@remnic/core 9.3.685 → 9.3.686
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/access-boundary.d.ts +2 -2
- package/dist/access-boundary.js +2 -2
- package/dist/access-cli.js +88 -7
- package/dist/access-cli.js.map +1 -1
- package/dist/access-http.d.ts +1 -1
- package/dist/access-http.js +5 -5
- package/dist/access-mcp.d.ts +12 -2
- package/dist/access-mcp.js +4 -4
- package/dist/access-operations.d.ts +8 -3
- package/dist/access-operations.js +5 -3
- package/dist/access-schema.d.ts +4 -4
- package/dist/{access-service-DeKrlYU_.d.ts → access-service-DmCHJ4cH.d.ts} +105 -29
- package/dist/access-service.d.ts +1 -1
- package/dist/access-service.js +1 -1
- package/dist/access-surface-catalog.d.ts +1 -1
- package/dist/access-surface-catalog.js +2 -0
- package/dist/access-surface-catalog.js.map +1 -1
- package/dist/{chunk-OFUULUSY.js → chunk-473JIN2U.js} +56 -5
- package/dist/chunk-473JIN2U.js.map +1 -0
- package/dist/{chunk-SQGPGC76.js → chunk-FUCUR2OZ.js} +540 -43
- package/dist/chunk-FUCUR2OZ.js.map +1 -0
- package/dist/{chunk-IIDSFFE5.js → chunk-KFBOZYME.js} +42 -3
- package/dist/chunk-KFBOZYME.js.map +1 -0
- package/dist/{chunk-PK6RGRSD.js → chunk-NN7QYW5W.js} +2 -2
- package/dist/chunk-NN7QYW5W.js.map +1 -0
- package/dist/{chunk-JPCKLFWK.js → chunk-QVMXQGT7.js} +6 -5
- package/dist/chunk-QVMXQGT7.js.map +1 -0
- package/dist/{chunk-BZISAF67.js → chunk-S2OU5DZY.js} +28 -6
- package/dist/chunk-S2OU5DZY.js.map +1 -0
- package/dist/{cli-D3-Q5Uod.d.ts → cli-D8nZ2MPH.d.ts} +1 -1
- package/dist/cli.d.ts +2 -2
- package/dist/cli.js +6 -6
- package/dist/index.d.ts +2 -2
- package/dist/index.js +6 -6
- package/dist/mcp-memory-inspector-app.d.ts +1 -1
- package/dist/schemas.d.ts +38 -38
- package/dist/transfer/types.d.ts +22 -22
- package/package.json +2 -2
- package/src/access-boundary.ts +2 -1
- package/src/access-cli.ts +94 -4
- package/src/access-http.ts +39 -1
- package/src/access-mcp.ts +54 -1
- package/src/access-operations.ts +66 -0
- package/src/access-service.ts +147 -62
- package/src/access-surface-catalog.test.ts +1 -1
- package/src/access-surface-catalog.ts +2 -0
- package/src/cli.ts +1 -0
- package/src/coding/decision-surfaces.test.ts +279 -0
- package/src/coding/decision-surfaces.ts +475 -0
- package/dist/chunk-BZISAF67.js.map +0 -1
- package/dist/chunk-IIDSFFE5.js.map +0 -1
- package/dist/chunk-JPCKLFWK.js.map +0 -1
- package/dist/chunk-OFUULUSY.js.map +0 -1
- package/dist/chunk-PK6RGRSD.js.map +0 -1
- package/dist/chunk-SQGPGC76.js.map +0 -1
package/src/access-cli.ts
CHANGED
|
@@ -11,10 +11,11 @@ import { getOperation } from "./access-boundary.js";
|
|
|
11
11
|
// Importing access-operations registers the pilot boundary operations as a
|
|
12
12
|
// side effect; the store command dispatches through the registry (issue #1525).
|
|
13
13
|
import "./access-operations.js";
|
|
14
|
+
import { projectTagProjectId } from "./coding/coding-namespace.js";
|
|
14
15
|
|
|
15
16
|
const OPENCLAW_REMNIC_PLUGIN_IDS = ["openclaw-remnic", "openclaw-engram"] as const;
|
|
16
17
|
|
|
17
|
-
type CommandName = "browse" | "store";
|
|
18
|
+
type CommandName = "browse" | "store" | "decision";
|
|
18
19
|
|
|
19
20
|
type ParsedArgs = {
|
|
20
21
|
command: CommandName;
|
|
@@ -133,9 +134,9 @@ function writeCliOutput(text: string = ""): void {
|
|
|
133
134
|
|
|
134
135
|
function usage(): string {
|
|
135
136
|
return [
|
|
136
|
-
"Usage:",
|
|
137
137
|
" engram-access browse [options]",
|
|
138
138
|
" engram-access store [options]",
|
|
139
|
+
" engram-access decision [options]",
|
|
139
140
|
"",
|
|
140
141
|
"Browse options:",
|
|
141
142
|
" --namespace <name>",
|
|
@@ -160,6 +161,21 @@ function usage(): string {
|
|
|
160
161
|
" --source-reason <text>",
|
|
161
162
|
" --idempotency-key <key>",
|
|
162
163
|
" --dry-run",
|
|
164
|
+
"",
|
|
165
|
+
"Decision options:",
|
|
166
|
+
" --subcommand <list|get|record|supersede>",
|
|
167
|
+
" --namespace <name>",
|
|
168
|
+
" --session-key <key>",
|
|
169
|
+
" --principal <principal>",
|
|
170
|
+
" --id <id> (get/supersede)",
|
|
171
|
+
" --title <title> (record/supersede)",
|
|
172
|
+
" --status <proposed|accepted|superseded|rejected> (record)",
|
|
173
|
+
" --context <text> (record/supersede)",
|
|
174
|
+
" --decision <text> (record/supersede)",
|
|
175
|
+
" --consequences <text> (record/supersede)",
|
|
176
|
+
" --entity-ref <ref> (repeatable)",
