comisai 1.0.18 → 1.0.22

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (149) hide show
  1. package/dist/cli-entry.js +0 -0
  2. package/node_modules/@comis/agent/dist/context-engine/context-engine.js +43 -2
  3. package/node_modules/@comis/agent/dist/context-engine/signature-replay-scrubber.d.ts +51 -0
  4. package/node_modules/@comis/agent/dist/context-engine/signature-replay-scrubber.js +110 -0
  5. package/node_modules/@comis/agent/dist/context-engine/signature-surrogate-guard.d.ts +54 -0
  6. package/node_modules/@comis/agent/dist/context-engine/signature-surrogate-guard.js +145 -0
  7. package/node_modules/@comis/agent/dist/context-engine/types-core.d.ts +17 -0
  8. package/node_modules/@comis/agent/dist/executor/error-classifier.d.ts +11 -1
  9. package/node_modules/@comis/agent/dist/executor/error-classifier.js +13 -0
  10. package/node_modules/@comis/agent/dist/executor/executor-context-engine-setup.d.ts +1 -0
  11. package/node_modules/@comis/agent/dist/executor/executor-context-engine-setup.js +55 -0
  12. package/node_modules/@comis/agent/dist/executor/executor-prompt-runner.js +106 -5
  13. package/node_modules/@comis/agent/dist/executor/executor-tool-assembly.js +1 -0
  14. package/node_modules/@comis/agent/dist/executor/pi-executor.d.ts +1 -4
  15. package/node_modules/@comis/agent/dist/executor/replay-drift-detector.d.ts +85 -0
  16. package/node_modules/@comis/agent/dist/executor/replay-drift-detector.js +92 -0
  17. package/node_modules/@comis/agent/dist/executor/signature-block-scrubber.d.ts +34 -0
  18. package/node_modules/@comis/agent/dist/executor/signature-block-scrubber.js +69 -0
  19. package/node_modules/@comis/agent/dist/executor/signed-replay-detector.d.ts +39 -0
  20. package/node_modules/@comis/agent/dist/executor/signed-replay-detector.js +72 -0
  21. package/node_modules/@comis/agent/package.json +1 -1
  22. package/node_modules/@comis/channels/package.json +1 -1
  23. package/node_modules/@comis/cli/dist/cli.js +0 -0
  24. package/node_modules/@comis/cli/dist/wizard/steps/12-finish.d.ts +4 -5
  25. package/node_modules/@comis/cli/dist/wizard/steps/12-finish.js +99 -40
  26. package/node_modules/@comis/cli/package.json +1 -1
  27. package/node_modules/@comis/core/dist/config/git-manager.js +10 -4
  28. package/node_modules/@comis/core/dist/config/index.d.ts +1 -0
  29. package/node_modules/@comis/core/dist/config/index.js +2 -0
  30. package/node_modules/@comis/core/dist/config/managed-sections.d.ts +67 -0
  31. package/node_modules/@comis/core/dist/config/managed-sections.js +124 -0
  32. package/node_modules/@comis/core/dist/config/schema-agent.d.ts +28 -10
  33. package/node_modules/@comis/core/dist/config/schema-agent.js +6 -0
  34. package/node_modules/@comis/core/dist/config/schema-gateway.d.ts +2 -2
  35. package/node_modules/@comis/core/dist/config/schema.d.ts +65 -64
  36. package/node_modules/@comis/core/dist/event-bus/events-messaging.d.ts +16 -0
  37. package/node_modules/@comis/core/dist/exports/config.d.ts +1 -1
  38. package/node_modules/@comis/core/dist/exports/config.js +1 -1
  39. package/node_modules/@comis/core/package.json +1 -1
  40. package/node_modules/@comis/daemon/bundled-skills/skill-creator/scripts/init-skill.py +0 -0
  41. package/node_modules/@comis/daemon/bundled-skills/skill-creator/scripts/validate-skill.py +0 -0
  42. package/node_modules/@comis/daemon/dist/daemon.js +0 -0
  43. package/node_modules/@comis/daemon/dist/rpc/config-handlers.js +20 -7
  44. package/node_modules/@comis/daemon/dist/rpc/session-handlers.js +27 -1
  45. package/node_modules/@comis/daemon/package.json +1 -1
  46. package/node_modules/@comis/gateway/package.json +1 -1
  47. package/node_modules/@comis/infra/package.json +1 -1
  48. package/node_modules/@comis/memory/package.json +1 -1
  49. package/node_modules/@comis/scheduler/package.json +1 -1
  50. package/node_modules/@comis/shared/package.json +1 -1
  51. package/node_modules/@comis/skills/dist/bridge/tool-metadata-registry.js +23 -8
  52. package/node_modules/@comis/skills/dist/builtin/platform/gateway-tool.d.ts +1 -1
  53. package/node_modules/@comis/skills/dist/builtin/platform/gateway-tool.js +18 -14
  54. package/node_modules/@comis/skills/dist/builtin/platform/unified-session-tool.js +1 -1
  55. package/node_modules/@comis/skills/package.json +1 -1
  56. package/node_modules/@comis/web/package.json +1 -1
  57. package/package.json +24 -26
  58. package/node_modules/@comis/agent/dist/provider/response/strip-minimax-xml.d.ts +0 -9
  59. package/node_modules/@comis/agent/dist/provider/response/strip-minimax-xml.js +0 -17
  60. package/node_modules/@comis/agent/dist/provider/response/strip-model-tokens.d.ts +0 -13
