@remnic/core 9.3.608 → 9.3.610

package/dist/access-cli.js

@@ -1,6 +1,6 @@
 import {
   Orchestrator
-} from "./chunk-YJ6QCQNE.js";
+} from "./chunk-HJNQQICM.js";
 import "./chunk-5RIRL3XL.js";
 import "./chunk-KVEVLBKC.js";
 import "./chunk-BFBF3XEF.js";
@@ -47,7 +47,7 @@ import "./chunk-VU3SVYMA.js";
 import "./chunk-H63EDPFJ.js";
 import "./chunk-PD6O7AXF.js";
 import "./chunk-YAZNBMNF.js";
-import "./chunk-LCR46JY5.js";
+import "./chunk-7YX23JBA.js";
 import "./chunk-C4SQJZAF.js";
 import "./chunk-KM2A35EO.js";
 import "./chunk-4RA3C3EV.js";

package/dist/{chunk-LCR46JY5.js → chunk-7YX23JBA.js}

@@ -5,7 +5,7 @@ import {
 // src/extraction-judge-training.ts
 import path from "path";
 import { homedir } from "os";
-import { appendFile, chmod, mkdir, readFile, readdir } from "fs/promises";
+import { appendFile, chmod, lstat, mkdir, readFile, readdir, realpath } from "fs/promises";
 function expandTilde(p) {
   const home = homedir();
   if (p === "~" || p.startsWith("~/") || p.startsWith("~\\")) {
@@ -36,6 +36,10 @@ function dateStamp(iso) {
 function trainingFilePathFor(directory, iso) {
   return path.join(directory, `${dateStamp(iso)}.jsonl`);
 }
+function isPathInsideDirectory(filePath, directory) {
+  const relative = path.relative(directory, filePath);
+  return relative === "" || !relative.startsWith("..") && !path.isAbsolute(relative);
+}
 async function recordJudgeTrainingPair(row, options) {
   if (!options.enabled) return;
   const dir = resolveTrainingDir(options);
@@ -56,6 +60,19 @@ async function recordJudgeTrainingPair(row, options) {
 }
 async function readJudgeTrainingPairs(options) {
   const dir = resolveTrainingDir({ enabled: true, ...options });
+  try {
+    const dirStat = await lstat(dir);
+    if (dirStat.isSymbolicLink()) {
+      throw new Error("Judge training directory must not be a symlink");
+    }
+    if (!dirStat.isDirectory()) {
+      throw new Error("Judge training path must be a directory");
+    }
+  } catch (err) {
+    const code = err.code;
+    if (code === "ENOENT") return { rows: [], malformed: 0 };
+    throw err;
+  }
   let entries;
   try {
     entries = await readdir(dir);
@@ -66,10 +83,30 @@ async function readJudgeTrainingPairs(options) {
   }
   const rows = [];
   let malformed = 0;
+  const resolvedDir = await realpath(dir);
   entries.sort();
   for (const name of entries) {
     if (!name.endsWith(".jsonl")) continue;
-    const raw = await readFile(path.join(dir, name), "utf-8");
+    const filePath = path.join(dir, name);
+    let fileStat;
+    try {
+      fileStat = await lstat(filePath);
+    } catch (err) {
+      const code = err.code;
+      if (code === "ENOENT") continue;
+      throw err;
+    }
+    if (fileStat.isSymbolicLink() || !fileStat.isFile()) continue;
+    let resolvedFilePath;
+    try {
+      resolvedFilePath = await realpath(filePath);
+    } catch (err) {
+      const code = err.code;
+      if (code === "ENOENT") continue;
+      throw err;
+    }
+    if (!isPathInsideDirectory(resolvedFilePath, resolvedDir)) continue;
+    const raw = await readFile(resolvedFilePath, "utf-8");
     for (const line of raw.split("\n")) {
       if (!line.trim()) continue;
       let parsed;
@@ -120,4 +157,4 @@ export {
   readJudgeTrainingPairs,
   isValidTrainingPair
 };
-//# sourceMappingURL=chunk-LCR46JY5.js.map
+//# sourceMappingURL=chunk-7YX23JBA.js.map

