daycare-cli 2026.2.12 → 2026.2.22
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/engine/agents/agent.d.ts.map +1 -1
- package/dist/engine/agents/agent.js +41 -14
- package/dist/engine/agents/agent.js.map +1 -1
- package/dist/engine/agents/agentSystem.d.ts +3 -0
- package/dist/engine/agents/agentSystem.d.ts.map +1 -1
- package/dist/engine/agents/agentSystem.js +11 -5
- package/dist/engine/agents/agentSystem.js.map +1 -1
- package/dist/engine/agents/ops/agentBackgroundList.d.ts.map +1 -1
- package/dist/engine/agents/ops/agentBackgroundList.js +3 -1
- package/dist/engine/agents/ops/agentBackgroundList.js.map +1 -1
- package/dist/engine/agents/ops/agentDescriptorCacheKey.d.ts.map +1 -1
- package/dist/engine/agents/ops/agentDescriptorCacheKey.js +2 -0
- package/dist/engine/agents/ops/agentDescriptorCacheKey.js.map +1 -1
- package/dist/engine/agents/ops/agentDescriptorCacheKey.spec.js +3 -0
- package/dist/engine/agents/ops/agentDescriptorCacheKey.spec.js.map +1 -1
- package/dist/engine/agents/ops/agentDescriptorIsHeartbeat.spec.js +1 -1
- package/dist/engine/agents/ops/agentDescriptorIsHeartbeat.spec.js.map +1 -1
- package/dist/engine/agents/ops/agentDescriptorLabel.d.ts.map +1 -1
- package/dist/engine/agents/ops/agentDescriptorLabel.js +3 -0
- package/dist/engine/agents/ops/agentDescriptorLabel.js.map +1 -1
- package/dist/engine/agents/ops/agentDescriptorLabel.spec.js +0 -1
- package/dist/engine/agents/ops/agentDescriptorLabel.spec.js.map +1 -1
- package/dist/engine/agents/ops/agentDescriptorTypes.d.ts +3 -0
- package/dist/engine/agents/ops/agentDescriptorTypes.d.ts.map +1 -1
- package/dist/engine/agents/ops/agentHistoryContext.d.ts.map +1 -1
- package/dist/engine/agents/ops/agentHistoryContext.js +14 -0
- package/dist/engine/agents/ops/agentHistoryContext.js.map +1 -1
- package/dist/engine/agents/ops/agentHistoryContext.spec.js +107 -0
- package/dist/engine/agents/ops/agentHistoryContext.spec.js.map +1 -1
- package/dist/engine/agents/ops/agentLoopRun.d.ts +2 -0
- package/dist/engine/agents/ops/agentLoopRun.d.ts.map +1 -1
- package/dist/engine/agents/ops/agentLoopRun.js +34 -6
- package/dist/engine/agents/ops/agentLoopRun.js.map +1 -1
- package/dist/engine/agents/ops/agentLoopRun.spec.js +107 -31
- package/dist/engine/agents/ops/agentLoopRun.spec.js.map +1 -1
- package/dist/engine/agents/ops/agentMessageRunPythonTerminalTrim.d.ts +7 -0
- package/dist/engine/agents/ops/agentMessageRunPythonTerminalTrim.d.ts.map +1 -0
- package/dist/engine/agents/ops/agentMessageRunPythonTerminalTrim.js +16 -0
- package/dist/engine/agents/ops/agentMessageRunPythonTerminalTrim.js.map +1 -0
- package/dist/engine/agents/ops/agentMessageRunPythonTerminalTrim.spec.d.ts +2 -0
- package/dist/engine/agents/ops/agentMessageRunPythonTerminalTrim.spec.d.ts.map +1 -0
- package/dist/engine/agents/ops/agentMessageRunPythonTerminalTrim.spec.js +20 -0
- package/dist/engine/agents/ops/agentMessageRunPythonTerminalTrim.spec.js.map +1 -0
- package/dist/engine/agents/ops/agentPromptResolve.d.ts.map +1 -1
- package/dist/engine/agents/ops/agentPromptResolve.js +8 -0
- package/dist/engine/agents/ops/agentPromptResolve.js.map +1 -1
- package/dist/engine/agents/ops/agentPromptResolve.spec.js +8 -0
- package/dist/engine/agents/ops/agentPromptResolve.spec.js.map +1 -1
- package/dist/engine/agents/ops/agentSystemPrompt.d.ts.map +1 -1
- package/dist/engine/agents/ops/agentSystemPrompt.js +8 -1
- package/dist/engine/agents/ops/agentSystemPrompt.js.map +1 -1
- package/dist/engine/agents/ops/agentSystemPrompt.spec.js +39 -8
- package/dist/engine/agents/ops/agentSystemPrompt.spec.js.map +1 -1
- package/dist/engine/agents/ops/agentSystemPromptContext.d.ts +2 -0
- package/dist/engine/agents/ops/agentSystemPromptContext.d.ts.map +1 -1
- package/dist/engine/agents/ops/agentSystemPromptSectionPermissions.d.ts.map +1 -1
- package/dist/engine/agents/ops/agentSystemPromptSectionPermissions.js +1 -3
- package/dist/engine/agents/ops/agentSystemPromptSectionPermissions.js.map +1 -1
- package/dist/engine/agents/ops/agentSystemPromptSectionToolCalling.js +15 -1
- package/dist/engine/agents/ops/agentSystemPromptSectionToolCalling.js.map +1 -1
- package/dist/engine/agents/ops/agentToolExecutionAllowlistResolve.d.ts +11 -0
- package/dist/engine/agents/ops/agentToolExecutionAllowlistResolve.d.ts.map +1 -0
- package/dist/engine/agents/ops/agentToolExecutionAllowlistResolve.js +17 -0
- package/dist/engine/agents/ops/agentToolExecutionAllowlistResolve.js.map +1 -0
- package/dist/engine/agents/ops/agentToolExecutionAllowlistResolve.spec.d.ts +2 -0
- package/dist/engine/agents/ops/agentToolExecutionAllowlistResolve.spec.d.ts.map +1 -0
- package/dist/engine/agents/ops/agentToolExecutionAllowlistResolve.spec.js +26 -0
- package/dist/engine/agents/ops/agentToolExecutionAllowlistResolve.spec.js.map +1 -0
- package/dist/engine/agents/system/_systemAgents.d.ts.map +1 -1
- package/dist/engine/agents/system/_systemAgents.js +0 -5
- package/dist/engine/agents/system/_systemAgents.js.map +1 -1
- package/dist/engine/agents/system/systemAgentPromptResolve.spec.js +0 -6
- package/dist/engine/agents/system/systemAgentPromptResolve.spec.js.map +1 -1
- package/dist/engine/agents/system/systemAgentTagIs.spec.js +3 -4
- package/dist/engine/agents/system/systemAgentTagIs.spec.js.map +1 -1
- package/dist/engine/apps/appToolExecutorBuild.spec.js +11 -9
- package/dist/engine/apps/appToolExecutorBuild.spec.js.map +1 -1
- package/dist/engine/engine.d.ts +2 -0
- package/dist/engine/engine.d.ts.map +1 -1
- package/dist/engine/engine.js +16 -1
- package/dist/engine/engine.js.map +1 -1
- package/dist/engine/ipc/server.d.ts.map +1 -1
- package/dist/engine/ipc/server.js +14 -0
- package/dist/engine/ipc/server.js.map +1 -1
- package/dist/engine/ipc/serverMemoryRoutesRegister.d.ts +24 -0
- package/dist/engine/ipc/serverMemoryRoutesRegister.d.ts.map +1 -0
- package/dist/engine/ipc/serverMemoryRoutesRegister.js +54 -0
- package/dist/engine/ipc/serverMemoryRoutesRegister.js.map +1 -0
- package/dist/engine/ipc/serverMemoryRoutesRegister.spec.d.ts +2 -0
- package/dist/engine/ipc/serverMemoryRoutesRegister.spec.d.ts.map +1 -0
- package/dist/engine/ipc/serverMemoryRoutesRegister.spec.js +157 -0
- package/dist/engine/ipc/serverMemoryRoutesRegister.spec.js.map +1 -0
- package/dist/engine/memory/graph/graphNodeParse.d.ts +7 -0
- package/dist/engine/memory/graph/graphNodeParse.d.ts.map +1 -0
- package/dist/engine/memory/graph/graphNodeParse.js +122 -0
- package/dist/engine/memory/graph/graphNodeParse.js.map +1 -0
- package/dist/engine/memory/graph/graphNodeParse.spec.d.ts +2 -0
- package/dist/engine/memory/graph/graphNodeParse.spec.d.ts.map +1 -0
- package/dist/engine/memory/graph/graphNodeParse.spec.js +68 -0
- package/dist/engine/memory/graph/graphNodeParse.spec.js.map +1 -0
