npm - baselineos - Versions diffs - 0.2.0-beta.1 - Mend

baselineos 0.2.0-beta.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (64) hide show

package/LICENSE +17 -0
package/README.md +198 -0
package/dist/__evals__/runner.d.ts +2 -0
package/dist/__evals__/runner.js +14687 -0
package/dist/__evals__/runner.js.map +1 -0
package/dist/api/server.d.ts +21 -0
package/dist/api/server.js +1007 -0
package/dist/api/server.js.map +1 -0
package/dist/cli/bin.d.ts +1 -0
package/dist/cli/bin.js +8427 -0
package/dist/cli/bin.js.map +1 -0
package/dist/core/agent-bus.d.ts +110 -0
package/dist/core/agent-bus.js +242 -0
package/dist/core/agent-bus.js.map +1 -0
package/dist/core/cache.d.ts +66 -0
package/dist/core/cache.js +160 -0
package/dist/core/cache.js.map +1 -0
package/dist/core/config.d.ts +1002 -0
package/dist/core/config.js +429 -0
package/dist/core/config.js.map +1 -0
package/dist/core/indexer.d.ts +152 -0
package/dist/core/indexer.js +481 -0
package/dist/core/indexer.js.map +1 -0
package/dist/core/llm-tracer.d.ts +2 -0
package/dist/core/llm-tracer.js +241 -0
package/dist/core/llm-tracer.js.map +1 -0
package/dist/core/memory.d.ts +86 -0
package/dist/core/memory.js +346 -0
package/dist/core/memory.js.map +1 -0
package/dist/core/opa-client.d.ts +51 -0
package/dist/core/opa-client.js +157 -0
package/dist/core/opa-client.js.map +1 -0
package/dist/core/opa-policy-gate.d.ts +133 -0
package/dist/core/opa-policy-gate.js +454 -0
package/dist/core/opa-policy-gate.js.map +1 -0
package/dist/core/orchestrator.d.ts +14 -0
package/dist/core/orchestrator.js +1297 -0
package/dist/core/orchestrator.js.map +1 -0
package/dist/core/pii-detector.d.ts +82 -0
package/dist/core/pii-detector.js +126 -0
package/dist/core/pii-detector.js.map +1 -0
package/dist/core/rag-engine.d.ts +121 -0
package/dist/core/rag-engine.js +504 -0
package/dist/core/rag-engine.js.map +1 -0
package/dist/core/task-queue.d.ts +69 -0
package/dist/core/task-queue.js +124 -0
package/dist/core/task-queue.js.map +1 -0
package/dist/core/telemetry.d.ts +56 -0
package/dist/core/telemetry.js +94 -0
package/dist/core/telemetry.js.map +1 -0
package/dist/core/types.d.ts +328 -0
package/dist/core/types.js +24 -0
package/dist/core/types.js.map +1 -0
package/dist/index.d.ts +21 -0
package/dist/index.js +12444 -0
package/dist/index.js.map +1 -0
package/dist/llm-tracer-CIIujuO-.d.ts +493 -0
package/dist/mcp/server.d.ts +2651 -0
package/dist/mcp/server.js +676 -0
package/dist/mcp/server.js.map +1 -0
package/dist/orchestrator-DF89k_AK.d.ts +506 -0
package/package.json +157 -0
package/templates/README.md +7 -0
package/templates/baseline.config.ts +207 -0

package/dist/core/llm-tracer.js ADDED Viewed

@@ -0,0 +1,241 @@
+import Langfuse from 'langfuse';
+import { trace } from '@opentelemetry/api';
+// src/core/llm-tracer.ts
+var PiiBlockedError = class extends Error {
+  constructor(types) {
+    super(`PII detected in prompt \u2014 blocked: ${types.join(", ")}`);
+    this.types = types;
+    this.name = "PiiBlockedError";
+  }
+};
+var PATTERNS = {
+  // API keys before email to avoid partial overlap on sk- prefixes
+  "api-key": /\b(sk-ant-[A-Za-z0-9-_]{20,}|sk-[A-Za-z0-9]{32,}|(?:ghp|gho|ghu|ghs|ghr)_[A-Za-z0-9]{36}|AKIA[0-9A-Z]{16})\b/g,
+  "email": /\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,}\b/g,
+  "phone": /\b(?:\+?1[\s.-]?)?\(?[0-9]{3}\)?[\s.-][0-9]{3}[\s.-][0-9]{4}\b/g,
+  "ssn": /\b(?!000|666|9\d{2})\d{3}-(?!00)\d{2}-(?!0000)\d{4}\b/g,
+  "credit-card": /\b(?:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14}|3[47][0-9]{13}|6(?:011|5[0-9]{2})[0-9]{12})\b/g,
+  "ip-address": /\b(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b/g
+};
+var PiiDetector = class {
+  mode;
+  disabled;
+  bus;
+  constructor(config = {}) {
+    this.mode = config.mode ?? "redact";
+    this.disabled = new Set(config.disabledTypes ?? []);
+    this.bus = config.bus;
+  }
+  /**
+   * Scan text for PII without side effects.
+   * Safe to call in any context — no bus events, no span mutations.
