@remnic/plugin-openclaw 1.0.10 → 1.0.11

package/dist/{chunk-Z7GRLVK3.js → chunk-3GUF7RQI.js}

@@ -1,6 +1,84 @@
+// ../remnic-core/src/graph-edge-reinforcement.ts
+var CONFIDENCE_CEILING = 1;
+var DEFAULT_DECAY_WINDOW_MS = 90 * 24 * 60 * 60 * 1e3;
+var DEFAULT_DECAY_FLOOR = 0.1;
+var DEFAULT_DECAY_PER_WINDOW = 0.1;
+function readEdgeConfidence(edge) {
+  const raw = edge.confidence;
+  if (raw === void 0 || raw === null || !Number.isFinite(raw)) {
+    return CONFIDENCE_CEILING;
+  }
+  if (raw < 0) return 0;
+  if (raw > CONFIDENCE_CEILING) return CONFIDENCE_CEILING;
+  return raw;
+}
+function readLastReinforcedAt(edge) {
+  return edge.lastReinforcedAt ?? edge.ts;
+}
+function decayEdgeConfidence(edge, now, opts = {}) {
+  const windowMs = opts.windowMs ?? DEFAULT_DECAY_WINDOW_MS;
+  const perWindow = opts.perWindow ?? DEFAULT_DECAY_PER_WINDOW;
+  const floor = opts.floor ?? DEFAULT_DECAY_FLOOR;
+  if (!(windowMs > 0) || !Number.isFinite(perWindow) || perWindow < 0 || !Number.isFinite(floor)) {
+    return { ...edge, confidence: readEdgeConfidence(edge) };
+  }
+  const safeFloor = Math.min(CONFIDENCE_CEILING, Math.max(0, floor));
+  const nowMs = Date.parse(now);
+  const refMs = Date.parse(readLastReinforcedAt(edge));
+  if (!Number.isFinite(nowMs) || !Number.isFinite(refMs)) {
+    return { ...edge, confidence: readEdgeConfidence(edge) };
+  }
+  const age = nowMs - refMs;
+  const current = readEdgeConfidence(edge);
+  if (age <= windowMs) {
+    return { ...edge, confidence: current };
+  }
+  const windowsPast = Math.ceil((age - windowMs) / windowMs);
+  const decayed = current - perWindow * windowsPast;
+  const lowerBound = Math.min(safeFloor, current);
+  const next = Math.max(lowerBound, Math.min(current, decayed));
+  const newRefMs = refMs + windowsPast * windowMs;
+  const newRef = new Date(newRefMs).toISOString();
+  return { ...edge, confidence: next, lastReinforcedAt: newRef };
+}
+
 // ../remnic-core/src/graph.ts
 import { mkdir, appendFile, readFile } from "fs/promises";
 import * as path from "path";
+
+// ../remnic-core/src/graph-events.ts
+import { EventEmitter } from "events";
+var buses = /* @__PURE__ */ new Map();
+function getGraphEventBus(memoryDir) {
+  let bus = buses.get(memoryDir);
+  if (!bus) {
+    bus = new EventEmitter();
+    bus.setMaxListeners(200);
+    buses.set(memoryDir, bus);
+  }
+  return bus;
+}
+function emitGraphEvent(memoryDir, type, payload) {
+  const event = {
+    type,
+    memoryDir,
+    ts: (/* @__PURE__ */ new Date()).toISOString(),
+    payload
+  };
+  const bus = getGraphEventBus(memoryDir);
+  try {
+    bus.emit("graph-event", event);
+  } catch {
+  }
+}
+function subscribeGraphEvents(memoryDir, listener) {
+  const bus = getGraphEventBus(memoryDir);
+  bus.on("graph-event", listener);
+  return () => bus.off("graph-event", listener);
+}
+
+// ../remnic-core/src/graph.ts
+var DEFAULT_GRAPH_TRAVERSAL_CONFIDENCE_FLOOR = 0.2;
 var CAUSAL_PHRASES = [
   "as a result",
   "led to",
@@ -18,29 +96,71 @@ function graphFilePath(memoryDir, type) {
 async function ensureGraphsDir(memoryDir) {
   await mkdir(graphsDir(memoryDir), { recursive: true });
 }
+var graphWriteLocks = /* @__PURE__ */ new Map();
+function withGraphWriteLock(filePath, fn) {
+  const prev = graphWriteLocks.get(filePath) ?? Promise.resolve();
+  const next = prev.then(fn, fn);