package/dist/chunk-7YX23JBA.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/extraction-judge-training.ts"],"sourcesContent":["/**\n * Extraction Judge Training Data Shim (issue #562, PR 4).\n *\n * Opt-in collector for `(candidate_text, verdict_kind, reason,\n * ground_truth_label?)` tuples. Rows are appended to JSONL files under\n * `~/.remnic/judge-training/<YYYY-MM-DD>.jsonl` so operators can ship the\n * data into a future GRPO training pipeline without exfiltrating live\n * memory content through the regular observation ledger.\n *\n * Gating:\n *   - Off by default. Must be explicitly enabled via\n *     `collectJudgeTrainingPairs: true` in plugin config.\n *   - The ground-truth label is always optional — labels are added out-of-\n *     band once reviewers disambiguate the candidate's fate.\n *\n * Privacy: the row carries only what the judge already sees — the\n * candidate text and its metadata. It does NOT carry session keys,\n * principal IDs, or any user identifiers. The file lives in the user's\n * home directory rather than the shared memory directory so it is never\n * committed, sync'd, or bundled into exports.\n */\n\nimport path from \"node:path\";\nimport { homedir } from \"node:os\";\nimport { appendFile, chmod, lstat, mkdir, readFile, readdir, realpath } from \"node:fs/promises\";\nimport { log } from \"./logger.js\";\nimport type { JudgeVerdictKind } from \"./extraction-judge.js\";\n\n/**\n * Persisted training row. Intentionally minimal: just the signal needed\n * to train a judge replacement policy. Schema version is tagged so future\n * readers can migrate older rows.\n */\nexport interface JudgeTrainingPair {\n  version: 1;\n  ts: string; // ISO-8601\n  candidateText: string;\n  candidateCategory: string;\n  candidateConfidence?: number;\n  verdictKind: JudgeVerdictKind;\n  reason: string;\n  /**\n   * Number of prior deferrals when the verdict was resolved. `0` for the\n   * first resolution; only set when known (defer pathway).\n   */\n  priorDeferrals?: number;\n  /**\n   * Optional human-applied ground-truth label. Added after the fact by a\n   * reviewer / labelling script; not present on fresh rows.\n   */\n  groundTruthLabel?: JudgeVerdictKind;\n}\n\nexport interface JudgeTrainingOptions {\n  enabled: boolean;\n  /**\n   * Override for the output directory. Defaults to\n   * `~/.remnic/judge-training`. Tests pass a temp path here.\n   */\n  directory?: string;\n}\n\n/**\n * Expand a leading `~` / `~/` / `$HOME/` / `${HOME}/` to the process home\n * directory. Node's `fs` APIs do not expand `~` themselves (CLAUDE.md\n * gotcha 17), so every user-facing path input must be funnelled through\n * this helper before it reaches the filesystem.\n */\nfunction expandTilde(p: string): string {\n  const home = homedir();\n  if (p === \"~\" || p.startsWith(\"~/\") || p.startsWith(\"~\\\\\")) {\n    return home + p.slice(1);\n  }\n  if (p === \"$HOME\" || p.startsWith(\"$HOME/\") || p.startsWith(\"$HOME\\\\\")) {\n    return home + p.slice(5);\n  }\n  if (p === \"${HOME}\" || p.startsWith(\"${HOME}/\") || p.startsWith(\"${HOME}\\\\\")) {\n    return home + p.slice(7);\n  }\n  return p;\n}\n\nexport function resolveTrainingDir(options: JudgeTrainingOptions): string {\n  if (options.directory && options.directory.length > 0) {\n    // Expand `~` / `$HOME` in the override so operators can write the\n    // config as the user sees it (CLAUDE.md gotcha 17).\n    return expandTilde(options.directory);\n  }\n  return path.join(homedir(), \".remnic\", \"judge-training\");\n}\n\nfunction dateStamp(iso: string): string {\n  // `YYYY-MM-DD` from an ISO-8601 string. Falls back to today on a parse\n  // failure rather than throwing — the caller already wrote a row and the\n  // timestamp is best-effort.\n  const ms = Date.parse(iso);\n  const d = Number.isFinite(ms) ? new Date(ms) : new Date();\n  const yyyy = d.getUTCFullYear().toString().padStart(4, \"0\");\n  const mm = (d.getUTCMonth() + 1).toString().padStart(2, \"0\");\n  const dd = d.getUTCDate().toString().padStart(2, \"0\");\n  return `${yyyy}-${mm}-${dd}`;\n}\n\nexport function trainingFilePathFor(directory: string, iso: string): string {\n  return path.join(directory, `${dateStamp(iso)}.jsonl`);\n}\n\nfunction isPathInsideDirectory(filePath: string, directory: string): boolean {\n  const relative = path.relative(directory, filePath);\n  return relative === \"\" || (!relative.startsWith(\"..