@vibeiao/sdk 0.1.42 → 0.1.44

package/README.md

@@ -675,6 +675,21 @@ const loop = createAgentLoop({
 By default, `createAgentLoop(...)` also enables strict-memory runtime checks in `observe` mode.
 To make it hard-enforced, set `strictMemory.mode = 'enforce'` and provide snapshot fields for gating (`taskText`, `isMutation`, `contextPackPrepared`, `semanticRecallConfirmed`, `approvalPreflightPassed`).
 
+Prompt shield is also available in the loop:
+- trust model: `trusted_human | internal_system | external_untrusted`
+- default behavior: external prompt-injection patterns are blocked in `enforce` mode
+- sensitive mutations require trusted intent; untrusted web/review text cannot authorize actions
+
+Objective guard is also available for objective-mutation integrity:
+- external sources can propose objective changes but cannot command overrides
+- external proposals require mission alignment + evidence (and optional verification) before acceptance
+- trusted human/system objective changes are allowed by policy
+
+Adaptive reflection policy is available for cadence-based adaptation (not per-review thrash):
+- aggregate feedback over time windows and score recurring themes
+- evaluate thresholds + cooldown + daily adaptation caps
+- output `hold|observe|adapt` decision and optional bounded adaptation plan
+
 You can also enforce dual-mode work arbitration:
 - `owner_bound` agents: human-first (owner work preempts autonomous work)
 - `unbound` agents: autonomous-first (run autonomous work by default)

package/dist/agentLoop.d.ts

@@ -3,6 +3,7 @@ import { SurvivalMode, SurvivalRecommendation } from './survivalPlaybook.js';
 import { EscapeHatchDecision, EscapeHatchPolicy, EscapeHatchSnapshot } from './survivalEscapeHatch.js';
 import { CompoundingMemoryUpgradeResult, CompoundingMemoryRequiredSetResult } from './compoundingMemory.js';
 import { StrictMemoryRuntimePreset, StrictMemoryEvaluation, StrictMemoryUpgradeResult } from './strictMemoryRuntime.js';
+import { P as PromptShieldDecision, O as ObjectiveGuardDecision, a as PromptShieldPolicy, b as PromptShieldInput, c as ObjectiveGuardPolicy, d as ObjectiveChangeProposal } from './objectiveGuard-d1x0xgAD.js';
 