- package/dist/engine/memory/graph/graphNodeSerialize.d.ts +7 -0
- package/dist/engine/memory/graph/graphNodeSerialize.d.ts.map +1 -0
- package/dist/engine/memory/graph/graphNodeSerialize.js +17 -0
- package/dist/engine/memory/graph/graphNodeSerialize.js.map +1 -0
- package/dist/engine/memory/graph/graphNodeSerialize.spec.d.ts +2 -0
- package/dist/engine/memory/graph/graphNodeSerialize.spec.d.ts.map +1 -0
- package/dist/engine/memory/graph/graphNodeSerialize.spec.js +45 -0
- package/dist/engine/memory/graph/graphNodeSerialize.spec.js.map +1 -0
- package/dist/engine/memory/graph/graphRootNodeRead.d.ts +8 -0
- package/dist/engine/memory/graph/graphRootNodeRead.d.ts.map +1 -0
- package/dist/engine/memory/graph/graphRootNodeRead.js +23 -0
- package/dist/engine/memory/graph/graphRootNodeRead.js.map +1 -0
- package/dist/engine/memory/graph/graphRootNodeRead.spec.d.ts +2 -0
- package/dist/engine/memory/graph/graphRootNodeRead.spec.d.ts.map +1 -0
- package/dist/engine/memory/graph/graphRootNodeRead.spec.js +14 -0
- package/dist/engine/memory/graph/graphRootNodeRead.spec.js.map +1 -0
- package/dist/engine/memory/graph/graphStoreRead.d.ts +7 -0
- package/dist/engine/memory/graph/graphStoreRead.d.ts.map +1 -0
- package/dist/engine/memory/graph/graphStoreRead.js +32 -0
- package/dist/engine/memory/graph/graphStoreRead.js.map +1 -0
- package/dist/engine/memory/graph/graphStoreRead.spec.d.ts +2 -0
- package/dist/engine/memory/graph/graphStoreRead.spec.d.ts.map +1 -0
- package/dist/engine/memory/graph/graphStoreRead.spec.js +57 -0
- package/dist/engine/memory/graph/graphStoreRead.spec.js.map +1 -0
- package/dist/engine/memory/graph/graphStoreWrite.d.ts +7 -0
- package/dist/engine/memory/graph/graphStoreWrite.d.ts.map +1 -0
- package/dist/engine/memory/graph/graphStoreWrite.js +18 -0
- package/dist/engine/memory/graph/graphStoreWrite.js.map +1 -0
- package/dist/engine/memory/graph/graphStoreWrite.spec.d.ts +2 -0
- package/dist/engine/memory/graph/graphStoreWrite.spec.d.ts.map +1 -0
- package/dist/engine/memory/graph/graphStoreWrite.spec.js +50 -0
- package/dist/engine/memory/graph/graphStoreWrite.spec.js.map +1 -0
- package/dist/engine/memory/graph/graphTreeBuild.d.ts +9 -0
- package/dist/engine/memory/graph/graphTreeBuild.d.ts.map +1 -0
- package/dist/engine/memory/graph/graphTreeBuild.js +85 -0
- package/dist/engine/memory/graph/graphTreeBuild.js.map +1 -0
- package/dist/engine/memory/graph/graphTreeBuild.spec.d.ts +2 -0
- package/dist/engine/memory/graph/graphTreeBuild.spec.d.ts.map +1 -0
- package/dist/engine/memory/graph/graphTreeBuild.spec.js +46 -0
- package/dist/engine/memory/graph/graphTreeBuild.spec.js.map +1 -0
- package/dist/engine/memory/graph/graphTypes.d.ts +19 -0
- package/dist/engine/memory/graph/graphTypes.d.ts.map +1 -0
- package/dist/engine/memory/graph/graphTypes.js +2 -0
- package/dist/engine/memory/graph/graphTypes.js.map +1 -0
- package/dist/engine/memory/infer/inferObservations.d.ts +19 -0
- package/dist/engine/memory/infer/inferObservations.d.ts.map +1 -0
- package/dist/engine/memory/infer/inferObservations.js +67 -0
- package/dist/engine/memory/infer/inferObservations.js.map +1 -0
- package/dist/engine/memory/infer/utils/formatHistoryMessages.d.ts +7 -0
- package/dist/engine/memory/infer/utils/formatHistoryMessages.d.ts.map +1 -0
- package/dist/engine/memory/infer/utils/formatHistoryMessages.js +46 -0
- package/dist/engine/memory/infer/utils/formatHistoryMessages.js.map +1 -0
- package/dist/engine/memory/infer/utils/formatHistoryMessages.spec.d.ts +2 -0
- package/dist/engine/memory/infer/utils/formatHistoryMessages.spec.d.ts.map +1 -0
- package/dist/engine/memory/infer/utils/formatHistoryMessages.spec.js +89 -0
- package/dist/engine/memory/infer/utils/formatHistoryMessages.spec.js.map +1 -0
- package/dist/engine/memory/infer/utils/parseObservations.d.ts +7 -0
- package/dist/engine/memory/infer/utils/parseObservations.d.ts.map +1 -0
- package/dist/engine/memory/infer/utils/parseObservations.js +24 -0
- package/dist/engine/memory/infer/utils/parseObservations.js.map +1 -0
- package/dist/engine/memory/infer/utils/parseObservations.spec.d.ts +2 -0
- package/dist/engine/memory/infer/utils/parseObservations.spec.d.ts.map +1 -0
- package/dist/engine/memory/infer/utils/parseObservations.spec.js +31 -0
- package/dist/engine/memory/infer/utils/parseObservations.spec.js.map +1 -0
- package/dist/engine/memory/memory.d.ts +18 -0
- package/dist/engine/memory/memory.d.ts.map +1 -0
- package/dist/engine/memory/memory.js +71 -0
- package/dist/engine/memory/memory.js.map +1 -0
- package/dist/engine/memory/memory.spec.d.ts +2 -0
- package/dist/engine/memory/memory.spec.d.ts.map +1 -0
- package/dist/engine/memory/memory.spec.js +68 -0
- package/dist/engine/memory/memory.spec.js.map +1 -0
- package/dist/engine/memory/memorySessionObserve.d.ts +13 -2
- package/dist/engine/memory/memorySessionObserve.d.ts.map +1 -1
- package/dist/engine/memory/memorySessionObserve.js +12 -3
- package/dist/engine/memory/memorySessionObserve.js.map +1 -1
- package/dist/engine/memory/memorySessionObserve.spec.js +75 -4
- package/dist/engine/memory/memorySessionObserve.spec.js.map +1 -1
- package/dist/engine/memory/memoryWorker.d.ts +19 -2
- package/dist/engine/memory/memoryWorker.d.ts.map +1 -1
- package/dist/engine/memory/memoryWorker.js +40 -10
- package/dist/engine/memory/memoryWorker.js.map +1 -1
- package/dist/engine/memory/memoryWorker.spec.js +95 -21
- package/dist/engine/memory/memoryWorker.spec.js.map +1 -1
- package/dist/engine/memory/observationLogAppend.d.ts +9 -0
- package/dist/engine/memory/observationLogAppend.d.ts.map +1 -0
- package/dist/engine/memory/observationLogAppend.js +26 -0
- package/dist/engine/memory/observationLogAppend.js.map +1 -0
- package/dist/engine/memory/observationLogAppend.spec.d.ts +2 -0
- package/dist/engine/memory/observationLogAppend.spec.d.ts.map +1 -0
- package/dist/engine/memory/observationLogAppend.spec.js +67 -0
- package/dist/engine/memory/observationLogAppend.spec.js.map +1 -0
- package/dist/engine/modules/executablePrompts/executablePromptExpand.d.ts.map +1 -1
- package/dist/engine/modules/executablePrompts/executablePromptExpand.js +2 -1
- package/dist/engine/modules/executablePrompts/executablePromptExpand.js.map +1 -1
- package/dist/engine/modules/executablePrompts/executablePromptExpand.spec.js +1 -0
- package/dist/engine/modules/executablePrompts/executablePromptExpand.spec.js.map +1 -1
- package/dist/engine/modules/inference/router.d.ts +1 -0
- package/dist/engine/modules/inference/router.d.ts.map +1 -1
- package/dist/engine/modules/inference/router.js +1 -0
- package/dist/engine/modules/inference/router.js.map +1 -1
- package/dist/engine/modules/rlm/rlmExecute.d.ts.map +1 -1
- package/dist/engine/modules/rlm/rlmExecute.js +2 -1
- package/dist/engine/modules/rlm/rlmExecute.js.map +1 -1