+  graphWriteLocks.set(
+    filePath,
+    next.then(
+      () => void 0,
+      () => void 0
+    )
+  );
+  return next;
+}
 async function appendEdge(memoryDir, edge) {
   await ensureGraphsDir(memoryDir);
+  const filePath = graphFilePath(memoryDir, edge.type);
   const line = JSON.stringify(edge) + "\n";
-  await appendFile(graphFilePath(memoryDir, edge.type), line, "utf8");
+  await withGraphWriteLock(filePath, async () => {
+    await appendFile(filePath, line, "utf8");
+  });
+  emitGraphEvent(memoryDir, "edge-added", {
+    source: edge.from,
+    target: edge.to,
+    kind: edge.type,
+    weight: edge.weight,
+    label: edge.label,
+    confidence: typeof edge.confidence === "number" ? edge.confidence : 1
+  });
+}
+function isNodeError(err) {
+  return typeof err === "object" && err !== null && "code" in err;
+}
+function parseEdgesJsonl(raw) {
+  const edges = [];
+  for (const line of raw.split("\n")) {
+    const trimmed = line.trim();
+    if (!trimmed) continue;
+    try {
+      edges.push(JSON.parse(trimmed));
+    } catch {
+    }
+  }
+  return edges;
 }
 async function readEdges(memoryDir, type) {
   const filePath = graphFilePath(memoryDir, type);
   try {
     const raw = await readFile(filePath, "utf8");
-    const edges = [];
-    for (const line of raw.split("\n")) {
-      const trimmed = line.trim();
-      if (!trimmed) continue;
-      try {
-        edges.push(JSON.parse(trimmed));
-      } catch {
-      }
-    }
-    return edges;
+    return parseEdgesJsonl(raw);
   } catch {
     return [];
   }
 }
+async function readEdgesStrict(memoryDir, type) {
+  const filePath = graphFilePath(memoryDir, type);
+  try {
+    const raw = await readFile(filePath, "utf8");
+    return parseEdgesJsonl(raw);
+  } catch (err) {
+    if (isNodeError(err) && err.code === "ENOENT") {
+      return [];
+    }
+    throw err;
+  }
+}
 async function readAllEdges(memoryDir, config) {
   const parts = await Promise.all([
     config.entityGraphEnabled ? readEdges(memoryDir, "entity") : Promise.resolve([]),
@@ -238,21 +358,38 @@ var GraphIndex = class _GraphIndex {
    * Spreading activation BFS (SYNAPSE-inspired).
    *
    * Starting from `seeds`, traverse the combined graph for up to `maxSteps` hops.
-   * Each candidate gets an activation score = edge.weight × decay^hop.
-   * Returns top-N candidate paths sorted by descending activation score.
+   * Each candidate gets an activation score = edge.weight × edgeConfidence × decay^hop.
    *
-   * @param seeds   - initial memory paths to expand from (e.g. QMD top results)
+   * Issue #681 PR 3/3 — confidence-aware traversal:
+   *   - Each edge's `weight` is multiplied by its `confidence` (legacy edges
+   *     missing `confidence` are treated as 1.0, preserving prior behavior).
+   *   - Edges with `confidence < graphTraversalConfidenceFloor` are pruned and
+   *     contribute neither activation nor downstream neighbors.
+   *   - When `graphTraversalPageRankIterations > 0`, an additional PageRank-
+   *     style refinement pass redistributes activation along confidence-weighted
+   *     edges, sharpening the ranking among multi-hop candidates.
+   *   - Per-result provenance includes the highest-confidence edge that landed
+   *     on each candidate, so the X-ray surface can attribute pruning and
+   *     ranking decisions back to specific edges.