  61. package/node_modules/@comis/agent/dist/provider/response/strip-model-tokens.js +0 -19
  62. package/node_modules/@comis/agent/dist/provider/response/strip-tool-text.d.ts +0 -11
  63. package/node_modules/@comis/agent/dist/provider/response/strip-tool-text.js +0 -32
  64. package/node_modules/@comis/agent/dist/safety/follow-through-detector.d.ts +0 -46
  65. package/node_modules/@comis/agent/dist/safety/follow-through-detector.js +0 -76
  66. package/node_modules/@comis/agent/dist/safety/post-compaction-safety.d.ts +0 -30
  67. package/node_modules/@comis/agent/dist/safety/post-compaction-safety.js +0 -51
  68. package/node_modules/@comis/agent/dist/safety/schema-normalizer.d.ts +0 -37
  69. package/node_modules/@comis/agent/dist/safety/schema-normalizer.js +0 -137
  70. package/node_modules/@comis/agent/dist/safety/schema-pruning.d.ts +0 -50
  71. package/node_modules/@comis/agent/dist/safety/schema-pruning.js +0 -112
  72. package/node_modules/@comis/agent/dist/safety/tool-image-sanitizer.d.ts +0 -43
  73. package/node_modules/@comis/agent/dist/safety/tool-image-sanitizer.js +0 -96
  74. package/node_modules/@comis/agent/dist/safety/tool-sanitizer.d.ts +0 -44
  75. package/node_modules/@comis/agent/dist/safety/tool-sanitizer.js +0 -94
  76. package/node_modules/@comis/channels/dist/shared/thinking-tag-filter.d.ts +0 -28
  77. package/node_modules/@comis/channels/dist/shared/thinking-tag-filter.js +0 -206
  78. package/node_modules/@comis/cli/dist/wizard/config-writer.d.ts +0 -25
  79. package/node_modules/@comis/cli/dist/wizard/config-writer.js +0 -144
  80. package/node_modules/@comis/cli/dist/wizard/flow-types.d.ts +0 -48
  81. package/node_modules/@comis/cli/dist/wizard/flow-types.js +0 -70
  82. package/node_modules/@comis/cli/dist/wizard/manual-flow.d.ts +0 -21
  83. package/node_modules/@comis/cli/dist/wizard/manual-flow.js +0 -345
  84. package/node_modules/@comis/cli/dist/wizard/quickstart-flow.d.ts +0 -21
  85. package/node_modules/@comis/cli/dist/wizard/quickstart-flow.js +0 -116
  86. package/node_modules/@comis/core/dist/config/schema-agent-model.d.ts +0 -135
  87. package/node_modules/@comis/core/dist/config/schema-agent-model.js +0 -114
  88. package/node_modules/@comis/core/dist/config/schema-agent-session.d.ts +0 -177
  89. package/node_modules/@comis/core/dist/config/schema-agent-session.js +0 -116
  90. package/node_modules/@comis/core/dist/config/schema-context-engine.d.ts +0 -92
  91. package/node_modules/@comis/core/dist/config/schema-context-engine.js +0 -92
  92. package/node_modules/@comis/core/dist/config/schema-context-guard.d.ts +0 -34
  93. package/node_modules/@comis/core/dist/config/schema-context-guard.js +0 -32
  94. package/node_modules/@comis/core/dist/config/schema-delivery-mirror.d.ts +0 -27
  95. package/node_modules/@comis/core/dist/config/schema-delivery-mirror.js +0 -26
  96. package/node_modules/@comis/core/dist/config/schema-delivery-queue.d.ts +0 -31
  97. package/node_modules/@comis/core/dist/config/schema-delivery-queue.js +0 -30
  98. package/node_modules/@comis/core/dist/config/schema-delivery-timing.d.ts +0 -41
  99. package/node_modules/@comis/core/dist/config/schema-delivery-timing.js +0 -31
  100. package/node_modules/@comis/core/dist/config/schema-monitoring.d.ts +0 -105
  101. package/node_modules/@comis/core/dist/config/schema-monitoring.js +0 -67
  102. package/node_modules/@comis/core/dist/ports/media-ports.d.ts +0 -278
  103. package/node_modules/@comis/core/dist/ports/media-ports.js +0 -1
  104. package/node_modules/@comis/core/dist/security/input-guard.d.ts +0 -46
  105. package/node_modules/@comis/core/dist/security/input-guard.js +0 -166
  106. package/node_modules/@comis/core/dist/security/scoped-secret-manager.d.ts +0 -38
  107. package/node_modules/@comis/core/dist/security/scoped-secret-manager.js +0 -94
  108. package/node_modules/@comis/daemon/dist/observability/delivery-context.d.ts +0 -37
  109. package/node_modules/@comis/daemon/dist/observability/delivery-context.js +0 -1
  110. package/node_modules/@comis/daemon/dist/observability/log-level-manager.d.ts +0 -23
  111. package/node_modules/@comis/daemon/dist/observability/log-level-manager.js +0 -34
  112. package/node_modules/@comis/daemon/dist/observability/log-transport.d.ts +0 -44
  113. package/node_modules/@comis/daemon/dist/observability/log-transport.js +0 -74
  114. package/node_modules/@comis/daemon/dist/observability/obs-write-buffer.d.ts +0 -53
  115. package/node_modules/@comis/daemon/dist/observability/obs-write-buffer.js +0 -68
  116. package/node_modules/@comis/daemon/dist/observability/types.d.ts +0 -6
  117. package/node_modules/@comis/daemon/dist/observability/types.js +0 -1