+   */
+  scan(text) {
+    const matches = [];
+    for (const [type, pattern] of Object.entries(PATTERNS)) {
+      if (this.disabled.has(type)) continue;
+      pattern.lastIndex = 0;
+      let m;
+      while ((m = pattern.exec(text)) !== null) {
+        matches.push({ type, start: m.index, end: m.index + m[0].length });
+      }
+    }
+    matches.sort((a, b) => a.start - b.start || b.end - a.end);
+    const deduped = [];
+    let cursor = 0;
+    for (const match of matches) {
+      if (match.start >= cursor) {
+        deduped.push(match);
+        cursor = match.end;
+      }
+    }
+    const types = [...new Set(deduped.map((m) => m.type))];
+    const clean = deduped.length === 0;
+    let redacted = "";
+    let pos = 0;
+    for (const match of deduped) {
+      redacted += text.slice(pos, match.start);
+      redacted += `[REDACTED:${match.type.toUpperCase()}]`;
+      pos = match.end;
+    }
+    redacted += text.slice(pos);
+    return { clean, matches: deduped, types, redacted };
+  }
+  /**
+   * Process text before LLM routing.
+   *
+   * - Publishes 'governance:pii-detected' on the bus when PII is found.
+   * - Sets pii.detected and pii.types on the active OTel span.
+   * - redact mode: returns redacted text.
+   * - block mode: throws PiiBlockedError if PII found.
+   *
+   * @param text    Text to scan (typically task.description).
+   * @param taskId  Used for bus event correlation.
+   * @returns       Safe text (redacted or original when clean).
+   */
+  processText(text, taskId) {
+    const result = this.scan(text);
+    if (!result.clean) {
+      const span = trace.getActiveSpan();
+      if (span) {
+        span.setAttribute("pii.detected", true);
+        span.setAttribute("pii.types", result.types.join(","));
+        span.setAttribute("pii.count", result.matches.length);
+      }
+      this.bus?.broadcast("system", "governance:pii-detected", {
+        taskId,
+        types: result.types,
+        count: result.matches.length,
+        blocked: this.mode === "block",
+        mode: this.mode
+      }, "high");
+      if (this.mode === "block") {
+        throw new PiiBlockedError(result.types);
+      }
+    }
+    return result.redacted;
+  }
+};
+// src/core/llm-tracer.ts
+var LlmTracer = class {
+  langfuse;
+  piiScanner;
+  curator;
+  constructor(config = {}) {
+    this.langfuse = new Langfuse({
+      publicKey: config.publicKey ?? process.env["LANGFUSE_PUBLIC_KEY"] ?? "baseline-public-key",
+      secretKey: config.secretKey ?? process.env["LANGFUSE_SECRET_KEY"] ?? "baseline-secret-key",
+      baseUrl: config.baseUrl ?? process.env["LANGFUSE_BASE_URL"] ?? "http://localhost:3001",
+      flushAt: config.flushAt ?? 15,
+      flushInterval: config.flushInterval ?? 3e4
+    });
+    this.piiScanner = config.enablePiiMasking ?? true ? new PiiDetector({ mode: "redact" }) : null;
+    this.curator = config.curator ?? null;
+  }
+  /** Redact PII from a string if masking is enabled. No-op when scanner is null. */
+  maskPii(text) {
+    return this.piiScanner ? this.piiScanner.scan(text).redacted : text;
+  }
+  /**
+   * Log a single LLM generation to Langfuse.
+   *
+   * Multiple calls with the same `traceId` accumulate under one trace,
+   * so all generations for a task are grouped together automatically.
+   *
+   * @param traceId   task.id — the top-level trace identifier
+   * @param traceName task.title — human-readable trace label in the UI
+   * @param options   generation details
+   */
+  logGeneration(traceId, traceName, options) {
+    try {
+      const trace2 = this.langfuse.trace({
+        id: traceId,
+        name: traceName.slice(0, 200)
+      });
+      const maskedSystemPrompt = options.systemPrompt ? this.maskPii(options.systemPrompt) : void 0;
+      const maskedMessages = options.inputMessages.map((m) => ({
+        role: m.role,
+        content: typeof m.content === "string" ? this.maskPii(m.content) : m.content
+      }));
+      const maskedOutput = this.maskPii(options.output);
+      const input = maskedSystemPrompt ? [{ role: "system", content: maskedSystemPrompt }, ...maskedMessages] : maskedMessages;
+      trace2.generation({
+        name: options.name,
+        model: options.model,
+        input,
+        output: maskedOutput,
+        usage: {
+          input: options.inputTokens,
+          output: options.outputTokens,
+          total: options.inputTokens + options.outputTokens,
+          unit: "TOKENS"
+        },
+        startTime: options.startTime,
+        endTime: options.endTime,
+        metadata: options.metadata
+      });
+      if (this.curator) {
+        const firstUserMsg = options.inputMessages.find((m) => m.role === "user");
+        const inputText = typeof firstUserMsg?.content === "string" ? firstUserMsg.content : "";
+        const confidence = typeof options.metadata?.["confidence"] === "number" ? options.metadata["confidence"] : 0.8;
+        this.curator.ingest({
+          traceId,
+          title: traceName.slice(0, 200),
+          input: inputText,
+          output: options.output,
+          confidence,
+          benign: options.metadata?.["benign"] !== false,
+          tokens: options.inputTokens + options.outputTokens,
+          timestamp: options.endTime.toISOString(),
+          verified: typeof options.metadata?.["verified"] === "boolean" ? options.metadata["verified"] : void 0
+        });
+      }
+    } catch {
+    }
+  }
+  /** Flush pending spans. Call on graceful shutdown. */
+  async flush() {
+    try {
+      await this.langfuse.flushAsync();
+    } catch {
+    }
+  }
+  /** Shutdown Langfuse client (flushes pending spans). */
+  shutdown() {
+    this.flush().catch(() => {
+    });
+  }
+};
+/**
+ * PII Detector — SIGNAL-015
+ *
+ * Scans prompt text for personally identifiable information before it
+ * reaches the LLM router. Supports two enforcement modes:
+ *
+ *   redact — replaces detected values with [REDACTED:TYPE] (default)
+ *   block  — throws PiiBlockedError, halting task execution
+ *
+ * Detected types:
+ *   email        — RFC 5321 address pattern
+ *   phone        — US/international format (10-digit minimum)
+ *   ssn          — US Social Security Number (NNN-NN-NNNN)
+ *   credit-card  — Visa, Mastercard, Amex, Discover
+ *   api-key      — OpenAI sk-, Anthropic sk-ant-, GitHub ghp_, AWS AKIA
+ *   ip-address   — IPv4 addresses
+ *
+ * Integration:
+ *   Called by Orchestrator._performExecution() before engine.execute().
