@venturewild/workspace 0.4.1 → 0.5.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@venturewild/workspace",
-  "version": "0.4.1",
+  "version": "0.5.0",
   "description": "Claude Code Web — Replit/Lovable-style chat-first browser UI that wraps the AI agent already installed on your machine.",
   "license": "MIT",
   "bin": {
@@ -42,16 +42,18 @@
   },
   "optionalDependencies": {
     "@homebridge/node-pty-prebuilt-multiarch": "0.13.1",
-    "@venturewild/workspace-daemon-darwin-arm64": "0.1.3",
-    "@venturewild/workspace-daemon-darwin-x64": "0.1.3",
-    "@venturewild/workspace-daemon-linux-x64": "0.1.3",
-    "@venturewild/workspace-daemon-win32-x64": "0.1.3"
+    "@venturewild/workspace-daemon-darwin-arm64": "0.1.4",
+    "@venturewild/workspace-daemon-darwin-x64": "0.1.4",
+    "@venturewild/workspace-daemon-linux-x64": "0.1.4",
+    "@venturewild/workspace-daemon-win32-x64": "0.1.4"
   },
   "devDependencies": {
     "@testing-library/jest-dom": "^6.9.1",
     "@testing-library/react": "^16.3.2",
     "@testing-library/user-event": "^14.6.1",
     "@vitejs/plugin-react": "^4.3.0",
+    "@xterm/addon-fit": "^0.11.0",
+    "@xterm/xterm": "^6.0.0",
     "concurrently": "^9.0.0",
     "diff": "^9.0.0",
     "jsdom": "^29.1.1",

package/server/src/agent-login.mjs

@@ -28,7 +28,7 @@ const URL_RE = /(https?:\/\/[^\s'"]+)/;
 const CODE_HINT_RE = /paste.*code|enter the code|authoriz(at)?ion code|code:\s*$/i;
 
 let _ptyModPromise;
-async function defaultPtyLoader() {
+export async function defaultPtyLoader() {
   if (!_ptyModPromise) {
     _ptyModPromise = import('@homebridge/node-pty-prebuilt-multiarch')
       .then((m) => m.default || m)

package/server/src/bazaar/core.mjs

@@ -164,8 +164,38 @@ export function scoreRecipe(recipe, need) {
   return { score, matched };
 }
 
+// --- Class-B auto-scan (B2) ------------------------------------------------
+// A conservative, pattern-based check that a published recipe carries no baked-in
+// secrets and no obviously destructive / remote-exec commands. It gates the FAST
+// lane (Class B self-attest), not a full audit — Class C/D get human review. High-
+// confidence patterns only, so a clean recipe is rarely false-flagged. Never throws.
+const UNSAFE_PATTERNS = [
+  { kind: 'secret', note: 'private key', re: /-----BEGIN [A-Z ]*PRIVATE KEY-----/ },
+  { kind: 'secret', note: 'AWS access key', re: /\bAKIA[0-9A-Z]{16}\b/ },
+  { kind: 'secret', note: 'API secret key', re: /\b(?:sk|rk)_(?:live|test)_[A-Za-z0-9]{16,}\b/ },
+  { kind: 'secret', note: 'GitHub token', re: /\bgh[pousr]_[A-Za-z0-9]{20,}\b/ },
+  { kind: 'secret', note: 'hardcoded credential', re: /(?:api[_-]?key|secret|password|passwd|access[_-]?token)\s*[:=]\s*['"][^'"\s]{12,}['"]/i },
+  { kind: 'destructive', note: 'recursive delete of a root/home path', re: /\brm\s+-[a-z]*r[a-z]*f?\s+[~/]/ },
+  { kind: 'destructive', note: 'fork bomb', re: /:\(\)\s*\{\s*:\s*\|\s*:&\s*\}\s*;\s*:/ },
+  { kind: 'exfiltrate', note: 'pipe a remote script straight into a shell', re: /\b(?:curl|wget)\b[^\n|]*\|\s*(?:sudo\s+)?(?:ba)?sh\b/i },
+];
+export function scanForUnsafe(text) {
+  const s = String(text || '');
+  const findings = [];
+  for (const p of UNSAFE_PATTERNS) {
+    if (p.re.test(s)) findings.push({ kind: p.kind, note: p.note });
+  }
+  return { clean: findings.length === 0, findings };
+}
+
 // --- the bazaar instance --------------------------------------------------
 