 type AgentLoopEscapeHatchInput = {
     snapshot: ResourceSnapshot;
@@ -44,6 +45,36 @@ type AgentLoopStrictMemoryConfig = {
     /** Optional hook when strict-memory evaluation runs. */
     onEvaluation?: (ev: StrictMemoryEvaluation) => Promise<void> | void;
 };
+type AgentLoopPromptShieldConfig = {
+    /** Enable prompt-injection shield over untrusted external content. Default true. */
+    enabled?: boolean;
+    /** observe logs/records only; enforce blocks actions when shield fails. Default observe. */
+    mode?: 'observe' | 'enforce';
+    /** Optional policy overrides for blocked flags. */
+    policy?: PromptShieldPolicy;
+    /** Optional mapper from snapshot to trust-labeled inputs. */
+    buildInputs?: (ctx: {
+        snapshot: ResourceSnapshot;
+        timestamp: number;
+    }) => PromptShieldInput[];
+    /** Optional hook when prompt shield decision is produced. */
+    onDecision?: (decision: PromptShieldDecision) => Promise<void> | void;
+};
+type AgentLoopObjectiveGuardConfig = {
+    /** Enable objective integrity checks for external objective-change attempts. Default true. */
+    enabled?: boolean;
+    /** observe logs only; enforce blocks actions when objective mutation is denied. Default observe. */
+    mode?: 'observe' | 'enforce';
+    /** Policy requirements for external objective mutation acceptance. */
+    policy?: ObjectiveGuardPolicy;
+    /** Build proposed objective change from snapshot. Return null when no proposal is present. */
+    buildProposal?: (ctx: {
+        snapshot: ResourceSnapshot;
+        timestamp: number;
+    }) => ObjectiveChangeProposal | null;
+    /** Optional hook when objective decision is produced. */
+    onDecision?: (decision: ObjectiveGuardDecision) => Promise<void> | void;
+};
 type AgentOwnershipMode = 'owner_bound' | 'unbound';
 type AgentPriorityMode = 'human_first' | 'autonomous_first';
 type AgentHumanDemand = {
@@ -88,6 +119,10 @@ type AgentLoopContext = {
     strictMemoryPreset?: StrictMemoryRuntimePreset;
     strictMemoryEvaluation?: StrictMemoryEvaluation;
     strictMemoryUpgrade?: StrictMemoryUpgradeResult;
+    /** Prompt-injection shield decision for this cycle. */
+    promptShieldDecision?: PromptShieldDecision;
+    /** Objective integrity guard decision for this cycle (when proposal exists). */
+    objectiveGuardDecision?: ObjectiveGuardDecision;
     /** Human-vs-autonomous work arbitration decision for this cycle. */
     workArbitration?: AgentWorkArbitrationDecision;
     timestamp: number;
@@ -168,6 +203,8 @@ type AgentLoopConfig = {
     memory?: AgentLoopMemoryConfig;
     durability?: AgentLoopDurabilityConfig;
     strictMemory?: AgentLoopStrictMemoryConfig;
+    promptShield?: AgentLoopPromptShieldConfig;
+    objectiveGuard?: AgentLoopObjectiveGuardConfig;
     autonomy?: AgentLoopAutonomyConfig;
 };
 /**
@@ -186,4 +223,4 @@ declare const createAgentLoop: (config: AgentLoopConfig) => {
     runOnce: () => Promise<void>;
 };
 
-export { type AgentHumanDemand, type AgentLoopAutonomyConfig, type AgentLoopConfig, type AgentLoopContext, type AgentLoopDurabilityConfig, type AgentLoopEscapeHatchConfig, type AgentLoopEscapeHatchInput, type AgentLoopHooks, type AgentLoopMemoryConfig, type AgentLoopStrictMemoryConfig, type AgentOwnershipMode, type AgentPriorityMode, type AgentWorkArbitrationDecision, createAgentLoop };
+export { type AgentHumanDemand, type AgentLoopAutonomyConfig, type AgentLoopConfig, type AgentLoopContext, type AgentLoopDurabilityConfig, type AgentLoopEscapeHatchConfig, type AgentLoopEscapeHatchInput, type AgentLoopHooks, type AgentLoopMemoryConfig, type AgentLoopObjectiveGuardConfig, type AgentLoopPromptShieldConfig, type AgentLoopStrictMemoryConfig, type AgentOwnershipMode, type AgentPriorityMode, type AgentWorkArbitrationDecision, createAgentLoop };