|
|
177
|
+
" --project-tag <tag> (attach coding context for this invocation)",
|
|
178
|
+
" --supersedes-id <id> (alias for --id on supersede)",
|
|
163
179
|
].join("\n");
|
|
164
180
|
}
|
|
165
181
|
|
|
@@ -194,8 +210,25 @@ const COMMAND_SPECS: Record<CommandName, CommandSpec> = {
|
|
|
194
210
|
]),
|
|
195
211
|
flagOptions: new Set(["dry-run"]),
|
|
196
212
|
},
|
|
213
|
+
decision: {
|
|
214
|
+
valueOptions: new Set([
|
|
215
|
+
"subcommand",
|
|
216
|
+
"namespace",
|
|
217
|
+
"session-key",
|
|
218
|
+
"principal",
|
|
219
|
+
"id",
|
|
220
|
+
"title",
|
|
221
|
+
"status",
|
|
222
|
+
"context",
|
|
223
|
+
"decision",
|
|
224
|
+
"consequences",
|
|
225
|
+
"entity-ref",
|
|
226
|
+
"project-tag",
|
|
227
|
+
"supersedes-id",
|
|
228
|
+
]),
|
|
229
|
+
flagOptions: new Set(),
|
|
230
|
+
},
|
|
197
231
|
};
|
|
198
|
-
|
|
199
232
|
const BROWSE_SORT_VALUES = Object.freeze([
|
|
200
233
|
"updated_desc",
|
|
201
234
|
"updated_asc",
|
|
@@ -207,7 +240,7 @@ type BrowseSort = (typeof BROWSE_SORT_VALUES)[number];
|
|
|
207
240
|
|
|
208
241
|
function parseArgs(argv: string[]): ParsedArgs {
|
|
209
242
|
const [commandRaw, ...rest] = argv;
|
|
210
|
-
if (commandRaw !== "browse" && commandRaw !== "store") {
|
|
243
|
+
if (commandRaw !== "browse" && commandRaw !== "store" && commandRaw !== "decision") {
|
|
211
244
|
throw new UsageError("unsupported-command");
|
|
212
245
|
}
|
|
213
246
|
const spec = COMMAND_SPECS[commandRaw];
|
|
@@ -466,6 +499,59 @@ function expandOptionalPath(value: string | undefined): string | undefined {
|
|
|
466
499
|
return value === undefined ? undefined : expandTildePath(value);
|
|
467
500
|
}
|
|
468
501
|
|
|
502
|
+
/**
|
|
503
|
+
* Decision-record surface (issue #1548 Track A PR 2). Dispatches through the
|
|
504
|
+
* same `coding_decision` operation as the MCP tool and HTTP route — one
|
|
505
|
+
* validation boundary, three transports.
|
|
506
|
+
*/
|
|
507
|
+
async function runDecision(args: ParsedArgs, preferredId?: string): Promise<void> {
|
|
508
|
+
const subcommand = requireOption(args, "subcommand");
|
|
509
|
+
const { config, service } = buildRuntime(preferredId);
|
|
510
|
+
// The CLI creates a fresh Orchestrator per invocation, so the session
|
|
511
|
+
// coding-context map is empty. If --project-tag + --session-key are
|
|
512
|
+
// provided, attach a coding context BEFORE dispatching so the gate
|
|
513
|
+
// passes and project-scoped writes resolve to the right namespace
|
|
514
|
+
// (review P2).
|
|
515
|
+
const projectTag = getLastOption(args, "project-tag");
|
|
516
|
+
const sessionKey = getLastOption(args, "session-key");
|
|
517
|
+
if (projectTag && projectTag.trim().length > 0 && sessionKey && sessionKey.trim().length > 0) {
|
|
518
|
+
const projectId = projectTagProjectId(projectTag.trim());
|
|
519
|
+
service.setCodingContext({
|
|
520
|
+
sessionKey,
|
|
521
|
+
codingContext: {
|
|
522
|
+
projectId,
|
|
523
|
+
branch: null,
|
|
524
|
+
rootPath: projectId,
|
|
525
|
+
defaultBranch: null,
|
|
526
|
+
},
|
|
527
|
+
});
|
|
528
|
+
}
|
|
529
|
+
const op = getOperation("coding_decision");
|
|
530
|
+
if (!op) {
|
|
531
|
+
throw new Error("access-boundary: operation not registered: coding_decision");
|
|
532
|
+
}
|
|
533
|
+
const output = (await op.run(
|
|
534
|
+
{
|
|
535
|
+
subcommand,
|
|
536
|
+
namespace: getLastOption(args, "namespace"),
|
|
537
|
+
sessionKey,
|
|
538
|
+
id: getLastOption(args, "id"),
|
|
539
|
+
supersedesId: getLastOption(args, "supersedes-id"),
|
|
540
|
+
title: getLastOption(args, "title"),
|
|
541
|
+
status: getLastOption(args, "status"),
|
|
542
|
+
context: getLastOption(args, "context"),
|
|
543
|
+
decision: getLastOption(args, "decision"),
|
|
544
|
+
consequences: getLastOption(args, "consequences"),
|
|
545
|
+
entityRefs: getAllOptions(args, "entity-ref"),
|
|
546
|
+
},
|
|
547
|
+
{
|
|
548
|
+
service,
|
|
549
|
+
authenticatedPrincipal: getLastOption(args, "principal") ?? config.agentAccessHttp.principal,
|
|
550
|
+
},
|
|
551
|
+
)) as { result: unknown };
|
|
552
|
+
console.log(JSON.stringify(output.result, null, 2));
|
|
553
|
+
}
|
|
554
|
+
|
|
469
555
|
export async function main(
|
|
470
556
|
argv: string[] = process.argv.slice(2),
|
|
471
557
|
options: AccessCliOptions = {},
|
|
@@ -475,6 +561,10 @@ export async function main(
|
|
|
475
561
|
