cognitive-modules-cli 2.2.7 → 2.2.8

package/dist/registry/client.d.ts

@@ -134,10 +134,17 @@ export interface SearchResult {
     score: number;
     keywords: string[];
 }
+export declare const DEFAULT_REGISTRY_URL = "https://github.com/Cognary/cognitive/releases/latest/download/cognitive-registry.v2.json";
+export interface RegistryClientOptions {
+    timeoutMs?: number;
+    maxBytes?: number;
+}
 export declare class RegistryClient {
     private registryUrl;
+    private timeoutMs;
+    private maxBytes;
     private cache;
-    constructor(registryUrl?: string);
+    constructor(registryUrl?: string, options?: RegistryClientOptions);
     private parseRegistryResponse;
     /**
      * Generate a unique cache filename based on registry URL

package/dist/registry/client.js

@@ -16,26 +16,60 @@ import { createHash } from 'node:crypto';
 // =============================================================================
 // Constants
 // =============================================================================
-const DEFAULT_REGISTRY_URL = 'https://raw.githubusercontent.com/Cognary/cognitive/main/cognitive-registry.v2.json';
+// "Latest" registry strategy:
+// Prefer GitHub Releases "latest" download, so clients get a coherent set of
+// (index + tarballs) that match an actual published release.
+//
+// This URL is stable across releases:
+// https://github.com/<org>/<repo>/releases/latest/download/cognitive-registry.v2.json
+export const DEFAULT_REGISTRY_URL = 'https://github.com/Cognary/cognitive/releases/latest/download/cognitive-registry.v2.json';
+const FALLBACK_REGISTRY_URL = 'https://raw.githubusercontent.com/Cognary/cognitive/main/cognitive-registry.v2.json';
 const CACHE_DIR = join(homedir(), '.cognitive', 'cache');
 const CACHE_TTL_MS = 5 * 60 * 1000; // 5 minutes
-const REGISTRY_FETCH_TIMEOUT_MS = 10_000; // 10s
-const MAX_REGISTRY_BYTES = 1024 * 1024; // 1MB
+const DEFAULT_REGISTRY_FETCH_TIMEOUT_MS = 10_000; // 10s
+const DEFAULT_MAX_REGISTRY_BYTES = 2 * 1024 * 1024; // 2MB
+const HARD_MAX_REGISTRY_BYTES = 20 * 1024 * 1024; // 20MB (absolute safety cap)
+function parsePositiveIntEnv(name) {
+    const raw = process.env[name];
+    if (!raw)
+        return undefined;
+    const n = Number(raw);
+    if (!Number.isFinite(n) || n <= 0)
+        return undefined;
+    return Math.floor(n);
+}
+function clamp(n, min, max) {
+    return Math.max(min, Math.min(max, n));
+}
 // =============================================================================
 // Registry Client
 // =============================================================================
 export class RegistryClient {
     registryUrl;
+    timeoutMs;
+    maxBytes;
     cache = { data: null, timestamp: 0 };
-    constructor(registryUrl = DEFAULT_REGISTRY_URL) {
-        this.registryUrl = registryUrl;
+    constructor(registryUrl, options = {}) {
+        const fromEnv = process.env.COGNITIVE_REGISTRY_URL;
+        const selected = (typeof registryUrl === 'string' && registryUrl.trim() ? registryUrl.trim() : undefined) ??
+            (typeof fromEnv === 'string' && fromEnv.trim() ? fromEnv.trim() : undefined) ??
+            DEFAULT_REGISTRY_URL;
+        this.registryUrl = selected;
+        const envTimeout = parsePositiveIntEnv('COGNITIVE_REGISTRY_TIMEOUT_MS');
+        const envMaxBytes = parsePositiveIntEnv('COGNITIVE_REGISTRY_MAX_BYTES');
+        const timeout = options.timeoutMs ?? envTimeout ?? DEFAULT_REGISTRY_FETCH_TIMEOUT_MS;
+        // keep timeouts bounded for predictable UX
+        this.timeoutMs = clamp(timeout, 1000, 120_000);
+        const maxBytes = options.maxBytes ?? envMaxBytes ?? DEFAULT_MAX_REGISTRY_BYTES;
+        // enforce an absolute upper bound to avoid accidental OOM on hostile endpoints
+        this.maxBytes = clamp(maxBytes, 1024, HARD_MAX_REGISTRY_BYTES);
     }
     async parseRegistryResponse(response) {
         const contentLengthHeader = response.headers?.get('content-length');
         if (contentLengthHeader) {
             const contentLength = Number(contentLengthHeader);
-            if (!Number.isNaN(contentLength) && contentLength > MAX_REGISTRY_BYTES) {
-                throw new Error(`Registry payload too large: ${contentLength} bytes (max ${MAX_REGISTRY_BYTES})`);
+            if (!Number.isNaN(contentLength) && contentLength > this.maxBytes) {
+                throw new Error(`Registry payload too large: ${contentLength} bytes (max ${this.maxBytes})`);
             }
         }
         if (response.body && typeof response.body.getReader === 'function') {
@@ -50,8 +84,8 @@ export class RegistryClient {
                         break;
                     if (value) {
                         totalBytes += value.byteLength;
-                        if (totalBytes > MAX_REGISTRY_BYTES) {
-                            throw new Error(`Registry payload too large: ${totalBytes} bytes (max ${MAX_REGISTRY_BYTES})`);
+                        if (totalBytes > this.maxBytes) {
+                            throw new Error(`Registry payload too large: ${totalBytes} bytes (max ${this.maxBytes})`);
                         }
                         buffer += decoder.decode(value, { stream: true });
                     }
@@ -71,8 +105,8 @@ export class RegistryClient {
         if (typeof response.text === 'function') {
             const text = await response.text();
             const byteLen = Buffer.byteLength(text, 'utf-8');
-            if (byteLen > MAX_REGISTRY_BYTES) {
-                throw new Error(`Registry payload too large: ${byteLen} bytes (max ${MAX_REGISTRY_BYTES})`);
+            if (byteLen > this.maxBytes) {
+                throw new Error(`Registry payload too large: ${byteLen} bytes (max ${this.maxBytes})`);
             }
             try {
                 return JSON.parse(text);
@@ -118,28 +152,48 @@ export class RegistryClient {
                 // Ignore cache read errors
             }
         }
-        // Fetch from network
-        const controller = new AbortController();
-        const timeout = setTimeout(() => controller.abort(), REGISTRY_FETCH_TIMEOUT_MS);
+        const fetchOnce = async (url) => {
+            const controller = new AbortController();
+            const timeout = setTimeout(() => controller.abort(), this.timeoutMs);
+            try {
+                const response = await fetch(url, {
+                    headers: { 'User-Agent': 'cognitive-runtime/2.2' },
+                    signal: controller.signal,
+                });
+                if (!response.ok) {
+                    // Allow callers to inspect status for fallback logic.
+                    const err = new Error(`Failed to fetch registry: ${response.status} ${response.statusText}`);
+                    err.status = response.status;
+                    throw err;
+                }
+                return await this.parseRegistryResponse(response);
+            }
+            catch (error) {
+                if (error instanceof Error && error.name === 'AbortError') {
+                    throw new Error(`Registry fetch timed out after ${this.timeoutMs}ms`);
+                }
+                throw error;
+            }
+            finally {
+                clearTimeout(timeout);
+            }
+        };
         let data;
         try {
-            const response = await fetch(this.registryUrl, {
-                headers: { 'User-Agent': 'cognitive-runtime/2.2' },
-                signal: controller.signal,
-            });
-            if (!response.ok) {
-                throw new Error(`Failed to fetch registry: ${response.status} ${response.statusText}`);
-            }
-            data = await this.parseRegistryResponse(response);
+            data = await fetchOnce(this.registryUrl);
         }
-        catch (error) {
-            if (error instanceof Error && error.name === 'AbortError') {
-                throw new Error(`Registry fetch timed out after ${REGISTRY_FETCH_TIMEOUT_MS}ms`);
+        catch (e) {
+            // Harden the "latest" strategy: right after publishing a GitHub Release,
+            // the index asset may not be uploaded yet (short 404 window). In that case,
+            // fall back to the repo-tracked index to keep `cog search/add` usable.
+            const status = e?.status;
+            const isDefaultUrl = this.registryUrl === DEFAULT_REGISTRY_URL;
+            if (isDefaultUrl && status === 404) {
+                data = await fetchOnce(FALLBACK_REGISTRY_URL);
+            }
+            else {
+                throw e;
             }
-            throw error;
-        }
-        finally {
-            clearTimeout(timeout);
         }
         // Update cache
         this.cache = { data, timestamp: now };