package/dist/agentLoop.js

@@ -3,8 +3,10 @@ import {
   upgradeCompoundingMemorySystem
 } from "./chunk-JJNRDU7F.js";
 import {
-  createDurabilityProxyClient
-} from "./chunk-PVCW4MAY.js";
+  createDurabilityProxyClient,
+  evaluateObjectiveChange,
+  evaluatePromptShield
+} from "./chunk-EKV2BZMZ.js";
 import {
   createSelfRelianceMonitor
 } from "./chunk-M7DQTU5R.js";
@@ -59,6 +61,10 @@ var createAgentLoop = (config) => {
   const strictMemoryEnabled = config.strictMemory?.enabled ?? true;
   const strictMode = config.strictMemory?.mode ?? "observe";
   const strictMemoryPreset = createStrictMemoryRuntimePreset(config.strictMemory?.preset || {});
+  const promptShieldEnabled = config.promptShield?.enabled ?? true;
+  const promptShieldMode = config.promptShield?.mode ?? "observe";
+  const objectiveGuardEnabled = config.objectiveGuard?.enabled ?? true;
+  const objectiveGuardMode = config.objectiveGuard?.mode ?? "observe";
   const autonomyEnabled = config.autonomy?.enabled ?? true;
   const ownershipMode = config.autonomy?.ownershipMode ?? "owner_bound";
   const priorityMode = config.autonomy?.priorityMode ?? (ownershipMode === "unbound" ? "autonomous_first" : "human_first");
@@ -178,6 +184,64 @@ var createAgentLoop = (config) => {
       approvalPreflightPassed: Boolean(raw.approvalPreflightPassed)
     };
   };
+  const defaultPromptShieldInputBuilder = (ctx) => {
+    const raw = ctx.snapshot;
+    const out = [];
+    const taskText = String(raw.taskText || raw.objective || "").trim();
+    if (taskText) {
+      out.push({ source: "task", trust: "trusted_human", content: taskText });
+    }
+    const externalCandidates = [
+      ["web", raw.webContext],
+      ["reviews", raw.reviewText],
+      ["reviews_batch", raw.reviewTexts],
+      ["external", raw.externalInputs],
+      ["search", raw.searchSnippets]
+    ];
+    for (const [source, value] of externalCandidates) {
+      if (typeof value === "string" && value.trim()) {
+        out.push({ source, trust: "external_untrusted", content: value });
+        continue;
+      }
+      if (Array.isArray(value)) {
+        for (const item of value) {
+          const text = typeof item === "string" ? item : JSON.stringify(item);
+          if (text && text.trim()) out.push({ source, trust: "external_untrusted", content: text });
+        }
+        continue;
+      }
+      if (value && typeof value === "object") {
+        const text = JSON.stringify(value);
+        if (text && text !== "{}") out.push({ source, trust: "external_untrusted", content: text });
+      }
+    }
+    return out;
+  };
+  const defaultObjectiveProposalBuilder = (ctx) => {
+    const raw = ctx.snapshot;
+    const proposedObjective = String(raw.proposedObjective || "").trim();
+    const currentObjective = String(raw.taskText || raw.objective || "").trim();
+    if (!proposedObjective || !currentObjective) return null;
+    const source = String(raw.proposedObjectiveSource || "external");
+    const trust = raw.proposedObjectiveTrust || "external_untrusted";
+    const rationale = typeof raw.proposedObjectiveRationale === "string" ? raw.proposedObjectiveRationale : void 0;
+    const evidenceRaw = Array.isArray(raw.proposedObjectiveEvidence) ? raw.proposedObjectiveEvidence : [];
