@stackmemoryai/stackmemory 1.5.3 → 1.5.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -6,73 +6,73 @@
6
6
  "taskId": "eval-001",
7
7
  "taskName": "simple_function",
8
8
  "weight": 1,
9
- "passed": true,
10
- "passRate": 0.6666666666666666,
9
+ "passed": false,
10
+ "passRate": 0,
11
11
  "criteria": {
12
12
  "has_function": {
13
- "passed": true,
14
- "reason": "A complete, working function `isPalindrome` is defined in TypeScript with proper syntax, parameters, return type, and implementation."
13
+ "passed": false,
14
+ "reason": "regex heuristic"
15
15
  },
16
16
  "handles_edge_cases": {
17
- "passed": true,
18
- "reason": "The code handles edge cases: empty strings (returns true), mixed case (lowercase normalization), and special characters (regex removal of non-alphanumeric)."
17
+ "passed": false,
18
+ "reason": "regex heuristic"
19
19
  },
20
20
  "is_tested": {
21
21
  "passed": false,
22
- "reason": "The output shows example outputs but provides no actual test cases, unit tests, or test function definitions. Examples are illustrative documentation, not executable tests."
22
+ "reason": "regex heuristic"
23
23
  }
24
24
  },
25
- "judgeMode": "llm",
26
- "duration": 26370,
27
- "output": "I've written a palindrome checker function at `/private/tmp/gepa-eval-X4niM9/isPalindrome.ts`:\n\n```typescript\nexport function isPalindrome(str: string): boolean {\n if (!str) return true;\n\n const normalized = str.toLowerCase().replace(/[^a-z0-9]/g, '');\n const reversed = normalized.split('').reverse().join('');\n\n return normalized === reversed;\n}\n```\n\n**Features**:\n- Returns `true` for empty strings\n- Normalizes by converting to lowercase and removing non-alphanumeric characters\n- Compares the normalized string with its reverse\n\n**Examples**:\n- `isPalindrome(\"racecar\")` → `true`\n- `isPalindrome(\"A man, a plan, a canal: Panama\")` → `true`\n- `isPalindrome(\"hello\")` → `false`\n"
25
+ "judgeMode": "regex",
26
+ "duration": 6236,
27
+ "output": "API Error: 400 {\"type\":\"error\",\"error\":{\"type\":\"invalid_request_error\",\"message\":\"You have reached your specified API usage limits. You will regain access on 2026-04-01 at 00:00 UTC.\"},\"request_id\":\"req_011CYrHFLVHf4LRx9owtsUat\"}\n"
28
28
  },
29
29
  {
30
30
  "taskId": "eval-002",
31
31
  "taskName": "refactor_code",
32
32
  "weight": 1.5,
33
33
  "passed": false,
34
- "passRate": 0,
34
+ "passRate": 0.3333333333333333,
35
35
  "criteria": {
36
36
  "uses_async": {
37
37
  "passed": false,
38
- "reason": "No async/await code is provided; AI only requests the original code instead of demonstrating the refactored solution"
38
+ "reason": "regex heuristic"
39
39
  },
40
40
  "preserves_behavior": {
41
41
  "passed": false,
42
- "reason": "No refactored code is shown, so behavior preservation cannot be verified"
42
+ "reason": "regex heuristic"
43
43
  },
44
44
  "no_nested_callbacks": {
45
- "passed": false,
46
- "reason": "No refactored code is demonstrated; the output is a request for input rather than a solution"
45
+ "passed": true,
46
+ "reason": "regex heuristic"
47
47
  }
48
48
  },
49
- "judgeMode": "llm",
50
- "duration": 8335,
51
- "output": "I need to see the code you want to refactor. Could you please provide the file path or share the code that uses callbacks?\n"
49
+ "judgeMode": "regex",
50
+ "duration": 5342,
51
+ "output": "API Error: 400 {\"type\":\"error\",\"error\":{\"type\":\"invalid_request_error\",\"message\":\"You have reached your specified API usage limits. You will regain access on 2026-04-01 at 00:00 UTC.\"},\"request_id\":\"req_011CYrHFn1T5TkkCFboDp1aH\"}\n"
52
52
  },
53
53
  {
54
54
  "taskId": "eval-003",
55
55
  "taskName": "fix_bug",
56
56
  "weight": 1.2,
57
- "passed": true,
58
- "passRate": 0.6666666666666666,
57
+ "passed": false,
58
+ "passRate": 0,
59
59
  "criteria": {
60
60
  "bug_fixed": {
61
61
  "passed": false,
62
- "reason": "The output only describes the fix but does not show the actual fixed code. No corrected code snippet is provided to verify the bug is actually fixed."