await runBrowse(args, options.preferredId);
|
|
476
562
|
return;
|
|
477
563
|
}
|
|
564
|
+
if (args.command === "decision") {
|
|
565
|
+
await runDecision(args, options.preferredId);
|
|
566
|
+
return;
|
|
567
|
+
}
|
|
478
568
|
await runStore(args, options.preferredId);
|
|
479
569
|
}
|
|
480
570
|
|
package/src/access-http.ts
CHANGED
|
@@ -315,6 +315,7 @@ export class EngramAccessHttpServer {
|
|
|
315
315
|
citationsEnabled: options.citationsEnabled,
|
|
316
316
|
citationsAutoDetect: options.citationsAutoDetect,
|
|
317
317
|
emitLegacyTools: options.emitLegacyTools,
|
|
318
|
+
codingDecisionVisible: this.service.decisionRecordSurfaceVisible,
|
|
318
319
|
});
|
|
319
320
|
}
|
|
320
321
|
|
|
@@ -1331,6 +1332,35 @@ export class EngramAccessHttpServer {
|
|
|
1331
1332
|
return;
|
|
1332
1333
|
}
|
|
1333
1334
|
|
|
1335
|
+
if (req.method === "POST" && pathname === "/engram/v1/coding/decisions") {
|
|
1336
|
+
// Migrated through the access boundary (issue #1525/#1548): the
|
|
1337
|
+
// registry entry owns schema validation and service dispatch. HTTP
|
|
1338
|
+
// resolves the request principal; the boundary re-validates the
|
|
1339
|
+
// cleaned envelope. record/supersede persist decision memories, so they
|
|
1340
|
+
// are gated by the same 30/min write quota as /engram/v1/memories,
|
|
1341
|
+
// suggestions, and observe; list/get are pure reads and stay uncounted
|
|
1342
|
+
// (review P2: apply write quotas to decision writes).
|
|
1343
|
+
const body = await this.readJsonBody(req);
|
|
1344
|
+
const isWriteSubcommand =
|
|
1345
|
+
body.subcommand === "record" || body.subcommand === "supersede";
|
|
1346
|
+
if (isWriteSubcommand) {
|
|
1347
|
+
this.ensureWriteRateLimitAvailable();
|
|
1348
|
+
}
|
|
1349
|
+
const op = getOperation("coding_decision");
|
|
1350
|
+
if (!op) {
|
|
1351
|
+
throw new EngramAccessInputError("access-boundary: operation not registered: coding_decision");
|
|
1352
|
+
}
|
|
1353
|
+
const output = (await op.run(body, {
|
|
1354
|
+
service: this.service,
|
|
1355
|
+
authenticatedPrincipal: this.resolveRequestPrincipal(req),
|
|
1356
|
+
})) as { result: unknown };
|
|
1357
|
+
if (isWriteSubcommand) {
|
|
1358
|
+
this.recordWriteRateLimitHit();
|
|
1359
|
+
}
|
|
1360
|
+
this.respondJson(res, 200, output.result);
|
|
1361
|
+
return;
|
|
1362
|
+
}
|
|
1363
|
+
|
|
1334
1364
|
if (req.method === "POST" && pathname === "/engram/v1/suggestions") {
|
|
1335
1365
|
const body = await this.readValidatedBody(req, "suggestionSubmit");
|
|
1336
1366
|
const request = {
|
|
@@ -2183,6 +2213,13 @@ export class EngramAccessHttpServer {
|
|
|
2183
2213
|
typeof toolArgs === "object" &&
|
|
2184
2214
|
!Array.isArray(toolArgs) &&
|
|
2185
2215
|
(toolArgs as { dryRun?: unknown }).dryRun === true;
|
|
2216
|
+
const codingDecisionWrite =
|
|
2217
|
+
(toolName === "engram.coding_decision" || toolName === "remnic.coding_decision") &&
|
|
2218
|
+
toolArgs !== null &&
|
|
2219
|
+
typeof toolArgs === "object" &&
|
|
2220
|
+
!Array.isArray(toolArgs) &&
|
|
2221
|
+
((toolArgs as { subcommand?: unknown }).subcommand === "record" ||
|
|
2222
|
+
(toolArgs as { subcommand?: unknown }).subcommand === "supersede");
|
|
2186
2223
|
const isMcpWrite =
|
|
2187
2224
|
request.method === "tools/call" &&
|
|
2188
2225
|
(
|
|
@@ -2210,7 +2247,8 @@ export class EngramAccessHttpServer {
|
|
|
2210
2247
|
toolName === "engram.memory_action_apply" ||
|
|
2211
2248
|
toolName === "remnic.memory_action_apply"
|
|
2212
2249
|
)
|
|
2213
|
-
)
|
|
2250
|
+
) ||
|
|
2251
|
+
codingDecisionWrite
|
|
2214
2252
|
);
|
|
2215
2253
|
if (isMcpWrite) {
|
|
2216
2254
|
this.ensureWriteRateLimitAvailable();
|
package/src/access-mcp.ts
CHANGED
|
@@ -109,6 +109,7 @@ const MCP_MIGRATED_OPERATIONS: Readonly<Record<string, OperationName>> = {
|
|
|
109
109
|
"engram.memory_get": "memory_get",
|
|
110
110
|
"engram.memory_search": "memory_search",
|
|
111
111
|
"engram.memory_store": "memory_store",
|
|
112
|
+
"engram.coding_decision": "coding_decision",
|
|
112
113
|
};
|
|
113
114
|
|
|
114
115
|
function resolveChatGptInspectorRecallSessionKey(
|
|
@@ -304,7 +305,9 @@ export class EngramMcpServer {
|
|
|
304
305
|
*/
|
|
305
306
|
private initSessionIds = new Map<string, string>();
|
|
306
307
|
|
|
307
|
-
/**
|
|
308
|
+
/**
|
|
309
|
+
* Whether oai-mem-citation guidance is explicitly enabled via config.