  118. package/node_modules/@comis/daemon/dist/wiring/seed-bundled-skills.d.ts +0 -41
  119. package/node_modules/@comis/daemon/dist/wiring/seed-bundled-skills.js +0 -84
  120. package/node_modules/@comis/daemon/dist/wiring/setup-delivery-mirror.d.ts +0 -24
  121. package/node_modules/@comis/daemon/dist/wiring/setup-delivery-mirror.js +0 -88
  122. package/node_modules/@comis/daemon/dist/wiring/setup-delivery-queue.d.ts +0 -31
  123. package/node_modules/@comis/daemon/dist/wiring/setup-delivery-queue.js +0 -132
  124. package/node_modules/@comis/daemon/dist/wiring/setup-monitoring.d.ts +0 -38
  125. package/node_modules/@comis/daemon/dist/wiring/setup-monitoring.js +0 -100
  126. package/node_modules/@comis/daemon/dist/wiring/setup-rpc-bridge.d.ts +0 -34
  127. package/node_modules/@comis/daemon/dist/wiring/setup-rpc-bridge.js +0 -52
  128. package/node_modules/@comis/daemon/dist/wiring/setup-task-extraction.d.ts +0 -41
  129. package/node_modules/@comis/daemon/dist/wiring/setup-task-extraction.js +0 -86
  130. package/node_modules/@comis/memory/dist/embedding-cache.d.ts +0 -36
  131. package/node_modules/@comis/memory/dist/embedding-cache.js +0 -94
  132. package/node_modules/@comis/skills/dist/bridge/tool-output-schemas.d.ts +0 -17
  133. package/node_modules/@comis/skills/dist/bridge/tool-output-schemas.js +0 -125
  134. package/node_modules/@comis/skills/dist/bridge/tool-parallelism-metadata.d.ts +0 -14
  135. package/node_modules/@comis/skills/dist/bridge/tool-parallelism-metadata.js +0 -92
  136. package/node_modules/@comis/skills/dist/bridge/tool-result-caps.d.ts +0 -14
  137. package/node_modules/@comis/skills/dist/bridge/tool-result-caps.js +0 -36
  138. package/node_modules/@comis/skills/dist/bridge/tool-search-hints.d.ts +0 -15
  139. package/node_modules/@comis/skills/dist/bridge/tool-search-hints.js +0 -68
  140. package/node_modules/@comis/skills/dist/bridge/tool-validators.d.ts +0 -11
  141. package/node_modules/@comis/skills/dist/bridge/tool-validators.js +0 -105
  142. package/node_modules/@comis/skills/dist/builtin/file/find-sort-wrapper.d.ts +0 -22
  143. package/node_modules/@comis/skills/dist/builtin/file/find-sort-wrapper.js +0 -95
  144. package/node_modules/@comis/skills/dist/builtin/file/grep-output-mode-wrapper.d.ts +0 -24
  145. package/node_modules/@comis/skills/dist/builtin/file/grep-output-mode-wrapper.js +0 -167
  146. package/node_modules/@comis/skills/dist/builtin/task-plan-tool.d.ts +0 -25
  147. package/node_modules/@comis/skills/dist/builtin/task-plan-tool.js +0 -67
  148. package/node_modules/@comis/skills/dist/integrations/mcp-tool-bridge.d.ts +0 -75
  149. package/node_modules/@comis/skills/dist/integrations/mcp-tool-bridge.js +0 -235
@@ -1,278 +0,0 @@
1
- import type { Result } from "@comis/shared";
2
- import type { Attachment } from "../domain/normalized-message.js";
3
- /**
4
- * Options for audio transcription.
5
- */
6
- export interface TranscriptionOptions {
7
- /** MIME type of the audio buffer (e.g. "audio/ogg", "audio/mp3") */
8
- readonly mimeType: string;
9
- /** BCP-47 language hint (e.g. "en", "es"). Provider may auto-detect if omitted. */
10
- readonly language?: string;
11
- /** Optional prompt/context to guide transcription accuracy. */
12
- readonly prompt?: string;
13
- }
14
- /**
15
- * Result of a successful transcription.
16
- */
17
- export interface TranscriptionResult {
18
- /** Transcribed text. */
19
- readonly text: string;
20
- /** Detected or confirmed language (BCP-47). */
21
- readonly language?: string;
22
- /** Duration of the audio in milliseconds. */
23
- readonly durationMs?: number;
24
- }
25
- /**
26
- * TranscriptionPort: Hexagonal boundary for speech-to-text services.
27
- *
28
- * Adapters (OpenAI Whisper, local whisper.cpp, etc.) implement this
29
- * interface to convert audio buffers into text.
30
- */
31
- export interface TranscriptionPort {
32
- /**
33
- * Transcribe an audio buffer to text.
34
- *
35
- * @param audio - Raw audio data
36
- * @param options - MIME type, language hint, optional prompt
37
- * @returns Transcription result or an error (e.g. file too large, API failure)
38
- */
39
- transcribe(audio: Buffer, options: TranscriptionOptions): Promise<Result<TranscriptionResult, Error>>;
40
- }
41
- /**
42
- * Options for text-to-speech synthesis.
43
- */
44
- export interface TTSOptions {
45
- /** Voice identifier (provider-specific, e.g. "alloy", "nova"). */
46
- readonly voice?: string;
47
- /** Output audio format (e.g. "mp3", "opus", "aac", "flac"). */
48
- readonly format?: string;
49
- /** Playback speed multiplier (0.25 to 4.0). */
50
- readonly speed?: number;
51
- }
52
- /**
53
- * Result of a successful TTS synthesis.
