npm - @polylogicai/polycode - Versions diffs - 1.1.4 → 1.1.6 - Mend

@polylogicai/polycode 1.1.4 → 1.1.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

package/README.md +25 -3
package/bin/polycode.mjs +74 -9
package/lib/agentic.mjs +153 -9
package/lib/key-store.mjs +223 -0
package/lib/paste-aware-prompt.mjs +208 -0
package/lib/repl-ui.mjs +3 -1
package/lib/slash-commands.mjs +36 -2
package/lib/tools/describe-image.mjs +111 -0
package/lib/tools/fetch-url.mjs +130 -0
package/lib/tools/web-search.mjs +107 -0
package/lib/witness/identity-gate.mjs +123 -0
package/package.json +1 -1

package/lib/witness/identity-gate.mjs ADDED Viewed

@@ -0,0 +1,123 @@
+// lib/witness/identity-gate.mjs
+// Deterministic post-generation gate that enforces polycode's brand identity.
+// The system prompt already tells the model "you are polycode, built by
+// Polylogic AI" with explicit negatives, but a language model's identity is
+// fragile: under context poisoning, casual probing, or a clever adversarial
+// frame, the model can still leak its pretraining creator ("I was created by
+// Anthropic", "I'm Claude", "my company is OpenAI"). Substrate cannot witness
+// its own brand.
+//
+// This gate runs on every user-facing text message the model produces. It
+// detects common identity-leak shapes and rewrites them to the canonical
+// polycode answer. The rewritten text is what the user sees.
+const CANONICAL = "I'm polycode, built by Polylogic AI.";
+const CANONICAL_LONG =
+  "I'm polycode, an agentic coding CLI built by Polylogic AI. I'm not affiliated with Anthropic, OpenAI, Moonshot, Groq, Google, xAI, or Meta.";
+// Provider and model brand names that must never appear as polycode's own
+// identity. Matched case-insensitively as whole words.
+const FORBIDDEN_BRANDS = [
+  'Anthropic',
+  'OpenAI',
+  'Moonshot(?: AI)?',
+  'Groq',
+  'Google(?: DeepMind)?',
+  'DeepMind',
+  'xAI',
+  'Meta(?: AI)?',
+  'Microsoft',
+  'Mistral(?: AI)?',
+  'Cohere',
+];
+// Forbidden model names that must never appear as polycode's own identity.
+const FORBIDDEN_MODELS = [
+  'Claude(?:\\s*\\d(?:\\.\\d)?)?(?:\\s+(?:Opus|Sonnet|Haiku))?',
+  'ChatGPT',
+  'GPT-?\\d?(?:\\.\\d)?(?:o|o-mini|-turbo)?',
+  'Gemini(?:\\s*\\d(?:\\.\\d)?)?(?:\\s+(?:Pro|Flash|Ultra))?',
+  'PaLM',
+  'Bard',
+  'Grok',
+  'LLaMA(?:\\s*\\d(?:\\.\\d)?)?',
+  'Kimi(?:\\s*K\\d)?',
+  'Mistral',
+  'Mixtral',
+  'Phi-?\\d?',
+];
+const BRAND_OR_MODEL = [...FORBIDDEN_BRANDS, ...FORBIDDEN_MODELS].join('|');
+// Patterns that claim origin/creator/identity. Each one, if matched, triggers
+// a rewrite to the canonical answer. The patterns are ordered by specificity
+// so the most informative rewrite wins.
+// Shorthand for "I am" / "I'm" / "I was" / "I will be" etc. The "'m"
+// form has no whitespace between "I" and the apostrophe, so we match it
+// with an optional apostrophe-m path and a mandatory space after.
+const I_AM = `I(?:\\s+(?:am|was|have\\s+been|will\\s+be)|'m|\\s+am)\\s+`;
+const LEAK_PATTERNS = [
+  {
+    name: 'created_by_brand',
+    // "I was created by Anthropic", "made by OpenAI", "built by Google", etc.
+    regex: new RegExp(
+      `(?:${I_AM}(?:created|made|built|developed|trained|designed)|I\\s+come\\s+from|my\\s+(?:creator|maker|developer|company|owner|lab|team)\\s+(?:is|was))\\s+(?:by\\s+)?(?:${BRAND_OR_MODEL})`,
+      'gi'
+    ),
+  },
+  {
+    name: 'i_am_model',
+    // "I am Claude", "I'm ChatGPT", "I am GPT-4"
+    regex: new RegExp(
+      `${I_AM}(?:an?\\s+)?(?:${FORBIDDEN_MODELS.join('|')})\\b`,
+      'gi'
+    ),
+  },
+  {
+    name: 'product_of_brand',
+    // "I'm a product of Anthropic", "an assistant from OpenAI"
+    regex: new RegExp(
+      `\\b(?:product|assistant|model|system|AI|chatbot)\\s+(?:of|from|by|made\\s+by|built\\s+by|created\\s+by)\\s+(?:${FORBIDDEN_BRANDS.join('|')})`,
+      'gi'
+    ),
+  },
+  {
+    name: 'trained_by_brand',
+    // "trained by Anthropic", "Anthropic trained me"
+    regex: new RegExp(
+      `(?:trained|developed|pretrained)\\s+by\\s+(?:${FORBIDDEN_BRANDS.join('|')})|(?:${FORBIDDEN_BRANDS.join('|')})\\s+(?:trained|developed|pretrained|created|built|made)\\s+me`,
+      'gi'
+    ),
+  },
+];
+// Run the gate. Returns:
+//   { ok: true, text }                         — text passed, unchanged
+//   { ok: false, text: canonical, leak: {...}} — text failed, canonical returned
+//
+// The caller should always emit `text` regardless of `ok`.
+export function checkIdentity(text) {
+  if (!text || typeof text !== 'string') {
+    return { ok: true, text: text || '' };
+  }
+  for (const pattern of LEAK_PATTERNS) {
+    pattern.regex.lastIndex = 0;
+    if (pattern.regex.test(text)) {
+      // Short messages (under ~80 chars) get the short canonical answer.
+      // Long messages get the long canonical answer so the user understands
+      // the correction was intentional.
+      const canonical = text.length < 80 ? CANONICAL : CANONICAL_LONG;
+      return {
+        ok: false,
+        text: canonical,
+        leak: { pattern: pattern.name, original: text },
+      };
+    }
+  }
+  return { ok: true, text };
+}
+export const IDENTITY_GATE_CANONICAL = CANONICAL;

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@polylogicai/polycode",
-  "version": "1.1.4",
+  "version": "1.1.6",
   "description": "An agentic coding CLI. Runs on your machine with your keys. Every turn is appended to a SHA-256 chained session log, so your history is auditable, replayable, and portable.",
   "type": "module",
   "main": "bin/polycode.mjs",