\") && !path.isAbsolute(relative));\n}\n\n/**\n * Append a single training row. Fails open — write errors are logged at\n * debug level and swallowed, same policy as the telemetry emitter.\n * No-op when `options.enabled` is false.\n */\nexport async function recordJudgeTrainingPair(row: JudgeTrainingPair, options: JudgeTrainingOptions): Promise<void> {\n  if (!options.enabled) return;\n  const dir = resolveTrainingDir(options);\n  const filePath = trainingFilePathFor(dir, row.ts);\n  try {\n    await mkdir(dir, { recursive: true, mode: 0o700 });\n    await appendFile(filePath, `${JSON.stringify(row)}\\n`, {\n      encoding: \"utf-8\",\n      mode: 0o600,\n    });\n    await chmod(filePath, 0o600);\n  } catch (err) {\n    log.debug(\n      `extraction-judge-training: append failed (non-fatal): ${err instanceof Error ? err.message : String(err)}`\n    );\n  }\n}\n\n/**\n * Read all training rows from the configured directory. Returns an empty\n * array when the directory is missing. Malformed lines are skipped and\n * counted in the returned `malformed` tally.\n */\nexport async function readJudgeTrainingPairs(\n  options: Pick<JudgeTrainingOptions, \"directory\">\n): Promise<{ rows: JudgeTrainingPair[]; malformed: number }> {\n  const dir = resolveTrainingDir({ enabled: true, ...options });\n  try {\n    const dirStat = await lstat(dir);\n    if (dirStat.isSymbolicLink()) {\n      throw new Error(\"Judge training directory must not be a symlink\");\n    }\n    if (!dirStat.isDirectory()) {\n      throw new Error(\"Judge training path must be a directory\");\n    }\n  } catch (err) {\n    const code = (err as NodeJS.ErrnoException).code;\n    if (code === \"ENOENT\") return { rows: [], malformed: 0 };\n    throw err;\n  }\n\n  let entries: string[];\n  try {\n    entries = await readdir(dir);\n  } catch (err) {\n    const code = (err as NodeJS.ErrnoException).code;\n    if (code === \"ENOENT\") return { rows: [], malformed: 0 };\n    throw err;\n  }\n\n  const rows: JudgeTrainingPair[] = [];\n  let malformed = 0;\n  const resolvedDir = await realpath(dir);\n  // Sort so reads are deterministic across platforms.\n  entries.sort();\n  for (const name of entries) {\n    if (!name.endsWith(\".jsonl\")) continue;\n    const filePath = path.join(dir, name);\n    let fileStat: Awaited<ReturnType<typeof lstat>>;\n    try {\n      fileStat = await lstat(filePath);\n    } catch (err) {\n      const code = (err as NodeJS.ErrnoException).code;\n      if (code === \"ENOENT\") continue;\n      throw err;\n    }\n    if (fileStat.isSymbolicLink() || !fileStat.isFile()) continue;\n\n    let resolvedFilePath: string;\n    try {\n      resolvedFilePath = await realpath(filePath);\n    } catch (err) {\n      const code = (err as NodeJS.ErrnoException).code;\n      if (code === \"ENOENT\") continue;\n      throw err;\n    }\n    if (!isPathInsideDirectory(resolvedFilePath, resolvedDir)) continue;\n\n    const raw = await readFile(resolvedFilePath, \"utf-8\");\n    for (const line of raw.split(\"\\n\")) {\n      if (!line.trim()) continue;\n      let parsed: unknown;\n      try {\n        parsed = JSON.parse(line);\n      } catch {\n        malformed += 1;\n        continue;\n      }\n      if (!isValidTrainingPair(parsed)) {\n        malformed += 1;\n        continue;\n      }\n      rows.push(parsed);\n    }\n  }\n  return { rows, malformed };\n}\n\n/**\n * Structural validator matching the persisted schema. Forward-compat: an\n * unknown `verdictKind` string is treated as malformed (strict training\n * signal — we do not want to admit unlabelled gibberish into a trainer).\n */\nexport function isValidTrainingPair(value: unknown): value is JudgeTrainingPair {\n  if (typeof value !== \"object\" || value === null || Array.isArray(value)) {\n    return false;\n  }\n  const p = value as Record<string, unknown>;\n  if (p.version !== 1) return false;\n  if (typeof p.ts !== \"string\") return false;\n  if (typeof p.candidateText !== \"string\") return false;\n  if (typeof p.candidateCategory !== \"string\") return false;\n  if (p.verdictKind !