closed-loop-cli 1.0.0

package/src/orchestrator/mutation-strategies.ts

@@ -0,0 +1,214 @@
+import { DGMArchive, ArchiveEntry } from './dgm-archive';
+
+/**
+ * DGM Mutation Strategies
+ *
+ * จาก DGM paper: open-ended evolution ต้องการ diversity ของ mutation types
+ * ไม่ใช่แค่ refactor อย่างเดียว — เพื่อสำรวจ search space ที่กว้างขึ้น
+ */
+export enum MutationStrategy {
+  /** เพิ่ม feature ใหม่เข้าไปในระบบ */
+  ADD_FEATURE = 'add_feature',
+  /** Refactor code เดิมให้อ่านง่ายขึ้น / ลด duplication */
+  REFACTOR = 'refactor',
+  /** Optimize performance หรือ token efficiency */
+  OPTIMIZE = 'optimize',
+  /** เพิ่ม unit tests เพื่อเพิ่ม coverage */
+  ADD_TESTS = 'add_tests',
+  /** แก้ bug ที่ตรวจพบจาก test failures */
+  FIX_BUG = 'fix_bug',
+  /** ปรับปรุง system prompt / agent prompt */
+  IMPROVE_PROMPT = 'improve_prompt',
+}
+
+/**
+ * ผลการเลือก mutation strategy
+ */
+export interface MutationSelection {
+  strategy: MutationStrategy;
+  rationale: string;
+  targetHint?: string;
+}
+
+/**
+ * เลือก mutation strategy ที่เหมาะสมจาก archive history + task context
+ *
+ * DGM approach: strategy selection ควร adaptive ตาม population history
+ * — ถ้า fitness ต่ำ → ลอง ADD_TESTS หรือ FIX_BUG ก่อน
+ * — ถ้า fitness สูงแล้ว → ลอง ADD_FEATURE หรือ OPTIMIZE
+ * — ถ้า task พูดถึง bug → เลือก FIX_BUG ก่อน
+ */
+export function selectMutationStrategy(
+  archive: DGMArchive,
+  task: string,
+  currentFitness: number = 0
+): MutationSelection {
+  const taskLower = task.toLowerCase();
+
+  // 1. Task-based override: ถ้า task บ่งชี้ strategy ชัดเจน
+  if (taskLower.includes('fix') || taskLower.includes('bug') || taskLower.includes('error')) {
+    return {
+      strategy: MutationStrategy.FIX_BUG,
+      rationale: 'Task description indicates a bug fix is needed'
+    };
+  }
+
+  if (taskLower.includes('test') || taskLower.includes('coverage')) {
+    return {
+      strategy: MutationStrategy.ADD_TESTS,
+      rationale: 'Task description requests test improvements'
+    };
+  }
+
+  if (taskLower.includes('prompt') || taskLower.includes('instruction')) {
+    return {
+      strategy: MutationStrategy.IMPROVE_PROMPT,
+      rationale: 'Task description targets prompt engineering'
+    };
+  }
+
+  if (taskLower.includes('refactor') || taskLower.includes('clean') || taskLower.includes('reformat')) {
+    return {
+      strategy: MutationStrategy.REFACTOR,
+      rationale: 'Task description requests code refactoring'
+    };
+  }
+
+  if (taskLower.includes('optim') || taskLower.includes('speed') || taskLower.includes('performance') || taskLower.includes('token')) {
+    return {
+      strategy: MutationStrategy.OPTIMIZE,
+      rationale: 'Task description requests optimization'
+    };
+  }
+
+  if (taskLower.includes('add') || taskLower.includes('implement') || taskLower.includes('create') || taskLower.includes('new feature')) {
+    return {
+      strategy: MutationStrategy.ADD_FEATURE,
+      rationale: 'Task description requests adding a new feature'
+    };
+  }
+
+  // 2. Fitness-based heuristic: ถ้า fitness ต่ำ → focus on fixing
+  if (currentFitness < 0.7) {
+    return {
+      strategy: MutationStrategy.FIX_BUG,
+      rationale: `Low fitness (${(currentFitness * 100).toFixed(1)}%) — prioritizing stability fixes`
+    };
+  }
+
+  // 3. Archive diversity: ตรวจสอบว่า strategy ไหนถูกใช้ไปน้อยสุดใน archive
+  const recentHistory = archive.getRecentHistory(8);
+  if (recentHistory.length > 0) {
+    const strategyCounts: Record<string, number> = {};
+    for (const s of Object.values(MutationStrategy)) {
+      strategyCounts[s] = 0;
+    }
+    for (const entry of recentHistory) {