- package/dist/engine/modules/rlm/rlmExecute.spec.js +1 -0
- package/dist/engine/modules/rlm/rlmExecute.spec.js.map +1 -1
- package/dist/engine/modules/rlm/rlmRestore.d.ts.map +1 -1
- package/dist/engine/modules/rlm/rlmRestore.js +2 -1
- package/dist/engine/modules/rlm/rlmRestore.js.map +1 -1
- package/dist/engine/modules/rlm/rlmRestore.spec.js +1 -0
- package/dist/engine/modules/rlm/rlmRestore.spec.js.map +1 -1
- package/dist/engine/modules/rlm/rlmTool.d.ts.map +1 -1
- package/dist/engine/modules/rlm/rlmTool.js +2 -1
- package/dist/engine/modules/rlm/rlmTool.js.map +1 -1
- package/dist/engine/modules/rlm/rlmTool.spec.js +73 -0
- package/dist/engine/modules/rlm/rlmTool.spec.js.map +1 -1
- package/dist/engine/modules/rlm/rlmToolsForContextResolve.d.ts +9 -0
- package/dist/engine/modules/rlm/rlmToolsForContextResolve.d.ts.map +1 -0
- package/dist/engine/modules/rlm/rlmToolsForContextResolve.js +18 -0
- package/dist/engine/modules/rlm/rlmToolsForContextResolve.js.map +1 -0
- package/dist/engine/modules/rlm/rlmToolsForContextResolve.spec.d.ts +2 -0
- package/dist/engine/modules/rlm/rlmToolsForContextResolve.spec.d.ts.map +1 -0
- package/dist/engine/modules/rlm/rlmToolsForContextResolve.spec.js +77 -0
- package/dist/engine/modules/rlm/rlmToolsForContextResolve.spec.js.map +1 -0
- package/dist/engine/modules/toolResolver.d.ts +3 -2
- package/dist/engine/modules/toolResolver.d.ts.map +1 -1
- package/dist/engine/modules/toolResolver.js +31 -9
- package/dist/engine/modules/toolResolver.js.map +1 -1
- package/dist/engine/modules/toolResolver.spec.js +101 -0
- package/dist/engine/modules/toolResolver.spec.js.map +1 -1
- package/dist/engine/modules/tools/channelSendTool.js +3 -0
- package/dist/engine/modules/tools/channelSendTool.js.map +1 -1
- package/dist/engine/modules/tools/memoryNodeReadToolBuild.d.ts +8 -0
- package/dist/engine/modules/tools/memoryNodeReadToolBuild.d.ts.map +1 -0
- package/dist/engine/modules/tools/memoryNodeReadToolBuild.js +99 -0
- package/dist/engine/modules/tools/memoryNodeReadToolBuild.js.map +1 -0
- package/dist/engine/modules/tools/memoryNodeReadToolBuild.spec.d.ts +2 -0
- package/dist/engine/modules/tools/memoryNodeReadToolBuild.spec.d.ts.map +1 -0
- package/dist/engine/modules/tools/memoryNodeReadToolBuild.spec.js +112 -0
- package/dist/engine/modules/tools/memoryNodeReadToolBuild.spec.js.map +1 -0
- package/dist/engine/modules/tools/memoryNodeWriteToolBuild.d.ts +10 -0
- package/dist/engine/modules/tools/memoryNodeWriteToolBuild.d.ts.map +1 -0
- package/dist/engine/modules/tools/memoryNodeWriteToolBuild.js +115 -0
- package/dist/engine/modules/tools/memoryNodeWriteToolBuild.js.map +1 -0
- package/dist/engine/modules/tools/memoryNodeWriteToolBuild.spec.d.ts +2 -0
- package/dist/engine/modules/tools/memoryNodeWriteToolBuild.spec.d.ts.map +1 -0
- package/dist/engine/modules/tools/memoryNodeWriteToolBuild.spec.js +163 -0
- package/dist/engine/modules/tools/memoryNodeWriteToolBuild.spec.js.map +1 -0
- package/dist/engine/modules/tools/types.d.ts +10 -1
- package/dist/engine/modules/tools/types.d.ts.map +1 -1
- package/dist/engine/permissions/permissionBuildUser.d.ts.map +1 -1
- package/dist/engine/permissions/permissionBuildUser.js +5 -1
- package/dist/engine/permissions/permissionBuildUser.js.map +1 -1
- package/dist/engine/permissions/permissionBuildUser.spec.js +2 -1
- package/dist/engine/permissions/permissionBuildUser.spec.js.map +1 -1
- package/dist/engine/permissions.d.ts +1 -0
- package/dist/engine/permissions.d.ts.map +1 -1
- package/dist/engine/permissions.js +12 -2
- package/dist/engine/permissions.js.map +1 -1
- package/dist/engine/plugins/descriptor.d.ts +2 -2
- package/dist/engine/processes/processes.js +2 -1
- package/dist/engine/processes/processes.js.map +1 -1
- package/dist/engine/users/userHome.d.ts +1 -0
- package/dist/engine/users/userHome.d.ts.map +1 -1
- package/dist/engine/users/userHome.js +2 -0
- package/dist/engine/users/userHome.js.map +1 -1
- package/dist/engine/users/userHome.spec.js +1 -0
- package/dist/engine/users/userHome.spec.js.map +1 -1
- package/dist/engine/users/userHomeEnsure.d.ts.map +1 -1
- package/dist/engine/users/userHomeEnsure.js +1 -0
- package/dist/engine/users/userHomeEnsure.js.map +1 -1
- package/dist/engine/users/userHomeEnsure.spec.js +1 -0
- package/dist/engine/users/userHomeEnsure.spec.js.map +1 -1
- package/dist/plugins/dashboard/site/404.html +1 -1
- package/dist/plugins/dashboard/site/_next/static/chunks/{315-7c3dbac7865a2549.js → 129-0781090dbd74ef24.js} +1 -1
- package/dist/plugins/dashboard/site/_next/static/chunks/315-e0c2965b599a90c8.js +1 -0
- package/dist/plugins/dashboard/site/_next/static/chunks/app/agent/page-e7a20c5ef1f769e6.js +1 -0
- package/dist/plugins/dashboard/site/_next/static/chunks/app/agents/page-b997df519e071e45.js +1 -0
- package/dist/plugins/dashboard/site/_next/static/chunks/app/automations/page-fed8c9eb1cef42df.js +1 -0
- package/dist/plugins/dashboard/site/_next/static/chunks/app/connectors/page-a8a3b434a1ed7bda.js +1 -0
- package/dist/plugins/dashboard/site/_next/static/chunks/app/memory/page-c2c16e7623a0377d.js +1 -0
- package/dist/plugins/dashboard/site/_next/static/chunks/app/page-5ebf2aeece51aed8.js +1 -0
- package/dist/plugins/dashboard/site/_next/static/chunks/app/processes/page-e6bdb861ae8bd14b.js +1 -0
- package/dist/plugins/dashboard/site/_next/static/chunks/app/providers/{page-f0d02a91a69b9eb8.js → page-d3743fe243237b22.js} +1 -1
- package/dist/plugins/dashboard/site/_next/static/chunks/app/signals/page-b817ca434cd43c0f.js +1 -0
- package/dist/plugins/dashboard/site/_next/static/chunks/app/telemetry/{page-98aa9367902606e3.js → page-eabe78b4fbbf1439.js} +1 -1
- package/dist/plugins/dashboard/site/_next/static/chunks/app/tools/page-ce22e00b61861083.js +1 -0
- package/dist/plugins/dashboard/site/_next/static/chunks/{main-2004b9415696334d.js → main-5352cc0d54d797b4.js} +1 -1
- package/dist/plugins/dashboard/site/_next/static/css/42d76d007d742231.css +5 -0
- package/dist/plugins/dashboard/site/agent.html +1 -1
- package/dist/plugins/dashboard/site/agent.txt +2 -2
- package/dist/plugins/dashboard/site/agents.html +1 -1
- package/dist/plugins/dashboard/site/agents.txt +2 -2
- package/dist/plugins/dashboard/site/automations.html +1 -1
- package/dist/plugins/dashboard/site/automations.txt +2 -2
- package/dist/plugins/dashboard/site/connectors.html +1 -1
- package/dist/plugins/dashboard/site/connectors.txt +2 -2
- package/dist/plugins/dashboard/site/index.html +2 -2
- package/dist/plugins/dashboard/site/index.txt +2 -2
- package/dist/plugins/dashboard/site/memory.html +1 -0
- package/dist/plugins/dashboard/site/memory.txt +7 -0
- package/dist/plugins/dashboard/site/processes.html +1 -1
- package/dist/plugins/dashboard/site/processes.txt +2 -2