+    const evidence = evidenceRaw.map((e) => {
+      if (!e || typeof e !== "object") return null;
+      const r = e;
+      const claim = String(r.claim || "").trim();
+      if (!claim) return null;
+      return { claim, verified: r.verified === true };
+    }).filter(Boolean);
+    return {
+      source,
+      trust,
+      currentObjective,
+      proposedObjective,
+      rationale,
+      evidence
+    };
+  };
   const resolveHumanDemand = async () => {
     const raw = await config.autonomy?.resolveHumanDemand?.();
     if (typeof raw === "boolean") return { pending: raw };
@@ -237,6 +301,27 @@ var createAgentLoop = (config) => {
           await config.strictMemory.onEvaluation(strictMemoryEvaluation);
         }
       }
+      let promptShieldDecision;
+      if (promptShieldEnabled) {
+        const shieldInputs = (config.promptShield?.buildInputs || defaultPromptShieldInputBuilder)({ snapshot, timestamp });
+        promptShieldDecision = evaluatePromptShield(shieldInputs, {
+          isSensitiveAction: Boolean(snapshot.isMutation),
+          policy: config.promptShield?.policy
+        });
+        if (config.promptShield?.onDecision) {
+          await config.promptShield.onDecision(promptShieldDecision);
+        }
+      }
+      let objectiveGuardDecision;
+      if (objectiveGuardEnabled) {
+        const proposal = (config.objectiveGuard?.buildProposal || defaultObjectiveProposalBuilder)({ snapshot, timestamp });
+        if (proposal) {
+          objectiveGuardDecision = evaluateObjectiveChange(proposal, config.objectiveGuard?.policy);
+          if (config.objectiveGuard?.onDecision) {
+            await config.objectiveGuard.onDecision(objectiveGuardDecision);
+          }
+        }
+      }
       const humanDemand = autonomyEnabled ? await resolveHumanDemand() : { pending: false };
       const arbitrationBase = {
         ownershipMode,
@@ -272,6 +357,8 @@ var createAgentLoop = (config) => {
         strictMemoryPreset: strictMemoryEnabled ? strictMemoryPreset : void 0,
         strictMemoryEvaluation,
         strictMemoryUpgrade: strictMemoryEnabled ? strictMemoryUpgrade : void 0,
+        promptShieldDecision,
+        objectiveGuardDecision,
         workArbitration: arbitrationBase,
         timestamp
       };
@@ -296,6 +383,13 @@ var createAgentLoop = (config) => {
         const missing = ctx.strictMemoryEvaluation.missingSteps.join(",");
         throw new Error(`strict_memory_blocked:${missing}`);
       }
+      if (promptShieldEnabled && promptShieldMode === "enforce" && ctx.promptShieldDecision && !ctx.promptShieldDecision.allow) {
+        const flags = ctx.promptShieldDecision.flags.join(",");
+        throw new Error(`prompt_shield_blocked:${flags}`);
+      }
+      if (objectiveGuardEnabled && objectiveGuardMode === "enforce" && ctx.objectiveGuardDecision && !ctx.objectiveGuardDecision.allowObjectiveChange) {
+        throw new Error(`objective_guard_blocked:${ctx.objectiveGuardDecision.reason}`);
+      }
       if (autonomyEnabled && config.autonomy?.onAutonomous && rolloutMode === "enforce") {
         if (ctx.workArbitration?.runHumanTask) await runHumanTask();
         if (ctx.workArbitration?.runAutonomousTask) await runAutonomousTask();