+ *   Publishes 'governance:pii-detected' on the AgentBus when PII is found.
+ *   Sets pii.detected and pii.types on the active OTel span.
+ *
+ * @license Apache-2.0
+ */
+/**
+ * LLM Tracer — SIGNAL-014
+ *
+ * Logs every LLM call made by AnthropicEngine to Langfuse for prompt-level
+ * observability. Captures model, token usage, latency, input/output, and
+ * task metadata. Traces are keyed by task.id, so a multi-step task (execute
+ * → self-verify → review) produces one Langfuse trace with multiple
+ * generation spans.
+ *
+ * Self-hosted Langfuse:
+ *   docker compose -f docker/docker-compose.monitoring.yml up -d
+ *   → http://localhost:3001  (admin@baselineos.dev / baseline)
+ *
+ * Configuration (env or constructor):
+ *   LANGFUSE_PUBLIC_KEY   — project public key (default: baseline-public-key)
+ *   LANGFUSE_SECRET_KEY   — project secret key (default: baseline-secret-key)
+ *   LANGFUSE_BASE_URL     — Langfuse server URL (default: http://localhost:3001)
+ *
+ * The tracer is fail-safe: any Langfuse error is swallowed silently so it
+ * can never interrupt task execution.
+ *
+ * @license Apache-2.0
+ */
+export { LlmTracer };
+//# sourceMappingURL=llm-tracer.js.map
+//# sourceMappingURL=llm-tracer.js.map

package/dist/core/llm-tracer.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../../src/core/pii-detector.ts","../../src/core/llm-tracer.ts"],"names":["trace"],"mappings":";;;;AAoEO,IAAM,eAAA,GAAN,cAA8B,KAAA,CAAM;AAAA,EACzC,YAA4B,KAAA,EAAkB;AAC5C,IAAA,KAAA,CAAM,CAAA,uCAAA,EAAqC,KAAA,CAAM,IAAA,CAAK,IAAI,CAAC,CAAA,CAAE,CAAA;AADnC,IAAA,IAAA,CAAA,KAAA,GAAA,KAAA;AAE1B,IAAA,IAAA,CAAK,IAAA,GAAO,iBAAA;AAAA,EACd;AACF,CAAA;AAIA,IAAM,QAAA,GAAoC;AAAA;AAAA,EAExC,SAAA,EAAW,+GAAA;AAAA,EACX,OAAA,EAAS,qDAAA;AAAA,EACT,OAAA,EAAS,iEAAA;AAAA,EACT,KAAA,EAAO,wDAAA;AAAA,EACP,aAAA,EAAe,6FAAA;AAAA,EACf,YAAA,EAAc;AAChB,CAAA;AAIO,IAAM,cAAN,MAAkB;AAAA,EACd,IAAA;AAAA,EACQ,QAAA;AAAA,EACA,GAAA;AAAA,EAEjB,WAAA,CAAY,MAAA,GAA4B,EAAC,EAAG;AAC1C,IAAA,IAAA,CAAK,IAAA,GAAO,OAAO,IAAA,IAAQ,QAAA;AAC3B,IAAA,IAAA,CAAK,WAAW,IAAI,GAAA,CAAI,MAAA,CAAO,aAAA,IAAiB,EAAE,CAAA;AAClD,IAAA,IAAA,CAAK,MAAM,MAAA,CAAO,GAAA;AAAA,EACpB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,KAAK,IAAA,EAA6B;AAChC,IAAA,MAAM,UAAsB,EAAC;AAE7B,IAAA,KAAA,MAAW,CAAC,IAAA,EAAM,OAAO,KAAK,MAAA,CAAO,OAAA,CAAQ,QAAQ,CAAA,EAA+B;AAClF,MAAA,IAAI,IAAA,CAAK,QAAA,CAAS,GAAA,CAAI,IAAI,CAAA,EAAG;AAG7B,MAAA,OAAA,CAAQ,SAAA,GAAY,CAAA;AACpB,MAAA,IAAI,CAAA;AACJ,MAAA,OAAA,CAAQ,CAAA,GAAI,OAAA,CAAQ,IAAA,CAAK,IAAI,OAAO,IAAA,EAAM;AACxC,QAAA,OAAA,CAAQ,IAAA,CAAK,EAAE,IAAA,EAAM,KAAA,EAAO,CAAA,CAAE,KAAA,EAAO,GAAA,EAAK,CAAA,CAAE,KAAA,GAAQ,CAAA,CAAE,CAAC,CAAA,CAAE,QAAQ,CAAA;AAAA,MACnE;AAAA,IACF;AAGA,IAAA,OAAA,CAAQ,IAAA,CAAK,CAAC,CAAA,EAAG,CAAA,KAAM,CAAA,CAAE,KAAA,GAAQ,CAAA,CAAE,KAAA,IAAS,CAAA,CAAE,GAAA,GAAM,CAAA,CAAE,GAAG,CAAA;AACzD,IAAA,MAAM,UAAsB,EAAC;AAC7B,IAAA,IAAI,MAAA,GAAS,CAAA;AACb,IAAA,KAAA,MAAW,SAAS,OAAA,EAAS;AAC3B,MAAA,IAAI,KAAA,CAAM,SAAS,MAAA,EAAQ;AACzB,QAAA,OAAA,CAAQ,KAAK,KAAK,CAAA;AAClB,QAAA,MAAA,GAAS,KAAA,CAAM,GAAA;AAAA,MACjB;AAAA,IACF;AAEA,IAAA,MAAM,KAAA,GAAQ,CAAC,GAAG,IAAI,GAAA,CAAI,OAAA,CAAQ,GAAA,CAAI,CAAC,CAAA,KAAM,CAAA,CAAE,IAAI,CAAC,CAAC,CAAA;AACrD,IAAA,MAAM,KAAA,GAAQ,QAAQ,MAAA,KAAW,CAAA;AAGjC,IAAA,IAAI,QAAA,GAAW,EAAA;AACf,IAAA,IAAI,GAAA,GAAM,CAAA;AACV,IAAA,KAAA,MAAW,SAAS,OAAA,EAAS;AAC3B,MAAA,QAAA,IAAY,IAAA,CAAK,KAAA,CAAM,GAAA,EAAK,KAAA,CAAM,KAAK,CAAA;AACvC,MAAA,QAAA,IAAY,CAAA,UAAA,EAAa,KAAA,CAAM,IAAA,CAAK,WAAA,EAAa,CAAA,CAAA,CAAA;AACjD,MAAA,GAAA,GAAM,KAAA,CAAM,GAAA;AAAA,IACd;AACA,IAAA,QAAA,IAAY,IAAA,CAAK,MAAM,GAAG,CAAA;AAE1B,IAAA,OAAO,EAAE,KAAA,EAAO,OAAA,EAAS,OAAA,EAAS,OAAO,QAAA,EAAS;AAAA,EACpD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAcA,WAAA,CAAY,MAAc,MAAA,EAAyB;AACjD,IAAA,MAAM,MAAA,GAAS,IAAA,CAAK,IAAA,CAAK