== \"accept\" && p.verdictKind !== \"reject\" && p.verdictKind !== \"defer\") {\n    return false;\n  }\n  if (typeof p.reason !== \"string\") return false;\n  if (p.candidateConfidence !== undefined && typeof p.candidateConfidence !== \"number\") {\n    return false;\n  }\n  if (p.priorDeferrals !== undefined && typeof p.priorDeferrals !== \"number\") {\n    return false;\n  }\n  if (\n    p.groundTruthLabel !== undefined &&\n    p.groundTruthLabel !== \"accept\" &&\n    p.groundTruthLabel !== \"reject\" &&\n    p.groundTruthLabel !== \"defer\"\n  ) {\n    return false;\n  }\n  return true;\n}\n"],"mappings":";;;;;AAsBA,OAAO,UAAU;AACjB,SAAS,eAAe;AACxB,SAAS,YAAY,OAAO,OAAO,OAAO,UAAU,SAAS,gBAAgB;AA4C7E,SAAS,YAAY,GAAmB;AACtC,QAAM,OAAO,QAAQ;AACrB,MAAI,MAAM,OAAO,EAAE,WAAW,IAAI,KAAK,EAAE,WAAW,KAAK,GAAG;AAC1D,WAAO,OAAO,EAAE,MAAM,CAAC;AAAA,EACzB;AACA,MAAI,MAAM,WAAW,EAAE,WAAW,QAAQ,KAAK,EAAE,WAAW,SAAS,GAAG;AACtE,WAAO,OAAO,EAAE,MAAM,CAAC;AAAA,EACzB;AACA,MAAI,MAAM,aAAa,EAAE,WAAW,UAAU,KAAK,EAAE,WAAW,WAAW,GAAG;AAC5E,WAAO,OAAO,EAAE,MAAM,CAAC;AAAA,EACzB;AACA,SAAO;AACT;AAEO,SAAS,mBAAmB,SAAuC;AACxE,MAAI,QAAQ,aAAa,QAAQ,UAAU,SAAS,GAAG;AAGrD,WAAO,YAAY,QAAQ,SAAS;AAAA,EACtC;AACA,SAAO,KAAK,KAAK,QAAQ,GAAG,WAAW,gBAAgB;AACzD;AAEA,SAAS,UAAU,KAAqB;AAItC,QAAM,KAAK,KAAK,MAAM,GAAG;AACzB,QAAM,IAAI,OAAO,SAAS,EAAE,IAAI,IAAI,KAAK,EAAE,IAAI,oBAAI,KAAK;AACxD,QAAM,OAAO,EAAE,eAAe,EAAE,SAAS,EAAE,SAAS,GAAG,GAAG;AAC1D,QAAM,MAAM,EAAE,YAAY,IAAI,GAAG,SAAS,EAAE,SAAS,GAAG,GAAG;AAC3D,QAAM,KAAK,EAAE,WAAW,EAAE,SAAS,EAAE,SAAS,GAAG,GAAG;AACpD,SAAO,GAAG,IAAI,IAAI,EAAE,IAAI,EAAE;AAC5B;AAEO,SAAS,oBAAoB,WAAmB,KAAqB;AAC1E,SAAO,KAAK,KAAK,WAAW,GAAG,UAAU,GAAG,CAAC,QAAQ;AACvD;AAEA,SAAS,sBAAsB,UAAkB,WAA4B;AAC3E,QAAM,WAAW,KAAK,SAAS,WAAW,QAAQ;AAClD,SAAO,aAAa,MAAO,CAAC,SAAS,WAAW,IAAI,KAAK,CAAC,KAAK,WAAW,QAAQ;AACpF;AAOA,eAAsB,wBAAwB,KAAwB,SAA8C;AAClH,MAAI,CAAC,QAAQ,QAAS;AACtB,QAAM,MAAM,mBAAmB,OAAO;AACtC,QAAM,WAAW,oBAAoB,KAAK,IAAI,EAAE;AAChD,MAAI;AACF,UAAM,MAAM,KAAK,EAAE,WAAW,MAAM,MAAM,IAAM,CAAC;AACjD,UAAM,WAAW,UAAU,GAAG,KAAK,UAAU,GAAG,CAAC;AAAA,GAAM;AAAA,MACrD,UAAU;AAAA,MACV,MAAM;AAAA,IACR,CAAC;AACD,UAAM,MAAM,UAAU,GAAK;AAAA,EAC7B,SAAS,KAAK;AACZ,QAAI;AAAA,MACF,yDAAyD,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG,CAAC;AAAA,IAC3G;AAAA,EACF;AACF;AAOA,eAAsB,uBACpB,SAC2D;AAC3D,QAAM,MAAM,mBAAmB,EAAE,SAAS,MAAM,GAAG,QAAQ,CAAC;AAC5D,MAAI;AACF,UAAM,UAAU,MAAM,MAAM,GAAG;AAC/B,QAAI,QAAQ,eAAe,GAAG;AAC5B,YAAM,IAAI,MAAM,gDAAgD;AAAA,IAClE;AACA,QAAI,CAAC,QAAQ,YAAY,GAAG;AAC1B,YAAM,IAAI,MAAM,yCAAyC;AAAA,IAC3D;AAAA,EACF,SAAS,KAAK;AACZ,UAAM,OAAQ,IAA8B;AAC5C,QAAI,SAAS,SAAU,QAAO,EAAE,MAAM,CAAC,GAAG,WAAW,EAAE;AACvD,UAAM;AAAA,EACR;AAEA,MAAI;AACJ,MAAI;AACF,cAAU,MAAM,QAAQ,GAAG;AAAA,EAC7B,SAAS,KAAK;AACZ,UAAM,OAAQ,IAA8B;AAC5C,QAAI,SAAS,SAAU,QAAO,EAAE,MAAM,CAAC,GAAG,WAAW,EAAE;AACvD,UAAM;AAAA,EACR;AAEA,QAAM,OAA4B,CAAC;AACnC,MAAI,YAAY;AAChB,QAAM,cAAc,MAAM,SAAS,GAAG;AAEtC,UAAQ,KAAK;AACb,aAAW,QAAQ,SAAS;AAC1B,QAAI,CAAC,KAAK,SAAS,QAAQ,EAAG;AAC9B,UAAM,WAAW,KAAK,KAAK,KAAK,IAAI;AACpC,QAAI;AACJ,QAAI;AACF,iBAAW,MAAM,MAAM,QAAQ;AAAA,IACjC,SAAS,KAAK;AACZ,YAAM,OAAQ,IAA8B;AAC5C,UAAI,SAAS,SAAU;AACvB,YAAM;AAAA,IACR;AACA,QAAI,SAAS,eAAe,KAAK,CAAC,SAAS,OAAO,EAAG;AAErD,QAAI;AACJ,QAAI;AACF,yBAAmB,MAAM,SAAS,QAAQ;AAAA,IAC5C,SAAS,KAAK;AACZ,YAAM,OAAQ,IAA8B;AAC5C,UAAI,SAAS,SAAU;AACvB,YAAM;AAAA,IACR;AACA,QAAI,CAAC,sBAAsB,kBAAkB,WAAW,EAAG;AAE3D,UAAM,MAAM,MAAM,SAAS,kBAAkB,OAAO;AACpD,eAAW,QAAQ,IAAI,MAAM,IAAI,GAAG;AAClC,UAAI,CAAC,KAAK,KAAK,EAAG;AAClB,UAAI;AACJ,UAAI;AACF,iBAAS,KAAK,MAAM,IAAI;AAAA,MAC1B,QAAQ;AACN,qBAAa;AACb;AAAA,MACF;AACA,UAAI,CAAC,oBAAoB,MAAM,GAAG;AAChC,qBAAa;AACb;AAAA,MACF;AACA,WAAK,KAAK,MAAM;AAAA,IAClB;AAAA,EACF;AACA,SAAO,EAAE,MAAM,UAAU;AAC3B;AAOO,SAAS,oBAAoB,OAA4C;AAC9E,MAAI,OAAO,UAAU,YAAY,UAAU,QAAQ,MAAM,QAAQ,KAAK,GAAG;AACvE,WAAO;AAAA,EACT;AACA,QAAM,IAAI;AACV,MAAI,EAAE,YAAY,EAAG,QAAO;AAC5B,MAAI,OAAO,EAAE,OAAO,SAAU,QAAO;AACrC,MAAI,OAAO,EAAE,kBAAkB,SAAU,QAAO;AAChD,MAAI,OAAO,EAAE,sBAAsB,SAAU,QAAO;AACpD,MAAI,EAAE,gBAAgB,YAAY,EAAE,gBAAgB,YAAY,EAAE,gBAAgB,SAAS;AACzF,WAAO;AAAA,EACT;AACA,MAAI,OAAO,EAAE,WAAW,SAAU,QAAO;AACzC,MAAI,EAAE,wBAAwB,UAAa,OAAO,EAAE,wBAAwB,UAAU;AACpF,WAAO;AAAA,EACT;AACA,MAAI,EAAE,mBAAmB,UAAa,OAAO,EAAE,mBAAmB,UAAU;AAC1E,WAAO;AAAA,EACT;AACA,MACE,EAAE,qBAAqB,UACvB,EAAE,qBAAqB,YACvB,EAAE,qBAAqB,YACvB,EAAE,qBAAqB,SACvB;AACA,WAAO;AAAA,EACT;AACA,SAAO;AACT;","names":[]}