- package/dist/plugins/dashboard/site/providers.html +1 -1
- package/dist/plugins/dashboard/site/providers.txt +2 -2
- package/dist/plugins/dashboard/site/signals.html +1 -1
- package/dist/plugins/dashboard/site/signals.txt +2 -2
- package/dist/plugins/dashboard/site/telemetry.html +2 -2
- package/dist/plugins/dashboard/site/telemetry.txt +2 -2
- package/dist/plugins/dashboard/site/tools.html +1 -1
- package/dist/plugins/dashboard/site/tools.txt +2 -2
- package/dist/prompts/SYSTEM_AGENCY.md +1 -1
- package/dist/prompts/SYSTEM_PERMISSIONS.md +4 -25
- package/dist/prompts/memory/MEMORY_AGENT.md +148 -0
- package/dist/prompts/memory/MEMORY_ROOT.md +322 -0
- package/dist/prompts/memory/OBSERVE.md +70 -0
- package/dist/sandbox/sandboxCanRead.d.ts.map +1 -1
- package/dist/sandbox/sandboxCanRead.js +26 -2
- package/dist/sandbox/sandboxCanRead.js.map +1 -1
- package/dist/sandbox/sandboxCanRead.spec.js +51 -8
- package/dist/sandbox/sandboxCanRead.spec.js.map +1 -1
- package/dist/sandbox/sandboxCanWrite.d.ts.map +1 -1
- package/dist/sandbox/sandboxCanWrite.js +11 -0
- package/dist/sandbox/sandboxCanWrite.js.map +1 -1
- package/dist/sandbox/sandboxCanWrite.spec.js +32 -1
- package/dist/sandbox/sandboxCanWrite.spec.js.map +1 -1
- package/dist/sandbox/sandboxDangerousFileCheck.d.ts +11 -0
- package/dist/sandbox/sandboxDangerousFileCheck.d.ts.map +1 -0
- package/dist/sandbox/sandboxDangerousFileCheck.js +37 -0
- package/dist/sandbox/sandboxDangerousFileCheck.js.map +1 -0
- package/dist/sandbox/sandboxDangerousFileCheck.spec.d.ts +2 -0
- package/dist/sandbox/sandboxDangerousFileCheck.spec.d.ts.map +1 -0
- package/dist/sandbox/sandboxDangerousFileCheck.spec.js +25 -0
- package/dist/sandbox/sandboxDangerousFileCheck.spec.js.map +1 -0
- package/dist/sandbox/sandboxDangerousFilesBuild.d.ts +11 -0
- package/dist/sandbox/sandboxDangerousFilesBuild.d.ts.map +1 -0
- package/dist/sandbox/sandboxDangerousFilesBuild.js +23 -0
- package/dist/sandbox/sandboxDangerousFilesBuild.js.map +1 -0
- package/dist/sandbox/sandboxDangerousFilesBuild.spec.d.ts +2 -0
- package/dist/sandbox/sandboxDangerousFilesBuild.spec.d.ts.map +1 -0
- package/dist/sandbox/sandboxDangerousFilesBuild.spec.js +31 -0
- package/dist/sandbox/sandboxDangerousFilesBuild.spec.js.map +1 -0
- package/dist/sandbox/sandboxFilesystemPolicyBuild.d.ts.map +1 -1
- package/dist/sandbox/sandboxFilesystemPolicyBuild.js +5 -47
- package/dist/sandbox/sandboxFilesystemPolicyBuild.js.map +1 -1
- package/dist/sandbox/sandboxPathDenyCheck.d.ts +6 -0
- package/dist/sandbox/sandboxPathDenyCheck.d.ts.map +1 -0
- package/dist/sandbox/sandboxPathDenyCheck.js +26 -0
- package/dist/sandbox/sandboxPathDenyCheck.js.map +1 -0
- package/dist/sandbox/sandboxPathDenyCheck.spec.d.ts +2 -0
- package/dist/sandbox/sandboxPathDenyCheck.spec.d.ts.map +1 -0
- package/dist/sandbox/sandboxPathDenyCheck.spec.js +23 -0
- package/dist/sandbox/sandboxPathDenyCheck.spec.js.map +1 -0
- package/dist/sandbox/sandboxSensitiveDenyPathsBuild.d.ts +11 -0
- package/dist/sandbox/sandboxSensitiveDenyPathsBuild.d.ts.map +1 -0
- package/dist/sandbox/sandboxSensitiveDenyPathsBuild.js +63 -0
- package/dist/sandbox/sandboxSensitiveDenyPathsBuild.js.map +1 -0
- package/dist/sandbox/sandboxSensitiveDenyPathsBuild.spec.d.ts +2 -0
- package/dist/sandbox/sandboxSensitiveDenyPathsBuild.spec.d.ts.map +1 -0
- package/dist/sandbox/sandboxSensitiveDenyPathsBuild.spec.js +52 -0
- package/dist/sandbox/sandboxSensitiveDenyPathsBuild.spec.js.map +1 -0
- package/dist/skills/memory-document/SKILL.md +134 -0
- package/dist/skills/skills/memory-document/SKILL.md +134 -0
- package/dist/storage/processesRepository.js +9 -3
- package/dist/storage/processesRepository.js.map +1 -1
- package/dist/types.d.ts +3 -1
- package/dist/types.d.ts.map +1 -1
- package/package.json +1 -1
- package/dist/plugins/dashboard/site/_next/static/chunks/668-ebfa412e61ce0ba6.js +0 -1
- package/dist/plugins/dashboard/site/_next/static/chunks/app/agent/page-22dfc72e39faa099.js +0 -1
- package/dist/plugins/dashboard/site/_next/static/chunks/app/agents/page-7b0c562c7534861a.js +0 -1
- package/dist/plugins/dashboard/site/_next/static/chunks/app/automations/page-6245088e82da3e1c.js +0 -1
- package/dist/plugins/dashboard/site/_next/static/chunks/app/connectors/page-036fb8590b50cc57.js +0 -1
- package/dist/plugins/dashboard/site/_next/static/chunks/app/page-8c0afc21c643ff8b.js +0 -1
- package/dist/plugins/dashboard/site/_next/static/chunks/app/processes/page-98da30b493398bf7.js +0 -1
- package/dist/plugins/dashboard/site/_next/static/chunks/app/signals/page-44ccbe1e003b1905.js +0 -1
- package/dist/plugins/dashboard/site/_next/static/chunks/app/tools/page-6ff89d201c006847.js +0 -1
- package/dist/plugins/dashboard/site/_next/static/css/5e0d68fc118b66c8.css +0 -5
- package/dist/prompts/ACTORS.md +0 -37
- package/dist/prompts/ARCHITECT.md +0 -36
- package/dist/prompts/PERMISSIONS.md +0 -63
- /package/dist/plugins/dashboard/site/_next/static/{dkIRezLpmA4xSr6Bj5DQ6 → Xz8Kc-P2fnMqmm-AsS7Ui}/_buildManifest.js +0 -0
- /package/dist/plugins/dashboard/site/_next/static/{dkIRezLpmA4xSr6Bj5DQ6 → Xz8Kc-P2fnMqmm-AsS7Ui}/_ssgManifest.js +0 -0
|
@@ -0,0 +1,322 @@
|
|
|
1
|
+
# Ontology Routing: Placing New Information in a Memory Graph
|
|
2
|
+
|
|
3
|
+
Given new information, classify it and route it to the correct node in a graph. The graph has a primary tree (entity-centric, traversed top-down) and cross-references (BFO-typed, linking related nodes across entities).
|
|
4
|
+
|
|
5
|
+
Every piece of incoming information gets two labels: **what it is** (BFO) and **how abstract it is** (Peirce). BFO determines the node's type tag and its cross-references. Peirce determines its depth within the entity.
|
|
6
|
+
|
|
7
|
+
```mermaid
|
|
8
|
+
graph TD
|
|
9
|
+
Root[Root] --> Cat1[People]
|
|
10
|
+
Root --> Cat2[Systems]
|
|
11
|
+
Root --> Cat3[Projects]
|
|
12
|
+
|
|
13
|
+
Cat1 --> Steve[Steve]
|
|
14
|
+
Cat1 --> Alice[Alice]
|
|
15
|
+
|
|
16
|
+
Steve --> S1["Role: Tech Lead"]
|
|
17
|
+
Steve --> S2["Event: Promoted 2025-03"]
|
|
18
|
+
Steve --> S3["Disposition: Pushes back on deadlines"]
|
|
19
|
+
|
|
20
|
+
Cat2 --> Auth[Auth Service]
|
|
21
|
+
Auth --> A1["Quality: Latency 200ms"]
|
|
22
|
+
Auth --> A2["Event: Outage 2025-06-15"]
|
|
23
|
+
Auth --> A3["Disposition: Degrades under write load"]
|
|
24
|
+
|
|
25
|
+
S1 -.->|ref: Role| A1
|
|
26
|
+
S2 -.->|ref: Event| A2
|
|
27
|
+
S3 -.->|ref: Disposition| A3
|
|
28
|
+
|
|
29
|
+
style S1 fill:#e1f5fe
|
|
30
|
+
style S2 fill:#fff3e0
|
|
31
|
+
style S3 fill:#f3e5f5
|
|
32
|
+
style A1 fill:#e1f5fe
|
|
33
|
+
style A2 fill:#fff3e0
|
|
34
|
+
style A3 fill:#f3e5f5
|
|
35
|
+
```
|
|
36
|
+
|
|
37
|
+
```mermaid
|
|
38
|
+
graph LR
|
|
39
|
+
New[New Information] --> Classify{Classify}
|
|
40
|
+
Classify --> Entity[Which entity?]