+      if (entry.mutationStrategy && strategyCounts[entry.mutationStrategy] !== undefined) {
+        strategyCounts[entry.mutationStrategy]++;
+      }
+    }
+
+    // เลือก strategy ที่ถูกใช้น้อยสุด (diversity promotion)
+    const leastUsed = Object.entries(strategyCounts)
+      .sort((a, b) => a[1] - b[1])[0];
+
+    if (leastUsed && leastUsed[1] < 2) {
+      return {
+        strategy: leastUsed[0] as MutationStrategy,
+        rationale: `Diversity promotion: "${leastUsed[0]}" has been used least (${leastUsed[1]}x in recent history)`
+      };
+    }
+  }
+
+  // 4. Default: ADD_FEATURE (DGM paper prefers expansive mutations)
+  return {
+    strategy: MutationStrategy.ADD_FEATURE,
+    rationale: 'Default open-ended evolution strategy: expanding capabilities'
+  };
+}
+
+/**
+ * สร้าง task prompt เฉพาะ mutation strategy
+ * ให้ Agent ทราบว่ากำลังทำ mutation ประเภทใด
+ */
+export function generateMutationPrompt(
+  strategy: MutationStrategy,
+  originalTask: string,
+  context?: {
+    targetFile?: string;
+    parentEntry?: ArchiveEntry | null;
+    currentFitness?: number;
+  }
+): string {
+  const parentInfo = context?.parentEntry
+    ? `\n[DGM Context] Building upon parent snapshot: ${context.parentEntry.id} (fitness: ${(context.parentEntry.fitness * 100).toFixed(1)}%)`
+    : '';
+
+  const fitnessInfo = context?.currentFitness !== undefined
+    ? `\n[DGM Context] Current system fitness: ${(context.currentFitness * 100).toFixed(1)}% (test pass rate)`
+    : '';
+
+  const fileInfo = context?.targetFile
+    ? `\n[DGM Context] Primary target file: ${context.targetFile}`
+    : '';
+
+  const dgmHeader = `[DGM Mutation: ${strategy.toUpperCase()}]${parentInfo}${fitnessInfo}${fileInfo}\n\n`;
+
+  switch (strategy) {
+    case MutationStrategy.ADD_FEATURE:
+      return dgmHeader +
+        `Your mutation goal is to ADD A NEW FEATURE. Implement the following capability:\n${originalTask}\n\n` +
+        `Guidelines:\n` +
+        `- Create new files or add new exported functions/classes as needed\n` +
+        `- Do not break existing functionality\n` +
+        `- Ensure all new code compiles and existing tests still pass\n` +
+        `- The feature should integrate cleanly with the existing codebase`;
+
+    case MutationStrategy.REFACTOR:
+      return dgmHeader +
+        `Your mutation goal is to REFACTOR existing code for better quality:\n${originalTask}\n\n` +
+        `Guidelines:\n` +
+        `- Improve readability, reduce duplication, or strengthen type safety\n` +
+        `- Preserve all existing behavior exactly (zero functional change)\n` +
+        `- All existing tests must still pass after refactoring`;
+
+    case MutationStrategy.OPTIMIZE:
+      return dgmHeader +
+        `Your mutation goal is to OPTIMIZE for performance or efficiency:\n${originalTask}\n\n` +
+        `Guidelines:\n` +
+        `- Focus on reducing token usage, execution time, or memory\n` +
+        `- Preserve correctness — all tests must still pass\n` +
+        `- Measure and report the optimization impact if possible`;
+
+    case MutationStrategy.ADD_TESTS:
+      return dgmHeader +
+        `Your mutation goal is to ADD UNIT TESTS to improve coverage:\n${originalTask}\n\n` +
+        `Guidelines:\n` +
+        `- Add tests to src/tests/dynamic/ directory as .ts files\n` +
+        `- Tests must export a default function or a run() function\n` +
+        `- Prioritize testing edge cases and untested public functions\n` +
+        `- Do not modify existing test files (protected by Campbell Regime)`;
+
+    case MutationStrategy.FIX_BUG:
+      return dgmHeader +
+        `Your mutation goal is to FIX A BUG or stability issue:\n${originalTask}\n\n` +
+        `Guidelines:\n` +
