact_deleted == fact_audited)
             run_id = "fdr_" + uuid.uuid4().hex[:20]
             detail = {"proposals": proposals, "merged": merged,
                       "llm_entity_merges": llm_entity_merges, "llm_fact_merges": llm_fact_merges,
-                      "llm_tier": bool(post_fn)}
+                      "llm_tier": bool(post_fn),
+                      "audit": {"ok": audit_ok,
+                                "entities_deleted": ent_deleted, "entities_audited": ent_audited,
+                                "facts_deleted": fact_deleted, "facts_audited": fact_audited}}
             cur.execute(
                 """INSERT INTO fusion_drive_runs (id, arena, pass_kind, mode, scanned, changed, detail, finished_at)
                    VALUES (%s,%s,'fusion',%s,%s,%s,%s::jsonb,NOW())""",
@@ -450,6 +475,14 @@ def main() -> int:
           f"{merged} entities merged ({llm_entity_merges} via llm), {llm_fact_merges} facts merged via llm. "
           f"LLM tier: {'on (distiller)' if post_fn else 'off'}")
     print(f"  ledger: {run_id}")
+    if not audit_ok:
+        print(f"[fusion-drive:fuse] AUDIT INVARIANT VIOLATED arena={args.arena}: "
+              f"entities deleted={ent_deleted} audited={ent_audited}; "
+              f"facts deleted={fact_deleted} audited={fact_audited}. "
+              f"Deletions without a rollback receipt — do NOT trust audit-based "
+              f"rollback for this run; restore from backup if needed.",
+              file=sys.stderr)
+        return 3
     return 0