,IAAI,CAAA;AAE7B,IAAA,IAAI,CAAC,OAAO,KAAA,EAAO;AAEjB,MAAA,MAAM,IAAA,GAAO,MAAM,aAAA,EAAc;AACjC,MAAA,IAAI,IAAA,EAAM;AACR,QAAA,IAAA,CAAK,YAAA,CAAa,gBAAgB,IAAI,CAAA;AACtC,QAAA,IAAA,CAAK,aAAa,WAAA,EAAa,MAAA,CAAO,KAAA,CAAM,IAAA,CAAK,GAAG,CAAC,CAAA;AACrD,QAAA,IAAA,CAAK,YAAA,CAAa,WAAA,EAAa,MAAA,CAAO,OAAA,CAAQ,MAAM,CAAA;AAAA,MACtD;AAGA,MAAA,IAAA,CAAK,GAAA,EAAK,SAAA,CAAU,QAAA,EAAU,yBAAA,EAA2B;AAAA,QACvD,MAAA;AAAA,QACA,OAAO,MAAA,CAAO,KAAA;AAAA,QACd,KAAA,EAAO,OAAO,OAAA,CAAQ,MAAA;AAAA,QACtB,OAAA,EAAS,KAAK,IAAA,KAAS,OAAA;AAAA,QACvB,MAAM,IAAA,CAAK;AAAA,SACV,MAAM,CAAA;AAET,MAAA,IAAI,IAAA,CAAK,SAAS,OAAA,EAAS;AACzB,QAAA,MAAM,IAAI,eAAA,CAAgB,MAAA,CAAO,KAAK,CAAA;AAAA,MACxC;AAAA,IACF;AAEA,IAAA,OAAO,MAAA,CAAO,QAAA;AAAA,EAChB;AACF,CAAA;;;AC9GO,IAAM,YAAN,MAAgB;AAAA,EACJ,QAAA;AAAA,EACA,UAAA;AAAA,EACA,OAAA;AAAA,EAEjB,WAAA,CAAY,MAAA,GAA0B,EAAC,EAAG;AACxC,IAAA,IAAA,CAAK,QAAA,GAAW,IAAI,QAAA,CAAS;AAAA,MAC3B,WAAc,MAAA,CAAO,SAAA,IAAiB,OAAA,CAAQ,GAAA,CAAI,qBAAqB,CAAA,IAAM,qBAAA;AAAA,MAC7E,WAAc,MAAA,CAAO,SAAA,IAAiB,OAAA,CAAQ,GAAA,CAAI,qBAAqB,CAAA,IAAM,qBAAA;AAAA,MAC7E,SAAc,MAAA,CAAO,OAAA,IAAiB,OAAA,CAAQ,GAAA,CAAI,mBAAmB,CAAA,IAAQ,uBAAA;AAAA,MAC7E,OAAA,EAAc,OAAO,OAAA,IAAiB,EAAA;AAAA,MACtC,aAAA,EAAe,OAAO,aAAA,IAAiB;AAAA,KACxC,CAAA;AAED,IAAA,IAAA,CAAK,UAAA,GAAc,MAAA,CAAO,gBAAA,IAAoB,IAAA,GAC1C,IAAI,YAAY,EAAE,IAAA,EAAM,QAAA,EAAU,CAAA,GAClC,IAAA;AACJ,IAAA,IAAA,CAAK,OAAA,GAAU,OAAO,OAAA,IAAW,IAAA;AAAA,EACnC;AAAA;AAAA,EAGQ,QAAQ,IAAA,EAAsB;AACpC,IAAA,OAAO,KAAK,UAAA,GAAa,IAAA,CAAK,WAAW,IAAA,CAAK,IAAI,EAAE,QAAA,GAAW,IAAA;AAAA,EACjE;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAYA,aAAA,CACE,OAAA,EACA,SAAA,EACA,OAAA,EACM;AACN,IAAA,IAAI;AACF,MAAA,MAAMA,MAAAA,GAAQ,IAAA,CAAK,QAAA,CAAS,KAAA,CAAM;AAAA,QAChC,EAAA,EAAM,OAAA;AAAA,QACN,IAAA,EAAM,SAAA,CAAU,KAAA,CAAM,CAAA,EAAG,GAAG;AAAA,OAC7B,CAAA;AAGD,MAAA,MAAM,qBAAqB,OAAA,CAAQ,YAAA,GAC/B,KAAK,OAAA,CAAQ,OAAA,CAAQ,YAAY,CAAA,GACjC,KAAA,CAAA;AACJ,MAAA,MAAM,cAAA,GAAiB,OAAA,CAAQ,aAAA,CAAc,GAAA,CAAI,CAAC,CAAA,MAAO;AAAA,QACvD,MAAM,CAAA,CAAE,IAAA;AAAA,QACR,OAAA,EAAS,OAAO,CAAA,CAAE,OAAA,KAAY,QAAA,GAAW,KAAK,OAAA,CAAQ,CAAA,CAAE,OAAO,CAAA,GAAI,CAAA,CAAE;AAAA,OACvE,CAAE,CAAA;AACF,MAAA,MAAM,YAAA,GAAe,IAAA,CAAK,OAAA,CAAQ,OAAA,CAAQ,MAAM,CAAA;AAEhD,MAAA,MAAM,KAAA,GAAQ,kBAAA,GACV,CAAC,EAAE,IAAA,EAAM,QAAA,EAAU,OAAA,EAAS,kBAAA,EAAmB,EAAG,GAAG,cAAc,CAAA,GACnE,cAAA;AAEJ,MAAAA,OAAM,UAAA,CAAW;AAAA,QACf,MAAW,OAAA,CAAQ,IAAA;AAAA,QACnB,OAAW,OAAA,CAAQ,KAAA;AAAA,QACnB,KAAA;AAAA,QACA,MAAA,EAAW,YAAA;AAAA,QACX,KAAA,EAAO;AAAA,UACL,OAAQ,OAAA,CAAQ,WAAA;AAAA,UAChB,QAAQ,OAAA,CAAQ,YAAA;AAAA,UAChB,KAAA,EAAQ,OAAA,CAAQ,WAAA,GAAc,OAAA,CAAQ,YAAA;AAAA,UACtC,IAAA,EAAQ;AAAA,SACV;AAAA,QACA,WAAW,OAAA,CAAQ,SAAA;AAAA,QACnB,SAAW,OAAA,CAAQ,OAAA;AAAA,QACnB,UAAW,OAAA,CAAQ;AAAA,OACpB,CAAA;AAGD,MAAA,IAAI,KAAK,OAAA,EAAS;AAChB,QAAA,MAAM,YAAA,GAAe,QAAQ,aAAA,CAAc,IAAA,CAAK,CAAC,CAAA,KAAM,CAAA,CAAE,SAAS,MAAM,CAAA;AACxE,QAAA,MAAM,YAAY,OAAO,YAAA,EAAc,OAAA,KAAY,QAAA,GAAW,aAAa,OAAA,GAAU,EAAA;AACrF,QAAA,MAAM,UAAA,GAAa,OAAO,OAAA,CAAQ,QAAA,GAAW,YAAY,MAAM,QAAA,GAC1D,OAAA,CAAQ,QAAA,CAAS,YAAY,CAAA,GAC9B,GAAA;AACJ,QAAA,IAAA,CAAK,QAAQ,MAAA,CAAO;AAAA,UAClB,OAAA;AAAA,UACA,KAAA,EAAO,SAAA,CAAU,KAAA,CAAM,CAAA,EAAG,GAAG,CAAA;AAAA,UAC7B,KAAA,EAAO,SAAA;AAAA,UACP,QAAQ,OAAA,CAAQ,MAAA;AAAA,UAChB,UAAA;AAAA,UACA,MAAA,EAAQ,OAAA,CAAQ,QAAA,GAAW,QAAQ,CAAA,KAAM,KAAA;AAAA,UACzC,MAAA,EAAQ,OAAA,CAAQ,WAAA,GAAc,OAAA,CAAQ,YAAA;AAAA,UACtC,SAAA,EAAW,OAAA,CAAQ,OAAA,CAAQ,WAAA,EAAY;AAAA,UACvC,QAAA,EAAU,OAAO,OAAA,CAAQ,QAAA,GAAW,UAAU,MAAM,SAAA,GAC/C,OAAA,CAAQ,QAAA,CAAS,UAAU,CAAA,GAC5B,KAAA;AAAA,SACL,CAAA;AAAA,MACH;AAAA,IACF,CAAA,CAAA,MAAQ;AAAA,IAER;AAAA,EACF;AAAA;AAAA,EAGA,MAAM,KAAA,GAAuB;AAC3B,IAAA,IAAI;AACF,MAAA,MAAM,IAAA,CAAK,SAAS,UAAA,EAAW;AAAA,IACjC,CAAA,CAAA,MAAQ;AAAA,IAER;AAAA,EACF;AAAA;AAAA,EAGA,QAAA,GAAiB;AACf,IAAA,IAAA,CAAK,KAAA,EAAM,CAAE,KAAA,CAAM,MAAM;AAAA,IAAC,CAAC,CAAA;AAAA,EAC7B;AACF","file":"llm-tracer.js","sourcesContent":["/**\n * PII Detector — SIGNAL-015\n *\n * Scans prompt text for personally identifiable information before it\n * reaches the LLM router. Supports two enforcement modes:\n *\n * redact — replaces detected values with [REDACTED:TYPE] (default)\n * block — throws PiiBlockedError, halting task execution\n *\n * Detected types:\n * email — RFC 5321 address pattern\n * phone — US/international format (10-digit minimum)\n * ssn — US Social Security Number (NNN-NN-NNNN)\n * credit-card — Visa, Mastercard, Amex, Discover\n * api-key — OpenAI sk-, Anthropic sk-ant-, GitHub ghp_, AWS AKIA\n * ip-address — IPv4 addresses\n *\n * Integration:\n * Called by Orchestrator._performExecution() before engine.execute().\n * Publishes 'governance:pii-detected' on the AgentBus when PII is found.\n * Sets pii.detected and pii.types on the active OTel span.\n *\n * @license Apache-2.0\n */\n\nimport { trace } from '@opentelemetry/api';\nimport type { AgentBus } from './agent-bus.js';\n\n// ─── Types ────────────────────────────────────────────────────────────────────\n\nexport type PiiType =\n | 'email'\n | 'phone'\n | 'ssn'\n | 'credit-card'\n | 'api-key'\n | 'ip-address';\n\nexport type PiiMode = 'redact' | 'block';\n\nexport interface PiiMatch {\n type: PiiType;\n start: number;\n end: number;\n}\n\nexport interface PiiScanResult {\n /** true when no PII was detected */\n clean: boolean;\n /** all matches found, sorted by start position */\n matches: PiiMatch[];\n /** unique PII types present */\n types: PiiType[];\n /** input text with all PII replaced by [REDACTED:TYPE]; equals input when clean=true */\n redacted: string;\n}\n\nexport interface PiiDetectorConfig {\n /** Enforcement mode. Default: 'redact' */\n mode?: PiiMode;\n /** PII types to skip. Useful for staged rollouts. */\n disabledTypes?: PiiType[];\n /** AgentBus for publishing governance:pii-detected events. */\n bus?: AgentBus;\n}\n\n// ─── Error ────────────────────────────────────────────────────────────────────\n\nexport class PiiBlockedError extends Error {\n constructor(public readonly types: PiiType[]) {\n super(`PII detected in prompt — blocked: ${types.join(', ')}`);\n this.name = 'PiiBlockedError';\n }\n}\n\n// ─── Patterns ────────────────────────────────────────────────────────────────\n\nconst PATTERNS: Record<PiiType, RegExp> = {\n // API keys before email to avoid partial overlap on sk- prefixes\n 'api-key': /\\b(sk-ant-[A-Za-z0-9-_]{20,}|sk-[A-Za-z0-9]{32,}|(?:ghp|gho|ghu|ghs|ghr)_[A-Za-z0-9]{36}|AKIA[0-9A-Z]{16})\\b/g,\n 'email': /\\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\\.[A-Za-z]{2,}\\b/g,\n 'phone': /\\b(?:\\+?1[\\s.-]?)?\$?[0-9]{3}\$?[\\s.-][0-9]{3}[\\s.-][0-9]{4}\\b/g,\n 'ssn': /\\b(?!000|666|9\\d{2})\\d{3}-(?!00)\\d{2}-(?!0000)\\d{4}\\b/g,\n 'credit-card': /\\b(?:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14}|3[47][0-9]{13}|6(?:011|5[0-9]{2})[0-9]{12})\\b/g,\n 'ip-address': /\\b(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\b/g,\n};\n\n// ─── PiiDetector ─────────────────────────────────────────────────────────────\n\nexport class PiiDetector {\n readonly mode: PiiMode;\n private readonly disabled: Set<PiiType>;\n private readonly bus?: AgentBus;\n\n constructor(config: PiiDetectorConfig = {}) {\n this.mode = config.mode ?? 'redact';\n this.disabled = new Set(config.disabledTypes ?? []);\n this.bus = config.bus;\n }\n\n /**\n * Scan text for PII without side effects.\n * Safe to call in any context — no bus events, no span mutations.