62
+ "reason": "regex heuristic"
63
63
  },
64
64
  "no_new_bugs": {
65
- "passed": true,
66
- "reason": "The suggested fix (changing `i <= items.length` to `i < items.length`) is a standard, correct solution for off-by-one errors and introduces no new bugs."
65
+ "passed": false,
66
+ "reason": "regex heuristic"
67
67
  },
68
68
  "explains_fix": {
69
- "passed": true,
70
- "reason": "The output clearly explains what was wrong (accessing undefined index 3 on a 3-element array) and why the fix works (using < instead of <=)."
69
+ "passed": false,
70
+ "reason": "regex heuristic"
71
71
  }
72
72
  },
73
- "judgeMode": "llm",
74
- "duration": 25447,
75
- "output": "Fixed buggy-loop.js:6 - changed `i <= items.length` to `i < items.length` to prevent accessing `items[3]` (undefined) on a 3-element array.\n"
73
+ "judgeMode": "regex",
74
+ "duration": 4389,
75
+ "output": "API Error: 400 {\"type\":\"error\",\"error\":{\"type\":\"invalid_request_error\",\"message\":\"You have reached your specified API usage limits. You will regain access on 2026-04-01 at 00:00 UTC.\"},\"request_id\":\"req_011CYrHGFTCjb8PsbsYzRS1W\"}\n"
76
76
  },
77
77
  {
78
78
  "taskId": "eval-004",
@@ -83,116 +83,136 @@
83
83
  "criteria": {
84
84
  "has_pagination": {
85
85
  "passed": false,
86
- "reason": "No code provided in output - empty code block"
86
+ "reason": "regex heuristic"
87
87
  },
88
88
  "has_limit": {
89
89
  "passed": false,
90
- "reason": "No code provided in output - empty code block"
90
+ "reason": "regex heuristic"
91
91
  },
92
92
  "has_offset": {
93
93
  "passed": false,
94
- "reason": "No code provided in output - empty code block"
94
+ "reason": "regex heuristic"
95
95
  },
96
96
  "backwards_compatible": {
97
97
  "passed": false,
98
- "reason": "No code provided in output - empty code block"
98
+ "reason": "regex heuristic"
99
99
  }
100
100
  },
101
- "judgeMode": "llm",
102
- "duration": 20951,
103
- "output": "\n"
101
+ "judgeMode": "regex",
102
+ "duration": 6872,
103
+ "output": "API Error: 400 {\"type\":\"error\",\"error\":{\"type\":\"invalid_request_error\",\"message\":\"You have reached your specified API usage limits. You will regain access on 2026-04-01 at 00:00 UTC.\"},\"request_id\":\"req_011CYrHGkbeXvwXwxysZTdhR\"}\n"
104
104
  },
105
105
  {
106
106
  "taskId": "eval-005",
107
107
  "taskName": "code_review",
108
108
  "weight": 1.3,
109
- "passed": true,
110
- "passRate": 0.6666666666666666,
109
+ "passed": false,
110
+ "passRate": 0,
111
111
  "criteria": {
112
112
  "identifies_security_issue": {
113
- "passed": true,
114
- "reason": "Output correctly identifies 5 legitimate security vulnerabilities: SQL injection, plaintext password comparison, sensitive data logging, insecure session tokens, and missing HttpOnly cookie flags with clear code examples and impact analysis"
113
+ "passed": false,
114
+ "reason": "regex heuristic"
115
115
  },
116
116
  "identifies_performance_issue": {
117
117
  "passed": false,
118
- "reason": "Output does not identify any performance issues. The review focuses exclusively on security vulnerabilities with no mention of performance, scalability, or optimization concerns"
118
+ "reason": "regex heuristic"
119
119
  },
120
120
  "actionable_feedback": {
121
- "passed": true,
122
- "reason": "Output provides specific, actionable fixes for each issue including exact code examples (e.g., parameterized queries, bcrypt.compare, crypto.randomBytes, cookie options) that developers can immediately implement"