package/dist/{chunk-YJ6QCQNE.js → chunk-HJNQQICM.js}

@@ -140,7 +140,7 @@ import {
 } from "./chunk-YAZNBMNF.js";
 import {
   recordJudgeTrainingPair
-} from "./chunk-LCR46JY5.js";
+} from "./chunk-7YX23JBA.js";
 import {
   createDeferCountMap,
   createVerdictCache,
@@ -12441,4 +12441,4 @@ export {
   resolvePersistedMemoryRelativePath,
   Orchestrator
 };
-//# sourceMappingURL=chunk-YJ6QCQNE.js.map
+//# sourceMappingURL=chunk-HJNQQICM.js.map

package/dist/extraction-judge-training.js

@@ -4,7 +4,7 @@ import {
   recordJudgeTrainingPair,
   resolveTrainingDir,
   trainingFilePathFor
-} from "./chunk-LCR46JY5.js";
+} from "./chunk-7YX23JBA.js";
 import "./chunk-2ODBA7MQ.js";
 import "./chunk-PZ5AY32C.js";
 export {

package/dist/index.js

@@ -182,7 +182,7 @@ import {
   saveTaxonomy,
   validateSlug,
   validateTaxonomy
-} from "./chunk-YJ6QCQNE.js";
+} from "./chunk-HJNQQICM.js";
 import "./chunk-5RIRL3XL.js";
 import {
   migrateFromEngram,
@@ -265,7 +265,7 @@ import {
   planRecallMode
 } from "./chunk-PD6O7AXF.js";
 import "./chunk-YAZNBMNF.js";
-import "./chunk-LCR46JY5.js";
+import "./chunk-7YX23JBA.js";
 import {
   clearVerdictCache,
   createVerdictCache,

package/dist/orchestrator.js

@@ -26,7 +26,7 @@ import {
   sanitizeSessionKeyForFilename,
   shouldFilterLifecycleRecallCandidate,
   summarizeGraphShadowComparison
-} from "./chunk-YJ6QCQNE.js";
+} from "./chunk-HJNQQICM.js";
 import "./chunk-5RIRL3XL.js";
 import "./chunk-KVEVLBKC.js";
 import "./chunk-BFBF3XEF.js";
@@ -73,7 +73,7 @@ import "./chunk-VU3SVYMA.js";
 import "./chunk-H63EDPFJ.js";
 import "./chunk-PD6O7AXF.js";
 import "./chunk-YAZNBMNF.js";
-import "./chunk-LCR46JY5.js";
+import "./chunk-7YX23JBA.js";
 import "./chunk-C4SQJZAF.js";
 import "./chunk-KM2A35EO.js";
 import "./chunk-4RA3C3EV.js";

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@remnic/core",
-  "version": "9.3.608",
+  "version": "9.3.610",
   "description": "Framework-agnostic Remnic memory engine — orchestrator, storage, extraction, search, trust zones",
   "type": "module",
   "main": "dist/index.js",

package/src/extraction-judge-training.ts

@@ -22,7 +22,7 @@
 
 import path from "node:path";
 import { homedir } from "node:os";
-import { appendFile, chmod, mkdir, readFile, readdir } from "node:fs/promises";
+import { appendFile, chmod, lstat, mkdir, readFile, readdir, realpath } from "node:fs/promises";
 import { log } from "./logger.js";
 import type { JudgeVerdictKind } from "./extraction-judge.js";
 
@@ -101,22 +101,21 @@ function dateStamp(iso: string): string {
   return `${yyyy}-${mm}-${dd}`;
 }
 
-export function trainingFilePathFor(
-  directory: string,
-  iso: string,
-): string {
+export function trainingFilePathFor(directory: string, iso: string): string {
   return path.join(directory, `${dateStamp(iso)}.jsonl`);
 }
 
+function isPathInsideDirectory(filePath: string, directory: string): boolean {
+  const relative = path.relative(directory, filePath);
+  return relative === "" || (!relative.startsWith("..") && !path.isAbsolute(relative));
+}
+
 /**
  * Append a single training row. Fails open — write errors are logged at
  * debug level and swallowed, same policy as the telemetry emitter.
  * No-op when `options.enabled` is false.
  */
-export async function recordJudgeTrainingPair(
-  row: JudgeTrainingPair,
-  options: JudgeTrainingOptions,
-): Promise<void> {
+export async function recordJudgeTrainingPair(row: JudgeTrainingPair, options: JudgeTrainingOptions): Promise<void> {
   if (!options.enabled) return;
   const dir = resolveTrainingDir(options);
   const filePath = trainingFilePathFor(dir, row.ts);
@@ -129,7 +128,7 @@ export async function recordJudgeTrainingPair(
     await chmod(filePath, 0o600);
   } catch (err) {
     log.debug(
-      `extraction-judge-training: append failed (non-fatal): ${err instanceof Error ? err.message : String(err)}`,
+      `extraction-judge-training: append failed (non-fatal): ${err instanceof Error ? err.message : String(err)}`
     );
   }
 }
@@ -140,9 +139,23 @@ export async function recordJudgeTrainingPair(
  * counted in the returned `malformed` tally.
  */
 export async function readJudgeTrainingPairs(
-  options: Pick<JudgeTrainingOptions, "directory">,
+  options: Pick<JudgeTrainingOptions, "directory">
 ): Promise<{ rows: JudgeTrainingPair[]; malformed: number }> {
   const dir = resolveTrainingDir({ enabled: true, ...options });
+  try {
+    const dirStat = await lstat(dir);
+    if (dirStat.isSymbolicLink()) {
+      throw new Error("Judge training directory must not be a symlink");
+    }
+    if (!dirStat.isDirectory()) {
+      throw new Error("Judge training path must be a directory");
+    }
+  } catch (err) {
+    const code = (err as NodeJS.ErrnoException).code;
+    if (code === "ENOENT") return { rows: [], malformed: 0 };
+    throw err;
+  }
+
   let entries: string[];
   try {
     entries = await readdir(dir);
@@ -154,11 +167,33 @@ export async function readJudgeTrainingPairs(
 