+// Outcome score = a Bayesian-smoothed build success rate (B1). The recipe's
+// declared outcomeScore is the PRIOR mean; this many pseudo-builds give it weight,
+// so a brand-new listing or a thin sample isn't whipsawed by one result, while a
+// recipe with real volume converges on its true rate.
+const OUTCOME_PRIOR_K = 4;
+
 export function createBazaar({ baseDir, seedDir = SEED_DIR } = {}) {
   const dir = baseDir || defaultBazaarDir();
   const eventsFile = path.join(dir, 'events.jsonl');
@@ -185,6 +215,102 @@ export function createBazaar({ baseDir, seedDir = SEED_DIR } = {}) {
     }
   }
 
+  // --- live outcome telemetry (B1) ----------------------------------------
+  // Real build-result events (recorded by record_build_result after a build lands
+  // or fails) are the signal behind outcomeScore. Cached on the events file's
+  // size+mtime so it stays correct even when the MCP child process appends.
+  let _outcomeCache = null;
+  let _outcomeCacheSig = null;
+  function liveOutcomes() {
+    let sig = '0';
+    try { const st = fs.statSync(eventsFile); sig = `${st.size}:${st.mtimeMs}`; } catch { /* no file yet */ }
+    if (_outcomeCache && _outcomeCacheSig === sig) return _outcomeCache;
+    const map = {};
+    for (const e of events()) {
+      if (e.type !== 'build-result' || !e.recipeId) continue;
+      const m = (map[e.recipeId] ??= { builds: 0, working: 0 });
+      m.builds += 1;
+      if (e.success) m.working += 1;
+    }
+    _outcomeCache = map;
+    _outcomeCacheSig = sig;
+    return map;
+  }
+  // The recipe's accumulated { builds, working }: its seed baseline (missing →
+  // {0,0}, the migration for old listings) plus live build-results.
+  function liveStats(r) {
+    const base = r.outcomeStats && typeof r.outcomeStats === 'object' ? r.outcomeStats : { builds: 0, working: 0 };
+    const live = liveOutcomes()[r.id] || { builds: 0, working: 0 };
+    return { builds: (base.builds || 0) + live.builds, working: (base.working || 0) + live.working };
+  }
+  // Bayesian-smoothed success rate. Prior mean = the declared outcomeScore (0.7 for
+  // an undeclared listing); with zero live results it equals the declared score, so
+  // seed rankings stay stable until real outcomes accumulate.
+  function liveScore(r) {
+    const prior = typeof r.outcomeScore === 'number' ? r.outcomeScore : 0.7;
+    const { builds, working } = liveStats(r);
+    const score = (working + OUTCOME_PRIOR_K * prior) / (builds + OUTCOME_PRIOR_K);
+    return Math.max(0, Math.min(1, Math.round(score * 1000) / 1000));
+  }
+  // The agent reports whether a build that used a recipe actually WORKED (B1) — the
+  // real signal behind the outcome score. Appended to events.jsonl; liveScore reads
+  // it on the next card render. Unknown recipe → a no-op error (keeps events clean).
+  function recordBuildResult({ recipeId, success, reason = '' } = {}) {
+    const r = getRecipe(recipeId);
+    if (!r) return { ok: false, error: `no recipe "${recipeId}" on the shelf` };
+    const evt = appendEvent({
+      type: 'build-result',
+      recipeId: r.id,
+      title: r.title,
+      success: !!success,
+      reason: String(reason || '').slice(0, 200),
+    });
+    return { ok: true, event: evt, outcome: { ...liveStats(r), score: liveScore(r) } };
+  }
+
+  // --- trust & provenance (B2) --------------------------------------------
+  // The §3 schema (docs/shelf-trust-provenance-design.md). riskClass is the spine:
+  // A data (themes) · B local build-recipe · C connected-service · D executable-skill.