54
- */
55
- export interface TTSResult {
56
- /** Raw audio data. */
57
- readonly audio: Buffer;
58
- /** MIME type of the audio (e.g. "audio/mpeg", "audio/opus"). */
59
- readonly mimeType: string;
60
- }
61
- /**
62
- * TTSPort: Hexagonal boundary for text-to-speech services.
63
- *
64
- * Adapters (OpenAI TTS, ElevenLabs, local Piper, etc.) implement this
65
- * interface to synthesize audio from text.
66
- */
67
- export interface TTSPort {
68
- /**
69
- * Synthesize text into audio.
70
- *
71
- * @param text - Text content to convert to speech
72
- * @param options - Voice, format, and speed configuration
73
- * @returns Audio buffer with MIME type, or an error
74
- */
75
- synthesize(text: string, options?: TTSOptions): Promise<Result<TTSResult, Error>>;
76
- }
77
- /**
78
- * Options for image analysis.
79
- */
80
- export interface ImageAnalysisOptions {
81
- /** MIME type of the image buffer (e.g. "image/png", "image/jpeg"). */
82
- readonly mimeType: string;
83
- /** Maximum tokens in the analysis response. */
84
- readonly maxTokens?: number;
85
- }
86
- /**
87
- * ImageAnalysisPort: Hexagonal boundary for multimodal image analysis.
88
- *
89
- * Adapters (Anthropic Claude, OpenAI GPT-4o, etc.) implement this
90
- * interface to analyze images using vision-capable LLMs.
91
- */
92
- export interface ImageAnalysisPort {
93
- /**
94
- * Analyze an image given a prompt.
95
- *
96
- * @param image - Raw image data
97
- * @param prompt - Question or instruction about the image
98
- * @param options - MIME type and response length configuration
99
- * @returns Analysis text or an error (e.g. file too large, unsupported format)
100
- */
101
- analyze(image: Buffer, prompt: string, options: ImageAnalysisOptions): Promise<Result<string, Error>>;
102
- }
103
- /**
104
- * Request payload for image vision analysis.
105
- */
106
- export interface VisionRequest {
107
- /** Raw image data. */
108
- readonly image: Buffer;
109
- /** Question or instruction about the image. */
110
- readonly prompt: string;
111
- /** MIME type of the image (e.g. "image/png", "image/jpeg"). */
112
- readonly mimeType: string;
113
- /** Maximum tokens in the response. */
114
- readonly maxTokens?: number;
115
- }
116
- /**
117
- * Request payload for video vision analysis.
118
- */
119
- export interface VideoRequest {
120
- /** Raw video data. */
121
- readonly video: Buffer;
122
- /** Question or instruction about the video. */
123
- readonly prompt: string;
124
- /** MIME type of the video (e.g. "video/mp4", "video/webm"). */
125
- readonly mimeType: string;
126
- /** Maximum tokens in the response. */
127
- readonly maxTokens?: number;
128
- }
129
- /**
130
- * Result of a vision analysis (image or video).
131
- */
132
- export interface VisionResult {
133
- /** Analysis text. */
134
- readonly text: string;
135
- /** Provider that produced the result (e.g. "openai", "anthropic", "google"). */
136
- readonly provider: string;
137
- /** Model used for analysis. */
138
- readonly model: string;
139
- /** Tokens used (if available from the provider). */
140
- readonly tokensUsed?: number;
141
- }
142
- /**
143
- * VisionProvider: Multi-capability vision analysis provider.
144
- *
145
- * Each provider declares which media types it supports (image, video, or both).
146
- * The registry uses capabilities to route requests to the right provider.
147
- */
148
- export interface VisionProvider {
149
- /** Unique provider identifier (e.g. "openai", "anthropic", "google"). */
150
- readonly id: string;
151
- /** Media types this provider can analyze. */
152
- readonly capabilities: ReadonlyArray<"image" | "video">;
153
- /** Analyze an image. */
154
- describeImage(req: VisionRequest): Promise<Result<VisionResult, Error>>;
155
- /** Analyze a video (optional — only providers with "video" capability). */
156
- describeVideo?(req: VideoRequest): Promise<Result<VisionResult, Error>>;
157
- }
158
- /**
159
- * Result of resolving a media attachment to a buffer.
160
- */
161
- export interface ResolvedMedia {
162
- /** Downloaded file content. */
163
- readonly buffer: Buffer;
164
- /** Verified MIME type (sniffed, not declared). */
165
- readonly mimeType: string;
166
- /** File size in bytes. */
167
- readonly sizeBytes: number;
168
- }
169
- /**
170
- * MediaResolverPort: Hexagonal boundary for media resolution.
171
- *
172
- * Per-platform adapters implement this interface to download attachments
173
- * from platform-specific URLs (e.g., tg-file:// for Telegram, https://
174
- * for public URLs). The resolver registry routes to the correct adapter
175
- * based on the URI scheme.
176
- */
177
- export interface MediaResolverPort {
178
- /** URI schemes this resolver handles (e.g., ["tg-file", "https"]). */
179
- readonly schemes: ReadonlyArray<string>;
180
- /**
181
- * Resolve an attachment URL to a downloaded buffer.
182
- *
183
- * Implementations MUST validate URLs through validateUrl() from
184
- * @comis/core/security before any HTTP request to prevent SSRF.
185
- * Private, loopback, link-local, and cloud-metadata IPs are blocked.
186
- * DNS rebinding protection is mandatory: resolve hostname to IP,
187
- * check blocklist, then connect using pinned IP.
188
- *
189
- * Implementations MUST check Content-Length against the configured
190
- * maxRemoteFetchBytes limit and abort before streaming the body
191
- * if exceeded.