|
|
310
|
+
*/
|
|
308
311
|
private readonly citationsEnabled: boolean;
|
|
309
312
|
/** Whether to auto-enable citations for Codex adapter connections. */
|
|
310
313
|
private readonly citationsAutoDetect: boolean;
|
|
@@ -314,6 +317,13 @@ export class EngramMcpServer {
|
|
|
314
317
|
* set false to halve the advertised `tools/list` surface.
|
|
315
318
|
*/
|
|
316
319
|
private readonly emitLegacyTools: boolean;
|
|
320
|
+
/**
|
|
321
|
+
* Whether the `coding_decision` tool should appear in `tools/list`. Gated on
|
|
322
|
+
* `codingKnowledge.enabled && codingKnowledge.decisionRecords` (issue #1548
|
|
323
|
+
* Track A PR 2, rule 39). When false the tools array is byte-identical to
|
|
324
|
+
* pre-feature.
|
|
325
|
+
*/
|
|
326
|
+
private readonly codingDecisionVisible: boolean;
|
|
317
327
|
|
|
318
328
|
constructor(
|
|
319
329
|
private readonly service: EngramAccessService,
|
|
@@ -322,11 +332,13 @@ export class EngramMcpServer {
|
|
|
322
332
|
citationsEnabled?: boolean;
|
|
323
333
|
citationsAutoDetect?: boolean;
|
|
324
334
|
emitLegacyTools?: boolean;
|
|
335
|
+
codingDecisionVisible?: boolean;
|
|
325
336
|
} = {},
|
|
326
337
|
) {
|
|
327
338
|
this.citationsEnabled = options.citationsEnabled === true;
|
|
328
339
|
this.citationsAutoDetect = options.citationsAutoDetect !== false;
|
|
329
340
|
this.emitLegacyTools = options.emitLegacyTools !== false;
|
|
341
|
+
this.codingDecisionVisible = options.codingDecisionVisible === true;
|
|
330
342
|
this.authenticatedPrincipal =
|
|
331
343
|
options.principal?.trim() ||
|
|
332
344
|
readEnvVar("OPENCLAW_ENGRAM_ACCESS_PRINCIPAL")?.trim() ||
|
|
@@ -1946,6 +1958,47 @@ export class EngramMcpServer {
|
|
|
1946
1958
|
},
|
|
1947
1959
|
},
|
|
1948
1960
|
].flatMap((tool) => withToolAliases(tool, this.emitLegacyTools));
|
|
1961
|
+
if (this.codingDecisionVisible) {
|
|
1962
|
+
const codingDecisionTools = withToolAliases(
|
|
1963
|
+
{
|
|
1964
|
+
name: "engram.coding_decision",
|
|
1965
|
+
description:
|
|
1966
|
+
"List, get, record, or supersede decision records in the session's coding namespace (issue #1548 Track A). Subcommands: list, get, record, supersede.",
|
|
1967
|
+
inputSchema: {
|
|
1968
|
+
type: "object",
|
|
1969
|
+
properties: {
|
|
1970
|
+
subcommand: {
|
|
1971
|
+
type: "string",
|
|
1972
|
+
enum: ["list", "get", "record", "supersede"],
|
|
1973
|
+
description: "Which decision-record operation to run.",
|
|
1974
|
+
},
|
|
1975
|
+
sessionKey: { type: "string", description: "Session identifier whose coding context scopes the operation." },
|
|
1976
|
+
namespace: { type: "string", description: "Optional explicit namespace (overrides coding-context overlay)." },
|
|
1977
|
+
id: { type: "string", description: "Decision record id (required for get and supersede)." },
|
|
1978
|
+
title: { type: "string", description: "Decision title (required for record and supersede)." },
|
|
1979
|
+
status: {
|
|
1980
|
+
type: "string",
|
|
1981
|
+
enum: ["proposed", "accepted", "superseded", "rejected"],
|
|
1982
|
+
description: "Decision status (record only; defaults to proposed).",
|
|
1983
|
+
},
|
|
1984
|
+
context: { type: "string", description: "Context/background for the decision." },
|
|
1985
|
+
decision: { type: "string", description: "The decision itself (required for record and supersede)." },
|
|
1986
|
+
consequences: { type: "string", description: "Consequences of the decision." },
|
|
1987
|
+
entityRefs: {
|
|
1988
|
+
type: "array",
|
|
1989
|
+
items: { type: "string" },
|
|
1990
|
+
description: "Entity references the decision relates to.",
|
|
1991
|
+
},
|
|
1992
|
+
supersedesId: { type: "string", description: "Id of the record this decision supersedes (supersede only)." },
|
|
1993
|
+
},
|
|
1994
|
+
required: ["subcommand"],
|
|
1995
|
+
additionalProperties: false,
|
|
1996
|
+
},
|
|
1997
|
+
},
|
|
1998
|
+
this.emitLegacyTools,
|
|
1999
|
+
);
|
|
2000
|
+
this.tools = [...this.tools, ...codingDecisionTools];
|
|
2001
|
+
}
|
|
1949
2002
|
}
|
|
1950
2003
|
|
|
1951
2004
|
/** Get clientInfo for a specific MCP session. Returns undefined for non-MCP requests. */
|
package/src/access-operations.ts
CHANGED
|
@@ -20,6 +20,11 @@ import type {
|
|
|
20
20
|
EngramAccessMemoryResponse,
|
|
21
21
|
EngramAccessWriteResponse,
|
|
22
22
|
} from "./access-service.js";
|
|
23
|
+
import {
|
|
24
|
+
DECISION_SUBCOMMANDS,
|
|
25
|
+
type DecisionSurfaceRequest,
|
|
26
|
+
type DecisionSurfaceResponse,
|
|
27
|
+
} from "./coding/decision-surfaces.js";
|
|
23
28
|
|
|
24
29
|
// ---------------------------------------------------------------------------
|
|
25
30
|
// memory_get — fetch one memory by id
|
|
@@ -135,12 +140,72 @@ export const memoryStoreOperation = defineOperation<MemoryStoreInput, MemoryStor
|
|
|
135
140
|
// so the hook still fires inside the service's idempotent-write lock —
|
|
136
141
|
// never before, never on a replay (#1434 invariant preserved by the
|
|
137
142
|
// boundary migration).