\n */\n scan(text: string): PiiScanResult {\n const matches: PiiMatch[] = [];\n\n for (const [type, pattern] of Object.entries(PATTERNS) as Array<[PiiType, RegExp]>) {\n if (this.disabled.has(type)) continue;\n\n // Reset lastIndex — patterns are defined with /g flag\n pattern.lastIndex = 0;\n let m: RegExpExecArray | null;\n while ((m = pattern.exec(text)) !== null) {\n matches.push({ type, start: m.index, end: m.index + m[0].length });\n }\n }\n\n // Sort by start position, resolve overlaps (keep longest match)\n matches.sort((a, b) => a.start - b.start || b.end - a.end);\n const deduped: PiiMatch[] = [];\n let cursor = 0;\n for (const match of matches) {\n if (match.start >= cursor) {\n deduped.push(match);\n cursor = match.end;\n }\n }\n\n const types = [...new Set(deduped.map((m) => m.type))];\n const clean = deduped.length === 0;\n\n // Build redacted string\n let redacted = '';\n let pos = 0;\n for (const match of deduped) {\n redacted += text.slice(pos, match.start);\n redacted += `[REDACTED:${match.type.toUpperCase()}]`;\n pos = match.end;\n }\n redacted += text.slice(pos);\n\n return { clean, matches: deduped, types, redacted };\n }\n\n /**\n * Process text before LLM routing.\n *\n * - Publishes 'governance:pii-detected' on the bus when PII is found.\n * - Sets pii.detected and pii.types on the active OTel span.\n * - redact mode: returns redacted text.\n * - block mode: throws PiiBlockedError if PII found.\n *\n * @param text Text to scan (typically task.description).\n * @param taskId Used for bus event correlation.\n * @returns Safe text (redacted or original when clean).\n */\n processText(text: string, taskId?: string): string {\n const result = this.scan(text);\n\n if (!result.clean) {\n // Set OTel span attributes on the active span (task.perform)\n const span = trace.getActiveSpan();\n if (span) {\n span.setAttribute('pii.detected', true);\n span.setAttribute('pii.types', result.types.join(','));\n span.setAttribute('pii.count', result.matches.length);\n }\n\n // Publish governance event\n this.bus?.broadcast('system', 'governance:pii-detected', {\n taskId,\n types: result.types,\n count: result.matches.length,\n blocked: this.mode === 'block',\n mode: this.mode,\n }, 'high');\n\n if (this.mode === 'block') {\n throw new PiiBlockedError(result.types);\n }\n }\n\n return result.redacted;\n }\n}\n","/**\n * LLM Tracer — SIGNAL-014\n *\n * Logs every LLM call made by AnthropicEngine to Langfuse for prompt-level\n * observability. Captures model, token usage, latency, input/output, and\n * task metadata. Traces are keyed by task.id, so a multi-step task (execute\n * → self-verify → review) produces one Langfuse trace with multiple\n * generation spans.\n *\n * Self-hosted Langfuse:\n * docker compose -f docker/docker-compose.monitoring.yml up -d\n * → http://localhost:3001 (admin@baselineos.dev / baseline)\n *\n * Configuration (env or constructor):\n * LANGFUSE_PUBLIC_KEY — project public key (default: baseline-public-key)\n * LANGFUSE_SECRET_KEY — project secret key (default: baseline-secret-key)\n * LANGFUSE_BASE_URL — Langfuse server URL (default: http://localhost:3001)\n *\n * The tracer is fail-safe: any Langfuse error is swallowed silently so it\n * can never interrupt task execution.\n *\n * @license Apache-2.0\n */\n\nimport Langfuse from 'langfuse';\nimport { PiiDetector } from './pii-detector.js';\nimport type { TraceCurator } from './trace-curator.js';\n\n// ─── Types ────────────────────────────────────────────────────────────────────\n\nexport interface LlmTracerConfig {\n /** Langfuse project public key. Default: LANGFUSE_PUBLIC_KEY env or 'baseline-public-key' */\n publicKey?: string;\n /** Langfuse project secret key. Default: LANGFUSE_SECRET_KEY env or 'baseline-secret-key' */\n secretKey?: string;\n /** Langfuse server base URL. Default: LANGFUSE_BASE_URL env or http://localhost:3001 */\n baseUrl?: string;\n /** Flush batch size (default: 15) */\n flushAt?: number;\n /** Flush interval in ms (default: 30_000) */\n flushInterval?: number;\n /**\n * Scan and redact PII from system prompts, input messages, and output\n * before sending to Langfuse. Default: true (SIGNAL-037).