192
- *
193
- * @param attachment - The attachment to resolve
194
- * @returns Resolved media buffer with MIME type and size, or an error
195
- */
196
- resolve(attachment: Attachment): Promise<Result<ResolvedMedia, Error>>;
197
- }
198
- /**
199
- * Classification of a file based on its MIME type.
200
- *
201
- * - `"document"`: Extractable text content in the MIME whitelist (PDF, plain text, CSV, etc.)
202
- * - `"binary"`: Known binary format (images, audio, video, archives) — not text-extractable
203
- * - `"unknown"`: Unrecognized MIME type — classification cannot be determined
204
- */
205
- export type FileClassification = "document" | "binary" | "unknown";
206
- /**
207
- * Error categories for file extraction failures.
208
- */
209
- export type FileExtractionErrorKind = "timeout" | "encrypted" | "size_exceeded" | "unsupported_mime" | "encoding_error" | "corrupt" | "download_failed" | "internal";
210
- /**
211
- * Structured error returned by FileExtractionPort on failure.
212
- */
213
- export interface FileExtractionError {
214
- readonly kind: FileExtractionErrorKind;
215
- readonly message: string;
216
- readonly mimeType?: string;
217
- readonly fileName?: string;
218
- }
219
- /**
220
- * Input for file extraction. Discriminated union on the `source` field.
221
- *
222
- * - `"buffer"`: Extract from an in-memory buffer (mimeType required).
223
- * - `"url"`: Extract from a remote URL (mimeType optional, may need detection).
224
- */
225
- export type FileExtractionInput = {
226
- readonly source: "buffer";
227
- readonly buffer: Buffer;
228
- readonly mimeType: string;
229
- readonly fileName?: string;
230
- readonly sizeBytes?: number;
231
- } | {
232
- readonly source: "url";
233
- readonly url: string;
234
- readonly mimeType?: string;
235
- readonly fileName?: string;
236
- readonly sizeBytes?: number;
237
- };
238
- /**
239
- * Result of a successful file extraction.
240
- */
241
- export interface FileExtractionResult {
242
- /** Extracted text content. */
243
- readonly text: string;
244
- /** File name (original or detected). */
245
- readonly fileName: string;
246
- /** MIME type of the source file. */
247
- readonly mimeType: string;
248
- /** Number of characters in the extracted text. */
249
- readonly extractedChars: number;
250
- /** Whether the text was truncated to fit maxChars. */
251
- readonly truncated: boolean;
252
- /** Time taken for extraction in milliseconds. */
253
- readonly durationMs: number;
254
- /** Original file buffer for downstream re-use. */
255
- readonly buffer: Buffer;
256
- /** Number of pages extracted (for paginated formats like PDF). */
257
- readonly pageCount?: number;
258
- /** Total pages in the document (may differ from pageCount if maxPages limit applied). */
259
- readonly totalPages?: number;
260
- }
261
- /**
262
- * FileExtractionPort: Hexagonal boundary for document text extraction services.
263
- *
264
- * Adapters implement this interface to extract text content from document files
265
- * (PDF, plain text, CSV, etc.). The port accepts both in-memory buffers and
266
- * remote URLs as input sources.
267
- */
268
- export interface FileExtractionPort {
269
- /**
270
- * Extract text content from a document file.
271
- *
272
- * @param input - File source (buffer or URL) with metadata
273
- * @returns Extraction result with text and metrics, or a structured error
274
- */
275
- extract(input: FileExtractionInput): Promise<Result<FileExtractionResult, FileExtractionError>>;
276
- /** MIME types this adapter can extract text from. */
277
- readonly supportedMimes: ReadonlyArray<string>;
278
- }
@@ -1 +0,0 @@
1
- export {};
@@ -1,46 +0,0 @@
1
- /**
2
- * InputGuard — Semantic jailbreak detection with weighted 0.0-1.0 threat scoring.
3
- *
4
- * Factory function that creates a guard object with a `scan()` method. Detects
5
- * jailbreak attempts using weighted compound phrase patterns imported from
6
- * `injection-patterns.ts`, typoglycemia detection for 8 key terms, and code
7
- * block exclusion to minimize false positives on technical content.
8
- *
9
- * Returns scored results that PiExecutor uses for policy decisions:
10
- * - low risk (< mediumThreshold) -> action "pass"
11
- * - medium risk (>= mediumThreshold, < highThreshold) -> action "reinforce"
12
- * - high risk (>= highThreshold) -> action "warn" (default) or "block" (config)
13
- *
14
- * @module input-guard
15
- * @since Phase 283 (INPUT-03 through INPUT-06)
16
- */
17
- export interface InputGuardConfig {
18
- /** Threat score threshold for "medium" risk (triggers reinforcement). Default: 0.4. */
19
- readonly mediumThreshold: number;
20
- /** Threat score threshold for "high" risk (triggers warn/block). Default: 0.7. */
21
- readonly highThreshold: number;
22
- /** Action for high-risk detections. Default: "warn". "block" requires explicit config. */
23
- readonly action: "warn" | "block";
24
- }
25
- export interface InputGuardResult {
26
- /** Threat score clamped to 0.0-1.0. */
27
- readonly score: number;
28
- /** Risk level derived from score vs thresholds. */
29
- readonly riskLevel: "low" | "medium" | "high";
30
- /** Matched pattern category names. */
31
- readonly patterns: string[];
32
- /** Recommended policy action. */
33
- readonly action: "pass" | "warn" | "reinforce" | "block";
34
- }
35
- export interface InputGuard {
36
- scan(text: string): InputGuardResult;
37
- }
38
- /**
39
- * Create an InputGuard that scores user input text for jailbreak risk.