package/dist/chunk-EKV2BZMZ.js

@@ -0,0 +1,247 @@
+// src/durabilityProxy.ts
+var withTimeout = async (fetcher, input, init, timeoutMs) => {
+  const controller = new AbortController();
+  const timer = setTimeout(() => controller.abort(), timeoutMs);
+  try {
+    return await fetcher(input, { ...init, signal: controller.signal });
+  } finally {
+    clearTimeout(timer);
+  }
+};
+var readJson = async (response) => {
+  const text = await response.text();
+  if (!text) return null;
+  try {
+    return JSON.parse(text);
+  } catch {
+    return { raw: text };
+  }
+};
+var createDurabilityProxyClient = (options) => {
+  const fetcher = options.fetcher || fetch;
+  const timeoutMs = Number.isFinite(Number(options.timeoutMs)) ? Math.max(500, Number(options.timeoutMs)) : 8e3;
+  const base = String(options.baseUrl || "").replace(/\/+$/, "");
+  const agentId = String(options.agentId || "").trim();
+  const agentToken = String(options.agentToken || "").trim();
+  if (!base) throw new Error("durability_proxy_base_missing");
+  if (!agentId) throw new Error("durability_proxy_agent_id_missing");
+  if (!agentToken) throw new Error("durability_proxy_agent_token_missing");
+  const headers = {
+    "content-type": "application/json",
+    "x-agent-id": agentId,
+    "x-agent-token": agentToken
+  };
+  return {
+    async writeCheckpoint(payloadJson, opts = {}) {
+      const response = await withTimeout(
+        fetcher,
+        `${base}/v1/checkpoints`,
+        {
+          method: "POST",
+          headers,
+          body: JSON.stringify({
+            payloadJson,
+            sha256: opts.sha256,
+            contentType: opts.contentType,
+            metadata: opts.metadata
+          })
+        },
+        timeoutMs
+      );
+      const body = await readJson(response);
+      if (!response.ok) {
+        const detail = body?.error || `http_${response.status}`;
+        throw new Error(`durability_checkpoint_write_failed:${detail}`);
+      }
+      return body;
+    },
+    async latestCheckpoint() {
+      const response = await withTimeout(
+        fetcher,
+        `${base}/v1/checkpoints/latest`,
+        { method: "GET", headers: { "x-agent-id": agentId, "x-agent-token": agentToken } },
+        timeoutMs
+      );
+      const body = await readJson(response);
+      if (!response.ok) {
+        const detail = body?.error || `http_${response.status}`;
+        throw new Error(`durability_checkpoint_latest_failed:${detail}`);
+      }
+      return body;
+    },
+    async writeRestoreDrill(ok, opts = {}) {
+      const response = await withTimeout(
+        fetcher,
+        `${base}/v1/checkpoints/restore-drill`,
+        {
+          method: "POST",
+          headers,
+          body: JSON.stringify({
+            checkpointId: opts.checkpointId,
+            ok,
+            details: opts.details
+          })
+        },
+        timeoutMs
+      );
+      const body = await readJson(response);
+      if (!response.ok) {
+        const detail = body?.error || `http_${response.status}`;
+        throw new Error(`durability_restore_drill_write_failed:${detail}`);
+      }
+      return body;
+    }
+  };
+};
+
+// src/promptShield.ts
+var RULES = [
+  {
+    flag: "instruction_override",
+    risk: "high",
+    test: [/ignore\s+(all\s+)?previous/i, /disregard\s+instructions/i, /new\s+system\s+prompt/i]
+  },
+  {
+    flag: "credential_exfiltration",
+    risk: "high",
+    test: [/api\s*key/i, /private\s*key/i, /seed\s*phrase/i, /wallet\s*secret/i, /send\s+me\s+your\s+token/i]
+  },
+  {
+    flag: "destructive_command",
+    risk: "high",
+    test: [/\brm\s+-rf\b/i, /drop\s+database/i, /delete\s+all/i, /overwrite\s+memory/i]
+  },
+  {
+    flag: "authority_spoof",
+    risk: "medium",
+    test: [/as\s+your\s+owner/i, /authorized\s+admin/i, /from\s+charles/i]
+  }
+];
+var rankRisk = (a, b) => {
+  const w = { low: 1, medium: 2, high: 3 };
+  return w[a] >= w[b] ? a : b;
+};
+var toDefaultBlockSet = () => /* @__PURE__ */ new Set(["instruction_override", "credential_exfiltration", "destructive_command", "authority_spoof", "sensitive_action_without_trust"]);
+var evaluatePromptShield = (inputs, options = {}) => {
+  const policy = options.policy || {};
+  const blockSet = policy.blockOnFlags ? new Set(policy.blockOnFlags) : toDefaultBlockSet();
+  const rationale = [];
+  const blockedInputs = [];
+  const flags = /* @__PURE__ */ new Set();
+  let risk = "low";