+  // provenanceFor() also MIGRATES old records on read — a listing with the legacy
+  // safetyBadge but no riskClass gets defaults by kind, and a free-text sourceNote
+  // becomes a builtFrom[] entry — so an existing listings.json never breaks.
+  function riskClassOf(r) {
+    if (['A', 'B', 'C', 'D'].includes(r.riskClass)) return r.riskClass;
+    if (r.kind === 'theme') return 'A';
+    if (r.service || r.hasService) return 'C';
+    return 'B';
+  }
+  function normalizeBuiltFrom(r) {
+    if (Array.isArray(r.builtFrom)) {
+      return r.builtFrom.filter(Boolean).map((b) => ({ type: b.type || 'recipe', id: b.id ?? null, note: b.note || b.title || '' }));
+    }
+    if (r.builtFrom && (r.builtFrom.id || r.builtFrom.title)) {
+      // the C2 remix pointer { id, title } → the schema's array form
+      return [{ type: r.kind === 'theme' ? 'theme' : 'recipe', id: r.builtFrom.id ?? null, note: r.builtFrom.title || '' }];
+    }
+    if (r.sourceNote) return [{ type: 'scratch', id: null, note: String(r.sourceNote) }]; // migrate free-text
+    return [];
+  }
+  function provenanceFor(r) {
+    const riskClass = riskClassOf(r);
+    const trusted = r.source === 'seed' || r.source === 'theme'; // VW-shipped → pre-vetted
+    const dataTouched = r.dataTouched || (riskClass === 'C'
+      ? { egress: [], scope: 'external', paid: { model: r.reward?.perUseValue ? 'per-use' : 'none', note: '' } }
+      : { egress: [], scope: 'in-workspace', paid: { model: 'none', note: '' } });
+    const attestation = r.attestation || {
+      privacy: riskClass === 'C' ? 'not-attested' : 'n/a',
+      attestedBy: null,
+      at: null,
+    };
+    const defaultVerdict =
+      riskClass === 'A' ? 'auto'
+        : riskClass === 'B' ? (trusted ? 'scanned' : 'unscanned')
+          : riskClass === 'C' ? (trusted ? 'reviewed' : 'unvetted')
+            : 'unvetted'; // D never auto-clears (enforcement deferred → own/teammate only)
+    const vetting = r.vetting || { verdict: defaultVerdict, stakes: 'ordinary', signature: null, capabilities: null, findings: [] };
+    return { riskClass, builtFrom: normalizeBuiltFrom(r), dataTouched, attestation, vetting };
+  }
+
   function shelf() {
     const seed = loadSeedRecipes(seedDir);
     const listings = readJsonSafe(listingsFile, []);
@@ -205,9 +331,10 @@ export function createBazaar({ baseDir, seedDir = SEED_DIR } = {}) {
       producer: r.producer,
       summary: r.summary,
       vendorDescription: r.vendorDescription,
-      outcomeScore: r.outcomeScore,
-      outcomeStats: r.outcomeStats,
-      safetyBadge: r.safetyBadge,
+      outcomeScore: liveScore(r),
+      outcomeStats: liveStats(r),
+      safetyBadge: r.safetyBadge, // legacy field kept for back-compat; web derives from `vetting`
+      ...provenanceFor(r), //       B2: riskClass · builtFrom · dataTouched · attestation · vetting
       rating: r.rating,
       reward: r.reward,
       hasService: Boolean(r.service),
@@ -226,7 +353,7 @@ export function createBazaar({ baseDir, seedDir = SEED_DIR } = {}) {
         return { r, score, matched };
       })
       .filter((x) => x.score > 0)
-      .sort((a, b) => b.score - a.score || (b.r.outcomeScore || 0) - (a.r.outcomeScore || 0))
+      .sort((a, b) => b.score - a.score || liveScore(b.r) - liveScore(a.r))
       .slice(0, limit);
     return ranked.map((x) => card(x.r, { relevance: x.score, matched: x.matched }));
   }
@@ -316,13 +443,18 @@ export function createBazaar({ baseDir, seedDir = SEED_DIR } = {}) {
   }
 