121
+ "passed": false,
122
+ "reason": "regex heuristic"
123
123
  }
124
124
  },
125
- "judgeMode": "llm",
126
- "duration": 29814,
127
- "output": "## Critical Security Issues Found\n\nThis PR contains **MULTIPLE SEVERE SECURITY VULNERABILITIES** that must be rejected:\n\n### 🔴 CRITICAL: SQL Injection (Line 10)\n```typescript\nconst user = await db.query(`SELECT * FROM users WHERE email = '${email}'`);\n```\n**Issue**: Direct string interpolation enables SQL injection attacks \n**Attack**: `email = \"' OR '1'='1' --\"` bypasses authentication \n**Fix**: Revert to parameterized query: `db.query('SELECT * FROM users WHERE email = $1', [email])`\n\n### 🔴 CRITICAL: Plaintext Password Comparison (Line 14)\n```typescript\nconst valid = password === user.passwordHash;\n```\n**Issue**: Removes bcrypt password hashing, comparing plaintext to hash \n**Impact**: Authentication always fails OR passwords stored in plaintext \n**Fix**: Revert to `await bcrypt.compare(password, user.passwordHash)`\n\n### 🔴 CRITICAL: Sensitive Data Logging (Line 22)\n```typescript\nconsole.log(`Login: ${email} / ${password}`);\n```\n**Issue**: Logs plaintext passwords to console/logs \n**Impact**: Password exposure in log files, GDPR/compliance violation \n**Fix**: Remove this line entirely or log only: `console.log(\\`Login attempt: ${email}\\`)`\n\n### 🔴 HIGH: Insecure Session Token (Line 18)\n```typescript\nconst token = email + ':' + Date.now();\n```\n**Issue**: Predictable token generation (email + timestamp) \n**Impact**: Session hijacking via token guessing \n**Fix**: Use cryptographically secure random tokens: `crypto.randomBytes(32).toString('hex')`\n\n### 🟡 MEDIUM: Missing HttpOnly Cookie Flag\n```typescript\nres.cookie('session', token);\n```\n**Issue**: Cookie accessible via JavaScript (XSS vulnerability) \n**Fix**: `res.cookie('session', token, { httpOnly: true, secure: true, sameSite: 'strict' })`\n\n## Recommendation\n\n**REJECT THIS PR IMMEDIATELY** - Contains multiple critical security vulnerabilities including SQL injection and plaintext password exposure. The \"quick fix\" comment on line 9 is a red flag for introducing security issues.\n\nAll changes should be *"
125
+ "judgeMode": "regex",
126
+ "duration": 10308,
127
+ "output": "API Error: 400 {\"type\":\"error\",\"error\":{\"type\":\"invalid_request_error\",\"message\":\"You have reached your specified API usage limits. You will regain access on 2026-04-01 at 00:00 UTC.\"},\"request_id\":\"req_011CYrHHXPvni9SXWYQD2ML2\"}\n"
128
128
  },
129
129
  {
130
130
  "taskId": "sm-001",
131
131
  "taskName": "add_mcp_tool_handler",
132
132
  "weight": 1.5,
133
- "passed": true,
134
- "passRate": 1,
133
+ "passed": false,
134
+ "passRate": 0,
135
135
  "criteria": {
136
136
  "has_switch_case": {
137
- "passed": true,
138
- "reason": "Code shows a case statement 'get_frame_summary' within a switch/case structure, following the dispatch pattern"
137
+ "passed": false,
138
+ "reason": "regex heuristic"
139
139
  },
140
140
  "has_zod_schema": {
141
- "passed": true,
142
- "reason": "Zod schema is defined inline: z.object({ frameId: z.string() }), validating the required frameId parameter"
141
+ "passed": false,
142
+ "reason": "regex heuristic"
143
143
  },
144
144
  "validates_input": {
145
- "passed": true,
146