|
|
143
|
+
|
|
138
144
|
ctx.hooks,
|
|
139
145
|
);
|
|
140
146
|
return { result };
|
|
141
147
|
},
|
|
142
148
|
});
|
|
143
149
|
|
|
150
|
+
// ---------------------------------------------------------------------------
|
|
151
|
+
// coding_decision — decision-record surfaces (issue #1548 Track A PR 2)
|
|
152
|
+
// ---------------------------------------------------------------------------
|
|
153
|
+
|
|
154
|
+
/**
|
|
155
|
+
* The subcommand field is required and MUST be one of the four valid values
|
|
156
|
+
* (rule 51 — reject loudly, list the options, never silently default). The
|
|
157
|
+
* remaining fields are optional because each subcommand uses a different
|
|
158
|
+
* subset; the handler validates subcommand-specific requirements after
|
|
159
|
+
* routing.
|
|
160
|
+
*/
|
|
161
|
+
/**
|
|
162
|
+
* MCP clients send `null` for absent optional fields. Zod `.optional()`
|
|
163
|
+
* rejects `null`, so strip nulls at the object level before the inner
|
|
164
|
+
* schema validates (review: cursor null-field thread).
|
|
165
|
+
*/
|
|
166
|
+
const codingDecisionSchema = z.preprocess(
|
|
167
|
+
(data) => {
|
|
168
|
+
if (data && typeof data === "object" && !Array.isArray(data)) {
|
|
169
|
+
const out: Record<string, unknown> = {};
|
|
170
|
+
for (const [k, v] of Object.entries(data as Record<string, unknown>)) {
|
|
171
|
+
if (v !== null) out[k] = v;
|
|
172
|
+
}
|
|
173
|
+
return out;
|
|
174
|
+
}
|
|
175
|
+
return data;
|
|
176
|
+
},
|
|
177
|
+
z.object({
|
|
178
|
+
subcommand: z.enum(DECISION_SUBCOMMANDS),
|
|
179
|
+
sessionKey: z.string().trim().max(512).optional(),
|
|
180
|
+
namespace: z.string().trim().max(256).optional(),
|
|
181
|
+
id: z.string().trim().max(512).optional(),
|
|
182
|
+
title: z.string().trim().max(512).optional(),
|
|
183
|
+
status: z.string().trim().max(64).optional(),
|
|
184
|
+
context: z.string().trim().max(8192).optional(),
|
|
185
|
+
decision: z.string().trim().max(8192).optional(),
|
|
186
|
+
consequences: z.string().trim().max(8192).optional(),
|
|
187
|
+
entityRefs: z.array(z.string().trim().min(1).max(256)).optional(),
|
|
188
|
+
supersedesId: z.string().trim().max(512).optional(),
|
|
189
|
+
}),
|
|
190
|
+
);
|
|
191
|
+
|
|
192
|
+
export type CodingDecisionInput = DecisionSurfaceRequest;
|
|
193
|
+
export type CodingDecisionOutput = { result: DecisionSurfaceResponse };
|
|
194
|
+
|
|
195
|
+
export const codingDecisionOperation = defineOperation<
|
|
196
|
+
CodingDecisionInput,
|
|
197
|
+
CodingDecisionOutput
|
|
198
|
+
>({
|
|
199
|
+
name: "coding_decision",
|
|
200
|
+
description:
|
|
201
|
+
"List, get, record, or supersede decision records in the session's coding namespace (issue #1548 Track A).",
|
|
202
|
+
schema: codingDecisionSchema as z.ZodType<CodingDecisionInput>,
|
|
203
|
+
handler: async (input, ctx) => {
|
|
204
|
+
const result = await ctx.service.codingDecision(input, ctx.authenticatedPrincipal);
|
|
205
|
+
return { result };
|
|
206
|
+
},
|
|
207
|
+
});
|
|
208
|
+
|
|
144
209
|
// ---------------------------------------------------------------------------
|
|
145
210
|
// Surface registration map — what each transport calls the pilot ops
|
|
146
211
|
// ---------------------------------------------------------------------------
|
|
@@ -154,4 +219,5 @@ export const REGISTERED_OPERATIONS = [
|
|
|
154
219
|
memoryGetOperation.spec.name,
|
|
155
220
|
memorySearchOperation.spec.name,
|
|
156
221
|
memoryStoreOperation.spec.name,
|
|
222
|
+
codingDecisionOperation.spec.name,
|
|
157
223
|
] as const;
|
package/src/access-service.ts
CHANGED
|
@@ -12,7 +12,13 @@ import {
|
|
|
12
12
|
lcmSessionKeyForNamespace,
|
|
13
13
|
projectTagProjectId,
|
|
14
14
|
resolveCodingNamespaceOverlay,
|
|
15
|
+
type CodingNamespaceOverlay,
|
|
15
16
|
} from "./coding/coding-namespace.js";
|
|
17
|
+
import {
|
|
18
|
+
handleCodingDecision,
|
|
19
|
+
type DecisionSurfaceRequest,
|
|
20
|
+
type DecisionSurfaceResponse,
|
|
21
|
+
} from "./coding/decision-surfaces.js";
|
|
16
22
|
import { WorkStorage } from "./work/storage.js";
|
|
17
23
|
import {
|
|
18
24
|
exportWorkBoardMarkdown,
|
|
@@ -59,6 +65,7 @@ import { canReadNamespace, canWriteNamespace, defaultNamespaceForPrincipal, reca
|
|
|
59
65
|
import {
|
|
60
66
|
expandScopeProfileReadNamespaces,
|
|
61
67
|
resolveScopeProfilePlan,
|
|
68
|
+
type ResolvedScopeProfilePlan,
|
|
62
69
|
type ScopeProfileLayerResolution,
|
|
63
70
|
type ScopeProfilePromotionResolution,
|
|
64
71
|
} from "./namespaces/scope-profiles.js";
|
|
@@ -1346,74 +1353,29 @@ export class EngramAccessService {
|
|
|
1346
1353
|
return null;
|
|
1347
1354
|
}
|
|
1348
1355
|
|
|
1349
|
-
/**
|
|
1350
|
-
*
|
|
1351
|
-
*
|
|
1352
|
-
*
|
|
1353
|
-
*
|
|
1354
|
-
*
|
|
1355
|
-
|
|
1356
|
-
* - An explicit `namespace` always wins and is authorized strictly via
|
|
1357
|
-
* `resolveWritableNamespace` → `canWriteNamespace`. A coding-overlay
|
|
1358
|
-
* namespace string (`<base>-project-*`) is NOT a writable target via the
|
|
1359
|
-
* explicit field — project scoping is requested with `cwd`/`projectTag`,
|
|
1360
|
-
* never by naming the derived namespace — so there is no way to bypass the
|
|
1361
|
-
* policy allow-list by guessing/forging an overlay name (Codex review).