   const rows: JudgeTrainingPair[] = [];
   let malformed = 0;
+  const resolvedDir = await realpath(dir);
   // Sort so reads are deterministic across platforms.
   entries.sort();
   for (const name of entries) {
     if (!name.endsWith(".jsonl")) continue;
-    const raw = await readFile(path.join(dir, name), "utf-8");
+    const filePath = path.join(dir, name);
+    let fileStat: Awaited<ReturnType<typeof lstat>>;
+    try {
+      fileStat = await lstat(filePath);
+    } catch (err) {
+      const code = (err as NodeJS.ErrnoException).code;
+      if (code === "ENOENT") continue;
+      throw err;
+    }
+    if (fileStat.isSymbolicLink() || !fileStat.isFile()) continue;
+
+    let resolvedFilePath: string;
+    try {
+      resolvedFilePath = await realpath(filePath);
+    } catch (err) {
+      const code = (err as NodeJS.ErrnoException).code;
+      if (code === "ENOENT") continue;
+      throw err;
+    }
+    if (!isPathInsideDirectory(resolvedFilePath, resolvedDir)) continue;
+
+    const raw = await readFile(resolvedFilePath, "utf-8");
     for (const line of raw.split("\n")) {
       if (!line.trim()) continue;
       let parsed: unknown;
@@ -192,18 +227,11 @@ export function isValidTrainingPair(value: unknown): value is JudgeTrainingPair
   if (typeof p.ts !== "string") return false;
   if (typeof p.candidateText !== "string") return false;
   if (typeof p.candidateCategory !== "string") return false;
-  if (
-    p.verdictKind !== "accept" &&
-    p.verdictKind !== "reject" &&
-    p.verdictKind !== "defer"
-  ) {
+  if (p.verdictKind !== "accept" && p.verdictKind !== "reject" && p.verdictKind !== "defer") {
     return false;
   }
   if (typeof p.reason !== "string") return false;
-  if (
-    p.candidateConfidence !== undefined &&
-    typeof p.candidateConfidence !== "number"
-  ) {
+  if (p.candidateConfidence !== undefined && typeof p.candidateConfidence !== "number") {
     return false;
   }
   if (p.priorDeferrals !== undefined && typeof p.priorDeferrals !== "number") {