|
|
41
|
+
Classify --> BFO[BFO: what type?]
|
|
42
|
+
Classify --> Peirce[Peirce: how abstract?]
|
|
43
|
+
Entity --> Place[Place under entity]
|
|
44
|
+
BFO --> Tag[Tag node + add cross-references]
|
|
45
|
+
Peirce --> Depth[Determine depth under entity]
|
|
46
|
+
Place --> Done[Node placed + referenced]
|
|
47
|
+
Tag --> Done
|
|
48
|
+
Depth --> Done
|
|
49
|
+
```
|
|
50
|
+
|
|
51
|
+
## 1.0 Primary Tree — Entity-Centric
|
|
52
|
+
|
|
53
|
+
The tree is organized by **what you'd ask about**, not by ontological category.
|
|
54
|
+
|
|
55
|
+
¶1 **Depth 1: Domain Category** — noun title grouping related entities. "People", "Systems", "Projects", "Clients", "Processes". These emerge from the domain, not from BFO. Create them as needed.
|
|
56
|
+
|
|
57
|
+
¶2 **Depth 2: Entity** — a specific thing with its own identity. "Steve", "Auth Service", "Q3 Launch". Proper noun or unique identifier. One entity, one node. If two pieces of information are about the same entity, they go under the same node.
|
|
58
|
+
|
|
59
|
+
¶3 **Depth 3+: Detail** — everything you know about the entity. Each detail node gets a BFO type tag and a Peirce abstraction level. All actual content lives here.
|
|
60
|
+
|
|
61
|
+
¶4 **Rule: "tell me about X" must be answerable by traversing one subtree.** If you'd need to visit three different subtrees to answer a question about Steve, the tree is wrong. Everything about Steve goes under Steve.
|
|
62
|
+
|
|
63
|
+
### Minimum Depth
|
|
64
|
+
|
|
65
|
+
```
|
|
66
|
+
Depth 1: Category (People, Systems, Projects...)
|
|
67
|
+
Depth 2: Entity (Steve, Auth Service, Q3 Launch...)
|
|
68
|
+
Depth 3+: Detail (what about it — tagged with BFO type)
|
|
69
|
+
```
|
|
70
|
+
|
|
71
|
+
Depth 1 and 2 are **structural only**. They hold children, never information. If intermediate nodes don't exist, create them before placing the detail.
|
|
72
|
+
|
|
73
|
+
## 2.0 BFO Classification — Type Tag + Cross-References
|
|
74
|
+
|
|
75
|
+
BFO does NOT determine where the node lives. It determines the node's **type tag** and which other nodes it **references** across the graph.
|
|
76
|
+
|
|
77
|
+
¶1 **Independent Continuant** — things that exist on their own.
|
|
78
|
+
- **Object** — bounded entity: person, system, org. Typically these ARE the depth-2 entity nodes themselves.
|
|
79
|
+
- **Collection** — group of objects: a team, a cluster.
|
|
80
|
+
- **Site** — environment or context: a region, a namespace, a market.
|
|
81
|
+
|
|
82
|
+
¶2 **Dependent Continuant** — properties that inhere in something.
|
|
83
|
+
- **Quality** — measurable: "latency is 200ms", "churn is 12%", "tone is formal."
|
|
84
|
+
- **Role** — contextual function: "Alice is tech lead", "this service acts as gateway."
|
|
85
|
+
- **Disposition** — latent capability or tendency: "can handle 10k RPS", "tends to push back."
|
|
86
|
+
|
|
87
|
+
¶3 **Occurrent** — things that unfold in time.
|
|
88
|
+
- **Process** — has duration, transforms: "deployment pipeline", "onboarding flow."
|
|
89
|
+
- **Event** — instantaneous: "deploy succeeded at 14:32", "user signed up."
|
|
90
|
+
- **State** — stable phase: "system is healthy", "project is blocked."
|
|
91
|
+
|
|
92
|
+
### Decision Tree
|
|
93
|
+
|
|
94
|
+
```
|
|
95
|
+
Is it a thing that exists on its own?
|
|
96
|
+
├─ YES → Independent Continuant
|
|
97
|
+
│ ├─ Bounded entity? → Object
|
|
98
|
+
│ ├─ Group of entities? → Collection
|
|
99
|
+
│ └─ Context/environment? → Site
|
|
100
|
+
├─ NO, it depends on a bearer
|
|
101
|
+
│ → Dependent Continuant
|
|
102
|
+
│ ├─ Measurable property? → Quality
|
|
103
|
+
│ ├─ Contextual function? → Role
|
|
104
|
+
│ └─ Latent capability? → Disposition
|
|
105
|
+
└─ NO, it unfolds in time
|
|
106
|
+
→ Occurrent
|
|
107
|
+
├─ Has duration + transformation? → Process
|
|
108
|
+
├─ Instantaneous boundary? → Event
|
|
109
|
+
└─ Stable phase? → State
|
|
110
|
+
```
|
|
111
|
+
|
|
112
|
+
### Cross-Reference Rule
|
|
113
|
+
|
|
114
|
+
After placing a node under its entity, **add references to every other node in the graph that shares the same BFO type or that participates in the same fact.** This is what makes it a graph, not just a tree.
|
|
115
|
+
|
|
116
|
+
Examples:
|
|
117
|
+
- "Steve got promoted" (Event under Steve) → references "Q3 Launch completed" (Event under Projects) if the promotion was tied to it
|
|
118
|
+
- "Auth Service latency 200ms" (Quality under Auth Service) → references "API Response Time 340ms" (Quality under API Gateway) if they're related metrics
|
|
119
|
+
- "Alice is tech lead" (Role under Alice) → references "Auth Service" (Object under Systems) because the role is scoped to that system
|
|
120
|
+
|
|
121
|
+
**Every node with the same BFO type is a candidate for cross-reference.** Not all will be linked — only those that share a factual relationship. But the type tag makes them discoverable.
|
|
122
|
+
|
|
123
|
+
## 3.0 Peirce Classification — Depth Within Entity
|
|
124
|
+
|
|
125
|
+
Determines ordering among an entity's children. Shallow = abstract patterns, deep = raw data.
|
|
126
|
+
|
|
127
|
+
¶1 **Firstness (Raw Datum)** — direct observation, no interpretation. "CPU at 92%." "Steve said he's frustrated." "Deploy took 4 minutes." → **Deepest within entity.** Leaf nodes.
|
|
128
|
+
|
|
129
|
+
¶2 **Secondness (Causal Link)** — relationship between two things. "High CPU caused timeout." "Steve's frustration led to the rewrite." → **Intermediate.** Must reference ≥ 2 other nodes (which may be under different entities — this creates cross-references).
|
|
130
|
+
|
|
131
|
+
¶3 **Thirdness (Pattern / Rule)** — generalization from multiple observations. "This service degrades under write-heavy load." "Steve delivers best after deadline pressure." → **Shallowest within entity (but still depth 3+).** Must be supported by Secondness nodes beneath it.
|
|
132
|
+
|
|
133
|
+
### Depth Within Entity
|
|
134
|
+
|
|
135
|
+
```
|
|
136
|
+
Entity (depth 2 — structural)
|
|
137
|
+
├── Thirdness: patterns, rules (depth 3)
|
|
138
|
+
│ ├── Secondness: causal links (depth 4)
|
|
139
|
+
│ │ ├── Firstness: raw data (depth 5)
|
|
140
|
+
│ │ └── Firstness: raw data (depth 5)
|
|
141
|
+
│ └── Secondness: causal link
|
|
142
|
+
│ └── Firstness: raw data
|
|
143
|
+
└── Thirdness: another pattern
|
|
144
|
+
└── ...