\n */\n enablePiiMasking?: boolean;\n /**\n * TraceCurator to ingest sampled traces into the ground-truth dataset.\n * When provided, each logGeneration() call feeds a TraceRecord into the\n * curator buffer for downstream curation and eval dataset expansion (SIGNAL-049).\n */\n curator?: TraceCurator;\n}\n\nexport interface LlmGenerationOptions {\n /** Span name within the trace, e.g. 'execute', 'self-verify', 'review', 'agent-loop:3' */\n name: string;\n /** Model identifier, e.g. 'claude-sonnet-4-6' */\n model: string;\n /** System prompt sent to the model */\n systemPrompt?: string;\n /** User + assistant turns passed to the model */\n inputMessages: Array<{ role: string; content: unknown }>;\n /** Raw text output from the model */\n output: string;\n inputTokens: number;\n outputTokens: number;\n startTime: Date;\n endTime: Date;\n /** Arbitrary metadata attached to the generation (taskId, agentId, etc.) */\n metadata?: Record<string, unknown>;\n}\n\n// ─── LlmTracer ────────────────────────────────────────────────────────────────\n\nexport class LlmTracer {\n private readonly langfuse: Langfuse;\n private readonly piiScanner: PiiDetector | null;\n private readonly curator: TraceCurator | null;\n\n constructor(config: LlmTracerConfig = {}) {\n this.langfuse = new Langfuse({\n publicKey: config.publicKey ?? process.env['LANGFUSE_PUBLIC_KEY'] ?? 'baseline-public-key',\n secretKey: config.secretKey ?? process.env['LANGFUSE_SECRET_KEY'] ?? 'baseline-secret-key',\n baseUrl: config.baseUrl ?? process.env['LANGFUSE_BASE_URL'] ?? 'http://localhost:3001',\n flushAt: config.flushAt ?? 15,\n flushInterval: config.flushInterval ?? 30_000,\n });\n // PII masking enabled by default (SIGNAL-037)\n this.piiScanner = (config.enablePiiMasking ?? true)\n ? new PiiDetector({ mode: 'redact' })\n : null;\n this.curator = config.curator ?? null;\n }\n\n /** Redact PII from a string if masking is enabled. No-op when scanner is null. */\n private maskPii(text: string): string {\n return this.piiScanner ? this.piiScanner.scan(text).redacted : text;\n }\n\n /**\n * Log a single LLM generation to Langfuse.\n *\n * Multiple calls with the same `traceId` accumulate under one trace,\n * so all generations for a task are grouped together automatically.\n *\n * @param traceId task.id — the top-level trace identifier\n * @param traceName task.title — human-readable trace label in the UI\n * @param options generation details\n */\n logGeneration(\n traceId: string,\n traceName: string,\n options: LlmGenerationOptions,\n ): void {\n try {\n const trace = this.langfuse.trace({\n id: traceId,\n name: traceName.slice(0, 200),\n });\n\n // Redact PII before sending to Langfuse (SIGNAL-037)\n const maskedSystemPrompt = options.systemPrompt\n ? this.maskPii(options.systemPrompt)\n : undefined;\n const maskedMessages = options.inputMessages.map((m) => ({\n role: m.role,\n content: typeof m.content === 'string' ? this.maskPii(m.content) : m.content,\n }));\n const maskedOutput = this.maskPii(options.output);\n\n const input = maskedSystemPrompt\n ? [{ role: 'system', content: maskedSystemPrompt }, ...maskedMessages]\n : maskedMessages;\n\n trace.generation({\n name: options.name,\n model: options.model,\n input,\n output: maskedOutput,\n usage: {\n input: options.inputTokens,\n output: options.outputTokens,\n total: options.inputTokens + options.outputTokens,\n unit: 'TOKENS',\n },\n startTime: options.startTime,\n endTime: options.endTime,\n metadata: options.metadata,\n });\n\n // Feed into TraceCurator for ground-truth dataset expansion (SIGNAL-049)\n if (this.curator) {\n const firstUserMsg = options.inputMessages.find((m) => m.role === 'user');\n const inputText = typeof firstUserMsg?.content === 'string' ? firstUserMsg.content : '';\n const confidence = typeof options.metadata?.