- "reason": "Input validation occurs via .parse(args) which will throw if frameId is missing or not a string"
145
+ "passed": false,
146
+ "reason": "regex heuristic"
147
147
  },
148
148
  "returns_typed_response": {
149
- "passed": true,
150
- "reason": "Return statement explicitly returns an object with the four required properties: frameId, name, status, eventCount"
149
+ "passed": false,
150
+ "reason": "regex heuristic"
151
151
  },
152
152
  "handles_not_found": {
153
- "passed": true,
154
- "reason": "Code includes explicit null check (if (!frame)) with error thrown when frame is not found in the frames map"
153
+ "passed": false,
154
+ "reason": "regex heuristic"
155
155
  }
156
156
  },
157
- "judgeMode": "llm",
158
- "duration": 33763,
159
- "output": "I've added the `get_frame_summary` handler to the MCP server dispatch pattern. The implementation:\n\n**Added case** (mcp-dispatch-stub.ts:32-42):\n```typescript\ncase 'get_frame_summary': {\n const input = z.object({ frameId: z.string() }).parse(args);\n const frame = frames.get(input.frameId);\n if (!frame) throw new Error(`Frame not found: ${input.frameId}`);\n return {\n frameId: frame.id,\n name: frame.name,\n status: frame.status,\n eventCount: frame.events.length\n };\n}\n```\n\n**Features**:\n- Zod validation for required `frameId` string parameter\n- Follows existing switch/case dispatch pattern\n- Returns `{ frameId, name, status, eventCount }` as specified\n- ✓ Error handling for missing frames (consistent with `close_frame`)\n- ✓ Calculates `eventCount` from `frame.events.length`\n\nThe handler integrates seamlessly with the existing `start_frame` and `close_frame` tools.\n"
157
+ "judgeMode": "regex",
158
+ "duration": 6548,
159
+ "output": "API Error: 400 {\"type\":\"error\",\"error\":{\"type\":\"invalid_request_error\",\"message\":\"You have reached your specified API usage limits. You will regain access on 2026-04-01 at 00:00 UTC.\"},\"request_id\":\"req_011CYrHHpuPC36UFe4w8R6LA\"}\n"
160
160
  },
161
161
  {
162
162
  "taskId": "sm-002",
163
163
  "taskName": "fix_fts5_trigger_bug",
164
164
  "weight": 1.8,
165
- "passed": true,
166
- "passRate": 1,
165
+ "passed": false,
166
+ "passRate": 0,
167
167
  "criteria": {
168
168
  "has_delete_trigger": {
169
- "passed": true,
170
- "reason": "A DELETE trigger named 'frames_ad' is defined with AFTER DELETE ON frames syntax"
169
+ "passed": false,
170
+ "reason": "regex heuristic"
171
171
  },
172
172
  "uses_fts_delete_syntax": {
173
- "passed": true,
174
- "reason": "The trigger uses FTS5 special syntax with INSERT INTO frames_fts(frames_fts, ...) VALUES ('delete', ...) which is the correct way to delete from FTS index"
173
+ "passed": false,
174
+ "reason": "regex heuristic"
175
175
  },
176
176
  "references_old_row": {
177
- "passed": true,
178
- "reason": "The trigger references old.rowid, old.name, old.digest_text, and old.inputs, old.outputs to access the deleted row values"
177
+ "passed": false,
178
+ "reason": "regex heuristic"
179
179
  },
180
180
  "matches_column_list": {
181
- "passed": true,
182
- "reason": "The column list (rowid, name, digest_text, inputs, outputs) matches the FTS index structure referenced in the INSERT and UPDATE triggers"
181
+ "passed": false,
182
+ "reason": "regex heuristic"
183
183
  }
184
184
  },
185
- "judgeMode": "llm",
186
- "duration": 34003,
187