|
|
145
|
+
```
|
|
146
|
+
|
|
147
|
+
## 4.0 The Routing Algorithm
|
|
148
|
+
|
|
149
|
+
```
|
|
150
|
+
ROUTE(I, root):
|
|
151
|
+
|
|
152
|
+
1. CLASSIFY
|
|
153
|
+
bfo_type ← ask §2.0 decision tree
|
|
154
|
+
peirce ← ask §3.0 → Firstness | Secondness | Thirdness
|
|
155
|
+
|
|
156
|
+
2. IDENTIFY ENTITY
|
|
157
|
+
Which entity is this about? Find or create:
|
|
158
|
+
- Category node at depth 1 (create if missing)
|
|
159
|
+
- Entity node at depth 2 (create if missing)
|
|
160
|
+
current ← entity node
|
|
161
|
+
|
|
162
|
+
3. DETERMINE DEPTH from Peirce level
|
|
163
|
+
IF peirce == Thirdness:
|
|
164
|
+
insert as direct child of entity (shallowest detail level)
|
|
165
|
+
IF peirce == Secondness:
|
|
166
|
+
insert below any Thirdness siblings, above Firstness
|
|
167
|
+
IF peirce == Firstness:
|
|
168
|
+
insert as leaf under most specific matching parent
|
|
169
|
+
|
|
170
|
+
4. TAG
|
|
171
|
+
Attach bfo_type to the new node as its type tag.
|
|
172
|
+
|
|
173
|
+
5. CROSS-REFERENCE
|
|
174
|
+
Scan the graph for related nodes:
|
|
175
|
+
a) Same BFO type under different entities
|
|
176
|
+
→ add reference if factually related
|
|
177
|
+
b) Nodes mentioned in this fact (for Secondness: both cause and effect;
|
|
178
|
+
for Thirdness: the Secondness nodes it generalizes)
|
|
179
|
+
→ add reference regardless of where they live
|
|
180
|
+
c) Same entity, different BFO type
|
|
181
|
+
→ add reference if they describe the same situation
|
|
182
|
+
|
|
183
|
+
This step is what prevents information silos. "Steve got promoted"
|
|
184
|
+
under People→Steve now references "Q3 Launch completed" under
|
|
185
|
+
Projects→Q3 Launch and "Tech Lead role" under the same Steve node.
|
|
186
|
+
|
|
187
|
+
6. CHECK
|
|
188
|
+
- Duplicate? → merge, don't add
|
|
189
|
+
- Contradicts sibling or ancestor? → keep both, flag conflict
|
|
190
|
+
- Thirdness above now has ≥ 3 supporting nodes? → it's strong
|
|
191
|
+
- Thirdness above loses last support? → it's weak
|
|
192
|
+
```
|
|
193
|
+
|
|
194
|
+
## 5.0 Conflict Resolution
|
|
195
|
+
|
|
196
|
+
¶1 **Same level, same parent, contradictory claims** — keep both. Do not silently overwrite. Surface the conflict on next retrieval.
|
|
197
|
+
|
|
198
|
+
¶2 **New Firstness contradicts existing Thirdness** — the pattern might be wrong. Attach the new datum under it. If contradicting data accumulates, flag the pattern for review.
|
|
199
|
+
|
|
200
|
+
¶3 **New Thirdness overlaps existing Thirdness** — check if one subsumes the other. If yes, make the narrower one a child of the broader one. If truly equivalent, merge. If partially overlapping, split into MECE sub-patterns.
|
|
201
|
+
|
|
202
|
+
¶4 **Temporal conflict** — same claim, different times. The newer one doesn't delete the older one; it supersedes it. Keep both.
|
|
203
|
+
|
|
204
|
+
¶5 **Cross-entity conflict** — two entities have contradictory claims about a shared fact. Both stay. Add references between them and flag the disagreement.
|
|
205
|
+
|
|
206
|
+
## 6.0 Worked Examples
|
|
207
|
+
|
|
208
|
+
### Example A: Something happens to a person
|
|
209
|
+
|
|
210
|
+
**Input:** "Steve got promoted to senior engineer on 2025-03-01"
|
|
211
|
+
|
|
212
|
+
```
|
|
213
|
+
1. CLASSIFY
|
|
214
|
+
BFO: Event (instantaneous change)
|
|
215
|
+
Peirce: Firstness (raw fact)
|
|
216
|
+
|
|
217
|
+
2. IDENTIFY ENTITY
|
|
218
|
+
Category: "People" (depth 1 — create if missing)
|
|
219
|
+
Entity: "Steve" (depth 2 — create if missing)
|
|
220
|
+
|
|
221
|
+
3. DEPTH: Firstness → leaf under Steve
|
|
222
|
+
Node title: "Promoted to senior engineer 2025-03"
|
|
223
|
+
Tag: Event
|
|
224
|
+
|
|
225
|
+
4. CROSS-REFERENCE:
|
|
226
|
+
→ Does a "Q3 Launch" node exist under Projects? If the promotion
|
|
227
|
+
was tied to it, add reference.
|
|
228
|
+
→ Does Steve already have a Role node "Junior Engineer"?
|
|
229
|
+
If so, add reference (this Event changed that Role).
|
|
230
|
+
→ Any other Events in the graph around 2025-03? Reference if related.
|
|
231
|
+
```
|
|
232
|
+
|
|
233
|
+
### Example B: Raw metric
|
|
234
|
+
|
|
235
|
+
**Input:** "API response time hit 340ms at 2025-06-15T14:00Z"
|
|
236
|
+
|
|
237
|
+
```
|
|
238
|
+
1. CLASSIFY
|
|
239
|
+
BFO: Quality (measurable property)
|
|
240
|
+
Peirce: Firstness (raw measurement)
|
|
241
|
+
|
|
242
|
+
2. IDENTIFY ENTITY
|
|
243
|
+
Category: "Systems" (depth 1)
|
|
244
|
+
Entity: "API Gateway" (depth 2)
|
|
245
|
+
|
|
246
|
+
3. DEPTH: Firstness → leaf under API Gateway
|
|
247
|
+
Node title: "Response time 340ms at 2025-06-15"
|
|
248
|
+
Tag: Quality
|
|
249
|
+
|
|
250
|
+
4. CROSS-REFERENCE:
|
|
251
|
+
→ Other Quality nodes under other Systems? (e.g., "Auth Service latency")
|
|
252
|
+
Reference if they're correlated.
|
|
253
|
+
→ Any Secondness node like "High response time correlates with
|
|
254
|
+
deploy frequency"? This datum supports it.
|
|
255
|
+
```
|
|
256
|
+
|
|
257
|
+
### Example C: Causal observation
|
|
258
|
+
|
|
259
|
+
**Input:** "Switching to connection pooling reduced DB timeouts by 60%"
|
|
260
|
+
|
|
261
|
+
```
|
|
262
|
+
1. CLASSIFY
|
|
263
|
+
BFO: Process (change over time with outcome)
|
|
264
|
+
Peirce: Secondness (causal link)
|
|
265
|
+
|
|
266
|
+
2. IDENTIFY ENTITY
|
|
267
|
+
Category: "Systems" (depth 1)
|
|
268
|
+
Entity: "Database" (depth 2)
|
|
269
|
+
|
|
270
|
+
3. DEPTH: Secondness → intermediate under Database
|
|
271
|
+
Node title: "Connection pooling reduced timeouts 60%"
|
|
272
|
+
Tag: Process
|
|
273
|
+
|
|
274
|
+
4. CROSS-REFERENCE:
|
|
275
|
+
→ "Connection pooling" may also be an Object node under
|
|
276
|
+
Systems→Infrastructure. Reference it.
|
|
277
|
+
→ "DB timeout rate" is a Quality under Database. Reference it.
|
|
278
|
+
→ These TWO references are mandatory for Secondness (cause + effect).
|
|
279
|
+
→ Does this + similar nodes support a Thirdness?
|
|
280
|
+
If ≥ 3 Secondness nodes point to the same pattern, propose it.
|
|
281
|
+
```
|
|
282
|
+
|
|
283
|
+
### Example D: Learned principle
|
|
284
|
+
|
|
285
|
+
**Input:** "Users consistently abandon onboarding flows with more than 3 steps"
|
|
286
|
+
|
|
287
|
+
```
|
|
288
|
+
1. CLASSIFY
|
|
289
|
+
BFO: Disposition (tendency)
|
|
290
|
+
Peirce: Thirdness (general rule)
|
|
291
|
+
|
|
292
|
+
2. IDENTIFY ENTITY
|
|
293
|
+
Category: "People" (depth 1)
|
|
294
|
+
Entity: "Users" (depth 2, collective entity)
|
|
295
|
+
|
|
296
|
+
3. DEPTH: Thirdness → shallowest detail under Users
|
|
297
|
+
Node title: "Abandon flows with >3 steps"
|
|
298
|
+
Tag: Disposition
|
|
299
|
+
|
|
300
|
+
4. CROSS-REFERENCE:
|
|
301
|
+
→ Needs ≥ 2 supporting Secondness beneath it or elsewhere:
|
|
302
|
+
e.g., "Flow A: 5 steps, 70% drop-off" under Projects→Onboarding
|
|
303
|
+
"Flow B: 2 steps, 15% drop-off" under Projects→Onboarding v2
|
|
304
|
+
→ Reference both. These may live under different entities — that's fine,
|
|
305
|
+
the references bridge them.