   // The flip side (§3.7): the user's agent packaged a build into a listing.
-  function publishListing({ id, title, pitch, summary, tags = [], knowHow = '', producer, buildDir }) {
+  function publishListing({ id, title, pitch, summary, tags = [], knowHow = '', producer, buildDir, builtFrom = null }) {
     ensureDir();
     const listings = readJsonSafe(listingsFile, []);
     const arr = Array.isArray(listings) ? listings : [];
     const slug =
       id ||
       `${normalize(title).split(' ').slice(0, 4).join('-') || 'listing'}-${rid().slice(0, 4)}`;
+    // Class-B vetting (B2): a recipe is local build know-how → self-attest + an
+    // automated scan. A clean scan earns the 'scanned' verdict; a hit is recorded
+    // (verdict 'flagged' + findings) so the badge tells the truth — publishing isn't
+    // blocked here (single-user/local shelf), but the listing carries its verdict.
+    const scan = scanForUnsafe(knowHow);
     const listing = {
       id: slug,
       title: title || 'Untitled',
@@ -335,7 +467,18 @@ export function createBazaar({ baseDir, seedDir = SEED_DIR } = {}) {
       buildDir: buildDir || null,
       outcomeScore: 0.7, // new listing: a starting, unproven score (earns its place by working)
       outcomeStats: { builds: 0, working: 0 },
-      safetyBadge: 'new',
+      safetyBadge: 'new', // legacy field; the real signal is `vetting` below
+      riskClass: 'B',
+      ...(builtFrom && builtFrom.id ? { builtFrom: { id: String(builtFrom.id), title: String(builtFrom.title || '') } } : {}),
+      dataTouched: { egress: [], scope: 'in-workspace', paid: { model: 'none', note: '' } },
+      attestation: { privacy: 'n/a', attestedBy: (producer || {}).handle || 'you', at: new Date().toISOString() },
+      vetting: {
+        verdict: scan.clean ? 'scanned' : 'flagged',
+        stakes: 'ordinary',
+        signature: null,
+        capabilities: null,
+        findings: scan.findings,
+      },
       rating: { stars: 0, count: 0 },
       reward: { model: 'one-time', unit: 'per build', perUseValue: 0, oneTimeValue: 5.0 },
       source: 'listing',
@@ -367,12 +510,18 @@ export function createBazaar({ baseDir, seedDir = SEED_DIR } = {}) {
   // Publish a theme as a listing. The payload is a hex-token bundle (validated by
   // normalizeTheme — same security boundary as set_theme: data, never CSS). It
   // lands in listings.json with kind:'theme' and shows on the Themes shelf.
-  function publishTheme({ title, pitch, summary, tags = [], producer, theme } = {}) {
+  function publishTheme({ title, pitch, summary, tags = [], producer, theme, builtFrom = null } = {}) {
     ensureDir();
     const bundle = normalizeTheme(theme || {});
     const listings = readJsonSafe(listingsFile, []);
     const arr = Array.isArray(listings) ? listings : [];
     const slug = `theme-${normalize(title).split(' ').slice(0, 3).join('-') || 'custom'}-${rid().slice(0, 4)}`;
+    // A remix records what it was tweaked from (the source theme on the shelf) so the
+    // network shows lineage — "built on each other's work", not a flat catalogue.
+    const provenance =
+      builtFrom && builtFrom.id
+        ? { id: String(builtFrom.id), title: String(builtFrom.title || '') }
+        : null;
     const listing = {
       id: slug,
       kind: 'theme',
@@ -384,6 +533,7 @@ export function createBazaar({ baseDir, seedDir = SEED_DIR } = {}) {
       producer: producer || { name: 'You', handle: 'you', kind: 'maker' },
       tags,
       theme: bundle,
+      ...(provenance ? { builtFrom: provenance } : {}),
       outcomeScore: 0.7,
       outcomeStats: { builds: 0, working: 0 },
       safetyBadge: 'new',
@@ -394,7 +544,7 @@ export function createBazaar({ baseDir, seedDir = SEED_DIR } = {}) {
     const next = arr.filter((l) => l.id !== listing.id);
     next.push(listing);
     writeJsonAtomic(listingsFile, next);
-    appendEvent({ type: 'publish', recipeId: listing.id, title: listing.title, producer: listing.producer });
+    appendEvent({ type: 'publish', recipeId: listing.id, title: listing.title, producer: listing.producer, ...(provenance ? { builtFrom: provenance } : {}) });
     return {
       ok: true,
       listing: card(listing),
@@ -557,6 +707,7 @@ export function createBazaar({ baseDir, seedDir = SEED_DIR } = {}) {
     card,
     search,
     recordUse,
+    recordBuildResult,
     recordServiceCall,
     publishListing,
     publishTheme,