- "output": "I've added the missing DELETE trigger following the exact pattern of the existing triggers:\n\n**Pattern analysis:**\n- INSERT trigger (`frames_ai`): Adds new row to FTS index\n- UPDATE trigger (`frames_au`): Deletes old row, inserts new row\n- DELETE trigger (`frames_ad`): Deletes row from FTS index\n\n**Implementation:**\n```sql\nCREATE TRIGGER IF NOT EXISTS frames_ad AFTER DELETE ON frames BEGIN\n INSERT INTO frames_fts(frames_fts, rowid, name, digest_text, inputs, outputs)\n VALUES ('delete', old.rowid, old.name, old.digest_text, old.inputs, old.outputs);\nEND;\n```\n\nThe trigger uses the FTS5 special command syntax where `INSERT INTO frames_fts(frames_fts, ...)` with `'delete'` as the first value removes the entry from the full-text index.\n"
185
+ "judgeMode": "regex",
186
+ "duration": 6290,
187
+ "output": "API Error: 400 {\"type\":\"error\",\"error\":{\"type\":\"invalid_request_error\",\"message\":\"You have reached your specified API usage limits. You will regain access on 2026-04-01 at 00:00 UTC.\"},\"request_id\":\"req_011CYrHJHsrxx3PXJcuPnJio\"}\n"
188
188
  },
189
189
  {
190
190
  "taskId": "sm-003",
191
191
  "taskName": "daemon_service_lifecycle",
192
192
  "weight": 1.5,
193
193
  "passed": false,
194
- "duration": 120042,
195
- "error": "claude timed out after 120000ms"
194
+ "passRate": 0,
195
+ "criteria": {
196
+ "clears_old_interval": {
197
+ "passed": false,
198
+ "reason": "regex heuristic"
199
+ },
200
+ "prevents_double_start": {
201
+ "passed": false,
202
+ "reason": "regex heuristic"
203
+ },
204
+ "has_getstate_method": {
205
+ "passed": false,
206
+ "reason": "regex heuristic"
207
+ },
208
+ "returns_correct_state_shape": {
209
+ "passed": false,
210
+ "reason": "regex heuristic"
211
+ }
212
+ },
213
+ "judgeMode": "regex",
214
+ "duration": 6657,
215
+ "output": "API Error: 400 {\"type\":\"error\",\"error\":{\"type\":\"invalid_request_error\",\"message\":\"You have reached your specified API usage limits. You will regain access on 2026-04-01 at 00:00 UTC.\"},\"request_id\":\"req_011CYrHJmYFr5sCJFhW9h9Qm\"}\n"
196
216
  }
197
217
  ]
198
218
  }
@@ -1,14 +1,14 @@
1
1
  {
2
2
  "currentGeneration": 1,
3
- "bestVariant": "variant-d",
4
- "bestScore": 0.4985250737463126,
5
- "targetPath": "/Users/jwu/Dev/stackmemory/CLAUDE.md",
3
+ "bestVariant": "baseline",
4
+ "bestScore": 0.04424778761061947,
5
+ "targetPath": "/Users/jwu/Dev/rize/sol/CLAUDE.md",
6
6
  "history": [
7
7
  {
8
8
  "generation": 0,
9
9
  "variant": "baseline",
10
10
  "action": "init",
11
- "timestamp": "2026-02-18T22:59:36.437Z"
11
+ "timestamp": "2026-03-08T20:55:25.777Z"
12
12
  },
13
13
  {
14
14
  "generation": 1,
@@ -19,35 +19,19 @@
19
19
  "variant-c",
20
20
  "variant-d"
21
21
  ],
22
- "timestamp": "2026-02-18T23:03:13.997Z"
22
+ "timestamp": "2026-03-08T20:56:32.495Z"
23
23
  },
24
24
  {
25
25
  "generation": 1,
26
26
  "action": "select",
27
27
  "scores": [
28
- {
29
- "variant": "variant-d",
30
- "score": 0.4985250737463126
31
- },
32
- {
33
- "variant": "variant-b",
34
- "score": 0.3938053097345133
35
- },
36
- {
37
- "variant": "variant-c",
38
- "score": 0.23230088495575218
39
- },
40
28
  {
41
29
  "variant": "baseline",
42
- "score": 0.21165191740412978
43
- },
44
- {
45
- "variant": "variant-a",
46
- "score": 0.1762536873156342
30
+ "score": 0.04424778761061947
47
31
  }
48
32
  ],
49
- "best": "variant-d",
50
- "timestamp": "2026-02-18T23:23:18.544Z"
33
+ "best": "baseline",
34
+ "timestamp": "2026-03-08T20:58:11.649Z"
51
35
  }
52
36
  ]
53
37
  }