+   *
+   * @param seeds    - initial memory paths to expand from (e.g. QMD top results)
    * @param maxSteps - max BFS hops (from config: maxGraphTraversalSteps)
-   * @returns Array of {path, score} sorted descending, not including seed paths
+   * @returns Array of {path, score, edgeConfidence, ...} sorted descending, not including seed paths
    */
-  async spreadingActivation(seeds, maxSteps) {
+  async spreadingActivation(seeds, maxSteps, opts) {
     if (!this.cfg.multiGraphMemoryEnabled) return [];
     const steps = maxSteps ?? this.cfg.maxGraphTraversalSteps;
     const decay = this.cfg.graphActivationDecay;
+    const floor = opts?.includeLowConfidence === true ? 0 : clampConfidenceFloor(this.cfg.graphTraversalConfidenceFloor);
+    const iterations = clampPageRankIterations(
+      this.cfg.graphTraversalPageRankIterations
+    );
     try {
       const allEdges = await this.loadEdgesCached();
       const adj = /* @__PURE__ */ new Map();
       for (const edge of allEdges) {
+        const conf = readEdgeConfidence(edge);
+        if (conf < floor) continue;
         if (!adj.has(edge.from)) adj.set(edge.from, []);
         adj.get(edge.from).push(edge);
         if (edge.type !== "causal") {
@@ -271,7 +408,9 @@ var GraphIndex = class _GraphIndex {
         const edges = adj.get(node) ?? [];
         for (const edge of edges) {
           const neighbor = edge.to === node ? edge.from : edge.to;
-          const score = edge.weight * Math.pow(decay, hop + 1);
+          const conf = readEdgeConfidence(edge);
+          if (conf < floor) continue;
+          const score = edge.weight * conf * Math.pow(decay, hop + 1);
           if (!seedSet.has(neighbor)) {
             const existing = scores.get(neighbor) ?? 0;
             scores.set(neighbor, existing + score);
@@ -281,7 +420,8 @@ var GraphIndex = class _GraphIndex {
                 seed: sourceSeed,
                 hopDepth: hop + 1,
                 decayedWeight: score,
-                graphType: edge.type
+                graphType: edge.type,
+                edgeConfidence: conf
               });
             }
           }
@@ -291,6 +431,13 @@ var GraphIndex = class _GraphIndex {
           }
         }
       }
+      if (iterations > 0 && scores.size > 1) {
+        applyPageRankRefinement(scores, adj, {
+          iterations,
+          floor,
+          damping: 0.85
+        });
+      }
       if (this.cfg.graphLateralInhibitionEnabled && scores.size > 1) {
         const inhibited = applyLateralInhibition(scores, {
           beta: this.cfg.graphLateralInhibitionBeta,
@@ -306,7 +453,8 @@ var GraphIndex = class _GraphIndex {
         seed: provenance.get(p)?.seed ?? "",
         hopDepth: provenance.get(p)?.hopDepth ?? 0,
         decayedWeight: provenance.get(p)?.decayedWeight ?? 0,
-        graphType: provenance.get(p)?.graphType ?? "entity"
+        graphType: provenance.get(p)?.graphType ?? "entity",
+        edgeConfidence: provenance.get(p)?.edgeConfidence ?? 1
       })).sort((a, b) => b.score - a.score);
     } catch (err) {
       const { log } = await import("./logger-TNOKCH7X.js");
@@ -315,6 +463,63 @@ var GraphIndex = class _GraphIndex {
     }
   }
 };
+function clampConfidenceFloor(raw) {
+  if (typeof raw !== "number" || !Number.isFinite(raw)) {
+    return DEFAULT_GRAPH_TRAVERSAL_CONFIDENCE_FLOOR;
+  }
+  if (raw < 0) return 0;
+  if (raw > 1) return 1;
+  return raw;
+}
+function clampPageRankIterations(raw) {
+  if (typeof raw !== "number" || !Number.isFinite(raw)) return 0;
+  if (raw <= 0) return 0;
+  return Math.floor(raw);
+}
+function applyPageRankRefinement(scores, adj, opts) {
+  const { iterations, floor, damping } = opts;
+  if (iterations <= 0 || scores.size === 0) return;
+  const safeDamping = Math.min(1, Math.max(0, damping));
+  const eligible = (edge, fromNode) => {
+    if (readEdgeConfidence(edge) < floor) return false;
+    const neighbor = edge.to === fromNode ? edge.from : edge.to;
+    return scores.has(neighbor);
+  };
+  const outboundTotal = /* @__PURE__ */ new Map();
+  for (const [node, edges] of adj.entries()) {
+    if (!scores.has(node)) continue;
+    let sum = 0;
+    for (const edge of edges) {
+      if (!eligible(edge, node)) continue;