['confidence'] === 'number'\n ? (options.metadata['confidence'] as number)\n : 0.8;\n this.curator.ingest({\n traceId,\n title: traceName.slice(0, 200),\n input: inputText,\n output: options.output,\n confidence,\n benign: options.metadata?.['benign'] !== false,\n tokens: options.inputTokens + options.outputTokens,\n timestamp: options.endTime.toISOString(),\n verified: typeof options.metadata?.['verified'] === 'boolean'\n ? (options.metadata['verified'] as boolean)\n : undefined,\n });\n }\n } catch {\n // Silently ignore — tracer must never interrupt task execution\n }\n }\n\n /** Flush pending spans. Call on graceful shutdown. */\n async flush(): Promise<void> {\n try {\n await this.langfuse.flushAsync();\n } catch {\n // Silently ignore\n }\n }\n\n /** Shutdown Langfuse client (flushes pending spans). */\n shutdown(): void {\n this.flush().catch(() => {});\n }\n}\n"]}

package/dist/core/memory.d.ts ADDED Viewed

@@ -0,0 +1,86 @@
+/**
+ * BaselineOS Memory System
+ *
+ * Multi-scope persistent memory for AI agents.
+ *
+ * Scopes:
+ * - Working: Per-request, cleared after each call (fastest)
+ * - Session: Per-conversation, cleared on disconnect
+ * - Long-term: Persists across sessions (SQLite)
+ * - Shared: Visible across all agents and sessions
+ *
+ * @license Apache-2.0
+ */
+type MemoryScope = 'working' | 'session' | 'long-term' | 'shared';
+interface MemoryConfig {
+    persistPath: string;
+}
+interface StoreOptions {
+    scope?: MemoryScope;
+    sessionId?: string;
+    ttl?: number;
+    tags?: string[];
+    taskId?: string;
+    repo?: string;
+    persona?: string;
+}
+interface RetrieveOptions {
+    scope?: MemoryScope | 'all';
+    sessionId?: string;
+    taskId?: string;
+    repo?: string;
+    persona?: string;
+}
+interface MemoryEntry {
+    key: string;
+    value: unknown;
+    scope: MemoryScope;
+    sessionId?: string;
+    taskId?: string;
+    repo?: string;
+    persona?: string;
+    tags: string[];
+    createdAt: number;
+    updatedAt: number;
+    expiresAt?: number;
+    accessCount: number;
+}
+declare class MemorySystem {
+    private config;
+    private workingMemory;
+    private sessionMemory;
+    private longTermMemory;
+    private sharedMemory;
+    private db;
+    private initialized;
+    constructor(config?: Partial<MemoryConfig>);
+    initialize(): Promise<void>;
+    store(key: string, value: unknown, options?: StoreOptions): Promise<void>;
+    retrieve(key: string, options?: RetrieveOptions): Promise<unknown>;
+    delete(key: string, options?: RetrieveOptions): Promise<boolean>;
+    search(query: {
+        tags?: string[];
+        prefix?: string;
+        scope?: MemoryScope;
+        sessionId?: string;
+        taskId?: string;
+        repo?: string;
+        persona?: string;
+    }): Promise<MemoryEntry[]>;
+    clearWorking(): void;
+    clearSession(sessionId?: string): void;
+    flush(): Promise<void>;
+    close(): void;
+    private persistEntry;
+    private getFromScope;
+    private buildStorageKey;
+    private matchesContext;
+    getStats(): {
+        working: number;
+        session: number;
+        longTerm: number;
+        shared: number;
+    };
+}
+export { type MemoryConfig, type MemoryEntry, type MemoryScope, MemorySystem, type RetrieveOptions, type StoreOptions };