40
- *
41
- * Configuration is optional; all fields have sensible defaults:
42
- * - mediumThreshold: 0.4
43
- * - highThreshold: 0.7
44
- * - action: "warn" (operator must explicitly set "block" to enable blocking)
45
- */
46
- export declare function createInputGuard(config?: Partial<InputGuardConfig>): InputGuard;
@@ -1,166 +0,0 @@
1
- /**
2
- * InputGuard — Semantic jailbreak detection with weighted 0.0-1.0 threat scoring.
3
- *
4
- * Factory function that creates a guard object with a `scan()` method. Detects
5
- * jailbreak attempts using weighted compound phrase patterns imported from
6
- * `injection-patterns.ts`, typoglycemia detection for 8 key terms, and code
7
- * block exclusion to minimize false positives on technical content.
8
- *
9
- * Returns scored results that PiExecutor uses for policy decisions:
10
- * - low risk (< mediumThreshold) -> action "pass"
11
- * - medium risk (>= mediumThreshold, < highThreshold) -> action "reinforce"
12
- * - high risk (>= highThreshold) -> action "warn" (default) or "block" (config)
13
- *
14
- * @module input-guard
15
- * @since Phase 283 (INPUT-03 through INPUT-06)
16
- */
17
- import { IGNORE_PREV_INSTRUCTIONS, IGNORE_INSTRUCTIONS_BROAD, DISREGARD_PREVIOUS, DISREGARD_INSTRUCTIONS, FORGET_EVERYTHING, FORGET_INSTRUCTIONS_BROAD, YOU_ARE_NOW, YOU_ARE_NOW_ARTICLE, NEW_INSTRUCTIONS, NEW_INSTRUCTIONS_COLON, IMPORTANT_OVERRIDE, OVERRIDE_SAFETY, ACT_AS_ROLE, CONTEXT_RESET, RULE_REPLACEMENT, SYSTEM_TAG, SYSTEM_BRACKET, SYSTEM_COMMAND, SPECIAL_TOKEN_DELIMITERS, ROLE_BOUNDARY, ASSISTANT_ROLE_MARKER, } from "./injection-patterns.js";
18
- // ---------------------------------------------------------------------------
19
- // Weighted pattern categories (Pattern 6 from research)
20
- // ---------------------------------------------------------------------------
21
- /**
22
- * Each category groups related regex patterns with a single weight.
23
- * If ANY pattern in a category matches, the weight is added once (boolean per category).
24
- * Multiple matches within the same category do NOT multiply the weight.
25
- */
26
- const PATTERN_WEIGHTS = [
27
- { patterns: [IGNORE_PREV_INSTRUCTIONS, IGNORE_INSTRUCTIONS_BROAD], weight: 0.6, name: "ignore_instructions" },
28
- { patterns: [DISREGARD_PREVIOUS, DISREGARD_INSTRUCTIONS], weight: 0.5, name: "disregard_previous" },
29
- { patterns: [FORGET_EVERYTHING, FORGET_INSTRUCTIONS_BROAD], weight: 0.5, name: "forget_instructions" },
30
- { patterns: [YOU_ARE_NOW, YOU_ARE_NOW_ARTICLE], weight: 0.4, name: "role_assumption" },
31
- { patterns: [NEW_INSTRUCTIONS, NEW_INSTRUCTIONS_COLON], weight: 0.5, name: "new_instructions" },
32
- { patterns: [IMPORTANT_OVERRIDE], weight: 0.5, name: "important_override" },
33
- { patterns: [OVERRIDE_SAFETY], weight: 0.6, name: "override_safety" },
34
- { patterns: [ACT_AS_ROLE], weight: 0.4, name: "act_as_role" },
35
- { patterns: [CONTEXT_RESET], weight: 0.4, name: "context_reset" },
36
- { patterns: [RULE_REPLACEMENT], weight: 0.4, name: "rule_replacement" },
37
- { patterns: [SYSTEM_TAG, SYSTEM_BRACKET, SYSTEM_COMMAND], weight: 0.3, name: "system_markers" },
38
- { patterns: [SPECIAL_TOKEN_DELIMITERS], weight: 0.3, name: "special_tokens" },
39
- { patterns: [ROLE_BOUNDARY, ASSISTANT_ROLE_MARKER], weight: 0.2, name: "role_markers" },
40
- ];
41
- // ---------------------------------------------------------------------------
42
- // Code block exclusion (INPUT-06)
43
- // ---------------------------------------------------------------------------
44
- /**
45
- * Regex to match fenced code blocks (triple backtick) and inline code (single backtick).
46
- * ReDoS-safe: [\s\S]*? is non-greedy character class without alternation.
47
- */
48
- const CODE_BLOCK_REGEX = /```[\s\S]*?```|`[^`\n]+`/g;
49
- function stripCodeBlocks(text) {
50
- CODE_BLOCK_REGEX.lastIndex = 0;
51
- return text.replace(CODE_BLOCK_REGEX, " ");
52
- }
53
- // ---------------------------------------------------------------------------
54
- // Typoglycemia detection (INPUT-05)
55
- // ---------------------------------------------------------------------------
56
- /**
57
- * The 8 key jailbreak terms to check for scrambled-middle variants.
58
- * All are 5+ characters long, ensuring sufficient middle-letter entropy
59
- * to avoid false positives on short words.