package/dist/chunk-LCR46JY5.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../src/extraction-judge-training.ts"],"sourcesContent":["/**\n * Extraction Judge Training Data Shim (issue #562, PR 4).\n *\n * Opt-in collector for `(candidate_text, verdict_kind, reason,\n * ground_truth_label?)` tuples. Rows are appended to JSONL files under\n * `~/.remnic/judge-training/<YYYY-MM-DD>.jsonl` so operators can ship the\n * data into a future GRPO training pipeline without exfiltrating live\n * memory content through the regular observation ledger.\n *\n * Gating:\n *   - Off by default. Must be explicitly enabled via\n *     `collectJudgeTrainingPairs: true` in plugin config.\n *   - The ground-truth label is always optional — labels are added out-of-\n *     band once reviewers disambiguate the candidate's fate.\n *\n * Privacy: the row carries only what the judge already sees — the\n * candidate text and its metadata. It does NOT carry session keys,\n * principal IDs, or any user identifiers. The file lives in the user's\n * home directory rather than the shared memory directory so it is never\n * committed, sync'd, or bundled into exports.\n */\n\nimport path from \"node:path\";\nimport { homedir } from \"node:os\";\nimport { appendFile, chmod, mkdir, readFile, readdir } from \"node:fs/promises\";\nimport { log } from \"./logger.js\";\nimport type { JudgeVerdictKind } from \"./extraction-judge.js\";\n\n/**\n * Persisted training row. Intentionally minimal: just the signal needed\n * to train a judge replacement policy. Schema version is tagged so future\n * readers can migrate older rows.\n */\nexport interface JudgeTrainingPair {\n  version: 1;\n  ts: string; // ISO-8601\n  candidateText: string;\n  candidateCategory: string;\n  candidateConfidence?: number;\n  verdictKind: JudgeVerdictKind;\n  reason: string;\n  /**\n   * Number of prior deferrals when the verdict was resolved. `0` for the\n   * first resolution; only set when known (defer pathway).\n   */\n  priorDeferrals?: number;\n  /**\n   * Optional human-applied ground-truth label. Added after the fact by a\n   * reviewer / labelling script; not present on fresh rows.\n   */\n  groundTruthLabel?: JudgeVerdictKind;\n}\n\nexport interface JudgeTrainingOptions {\n  enabled: boolean;\n  /**\n   * Override for the output directory. Defaults to\n   * `~/.remnic/judge-training`. Tests pass a temp path here.\n   */\n  directory?: string;\n}\n\n/**\n * Expand a leading `~` / `~/` / `$HOME/` / `${HOME}/` to the process home\n * directory. Node's `fs` APIs do not expand `~` themselves (CLAUDE.md\n * gotcha 17), so every user-facing path input must be funnelled through\n * this helper before it reaches the filesystem.\n */\nfunction expandTilde(p: string): string {\n  const home = homedir();\n  if (p === \"~\" || p.startsWith(\"~/\") || p.startsWith(\"~\\\\\")) {\n    return home + p.slice(1);\n  }\n  if (p === \"$HOME\" || p.startsWith(\"$HOME/\") || p.startsWith(\"$HOME\\\\\")) {\n    return home + p.slice(5);\n  }\n  if (p === \"${HOME}\" || p.startsWith(\"${HOME}/\") || p.startsWith(\"${HOME}\\\\\")) {\n    return home + p.slice(7);\n  }\n  return p;\n}\n\nexport function resolveTrainingDir(options: JudgeTrainingOptions): string {\n  if (options.directory && options.directory.length > 0) {\n    // Expand `~` / `$HOME` in the override so operators can write the\n    // config as the user sees it (CLAUDE.md gotcha 17).\n    return expandTilde(options.directory);\n  }\n  return path.join(homedir(), \".remnic\", \"judge-training\");\n}\n\nfunction dateStamp(iso: string): string {\n  // `YYYY-MM-DD` from an ISO-8601 string. Falls back to today on a parse\n  // failure rather than throwing — the caller already wrote a row and the\n  // timestamp is best-effort.\n  const ms = Date.parse(iso);\n  const d = Number.isFinite(ms) ? new Date(ms) : new Date();\n  const yyyy = d.getUTCFullYear().toString().padStart(4, \"0\");\n  const mm = (d.getUTCMonth() + 1).toString().padStart(2, \"0\");\n  const dd = d.getUTCDate().toString().padStart(2, \"0\");\n  return `${yyyy}-${mm}-${dd}`;\n}\n\nexport function trainingFilePathFor(\n  directory: string,\n  iso: string,\n): string {\n  return path.join(directory, `${dateStamp(iso)}.jsonl`);\n}\n\n/**\n * Append a single training row. Fails open — write errors are logged at\n * debug level and swallowed, same policy as the telemetry emitter.\n * No-op when `options.enabled` is false.\n */\nexport async function recordJudgeTrainingPair(\n  row: JudgeTrainingPair,\n  options: JudgeTrainingOptions,\n): Promise<void> {\n  if (!options.enabled) return;\n  const dir = resolveTrainingDir(options);\n  const filePath = trainingFilePathFor(dir, row.ts);\n  try {\n    await mkdir(dir, { recursive: true, mode: 0o700 });\n    await appendFile(filePath, `${JSON.stringify(row)}\\n`, {\n      encoding: \"utf-8\",\n      mode: 0o600,\n    });\n    await chmod(filePath, 0o600);\n  } catch (err) {\n    log.debug(\n      `extraction-judge-training: append failed (non-fatal): ${err instanceof Error ? err.message : String(err)}`,\n    );\n  }\n}\n\n/**\n * Read all training rows from the configured directory. Returns an empty\n * array when the directory is missing. Malformed lines are skipped and\n * counted in the returned `malformed` tally.