|
|
1362
|
-
* - With NO coding overlay, the write stays on `config.defaultNamespace` —
|
|
1363
|
-
* exactly the pre-#1434 behavior, so an unqualified write is NOT silently
|
|
1364
|
-
* moved to a principal self namespace (Codex review).
|
|
1365
|
-
* - WITH a coding overlay, the base is the principal self namespace
|
|
1366
|
-
* (`defaultNamespaceForPrincipal`, write-checked) — the SAME base recall,
|
|
1367
|
-
* observe, and the orchestrator buffer-flush write path overlay onto
|
|
1368
|
-
* (rule 42 / Cursor) — so a project-scoped store lands exactly where
|
|
1369
|
-
* project-scoped recall searches. The overlay namespace is always REBUILT
|
|
1370
|
-
* from the authenticated principal's base, never accepted as a caller
|
|
1371
|
-
* string, so a caller can never reach another principal's subtree.
|
|
1372
|
-
*
|
|
1373
|
-
* Read-only: this NEVER mutates session coding context, so the idempotency
|
|
1374
|
-
* peeks and dryRun preflights that call it stay side-effect free (Codex
|
|
1375
|
-
* review). It prefers the per-call `cwd`/`projectTag` (the project explicitly
|
|
1376
|
-
* identified for this write), else the session's existing context. The HTTP
|
|
1377
|
-
* surface lets the peek and the write each resolve independently; the peek's
|
|
1378
|
-
* namespace only gates rate-limiting (memory_store/suggestion_submit run their
|
|
1379
|
-
* own idempotency check), so a benign session-context change between the two
|
|
1380
|
-
* never fails a write — there is no namespace to "pin".
|
|
1381
|
-
*/
|
|
1382
|
-
private async resolveCodingScopedWriteNamespace(
|
|
1356
|
+
/** Shared coding-scope derivation for the read/write resolvers below —
|
|
1357
|
+
* coding context, overlay, principal, scope-profile plan for an IMPLICIT
|
|
1358
|
+
* request, IDENTICAL to recall precedence (session-first, per-call fallback)
|
|
1359
|
+
* so a scoped store is discoverable by scoped recall (#1434). Single source
|
|
1360
|
+
* of truth for the namespacesEnabled/projectScope gates (rule 22; keeps the
|
|
1361
|
+
* scattered-config-read ratchet flat). READ-ONLY: never mutates session. */
|
|
1362
|
+
private async resolveCodingScopeInputs(
|
|
1383
1363
|
request: CodingScopedWriteInput & {
|
|
1384
1364
|
namespace?: string;
|
|
1385
1365
|
sessionKey?: string;
|
|
1386
1366
|
authenticatedPrincipal?: string;
|
|
1387
1367
|
},
|
|
1388
|
-
): Promise<
|
|
1389
|
-
|
|
1390
|
-
|
|
1391
|
-
|
|
1392
|
-
|
|
1393
|
-
|
|
1394
|
-
request.sessionKey,
|
|
1395
|
-
request.authenticatedPrincipal,
|
|
1396
|
-
);
|
|
1397
|
-
}
|
|
1398
|
-
// Project scoping only applies when namespaces are enabled (else overlaying
|
|
1399
|
-
// would create false isolation over a single storage dir) and projectScope
|
|
1400
|
-
// is on. The coding context MUST be resolved exactly as the recall path
|
|
1401
|
-
// resolves it, or a scoped store won't be discoverable by scoped recall
|
|
1402
|
-
// (the whole point of #1434). Recall calls `maybeAttachCodingContext`, which
|
|
1403
|
-
// returns early when the session already has a context — so recall is
|
|
1404
|
-
// SESSION-FIRST: an existing session binding wins, and the per-call
|
|
1405
|
-
// cwd/projectTag is only used to seed a context when none is attached yet.
|
|
1406
|
-
// Mirror that precedence here: session context first, per-call as fallback
|
|
1407
|
-
// (Codex review — a per-call-wins write would land in a project that the
|
|
1408
|
-
// same session's recall, still on the bound project, never searches).
|
|
1409
|
-
//
|
|
1368
|
+
): Promise<{
|
|
1369
|
+
principal: string | undefined;
|
|
1370
|
+
codingContext: CodingContext | null;
|
|
1371
|
+
overlay: CodingNamespaceOverlay | null;
|
|
1372
|
+
profilePlan: ResolvedScopeProfilePlan | null;
|
|
1373
|
+
}> {
|
|
1410
1374
|
// A sessionKey is REQUIRED to apply the overlay. The recall path can only
|
|
1411
|
-
// attach/look up coding context per session
|
|
1412
|
-
//
|
|
1413
|
-
//
|
|
1414
|
-
//
|
|
1415
|
-
// injects cwd/projectTag but no sessionKey would store into
|
|
1416
|
-
// `default-project-*` that its own recall never searches (Codex review).