+        `- Diagnose the root cause carefully before making changes\n` +
+        `- Make the minimal change required to fix the issue\n` +
+        `- Add a regression test if appropriate\n` +
+        `- All tests must pass after the fix`;
+
+    case MutationStrategy.IMPROVE_PROMPT:
+      return dgmHeader +
+        `Your mutation goal is to IMPROVE AGENT PROMPTS for better performance:\n${originalTask}\n\n` +
+        `Guidelines:\n` +
+        `- Edit src/orchestrator/system-prompt.txt or src/orchestrator/agent-prompts.ts\n` +
+        `- Make prompts more concise, clear, and effective\n` +
+        `- Preserve all existing agent capabilities\n` +
+        `- Build compiles and tests pass after changes`;
+
+    default:
+      return dgmHeader + originalTask;
+  }
+}

package/src/orchestrator/research-manager.ts

@@ -0,0 +1,88 @@
+import * as fs from 'fs';
+import * as path from 'path';
+
+export interface ResearchDecision {
+  timestamp: string;
+  phase: string;
+  action: string;
+  result: 'success' | 'failure' | 'info';
+  details?: string;
+}
+
+export interface ResearchSession {
+  taskId: string;
+  task: string;
+  startedAt: string;
+  endedAt?: string;
+  status: 'running' | 'success' | 'failed';
+  effort: 'standard' | 'ultracode';
+  decisions: ResearchDecision[];
+}
+
+export class ResearchManager {
+  private static session: ResearchSession | null = null;
+  private static logPath = path.join(process.cwd(), 'research-log.json');
+
+  static startSession(task: string, effort: 'standard' | 'ultracode') {
+    this.session = {
+      taskId: `task-${Date.now()}`,
+      task,
+      startedAt: new Date().toISOString(),
+      status: 'running',
+      effort,
+      decisions: []
+    };
+    this.logDecision('session_start', `Starting active research session for task: "${task}"`, 'info');
+    this.saveSession();
+  }
+
+  static logDecision(phase: string, action: string, result: 'success' | 'failure' | 'info', details?: string) {
+    if (!this.session) return;
+    
+    this.session.decisions.push({
+      timestamp: new Date().toISOString(),
+      phase,
+      action,
+      result,
+      details
+    });
+    this.saveSession();
+  }
+
+  static endSession(status: 'success' | 'failed') {
+    if (!this.session) return;
+    this.session.status = status;
+    this.session.endedAt = new Date().toISOString();
+    this.logDecision('session_end', `Session ended with status: ${status}`, 'info');
+    this.saveSession();
+    this.session = null;
+  }
+
+  private static saveSession() {
+    if (!this.session) return;
+    try {
+      let sessions: ResearchSession[] = [];
+      if (fs.existsSync(this.logPath)) {
+        try {
+          sessions = JSON.parse(fs.readFileSync(this.logPath, 'utf-8'));
+        } catch (e) {}
+      }
+      
+      const index = sessions.findIndex(s => s.taskId === this.session!.taskId);
+      if (index !== -1) {
+        sessions[index] = this.session;
+      } else {
+        sessions.push(this.session);
+      }
+      
+      // Keep last 10 sessions to save space
+      if (sessions.length > 10) {
+        sessions.shift();
+      }
+
+      fs.writeFileSync(this.logPath, JSON.stringify(sessions, null, 2), 'utf-8');
+    } catch (err) {
+      console.error('[ResearchManager] Failed to write research log:', err);
+    }
+  }
+}

package/src/orchestrator/rulez.ts

@@ -0,0 +1,118 @@
+import * as path from 'path';
+
+export interface PolicyResult {
+  allowed: boolean;
+  exitCode: number;
+  message: string;
+}
+
+// Banned command substrings
+const BANNED_COMMAND_PATTERNS = [
+  /\brm\b\s+-[rf]{1,2}\s+\//,         // rm -rf /
+  /\brm\b\s+-[rf]{1,2}\s+\./,         // rm -rf .