60
- */
61
- const TYPOGLYCEMIA_TERMS = [
62
- "ignore",
63
- "previous",
64
- "instructions",
65
- "system",
66
- "bypass",
67
- "override",
68
- "forget",
69
- "delete",
70
- ];
71
- /**
72
- * Check whether a word is a typoglycemia variant of a target term.
73
- *
74
- * A word is a variant if:
75
- * 1. Same length as target
76
- * 2. Same first character (case-insensitive)
77
- * 3. Same last character (case-insensitive)
78
- * 4. NOT an exact match (exact matches are handled by regex patterns)
79
- * 5. Same sorted middle characters
80
- *
81
- * This implements the "Cambridge University effect" where human readers
82
- * can understand words with scrambled middle letters.
83
- */
84
- function isTypoglycemiaVariant(word, target) {
85
- if (word.length !== target.length)
86
- return false;
87
- const w = word.toLowerCase();
88
- const t = target.toLowerCase();
89
- if (w[0] !== t[0] || w[w.length - 1] !== t[t.length - 1])
90
- return false;
91
- if (w === t)
92
- return false; // Exact match is NOT a variant
93
- const wMiddle = [...w.slice(1, -1)].sort().join("");
94
- const tMiddle = [...t.slice(1, -1)].sort().join("");
95
- return wMiddle === tMiddle;
96
- }
97
- // ---------------------------------------------------------------------------
98
- // Factory function
99
- // ---------------------------------------------------------------------------
100
- /**
101
- * Create an InputGuard that scores user input text for jailbreak risk.
102
- *
103
- * Configuration is optional; all fields have sensible defaults:
104
- * - mediumThreshold: 0.4
105
- * - highThreshold: 0.7
106
- * - action: "warn" (operator must explicitly set "block" to enable blocking)
107
- */
108
- export function createInputGuard(config) {
109
- const mediumThreshold = config?.mediumThreshold ?? 0.4;
110
- const highThreshold = config?.highThreshold ?? 0.7;
111
- const action = config?.action ?? "warn";
112
- return {
113
- scan(text) {
114
- const stripped = stripCodeBlocks(text);
115
- const matched = [];
116
- let score = 0;
117
- // 1. Weighted pattern category matching
118
- for (const category of PATTERN_WEIGHTS) {
119
- let categoryMatched = false;
120
- for (const pattern of category.patterns) {
121
- // Reset lastIndex before each test() call (patterns have /g or /gi flags)
122
- pattern.lastIndex = 0;
123
- if (pattern.test(stripped)) {
124
- categoryMatched = true;
125
- break; // Category is boolean -- one match suffices
126
- }
127
- }
128
- if (categoryMatched) {
129
- score += category.weight;
130
- matched.push(category.name);
131
- }
132
- }
133
- // 2. Typoglycemia detection
134
- const words = stripped.split(/\s+/);
135
- for (const word of words) {
136
- if (word.length === 0)
137
- continue;
138
- for (const term of TYPOGLYCEMIA_TERMS) {
139
- if (isTypoglycemiaVariant(word, term)) {
140
- matched.push(`typoglycemia:${term}`);
141
- score += 0.3;
142
- break; // One word matches at most one term
143
- }
144
- }
145
- }
146
- // 3. Clamp score to [0.0, 1.0]
147
- score = Math.min(score, 1.0);
148
- // 4. Determine risk level
149
- const riskLevel = score >= highThreshold ? "high"
150
- : score >= mediumThreshold ? "medium"
151
- : "low";
152
- // 5. Determine action
153
- let resultAction;
154
- if (riskLevel === "high") {
155
- resultAction = action === "block" ? "block" : "warn";
156
- }
157
- else if (riskLevel === "medium") {
158
- resultAction = "reinforce";
159
- }
160
- else {
161
- resultAction = "pass";
162
- }
163
- return { score, riskLevel, patterns: matched, action: resultAction };
164
- },
165
- };
166
- }
@@ -1,38 +0,0 @@
1
- /**
2
- * ScopedSecretManager — per-agent SecretManager decorator with glob filtering.
3
- *
4
- * Wraps a base SecretManager and restricts access to secrets matching
5
- * the agent's allow patterns. Every access attempt (get, has, require)
6
- * emits a `secret:accessed` audit event through the optional TypedEventBus.
7
- *
8
- * Design decisions:
9
- * - Decorator pattern: callers cannot distinguish from a plain SecretManager
10
- * - Empty allowPatterns = unrestricted access (backward compat for existing agents)
11
- * - eventBus is optional: if omitted, no audit events are emitted (unit-test friendly)
12
- * - keys() filters but does not emit (listing operation, not access)
13
- */
14
- import type { SecretManager } from "./secret-manager.js";
15
- import type { TypedEventBus } from "../event-bus/index.js";
16
- /**
17
- * Options for creating a scoped (per-agent) SecretManager.
18
- */
19
- export interface ScopedSecretManagerOptions {
20
- /** The agent this scoped manager belongs to. Included in all audit events. */
21
- agentId: string;
22
- /** Glob patterns that grant access. Empty array = unrestricted (backward compat). */
23
- allowPatterns: string[];
24
- /** Optional event bus for audit event emission. No-op if omitted. */
25
- eventBus?: TypedEventBus;
26
- }
27
- /**
28
- * Create a SecretManager that filters access by glob patterns and emits audit events.
29
- *
30
- * The returned object implements the SecretManager interface exactly — same 4 methods
31
- * (get, has, require, keys), same return types. This is the decorator pattern:
32
- * callers cannot distinguish a ScopedSecretManager from a plain SecretManager.