+      sum += readEdgeConfidence(edge) * edge.weight;
+    }
+    if (sum > 0) outboundTotal.set(node, sum);
+  }
+  for (let i = 0; i < iterations; i += 1) {
+    const next = /* @__PURE__ */ new Map();
+    for (const [node, score] of scores) {
+      next.set(node, (1 - safeDamping) * score);
+    }
+    for (const [node, score] of scores) {
+      const outEdges = adj.get(node);
+      const total = outboundTotal.get(node);
+      if (!outEdges || outEdges.length === 0 || !total || total <= 0) {
+        next.set(node, (next.get(node) ?? 0) + safeDamping * score);
+        continue;
+      }
+      for (const edge of outEdges) {
+        if (!eligible(edge, node)) continue;
+        const conf = readEdgeConfidence(edge);
+        const neighbor = edge.to === node ? edge.from : edge.to;
+        const flow = safeDamping * score * (conf * edge.weight / total);
+        next.set(neighbor, (next.get(neighbor) ?? 0) + flow);
+      }
+    }
+    for (const [node, score] of next) {
+      scores.set(node, score);
+    }
+  }
+}
 function applyLateralInhibition(scores, opts) {
   const { beta, topM } = opts;
   if (beta === 0 || topM === 0) return new Map(scores);
@@ -334,7 +539,18 @@ function applyLateralInhibition(scores, opts) {
 }
 
 export {
+  DEFAULT_DECAY_WINDOW_MS,
+  DEFAULT_DECAY_FLOOR,
+  DEFAULT_DECAY_PER_WINDOW,
+  readEdgeConfidence,
+  decayEdgeConfidence,
+  subscribeGraphEvents,
+  graphsDir,
+  graphFilePath,
+  withGraphWriteLock,
   appendEdge,
+  readEdgesStrict,
+  readAllEdges,
   analyzeGraphHealth,
   GraphIndex
 };

package/dist/chunk-3I7RHWYT.js

@@ -0,0 +1,214 @@
+import {
+  generateSalt,
+  open,
+  seal
+} from "./chunk-YGGGUTG3.js";
+
+// ../remnic-core/src/secure-store/secure-fs.ts
+import { lstat, mkdir, readFile, readdir, rename, unlink, writeFile } from "fs/promises";
+import path from "path";
+var SecureStoreLockedError = class extends Error {
+  constructor(message = "secure-store is locked \u2014 run `remnic secure-store unlock` to decrypt") {
+    super(message);
+    this.name = "SecureStoreLockedError";
+  }
+};
+var SecureStoreDecryptError = class extends Error {
+  constructor(message = "secure-store decryption failed \u2014 wrong key or tampered ciphertext") {
+    super(message);
+    this.name = "SecureStoreDecryptError";
+  }
+};
+var MAGIC_BYTES = Buffer.from("REMNIC-ENC", "ascii");
+var FILE_FORMAT_VERSION = 1;
+var FILE_FORMAT_FLAGS = 0;
+var MAGIC_HEADER_SIZE = MAGIC_BYTES.length + 2;
+function isEncryptedFile(buf) {
+  if (buf.length < MAGIC_HEADER_SIZE) return false;
+  const b = Buffer.isBuffer(buf) ? buf : Buffer.from(buf);
+  return b.subarray(0, MAGIC_BYTES.length).equals(MAGIC_BYTES);
+}
+function encryptFileBody(plain, key, aad) {
+  const plainBuf = typeof plain === "string" ? Buffer.from(plain, "utf8") : plain;
+  const salt = generateSalt();
+  const envelope = seal(key, salt, plainBuf, aad ? { aad } : {});
+  const header = Buffer.alloc(MAGIC_HEADER_SIZE);
+  MAGIC_BYTES.copy(header, 0);
+  header.writeUInt8(FILE_FORMAT_VERSION, MAGIC_BYTES.length);
+  header.writeUInt8(FILE_FORMAT_FLAGS, MAGIC_BYTES.length + 1);
+  return Buffer.concat([header, envelope]);
+}
+function decryptFileBody(buf, key, aad) {
+  if (!isEncryptedFile(buf)) {
+    throw new Error("decryptFileBody: buffer does not start with REMNIC-ENC magic header");
+  }
+  const version = buf.readUInt8(MAGIC_BYTES.length);
+  if (version !== FILE_FORMAT_VERSION) {
+    throw new Error(
+      `decryptFileBody: unsupported file format version ${version} (this build supports ${FILE_FORMAT_VERSION})`
+    );
+  }
+  const flags = buf.readUInt8(MAGIC_BYTES.length + 1);
+  if (flags !== FILE_FORMAT_FLAGS) {
+    throw new Error(`decryptFileBody: unknown flags byte 0x${flags.toString(16).padStart(2, "0")}`);
+  }
+  const envelope = buf.subarray(MAGIC_HEADER_SIZE);
+  try {
+    return open(key, envelope, aad ? { aad } : {});
+  } catch (err) {
+    const msg = err instanceof Error ? err.message : String(err);
+    throw new SecureStoreDecryptError(
+      `secure-store decryption failed: ${msg}`
+    );
+  }
+}
+function filePathAad(filePath, memoryDir) {
+  let rel = filePath;
+  if (memoryDir && path.isAbsolute(filePath)) {
+    rel = path.relative(memoryDir, filePath);