package/server/src/bazaar/index.mjs

@@ -17,8 +17,8 @@ export const MCP_SERVER_PATH = path.join(__dirname, 'mcp-server.mjs');
 export const BAZAAR_SYSTEM_PROMPT = [
   "This workspace has a *bazaar* — a shelf of proven recipes other producers have shared, each",
   "measured by how often it actually gets someone a working result. You can reach onto it with the",
-  "bazaar tools (mcp__bazaar__search_shelf, open_recipe, launch_preview, record_use, publish_listing,",
-  "draft_recipe, publish_draft).",
+  "bazaar tools (mcp__bazaar__search_shelf, open_recipe, launch_preview, record_use, record_build_result,",
+  "publish_listing, draft_recipe, publish_draft, find_themes, apply_theme).",
   "",
   "When the user describes something to build or an outcome they want, and it PLAUSIBLY matches a",
   "known proven build, quietly call search_shelf first. If there is a STRONG, clearly-relevant match,",
@@ -30,6 +30,19 @@ export const BAZAAR_SYSTEM_PROMPT = [
   "one-shot following that know-how, call launch_preview with the build folder so the live preview",
   "opens, then call record_use so the producer gets credit and the transaction is recorded.",
   "",
+  "CONNECTED SERVICES (a recipe whose card shows riskClass \"C\" — it sends some of the user's data to an",
+  "outside producer, live, usually for a small per-use cost): keep it seamless but honest. Wire it in and",
+  "just MENTION it in one plain line — \"I'll use TickUp's matching, a verified producer\". A go-live",
+  "receipt (what data leaves · any cost · whether they've attested privacy) shows automatically after",
+  "record_use — you don't have to recite it. Two exceptions: if the card's vetting.stakes is \"high\" (it",
+  "moves money or takes an irreversible real-world action), PAUSE and get the user's explicit go-ahead",
+  "BEFORE wiring it; and if attestation.privacy is \"not-attested\", say so plainly. Class A (themes) and",
+  "Class B (local builds) never need a receipt — they're data or stay on the user's machine.",
+  "",
+  "After a build that used a recipe is working (or if you couldn't get it working), call",
+  "record_build_result with success true/false — honestly. It's the real signal behind each recipe's",
+  "outcome score, so the shelf keeps surfacing what actually works.",
+  "",
   "After the user has something that works and is reusable, you may offer to package it so others can",
   "build on it (\"want me to make this usable by others? you'd earn when they do\"). If they accept, or",
   "if they ask to list/sell it, call publish_listing.",

package/server/src/bazaar/mcp-server.mjs

@@ -167,6 +167,53 @@ const TOOLS = [
       required: ['title'],
     },
   },
+  {
+    name: 'record_build_result',
+    description:
+      "Report whether a build that used a recipe actually WORKED for the user — call this after the " +
+      "user confirms the preview works, or if you couldn't get the build working. This is the real " +
+      "signal behind a recipe's outcome score (how often it actually gets people a working result), so " +
+      "be honest: it's what keeps the shelf surfacing what works, not marketing.",
+    inputSchema: {
+      type: 'object',
+      properties: {
+        recipeId: { type: 'string', description: 'The recipe id that was built on.' },
+        success: { type: 'boolean', description: 'true if the build worked for the user, false if it failed.' },
+        reason: { type: 'string', description: 'Optional short note on what worked or went wrong.' },
+      },
+      required: ['recipeId', 'success'],
+    },
+  },
+  {
+    name: 'find_themes',
+    description:
+      "Search the bazaar for workspace THEMES (colour looks) that match what the user wants — e.g. " +
+      "\"a calm dark theme\", \"warm and bright\". Returns ranked theme cards, each with its hex bundle " +
+      "so you can describe the look. Call this when the user asks to change/find/try a look, then " +
+      "apply_theme with the chosen id to actually wear it.",
+    inputSchema: {
+      type: 'object',
+      properties: {
+        need: { type: 'string', description: "Plain-language description of the look the user wants." },
+        limit: { type: 'number', description: 'Max themes to return (default 6).' },
+      },
+      required: ['need'],
+    },
+  },
+  {
+    name: 'apply_theme',
+    description:
+      "Make the user's workspace WEAR a theme from the shelf (by id from find_themes). Applies the look " +
+      "live and credits the producer (the three-way moment). The user's own accent colour — their " +
+      "identity — is preserved; the theme restyles the surfaces around it.",
+    inputSchema: {
+      type: 'object',
+      properties: {
+        themeId: { type: 'string', description: 'The theme id from find_themes.' },
+      },
+      required: ['themeId'],
+    },
+  },
 ];
 