|
|
1375
|
+
// attach/look up coding context per session, so a sessionless recall always
|
|
1376
|
+
// searches the base namespace; a sessionless write/read must too — otherwise
|
|
1377
|
+
// a client that injects cwd/projectTag but no sessionKey would land in a
|
|
1378
|
+
// `default-project-*` namespace its own recall never searches (Codex review).
|
|
1417
1379
|
const hasSession =
|
|
1418
1380
|
typeof request.sessionKey === "string" && request.sessionKey.length > 0;
|
|
1419
1381
|
const codingContext =
|
|
@@ -1443,6 +1405,35 @@ export class EngramAccessService {
|
|
|
1443
1405
|
codingContext,
|
|
1444
1406
|
codingOverlay: overlay,
|
|
1445
1407
|
});
|
|
1408
|
+
return { principal, codingContext, overlay, profilePlan };
|
|
1409
|
+
}
|
|
1410
|
+
|
|
1411
|
+
/**
|
|
1412
|
+
* Resolve the write namespace for explicit-write tools (memory_store /
|
|
1413
|
+
* suggestion_submit), project-scoping the write the same way recall does so a
|
|
1414
|
+
* memory stored with a client-injected `cwd`/`projectTag` is discoverable by
|
|
1415
|
+
* project-scoped recall (#1434, rule 42). Shared derivation lives in
|
|
1416
|
+
* {@link resolveCodingScopeInputs}; this method enforces the WRITE acl
|
|
1417
|
+
* (`canWriteNamespace` / profile-layer writability). Read-only: never mutates
|
|
1418
|
+
* session coding context.
|
|
1419
|
+
*/
|
|
1420
|
+
private async resolveCodingScopedWriteNamespace(
|
|
1421
|
+
request: CodingScopedWriteInput & {
|
|
1422
|
+
namespace?: string;
|
|
1423
|
+
sessionKey?: string;
|
|
1424
|
+
authenticatedPrincipal?: string;
|
|
1425
|
+
},
|
|
1426
|
+
): Promise<string> {
|
|
1427
|
+
const hasExplicitNamespace =
|
|
1428
|
+
typeof request.namespace === "string" && request.namespace.trim().length > 0;
|
|
1429
|
+
if (hasExplicitNamespace) {
|
|
1430
|
+
return this.resolveWritableNamespace(
|
|
1431
|
+
request.namespace,
|
|
1432
|
+
request.sessionKey,
|
|
1433
|
+
request.authenticatedPrincipal,
|
|
1434
|
+
);
|
|
1435
|
+
}
|
|
1436
|
+
const { principal, overlay, profilePlan } = await this.resolveCodingScopeInputs(request);
|
|
1446
1437
|
if (profilePlan) {
|
|
1447
1438
|
const selectedLayer = profilePlan.layers.find((layer) => layer.id === profilePlan.writeLayer);
|
|
1448
1439
|
const writeNamespaceReadable =
|
|
@@ -1475,6 +1466,60 @@ export class EngramAccessService {
|
|
|
1475
1466
|
return combineNamespaces(base, overlay.namespace);
|
|
1476
1467
|
}
|
|
1477
1468
|
|
|
1469
|
+
/** Read-side mirror of {@link resolveCodingScopedWriteNamespace}. Decision
|
|
1470
|
+
* `list`/`get` use this so a record written by a project-scoped session is
|
|
1471
|
+
* listable/fetchable by the SAME session without manually supplying the
|
|
1472
|
+
* overlaid namespace (review P2). Derivation is IDENTICAL to the write path
|
|
1473
|
+
* (shared via {@link resolveCodingScopeInputs}); the only difference is the
|
|
1474
|
+
* ACL — reads enforce {@link canReadNamespace}, so a read-but-not-write
|
|
1475
|
+
* principal can still list/fetch (rule 42). */
|
|
1476
|
+
private async resolveCodingScopedReadableNamespace(
|
|
1477
|
+
request: CodingScopedWriteInput & {
|
|
1478
|
+
namespace?: string;
|
|
1479
|
+
sessionKey?: string;
|
|
1480
|
+
authenticatedPrincipal?: string;
|
|
1481
|
+
},
|
|
1482
|
+
): Promise<string> {
|
|
1483
|
+
const principal = this.resolveRequestPrincipal(
|
|
1484
|
+
request.sessionKey,
|
|
1485
|
+
request.authenticatedPrincipal,
|
|
1486
|
+
);
|
|
1487
|
+
const hasExplicitNamespace =
|
|
1488
|
+
typeof request.namespace === "string" && request.namespace.trim().length > 0;
|
|
1489
|
+
if (hasExplicitNamespace) {
|
|
1490
|
+
return this.resolveReadableNamespace(request.namespace, principal);
|
|
1491
|
+
}
|
|
1492
|
+
const inputs = await this.resolveCodingScopeInputs(request);
|
|
1493
|
+
const { overlay, profilePlan, principal: resolvedPrincipal } = inputs;
|
|
1494
|
+
if (profilePlan) {
|
|
1495
|
+
// The write layer is the namespace decisions are RECORDED under. The
|
|
1496
|
+
// WRITE path authorizes it through the profile plan (selectedLayer.
|
|
1497
|
+
// writable AND readNamespaces.includes(writeNamespace)), NOT the raw
|
|
1498
|
+
// namespace ACL, so the READ path must use the SAME profile-plan
|
|
1499
|
+
// authorization. canReadNamespace only recognizes explicit policies
|
|
1500
|
+
// plus default/shared namespaces, which would reject a profile-granted
|
|
1501
|
+
// layer the same session just wrote through (review P2: scope-profile
|
|
1502
|
+
// read authorization for decision reads; rule 42).