+  }
+  return Buffer.from(rel, "utf8");
+}
+async function readMaybeEncryptedFile(filePath, key, memoryDir) {
+  const buf = await readFile(filePath);
+  if (!isEncryptedFile(buf)) {
+    return buf.toString("utf8");
+  }
+  if (key === null) {
+    throw new SecureStoreLockedError(
+      `secure-store is locked \u2014 cannot read encrypted file at ${filePath}. Run \`remnic secure-store unlock\` to decrypt.`
+    );
+  }
+  const aad = filePathAad(filePath, memoryDir);
+  const plain = decryptFileBody(buf, key, aad);
+  return plain.toString("utf8");
+}
+async function writeMaybeEncryptedFile(filePath, content, key, options = {}, memoryDir) {
+  const { mode = 384, atomic = true } = options;
+  await mkdir(path.dirname(filePath), { recursive: true });
+  let data;
+  if (key !== null) {
+    const aad = filePathAad(filePath, memoryDir);
+    data = encryptFileBody(content, key, aad);
+  } else {
+    data = content;
+  }
+  if (atomic) {
+    const tempPath = `${filePath}.tmp-${process.pid}-${Date.now()}`;
+    try {
+      await writeFile(tempPath, data, { mode });
+      await rename(tempPath, filePath);
+    } catch (err) {
+      try {
+        await unlink(tempPath);
+      } catch {
+      }
+      throw err;
+    }
+  } else {
+    await writeFile(filePath, data, { mode });
+  }
+}
+async function migrateMemoryDirToEncrypted(dir, key, onBeforeEncrypt) {
+  const result = { encrypted: 0, skipped: 0, errors: [] };
+  const mdFiles = await collectMdFiles(dir);
+  for (const filePath of mdFiles) {
+    try {
+      const buf = await readFile(filePath);
+      if (isEncryptedFile(buf)) {
+        result.skipped++;
+        continue;
+      }
+      if (onBeforeEncrypt) {
+        try {
+          await onBeforeEncrypt(filePath);
+        } catch {
+        }
+      }
+      const content = buf.toString("utf8");
+      const aad = filePathAad(filePath, dir);
+      const encrypted = encryptFileBody(content, key, aad);
+      const tempPath = `${filePath}.enc-tmp-${process.pid}-${Date.now()}`;
+      try {
+        await writeFile(tempPath, encrypted, { mode: 384 });
+        await rename(tempPath, filePath);
+        result.encrypted++;
+      } catch (writeErr) {
+        try {
+          const { unlink: unlink2 } = await import("fs/promises");
+          await unlink2(tempPath);
+        } catch {
+        }
+        throw writeErr;
+      }
+    } catch (err) {
+      result.errors.push({
+        filePath,
+        error: err instanceof Error ? err.message : String(err)
+      });
+    }
+  }
+  return result;
+}
+async function collectMdFiles(dir, rootDir = dir) {
+  const results = [];
+  let names;
+  try {
+    names = await readdir(dir, { encoding: "utf8" });
+  } catch {
+    return results;
+  }
+  for (const name of names) {
+    if (name.startsWith(".secure-store")) continue;
+    const full = path.join(dir, name);
+    let isDir = false;
+    let isFile = false;
+    try {
+      const s = await lstat(full);
+      if (s.isSymbolicLink()) continue;
+      isDir = s.isDirectory();
+      isFile = s.isFile();
+    } catch {
+      continue;
+    }
+    if (isDir) {
+      const sub = await collectMdFiles(full, rootDir);
+      results.push(...sub);
+    } else if (isFile && name.endsWith(".md") && isEncryptableStoragePath(full, rootDir)) {
+      results.push(full);
+    }
+  }
+  return results;
+}
+function isEncryptableStoragePath(filePath, rootDir) {
+  const rel = path.relative(rootDir, filePath);
+  if (rel === "" || rel.startsWith("..") || path.isAbsolute(rel)) return false;
+  const normalized = rel.split(path.sep).join("/");
+  if (normalized === "profile.md") return true;
+  const firstSegment = normalized.split("/", 1)[0];
+  return ENCRYPTABLE_STORAGE_ROOTS.has(firstSegment);
+}
+var ENCRYPTABLE_STORAGE_ROOTS = /* @__PURE__ */ new Set([
+  "facts",
+  "corrections",
+  "procedures",
+  "reasoning-traces",
+  "artifacts",
+  "archive"
+]);
+
+export {
+  SecureStoreLockedError,
+  SecureStoreDecryptError,
+  MAGIC_BYTES,
+  FILE_FORMAT_VERSION,
+  FILE_FORMAT_FLAGS,
+  MAGIC_HEADER_SIZE,
+  isEncryptedFile,
+  encryptFileBody,
+  decryptFileBody,
+  filePathAad,
+  readMaybeEncryptedFile,
+  writeMaybeEncryptedFile,
+  migrateMemoryDirToEncrypted
+};