 // --- tool dispatch --------------------------------------------------------
@@ -263,6 +310,48 @@ function callTool(name, args = {}) {
       });
       return textContent({ kind: 'publish', listing: res.listing, earning: res.earning, simulated: true });
     }
+    case 'record_build_result': {
+      const res = bazaar.recordBuildResult({ recipeId: args.recipeId, success: args.success, reason: args.reason });
+      if (!res.ok) return { ...textContent({ kind: 'error', error: res.error }), isError: true };
+      return textContent({ kind: 'build-result', recipeId: args.recipeId, success: !!args.success, outcome: res.outcome });
+    }
+    case 'find_themes': {
+      const need = args.need || '';
+      const limit = Math.min(Number(args.limit) || 6, 20);
+      // Rank themes by relevance to the need; fall back to the full theme shelf
+      // (by outcome) when nothing scores, so the agent can always browse + pick.
+      let themes = need.trim()
+        ? bazaar.search(need, { limit: 24 }).filter((c) => c.kind === 'theme')
+        : [];
+      if (themes.length === 0) {
+        themes = bazaar
+          .shelf()
+          .filter((r) => r.kind === 'theme')
+          .sort((a, b) => (b.outcomeScore || 0) - (a.outcomeScore || 0))
+          .map((r) => bazaar.card(r));
+      }
+      themes = themes.slice(0, limit);
+      return textContent({
+        kind: 'themes',
+        need,
+        count: themes.length,
+        themes,
+        guidance: 'Pick the theme that best fits what the user asked for, then call apply_theme with its id to wear it.',
+      });
+    }
+    case 'apply_theme': {
+      const res = bazaar.recordThemeApply({ themeId: args.themeId });
+      if (!res.ok) return { ...textContent({ kind: 'error', error: res.error }), isError: true };
+      // kind:'theme-applied' is the signal the web routes to applyAgentTheme (the
+      // browser re-validates the hex bundle before touching the DOM).
+      return textContent({
+        kind: 'theme-applied',
+        themeId: args.themeId,
+        theme: res.theme,
+        title: res.title,
+        threeWay: res.threeWay,
+      });
+    }
     default:
       return { ...textContent({ kind: 'error', error: `unknown tool ${name}` }), isError: true };
   }

package/server/src/bazaar/seed-recipes/tickup-hr-matching/recipe.json

@@ -8,6 +8,14 @@
   "outcomeScore": 0.94,
   "outcomeStats": { "builds": 38, "working": 36 },
   "safetyBadge": "verified",
+  "riskClass": "C",
+  "dataTouched": {
+    "egress": ["the role you describe", "the candidate names + details you paste"],
+    "scope": "external",
+    "paid": { "model": "per-use", "note": "a small amount each time the matching service ranks candidates" }
+  },
+  "attestation": { "privacy": "attested", "attestedBy": "tickup", "at": "2026-05-20T00:00:00.000Z" },
+  "vetting": { "verdict": "reviewed", "stakes": "ordinary", "signature": null, "capabilities": null, "findings": [] },
   "rating": { "stars": 4.8, "count": 27 },
   "tags": [
     "hr", "human resources", "recruiting", "recruiter", "recruitment",