package/dist/types.d.ts

@@ -352,6 +352,16 @@ export interface CommandContext {
     cwd: string;
     provider: Provider;
     verbose?: boolean;
+    policy?: ExecutionPolicy;
+    /**
+     * Registry index override for commands that talk to the registry.
+     * If omitted, the RegistryClient default strategy is used.
+     */
+    registryUrl?: string;
+    /** Override registry fetch timeout (ms). */
+    registryTimeoutMs?: number;
+    /** Override registry max index bytes. */
+    registryMaxBytes?: number;
 }
 /**
  * CLI command result (legacy format).
@@ -373,6 +383,27 @@ export interface CommandResultV2 {
     data?: unknown;
     error?: EnvelopeError;
 }
+/**
+ * Execution profile:
+ * - core: minimal constraints (5-minute path)
+ * - default: safe defaults for day-to-day usage
+ * - strict: higher assurance (more enforcement)
+ * - certified: strongest gates (intended for publishable / regulated flows)
+ */
+export type ExecutionProfile = 'core' | 'default' | 'strict' | 'certified';
+/** Validation mode for input/output schemas and runtime enforcement. */
+export type ValidateMode = 'auto' | 'on' | 'off';
+export interface ExecutionPolicy {
+    profile: ExecutionProfile;
+    validate: ValidateMode;
+    audit: boolean;
+    enableRepair: boolean;
+    /**
+     * If true, refuse to run non-v2.2 modules (legacy/v0/v1 or missing formatVersion).
+     * This is a gate for certification-style flows.
+     */
+    requireV22: boolean;
+}
 export interface ModuleInput {
     code?: string;
     query?: string;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "cognitive-modules-cli",
-  "version": "2.2.7",
+  "version": "2.2.8",
   "description": "Cognitive Modules - Structured AI Task Execution with version management",
   "type": "module",
   "main": "dist/index.js",