\n */\nexport async function readJudgeTrainingPairs(\n  options: Pick<JudgeTrainingOptions, \"directory\">,\n): Promise<{ rows: JudgeTrainingPair[]; malformed: number }> {\n  const dir = resolveTrainingDir({ enabled: true, ...options });\n  let entries: string[];\n  try {\n    entries = await readdir(dir);\n  } catch (err) {\n    const code = (err as NodeJS.ErrnoException).code;\n    if (code === \"ENOENT\") return { rows: [], malformed: 0 };\n    throw err;\n  }\n\n  const rows: JudgeTrainingPair[] = [];\n  let malformed = 0;\n  // Sort so reads are deterministic across platforms.\n  entries.sort();\n  for (const name of entries) {\n    if (!name.endsWith(\".jsonl\")) continue;\n    const raw = await readFile(path.join(dir, name), \"utf-8\");\n    for (const line of raw.split(\"\\n\")) {\n      if (!line.trim()) continue;\n      let parsed: unknown;\n      try {\n        parsed = JSON.parse(line);\n      } catch {\n        malformed += 1;\n        continue;\n      }\n      if (!isValidTrainingPair(parsed)) {\n        malformed += 1;\n        continue;\n      }\n      rows.push(parsed);\n    }\n  }\n  return { rows, malformed };\n}\n\n/**\n * Structural validator matching the persisted schema. Forward-compat: an\n * unknown `verdictKind` string is treated as malformed (strict training\n * signal — we do not want to admit unlabelled gibberish into a trainer).\n */\nexport function isValidTrainingPair(value: unknown): value is JudgeTrainingPair {\n  if (typeof value !== \"object\" || value === null || Array.isArray(value)) {\n    return false;\n  }\n  const p = value as Record<string, unknown>;\n  if (p.version !== 1) return false;\n  if (typeof p.ts !== \"string\") return false;\n  if (typeof p.candidateText !== \"string\") return false;\n  if (typeof p.candidateCategory !== \"string\") return false;\n  if (\n    p.verdictKind !== \"accept\" &&\n    p.verdictKind !== \"reject\" &&\n    p.verdictKind !== \"defer\"\n  ) {\n    return false;\n  }\n  if (typeof p.reason !== \"string\") return false;\n  if (\n    p.candidateConfidence !== undefined &&\n    typeof p.candidateConfidence !== \"number\"\n  ) {\n    return false;\n  }\n  if (p.priorDeferrals !== undefined && typeof p.priorDeferrals !== \"number\") {\n    return false;\n  }\n  if (\n    p.groundTruthLabel !== undefined &&\n    p.groundTruthLabel !== \"accept\" &&\n    p.groundTruthLabel !== \"reject\" &&\n    p.groundTruthLabel !== \"defer\"\n  ) {\n    return false;\n  }\n  return true;\n}\n"],"mappings":";;;;;AAsBA,OAAO,UAAU;AACjB,SAAS,eAAe;AACxB,SAAS,YAAY,OAAO,OAAO,UAAU,eAAe;AA4C5D,SAAS,YAAY,GAAmB;AACtC,QAAM,OAAO,QAAQ;AACrB,MAAI,MAAM,OAAO,EAAE,WAAW,IAAI,KAAK,EAAE,WAAW,KAAK,GAAG;AAC1D,WAAO,OAAO,EAAE,MAAM,CAAC;AAAA,EACzB;AACA,MAAI,MAAM,WAAW,EAAE,WAAW,QAAQ,KAAK,EAAE,WAAW,SAAS,GAAG;AACtE,WAAO,OAAO,EAAE,MAAM,CAAC;AAAA,EACzB;AACA,MAAI,MAAM,aAAa,EAAE,WAAW,UAAU,KAAK,EAAE,WAAW,WAAW,GAAG;AAC5E,WAAO,OAAO,EAAE,MAAM,CAAC;AAAA,EACzB;AACA,SAAO;AACT;AAEO,SAAS,mBAAmB,SAAuC;AACxE,MAAI,QAAQ,aAAa,QAAQ,UAAU,SAAS,GAAG;AAGrD,WAAO,YAAY,QAAQ,SAAS;AAAA,EACtC;AACA,SAAO,KAAK,KAAK,QAAQ,GAAG,WAAW,gBAAgB;AACzD;AAEA,SAAS,UAAU,KAAqB;AAItC,QAAM,KAAK,KAAK,MAAM,GAAG;AACzB,QAAM,IAAI,OAAO,SAAS,EAAE,IAAI,IAAI,KAAK,EAAE,IAAI,oBAAI,KAAK;AACxD,QAAM,OAAO,EAAE,eAAe,EAAE,SAAS,EAAE,SAAS,GAAG,GAAG;AAC1D,QAAM,MAAM,EAAE,YAAY,IAAI,GAAG,SAAS,EAAE,SAAS,GAAG,GAAG;AAC3D,QAAM,KAAK,EAAE,WAAW,EAAE,SAAS,EAAE,SAAS,GAAG,GAAG;AACpD,SAAO,GAAG,IAAI,IAAI,EAAE,IAAI,EAAE;AAC5B;AAEO,SAAS,oBACd,WACA,KACQ;AACR,SAAO,KAAK,KAAK,WAAW,GAAG,UAAU,GAAG,CAAC,QAAQ;AACvD;AAOA,eAAsB,wBACpB,KACA,SACe;AACf,MAAI,CAAC,QAAQ,QAAS;AACtB,QAAM,MAAM,mBAAmB,OAAO;AACtC,QAAM,WAAW,oBAAoB,KAAK,IAAI,EAAE;AAChD,MAAI;AACF,UAAM,MAAM,KAAK,EAAE,WAAW,MAAM,MAAM,IAAM,CAAC;AACjD,UAAM,WAAW,UAAU,GAAG,KAAK,UAAU,GAAG,CAAC;AAAA,GAAM;AAAA,MACrD,UAAU;AAAA,MACV,MAAM;AAAA,IACR,CAAC;AACD,UAAM,MAAM,UAAU,GAAK;AAAA,EAC7B,SAAS,KAAK;AACZ,QAAI;AAAA,MACF,yDAAyD,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG,CAAC;AAAA,IAC3G;AAAA,EACF;AACF;AAOA,eAAsB,uBACpB,SAC2D;AAC3D,QAAM,MAAM,mBAAmB,EAAE,SAAS,MAAM,GAAG,QAAQ,CAAC;AAC5D,MAAI;AACJ,MAAI;AACF,cAAU,MAAM,QAAQ,GAAG;AAAA,EAC7B,SAAS,KAAK;AACZ,UAAM,OAAQ,IAA8B;AAC5C,QAAI,SAAS,SAAU,QAAO,EAAE,MAAM,CAAC,GAAG,WAAW,EAAE;AACvD,UAAM;AAAA,EACR;AAEA,QAAM,OAA4B,CAAC;AACnC,MAAI,YAAY;AAEhB,UAAQ,KAAK;AACb,aAAW,QAAQ,SAAS;AAC1B,QAAI,CAAC,KAAK,SAAS,QAAQ,EAAG;AAC9B,UAAM,MAAM,MAAM,SAAS,KAAK,KAAK,KAAK,IAAI,GAAG,OAAO;AACxD,eAAW,QAAQ,IAAI,MAAM,IAAI,GAAG;AAClC,UAAI,CAAC,KAAK,KAAK,EAAG;AAClB,UAAI;AACJ,UAAI;AACF,iBAAS,KAAK,MAAM,IAAI;AAAA,MAC1B,QAAQ;AACN,qBAAa;AACb;AAAA,MACF;AACA,UAAI,CAAC,oBAAoB,MAAM,GAAG;AAChC,qBAAa;AACb;AAAA,MACF;AACA,WAAK,KAAK,MAAM;AAAA,IAClB;AAAA,EACF;AACA,SAAO,EAAE,MAAM,UAAU;AAC3B;AAOO,SAAS,oBAAoB,OAA4C;AAC9E,MAAI,OAAO,UAAU,YAAY,UAAU,QAAQ,MAAM,QAAQ,KAAK,GAAG;AACvE,WAAO;AAAA,EACT;AACA,QAAM,IAAI;AACV,MAAI,EAAE,YAAY,EAAG,QAAO;AAC5B,MAAI,OAAO,EAAE,OAAO,SAAU,QAAO;AACrC,MAAI,OAAO,EAAE,kBAAkB,SAAU,QAAO;AAChD,MAAI,OAAO,EAAE,sBAAsB,SAAU,QAAO;AACpD,MACE,EAAE,gBAAgB,YAClB,EAAE,gBAAgB,YAClB,EAAE,gBAAgB,SAClB;AACA,WAAO;AAAA,EACT;AACA,MAAI,OAAO,EAAE,WAAW,SAAU,QAAO;AACzC,MACE,EAAE,wBAAwB,UAC1B,OAAO,EAAE,wBAAwB,UACjC;AACA,WAAO;AAAA,EACT;AACA,MAAI,EAAE,mBAAmB,UAAa,OAAO,EAAE,mBAAmB,UAAU;AAC1E,WAAO;AAAA,EACT;AACA,MACE,EAAE,qBAAqB,UACvB,EAAE,qBAAqB,YACvB,EAAE,qBAAqB,YACvB,EAAE,qBAAqB,SACvB;AACA,WAAO;AAAA,EACT;AACA,SAAO;AACT;","names":[]}