|
|
1503
|
+
const target = profilePlan.writeNamespace;
|
|
1504
|
+
if (!profilePlan.readNamespaces.includes(target)) {
|
|
1505
|
+
throw new EngramAccessInputError(`namespace is not readable: ${target}`);
|
|
1506
|
+
}
|
|
1507
|
+
return target;
|
|
1508
|
+
}
|
|
1509
|
+
if (!overlay) {
|
|
1510
|
+
// No coding overlay → read the base namespace through the standard read
|
|
1511
|
+
// ACL, identical to memory_get with no explicit namespace.
|
|
1512
|
+
return this.resolveReadableNamespace(undefined, resolvedPrincipal);
|
|
1513
|
+
}
|
|
1514
|
+
// Coding overlay → overlay onto the principal self base, the SAME namespace
|
|
1515
|
+
// the write path writes to, then enforce the read ACL.
|
|
1516
|
+
const base = defaultNamespaceForPrincipal(resolvedPrincipal, this.orchestrator.config);
|
|
1517
|
+
if (!canReadNamespace(resolvedPrincipal, base, this.orchestrator.config)) {
|
|
1518
|
+
throw new EngramAccessInputError(`namespace is not readable: ${base}`);
|
|
1519
|
+
}
|
|
1520
|
+
return combineNamespaces(base, overlay.namespace);
|
|
1521
|
+
}
|
|
1522
|
+
|
|
1478
1523
|
/**
|
|
1479
1524
|
* Resolve ONE effective memory scope plan for a write-producing request
|
|
1480
1525
|
* (#1495 / seed for epic #1494). The returned {@link MemoryScopePlan} is the
|
|
@@ -4401,6 +4446,45 @@ export class EngramAccessService {
|
|
|
4401
4446
|
};
|
|
4402
4447
|
}
|
|
4403
4448
|
|
|
4449
|
+
/** Whether the coding_decision tool should appear in tools/list (rule 39). */
|
|
4450
|
+
get decisionRecordSurfaceVisible(): boolean {
|
|
4451
|
+
return this.orchestrator.config.codingKnowledge?.enabled === true
|
|
4452
|
+
&& this.orchestrator.config.codingKnowledge?.decisionRecords === true;
|
|
4453
|
+
}
|
|
4454
|
+
/**
|
|
4455
|
+
* Thin delegate — handler logic in coding/decision-surfaces.ts (#1548 PR2).
|
|
4456
|
+
* All three surfaces (MCP/HTTP/CLI) arrive here via the boundary operation.
|
|
4457
|
+
* Namespace resolution uses the SAME path as memory_store (principal ACL +
|
|
4458
|
+
* coding overlay + default fallback) so decision records land in the same
|
|
4459
|
+
* storage root.
|
|
4460
|
+
*/
|
|
4461
|
+
async codingDecision(
|
|
4462
|
+
request: DecisionSurfaceRequest,
|
|
4463
|
+
authenticatedPrincipal?: string,
|
|
4464
|
+
): Promise<DecisionSurfaceResponse> {
|
|
4465
|
+
return handleCodingDecision(request, {
|
|
4466
|
+
codingKnowledge: this.orchestrator.config.codingKnowledge,
|
|
4467
|
+
getCodingContext: (sk) => this.orchestrator.getCodingContextForSession(sk),
|
|
4468
|
+
resolveStorage: async (req) => {
|
|
4469
|
+
const isWrite = req.subcommand === "record" || req.subcommand === "supersede";
|
|
4470
|
+
const ns = isWrite
|
|
4471
|
+
? await this.resolveCodingScopedWriteNamespace({
|
|
4472
|
+
namespace: req.namespace,
|
|
4473
|
+
sessionKey: req.sessionKey,
|
|
4474
|
+
authenticatedPrincipal,
|
|
4475
|
+
})
|
|
4476
|
+
: await this.resolveCodingScopedReadableNamespace({
|
|
4477
|
+
namespace: req.namespace,
|
|
4478
|
+
sessionKey: req.sessionKey,
|
|
4479
|
+
authenticatedPrincipal,
|
|
4480
|
+
});
|
|
4481
|
+
const storage = await this.orchestrator.getStorage(ns);
|
|
4482
|
+
return Object.assign(storage, { namespace: ns });
|
|
4483
|
+
},
|
|
4484
|
+
throwInputError: (msg) => { throw new EngramAccessInputError(msg); },
|
|
4485
|
+
});
|
|
4486
|
+
}
|
|
4487
|
+
|
|
4404
4488
|
async memoryBrowse(
|
|
4405
4489
|
request: EngramAccessMemoryBrowseRequest = {},
|
|
4406
4490
|
): Promise<EngramAccessMemoryBrowseResponse> {
|
|
@@ -8264,3 +8348,4 @@ export class EngramAccessService {
|
|
|
8264
8348
|
});
|
|
8265
8349
|
}
|
|
8266
8350
|
}
|
|
8351
|
+
|
|
@@ -67,7 +67,7 @@ function shortToolName(advertised: string): string {
|
|
|
67
67
|
/** Spin up a server with emitLegacyTools=true and read the deduped short names. */
|
|
68
68
|
async function liveMcpToolShortNames(): Promise<ReadonlySet<string>> {
|
|
69
69
|
const stub = { briefingEnabled: true } as unknown as EngramAccessService;
|
|
70
|
-
const server = new EngramMcpServer(stub, { emitLegacyTools: true });
|
|
70
|
+
const server = new EngramMcpServer(stub, { emitLegacyTools: true, codingDecisionVisible: true });
|
|
71
71
|
const response = await server.handleRequest({ jsonrpc: "2.0", id: 1, method: "tools/list" });
|
|
72
72
|
const result = (response as { result?: { tools?: Array<{ name: string }> } }).result;
|
|
73
73
|
const names = new Set<string>();
|