+  for (const input of inputs) {
+    if (input.trust !== "external_untrusted") continue;
+    const text = String(input.content || "");
+    for (const rule of RULES) {
+      if (rule.test.some((rx) => rx.test(text))) {
+        flags.add(rule.flag);
+        risk = rankRisk(risk, rule.risk);
+      }
+    }
+  }
+  if (options.isSensitiveAction) {
+    const hasTrusted = inputs.some((i) => i.trust === "trusted_human" || i.trust === "internal_system");
+    if (!hasTrusted) {
+      flags.add("sensitive_action_without_trust");
+      risk = rankRisk(risk, "high");
+      rationale.push("Sensitive action lacks trusted human/system intent; external input cannot authorize mutation.");
+    }
+  }
+  const blocked = [...flags].some((f) => blockSet.has(f));
+  if (blocked) {
+    for (const input of inputs) {
+      if (input.trust === "external_untrusted") blockedInputs.push(input);
+    }
+  }
+  if (!flags.size) {
+    rationale.push("No injection indicators detected in untrusted sources.");
+  } else {
+    rationale.push(`Detected prompt-shield flags: ${[...flags].join(",")}`);
+  }
+  if (policy.allowUntrustedForAnalysisOnly && blocked) {
+    rationale.push("Untrusted content may be used for analysis only; execution remains blocked.");
+  }
+  return {
+    allow: !blocked,
+    risk,
+    flags: [...flags],
+    rationale,
+    blockedInputs
+  };
+};
+
+// src/objectiveGuard.ts
+var normalize = (v) => String(v || "").trim().toLowerCase();
+var isExplicitInstruction = (text) => /\b(do this instead|switch objective|change objective|stop current objective|ignore current objective)\b/i.test(
+  text || ""
+);
+var missionAlignment = (currentObjective, proposedObjective) => {
+  const a = new Set(normalize(currentObjective).split(/\W+/).filter(Boolean));
+  const b = new Set(normalize(proposedObjective).split(/\W+/).filter(Boolean));
+  if (!a.size || !b.size) return false;
+  let overlap = 0;
+  for (const tok of b) if (a.has(tok)) overlap += 1;
+  return overlap / Math.max(1, b.size) >= 0.2;
+};
+var evaluateObjectiveChange = (proposal, policy = {}) => {
+  const requireMissionAlignment = policy.requireMissionAlignment ?? true;
+  const requireEvidenceVerification = policy.requireEvidenceVerification ?? true;
+  const allowExternalExplicitInstruction = policy.allowExternalExplicitInstruction ?? false;
+  const explicitInstruction = isExplicitInstruction(proposal.proposedObjective) || isExplicitInstruction(proposal.rationale || "");
+  const missionAligned = missionAlignment(proposal.currentObjective, proposal.proposedObjective);
+  const evidence = Array.isArray(proposal.evidence) ? proposal.evidence : [];
+  const evidenceProvided = evidence.length > 0;
+  const evidenceVerified = evidenceProvided && evidence.every((e) => e.verified === true);
+  if (proposal.trust === "trusted_human" || proposal.trust === "internal_system") {
+    return {
+      allowObjectiveChange: true,
+      reason: "trusted_source_override",
+      checks: { explicitInstruction, missionAligned, evidenceProvided, evidenceVerified },
+      risk: "low"
+    };
+  }
+  if (explicitInstruction && !allowExternalExplicitInstruction) {
+    return {
+      allowObjectiveChange: false,
+      reason: "external_explicit_instruction_blocked",
+      checks: { explicitInstruction, missionAligned, evidenceProvided, evidenceVerified },
+      risk: "high"
+    };
+  }
+  if (requireMissionAlignment && !missionAligned) {
+    return {
+      allowObjectiveChange: false,
+      reason: "mission_alignment_failed",
+      checks: { explicitInstruction, missionAligned, evidenceProvided, evidenceVerified },
+      risk: "high"
+    };
+  }
+  if (!evidenceProvided) {
+    return {
+      allowObjectiveChange: false,
+      reason: "evidence_missing",
+      checks: { explicitInstruction, missionAligned, evidenceProvided, evidenceVerified },
+      risk: "medium"
+    };
+  }
+  if (requireEvidenceVerification && !evidenceVerified) {
+    return {
+      allowObjectiveChange: false,
+      reason: "evidence_unverified",
+      checks: { explicitInstruction, missionAligned, evidenceProvided, evidenceVerified },
+      risk: "high"
+    };
+  }
+  return {
+    allowObjectiveChange: true,
+    reason: "reasoned_external_change_allowed",
+    checks: { explicitInstruction, missionAligned, evidenceProvided, evidenceVerified },
+    risk: "low"
+  };
+};
+
+export {
+  createDurabilityProxyClient,
+  evaluatePromptShield,
+  evaluateObjectiveChange
+};