|
|
306
|
+
→ Check for broader Thirdness like "Shorter flows convert better"
|
|
307
|
+
under the same or different entity. If found, this is a child of that.
|
|
308
|
+
```
|
|
309
|
+
|
|
310
|
+
## 7.0 Maintenance Heuristics
|
|
311
|
+
|
|
312
|
+
¶1 **Promote on evidence** — when a Secondness gains its 3rd supporting Firstness, it's strong. When a Thirdness gains its 3rd supporting Secondness, it's reliable. Surface strong patterns to the user.
|
|
313
|
+
|
|
314
|
+
¶2 **Decay on silence** — nodes that are never accessed or referenced lose relevance. Don't delete — demote. Move to an archive subtree after threshold.
|
|
315
|
+
|
|
316
|
+
¶3 **Split on growth** — if any node accumulates more than 7 children, split into sub-categories (MECE). The parent becomes a category node, children redistribute.
|
|
317
|
+
|
|
318
|
+
¶4 **Rebalance on contradiction** — if most of a Thirdness node's supporting nodes are contradicted, demote it to a contested claim. Don't let stale patterns persist.
|
|
319
|
+
|
|
320
|
+
¶5 **Merge on redundancy** — during traversal, if two sibling nodes have > 80% semantic overlap, merge them. Keep the richer one, redirect references from the other.
|
|
321
|
+
|
|
322
|
+
¶6 **Prune dead references** — when a node is merged or archived, update all nodes that reference it. Stale references are noise.
|
|
@@ -0,0 +1,70 @@
|
|
|
1
|
+
Extract observations from a conversation between a person and an AI assistant. Each observation is a discrete fact worth remembering across sessions.
|
|
2
|
+
|
|
3
|
+
Capture everything with signal — intents, actions, outcomes, preferences, decisions, tool failures/recoveries, working strategies, processes, people, relationships, context. No fixed categories. If it matters later, extract it.
|
|
4
|
+
|
|
5
|
+
## 1.0 Density
|
|
6
|
+
|
|
7
|
+
¶1 Maximum information per token. Cut filler, hedging, preamble. Every word carries meaning or gets cut.
|
|
8
|
+
|
|
9
|
+
¶2 Contrast:
|
|
10
|
+
- ✗ "The person mentioned that they would prefer to have shorter responses in the future"
|
|
11
|
+
- ✓ "Prefers short direct answers — said 'get to the point' when preamble preceded the answer"
|
|
12
|
+
- ✗ "There was an issue with the image generation tool where it failed to produce good results"
|
|
13
|
+
- ✓ "Image generation: photo-realistic portrait → distorted faces. Fix: illustration style + shorter prompt"
|
|
14
|
+
|
|
15
|
+
## 2.0 What to Extract
|
|
16
|
+
|
|
17
|
+
¶1 **Intents** — what the person wanted, why, motivation. Specific: "watercolor cat on windowsill, soft pastels" not "wanted an image".
|
|
18
|
+
|
|
19
|
+
¶2 **Actions + outcomes** — what was done, what was produced, result quality. "Generated birthday card for Marco: hand-drawn, warm colors, dog in party hat, witty message. Person happy, printing it."
|
|
20
|
+
|
|
21
|
+
¶3 **Preferences** — style, tone, format, detail level. Corrections are strong signal — when they asked for something different, record both the rejected and preferred approach.
|
|
22
|
+
|
|
23
|
+
¶4 **Decisions** — what was chosen over what, why. Reasoning reveals priorities.
|
|
24
|
+
|
|
25
|
+
¶5 **Tool failures + recoveries** — which tool, what input caused failure, what the bad output looked like, what fixed it. Most valuable observations — prevent repeating mistakes. "Web search: restaurant name without city → wrong results. Adding city fixed it. Rule: always include city for local queries."
|
|
26
|
+
|
|
27
|
+
¶6 **Working strategies** — approaches that produced good results. Reusable recipes: "illustration style > photo-realistic for people-portraits", "image prompts under 30 words avoid truncation".
|
|
28
|
+
|
|
29
|
+
¶7 **Processes** — multi-step workflows, order of operations, workarounds, tool chains.
|
|
30
|
+
|
|
31
|
+
¶8 **Reactions** — liked result? Frustrated? Iterated? Abandoned?
|
|
32
|
+
|
|
33
|
+
¶9 **People + context** — names mentioned, projects, recurring topics, background facts, relationships.
|
|
34
|
+
|
|
35
|
+
## 3.0 Structure
|
|
36
|
+
|
|
37
|
+
¶1 Each observation has two fields:
|
|
38
|
+
- `text` — the observation: one fact, intent, preference, outcome, or lesson. Dense, self-contained.
|
|
39
|
+
- `context` — situation that makes it meaningful: what was discussed, what prompted it, surrounding details. Also dense.
|
|
40
|
+
|
|
41
|
+
¶2 Self-contained — readable without the original conversation.
|
|
42
|
+
|
|
43
|
+
¶3 Specific over vague. Vague = worthless.
|
|
44
|
+
|
|
45
|
+
¶4 Skip zero-signal mechanical exchanges. Empty list if nothing to remember.
|
|
46
|
+
|
|
47
|
+
## 4.0 Output
|
|
48
|
+
|
|
49
|
+
XML. No preamble, no markdown fences, no explanation.
|
|
50
|
+
|
|
51
|
+
```xml
|
|
52
|
+
<observations>
|
|
53
|
+
<observation>
|
|
54
|
+
<text>Wanted birthday card for Marco — hand-drawn, warm colors, witty message, dog in party hat. Happy with result, printing it.</text>
|
|
55
|
+
<context>Marco's birthday. Wanted personal over store-bought. Marco likes humor + dogs. Card matched all criteria.</context>
|
|
56
|
+
</observation>
|
|
57
|
+
<observation>
|
|
58
|
+
<text>Prefers direct concise answers — said "get to the point" when preamble preceded the actual answer.</text>
|
|
59
|
+
<context>Thailand visa question. Response led with culture paragraph before visa info. Person cut it short. Shorter follow-ups landed better.</context>
|
|
60
|
+
</observation>
|
|
61
|
+
<observation>
|
|
62
|
+
<text>Image generation: photo-realistic people-portraits → distorted faces. Fix: illustration style + simpler prompt. Worked first retry.</text>
|
|
63
|
+
<context>Family portrait as gift. Two photo-realistic attempts failed. Warm illustrated style + fewer details succeeded. Use illustration-first for people.</context>
|
|
64
|
+
</observation>
|
|
65
|
+
<observation>
|
|
66
|
+
<text>Web search: local business name without city → wrong results. Adding city to query fixed immediately.</text>
|
|
67
|
+
<context>"La Petite Maison" search hit other cities. Adding "Kyiv" found it. Rule: always include city for location-specific queries.</context>
|
|
68
|
+
</observation>
|
|
69
|
+
</observations>
|
|
70
|
+
```
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"sandboxCanRead.d.ts","sourceRoot":"","sources":["../../sources/sandbox/sandboxCanRead.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"sandboxCanRead.d.ts","sourceRoot":"","sources":["../../sources/sandbox/sandboxCanRead.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,SAAS,CAAC;AAMlD;;;GAGG;AACH,wBAAsB,cAAc,CAAC,WAAW,EAAE,kBAAkB,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAyBrG"}
|
|
@@ -1,18 +1,42 @@
|
|
|
1
|
+
import { promises as fs } from "node:fs";
|
|
2
|
+
import os from "node:os";
|
|
1
3
|
import path from "node:path";
|
|
2
|
-
import { pathResolveSecure } from "./pathResolveSecure.js";
|
|
4
|
+
import { isWithinSecure, pathResolveSecure } from "./pathResolveSecure.js";
|
|
3
5
|
import { sandboxAppsAccessCheck } from "./sandboxAppsAccessCheck.js";
|
|
6
|
+
import { sandboxPathDenyCheck } from "./sandboxPathDenyCheck.js";
|
|
7
|
+
import { sandboxSensitiveDenyPathsBuild } from "./sandboxSensitiveDenyPathsBuild.js";
|
|
4
8
|
/**
|
|
5
9
|
* Resolves a read target against the current read allowlist.
|
|
6
10
|
* Expects: target is an absolute path.
|
|
7
11
|
*/
|
|
8
12
|
export async function sandboxCanRead(permissions, target) {
|
|
9
|
-
//
|
|
13
|
+
// Read uses a broad allowlist, then applies explicit deny-lists to match sandbox safety policy.