+  /\brm\b\s+-[rf]{1,2}\s+([A-Za-z]:)?\\/, // Windows root deletes
+  /\bformat\b/i,                       // disk formats
+  /\bgit\b.*\bpush\b.*\b--force\b/,    // force pushes
+  /\bgit\b.*\bpush\b/,                 // any direct push to remote
+  /\bchmod\b\s+777/,                   // unsafe permissions elevation
+  /\bchown\b/,                         // ownership tampering
+  /(\bdrop\b|\balter\b)\s+database/i   // raw database drops
+];
+
+// Secrets patterns (e.g. tp- tokens, standard slack tokens, etc)
+const SECRETS_PATTERNS = [
+  /tp-[a-zA-Z0-9]{32,}/,             // MiMo tp- Token pattern
+  /sk-[a-zA-Z0-9]{20,}/,             // standard OpenAI/Anthropic keys
+  /API_KEY\s*=\s*['"][a-zA-Z0-9_-]{16,}['"]/i,
+  /PASSWORD\s*=\s*['"][a-zA-Z0-9_-]{8,}['"]/i
+];
+
+/**
+ * Checks if a command string is allowed under RuleZ policies.
+ */
+export function checkCommand(commandStr: string): PolicyResult {
+  const normalizedCmd = commandStr.trim();
+
+  // 1. Check for banned command patterns
+  for (const pattern of BANNED_COMMAND_PATTERNS) {
+    if (pattern.test(normalizedCmd)) {
+      return {
+        allowed: false,
+        exitCode: 2,
+        message: `Blocked by RuleZ: Command violates security policy (matches pattern: ${pattern.toString()})`
+      };
+    }
+  }
+
+  // 2. Safe commands allowed
+  return {
+    allowed: true,
+    exitCode: 0,
+    message: 'Allowed by RuleZ'
+  };
+}
+
+/**
+ * Checks if a file edit or write is allowed under RuleZ policies.
+ */
+export function checkFileEdit(filePath: string, content: string): PolicyResult {
+  // 1. Protected files lockout (Campbell Safeguard Policy)
+  const normalizedPath = filePath.replace(/\\/g, '/');
+  const normalizedFile = normalizedPath.toLowerCase();
+  const resolvedBaseName = path.basename(filePath).toLowerCase();
+
+  const isProtected = 
+    normalizedFile.includes('src/orchestrator/rulez.ts') ||
+    normalizedFile.includes('src/orchestrator/sahoo-gateway.ts') ||
+    normalizedFile.includes('src/tests/run-tests.ts') ||
+    resolvedBaseName === 'package.json' ||
+    resolvedBaseName === '.env';
+
+  if (isProtected) {
+    return {
+      allowed: false,
+      exitCode: 2,
+      message: `Blocked by RuleZ: Modification of safety harness or environment configurations (${filePath}) is strictly prohibited.`
+    };
+  }
+
+  // 2. Sandbox isolation check: resolved path must be within the workspace root
+  const resolvedTarget = path.resolve(filePath);
+  const resolvedRoot = path.resolve(process.cwd());
+  const relativePath = path.relative(resolvedRoot, resolvedTarget);
+  const isOutside = relativePath.startsWith('..') || path.isAbsolute(relativePath);
+
+  if (isOutside) {
+    return {
+      allowed: false,
+      exitCode: 2,
+      message: `Blocked by RuleZ: Path '${filePath}' resolves outside the workspace sandbox.`
+    };
+  }
+
+  // 2. Prevent dynamic execution (eval / Function)
+  if (/\beval\s*\(/i.test(content) || /\bnew\s+Function\s*\(/i.test(content)) {
+    return {
+      allowed: false,
+      exitCode: 2,
+      message: `Blocked by RuleZ: Use of dynamic code execution (eval() or new Function()) is banned.`
+    };
+  }
+
+  // 3. Prevent hardcoding secrets/credentials
+  for (const pattern of SECRETS_PATTERNS) {
+    if (pattern.test(content)) {
+      return {
+        allowed: false,
+        exitCode: 2,
+        message: `Blocked by RuleZ: Potential hardcoded secret or API key pattern detected in changes.`
+      };
+    }
+  }
+
+  return {
+    allowed: true,
+    exitCode: 0,
+    message: 'Allowed by RuleZ'
+  };
+}