33
- *
34
- * @param base - The underlying SecretManager to delegate allowed accesses to
35
- * @param options - Agent ID, allow patterns, and optional event bus
36
- * @returns A SecretManager that enforces per-agent access control
37
- */
38
- export declare function createScopedSecretManager(base: SecretManager, options: ScopedSecretManagerOptions): SecretManager;
@@ -1,94 +0,0 @@
1
- /**
2
- * ScopedSecretManager — per-agent SecretManager decorator with glob filtering.
3
- *
4
- * Wraps a base SecretManager and restricts access to secrets matching
5
- * the agent's allow patterns. Every access attempt (get, has, require)
6
- * emits a `secret:accessed` audit event through the optional TypedEventBus.
7
- *
8
- * Design decisions:
9
- * - Decorator pattern: callers cannot distinguish from a plain SecretManager
10
- * - Empty allowPatterns = unrestricted access (backward compat for existing agents)
11
- * - eventBus is optional: if omitted, no audit events are emitted (unit-test friendly)
12
- * - keys() filters but does not emit (listing operation, not access)
13
- */
14
- import { isSecretAccessible } from "./secret-access.js";
15
- /**
16
- * Create a SecretManager that filters access by glob patterns and emits audit events.
17
- *
18
- * The returned object implements the SecretManager interface exactly — same 4 methods
19
- * (get, has, require, keys), same return types. This is the decorator pattern:
20
- * callers cannot distinguish a ScopedSecretManager from a plain SecretManager.
21
- *
22
- * @param base - The underlying SecretManager to delegate allowed accesses to
23
- * @param options - Agent ID, allow patterns, and optional event bus
24
- * @returns A SecretManager that enforces per-agent access control
25
- */
26
- export function createScopedSecretManager(base, options) {
27
- const { agentId, allowPatterns, eventBus } = options;
28
- let warnedNoAllow = false;
29
- /**
30
- * Emit a one-time security:warn event when an agent accesses secrets
31
- * without explicit secrets.allow configuration (CORE-02).
32
- */
33
- function warnUnrestrictedAccess(secretName) {
34
- if (warnedNoAllow || allowPatterns.length > 0 || !eventBus)
35
- return;
36
- warnedNoAllow = true;
37
- eventBus.emit("security:warn", {
38
- category: "secret_access",
39
- agentId,
40
- message: `Agent "${agentId}" accessed secret "${secretName}" without explicit secrets.allow configuration. ` +
41
- `Configure secrets.allow patterns to restrict access.`,
42
- timestamp: Date.now(),
43
- });
44
- }
45
- function emitAccess(secretName, outcome) {
46
- eventBus?.emit("secret:accessed", {
47
- secretName,
48
- agentId,
49
- outcome,
50
- timestamp: Date.now(),
51
- });
52
- }
53
- return {
54
- get(key) {
55
- warnUnrestrictedAccess(key);
56
- if (!isSecretAccessible(key, allowPatterns)) {
57
- emitAccess(key, "denied");
58
- return undefined;
59
- }
60
- const value = base.get(key);
61
- emitAccess(key, value !== undefined ? "success" : "not_found");
62
- return value;
63
- },
64
- has(key) {
65
- warnUnrestrictedAccess(key);
66
- if (!isSecretAccessible(key, allowPatterns)) {
67
- emitAccess(key, "denied");
68
- return false;
69
- }
70
- const exists = base.has(key);
71
- emitAccess(key, exists ? "success" : "not_found");
72
- return exists;
73
- },
74
- require(key) {
75
- warnUnrestrictedAccess(key);
76
- if (!isSecretAccessible(key, allowPatterns)) {
77
- emitAccess(key, "denied");
78
- throw new Error(`Agent "${agentId}" is not allowed to access secret "${key}". ` +
79
- `Check the agent's secrets.allow configuration.`);
80
- }
81
- const value = base.get(key);
82
- if (value === undefined) {
83
- emitAccess(key, "not_found");
84
- throw new Error(`Required secret "${key}" is not set. ` +
85
- `Check that this key is defined in your .env file or encrypted store.`);
86
- }
87
- emitAccess(key, "success");
88
- return value;
89
- },
90
- keys() {
91
- return base.keys().filter((k) => isSecretAccessible(k, allowPatterns));
92
- },
93
- };
94
- }
@@ -1,37 +0,0 @@
1
- /**
2
- * DeliveryContext: metadata captured per message delivery for tracing (OBS-04).
3
- *
4
- * Records source/target channel identifiers, delivery timing, success status,
5
- * and optional attribution (agent, session). Downstream consumers use this
6
- * for delivery tracing dashboards and latency analysis.
7
- */
8
- export interface DeliveryContext {
9
- /** Source channel that originated the message */
10
- sourceChannelId: string;
11
- sourceChannelType: string;
12
- /** Delivery target */
13
- targetChannelId: string;
14
- targetChannelType: string;
15
- /** Timestamp when delivery was initiated */
16
- deliveredAt: number;
17
- /** Time from message receipt to delivery completion in ms */
18
- latencyMs: number;
19
- /** Whether delivery succeeded */
20
- success: boolean;
21
- /** Error message if delivery failed */
22
- error?: string;
23
- /** Agent that processed the message */
24
- agentId?: string;
25
- /** Session key string */
26
- sessionKey?: string;
27
- /** Execution timeline steps synthesized from timing data */
28
- steps?: Array<{
29
- name: string;
30
- timestamp: number;
31
- durationMs: number;
32
- status: "ok" | "error";
33
- error?: string;
34
- }>;
35
- /** Additional metadata (retry count, parse mode fallback, etc.) */
36
- metadata?: Record<string, unknown>;
37
- }