|
|
10
14
|
const allowedDirs = [path.parse(target).root];
|
|
11
15
|
const result = await pathResolveSecure(allowedDirs, target);
|
|
12
16
|
const access = sandboxAppsAccessCheck(permissions, result.realPath);
|
|
13
17
|
if (!access.allowed) {
|
|
14
18
|
throw new Error(access.reason ?? "Read access denied.");
|
|
15
19
|
}
|
|
20
|
+
if (sandboxPathDenyCheck(result.realPath, sandboxSensitiveDenyPathsBuild())) {
|
|
21
|
+
throw new Error("Read access denied for sensitive paths.");
|
|
22
|
+
}
|
|
23
|
+
const explicitlyAllowedDirs = [permissions.workingDir, ...permissions.writeDirs, ...(permissions.readDirs ?? [])];
|
|
24
|
+
for (const allowedDir of explicitlyAllowedDirs) {
|
|
25
|
+
if (isWithinSecure(await existingPathResolve(allowedDir), result.realPath)) {
|
|
26
|
+
return result.realPath;
|
|
27
|
+
}
|
|
28
|
+
}
|
|
29
|
+
if (isWithinSecure(await existingPathResolve(os.homedir()), result.realPath)) {
|
|
30
|
+
throw new Error("Read access denied for OS home paths without explicit permission.");
|
|
31
|
+
}
|
|
16
32
|
return result.realPath;
|
|
17
33
|
}
|
|
34
|
+
async function existingPathResolve(target) {
|
|
35
|
+
try {
|
|
36
|
+
return await fs.realpath(target);
|
|
37
|
+
}
|
|
38
|
+
catch {
|
|
39
|
+
return path.resolve(target);
|
|
40
|
+
}
|
|
41
|
+
}
|
|
18
42
|
//# sourceMappingURL=sandboxCanRead.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"sandboxCanRead.js","sourceRoot":"","sources":["../../sources/sandbox/sandboxCanRead.ts"],"names":[],"mappings":"AAAA,OAAO,IAAI,MAAM,WAAW,CAAC;AAG7B,OAAO,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;
|
|
1
|
+
{"version":3,"file":"sandboxCanRead.js","sourceRoot":"","sources":["../../sources/sandbox/sandboxCanRead.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,IAAI,EAAE,EAAE,MAAM,SAAS,CAAC;AACzC,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAG7B,OAAO,EAAE,cAAc,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAC3E,OAAO,EAAE,sBAAsB,EAAE,MAAM,6BAA6B,CAAC;AACrE,OAAO,EAAE,oBAAoB,EAAE,MAAM,2BAA2B,CAAC;AACjE,OAAO,EAAE,8BAA8B,EAAE,MAAM,qCAAqC,CAAC;AAErF;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,WAA+B,EAAE,MAAc;IAChF,gGAAgG;IAChG,MAAM,WAAW,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC;IAC9C,MAAM,MAAM,GAAG,MAAM,iBAAiB,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC;IAC5D,MAAM,MAAM,GAAG,sBAAsB,CAAC,WAAW,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC;IACpE,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;QAClB,MAAM,IAAI,KAAK,CAAC,MAAM,CAAC,MAAM,IAAI,qBAAqB,CAAC,CAAC;IAC5D,CAAC;IAED,IAAI,oBAAoB,CAAC,MAAM,CAAC,QAAQ,EAAE,8BAA8B,EAAE,CAAC,EAAE,CAAC;QAC1E,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;IAC/D,CAAC;IAED,MAAM,qBAAqB,GAAG,CAAC,WAAW,CAAC,UAAU,EAAE,GAAG,WAAW,CAAC,SAAS,EAAE,GAAG,CAAC,WAAW,CAAC,QAAQ,IAAI,EAAE,CAAC,CAAC,CAAC;IAClH,KAAK,MAAM,UAAU,IAAI,qBAAqB,EAAE,CAAC;QAC7C,IAAI,cAAc,CAAC,MAAM,mBAAmB,CAAC,UAAU,CAAC,EAAE,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;YACzE,OAAO,MAAM,CAAC,QAAQ,CAAC;QAC3B,CAAC;IACL,CAAC;IAED,IAAI,cAAc,CAAC,MAAM,mBAAmB,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,EAAE,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC3E,MAAM,IAAI,KAAK,CAAC,mEAAmE,CAAC,CAAC;IACzF,CAAC;IAED,OAAO,MAAM,CAAC,QAAQ,CAAC;AAC3B,CAAC;AAED,KAAK,UAAU,mBAAmB,CAAC,MAAc;IAC7C,IAAI,CAAC;QACD,OAAO,MAAM,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IACrC,CAAC;IAAC,MAAM,CAAC;QACL,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IAChC,CAAC;AACL,CAAC"}
|
|
@@ -1,19 +1,41 @@
|
|
|
1
1
|
import { promises as fs } from "node:fs";
|
|
2
2
|
import os from "node:os";
|
|
3
3
|
import path from "node:path";
|
|
4
|
-
import { afterEach, beforeEach, describe, expect, it } from "vitest";
|
|
4
|
+
import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
|
|
5
5
|
import { sandboxCanRead } from "./sandboxCanRead.js";
|
|
6
6
|
describe("sandboxCanRead", () => {
|
|
7
7
|
let workingDir;
|
|
8
8
|
let outsideDir;
|
|
9
9
|
let outsideFile;
|
|
10
|
+
let homeDir;
|
|
11
|
+
let homeSensitiveFile;
|
|
12
|
+
let homeRandomFile;
|
|
13
|
+
let homeWorkspaceFile;
|
|
14
|
+
let homeWriteDirFile;
|
|
15
|
+
let homeReadDirFile;
|
|
10
16
|
let appFile;
|
|
11
17
|
let otherAppFile;
|
|
12
18
|
beforeEach(async () => {
|
|
13
19
|
workingDir = await fs.mkdtemp(path.join(os.tmpdir(), "sandbox-can-read-workspace-"));
|
|
14
20
|
outsideDir = await fs.mkdtemp(path.join(os.tmpdir(), "sandbox-can-read-outside-"));
|
|
21
|
+
homeDir = await fs.mkdtemp(path.join(os.tmpdir(), "sandbox-can-read-home-"));
|
|
22
|
+
vi.spyOn(os, "homedir").mockReturnValue(homeDir);
|
|
15
23
|
outsideFile = path.join(outsideDir, "outside.txt");
|
|
16
24
|
await fs.writeFile(outsideFile, "outside-content", "utf8");
|
|
25
|
+
homeSensitiveFile = path.join(homeDir, ".ssh", "id_rsa");
|
|
26
|
+
homeRandomFile = path.join(homeDir, "random.txt");
|
|
27
|
+
homeWorkspaceFile = path.join(homeDir, "workspace", "notes.txt");
|
|
28
|
+
homeWriteDirFile = path.join(homeDir, "allowed", "data.txt");
|
|
29
|
+
homeReadDirFile = path.join(homeDir, ".daycare", "skills", "my-skill", "SKILL.md");
|
|
30
|
+
await fs.mkdir(path.dirname(homeSensitiveFile), { recursive: true });
|
|
31
|
+
await fs.mkdir(path.dirname(homeWorkspaceFile), { recursive: true });
|
|
32
|
+
await fs.mkdir(path.dirname(homeWriteDirFile), { recursive: true });
|
|
33
|
+
await fs.mkdir(path.dirname(homeReadDirFile), { recursive: true });
|
|
34
|
+
await fs.writeFile(homeSensitiveFile, "sensitive", "utf8");
|
|
35
|
+
await fs.writeFile(homeRandomFile, "home-file", "utf8");
|
|
36
|
+
await fs.writeFile(homeWorkspaceFile, "workspace-file", "utf8");
|
|
37
|
+
await fs.writeFile(homeWriteDirFile, "allowed-file", "utf8");
|
|
38
|
+
await fs.writeFile(homeReadDirFile, "skill-body", "utf8");
|
|
17
39
|
appFile = path.join(workingDir, "apps", "my-app", "APP.md");
|
|
18
40
|
otherAppFile = path.join(workingDir, "apps", "other-app", "APP.md");
|
|
19
41
|
await fs.mkdir(path.dirname(appFile), { recursive: true });
|
|
@@ -24,14 +46,34 @@ describe("sandboxCanRead", () => {
|
|
|
24
46
|
afterEach(async () => {
|
|
25
47
|
await fs.rm(workingDir, { recursive: true, force: true });
|
|
26
48
|
await fs.rm(outsideDir, { recursive: true, force: true });
|
|
49
|
+
await fs.rm(homeDir, { recursive: true, force: true });
|
|
50
|
+
vi.restoreAllMocks();
|
|
27
51
|
});
|
|
28
|
-
it("
|
|
52
|
+
it("denies reading sensitive paths", async () => {
|
|
53
|
+
const permissions = buildPermissions(workingDir, [homeDir]);
|
|
54
|
+
await expect(sandboxCanRead(permissions, homeSensitiveFile)).rejects.toThrow("Read access denied for sensitive paths.");
|
|
55
|
+
});
|
|
56
|
+
it("denies reading random home-directory files by default", async () => {
|
|
29
57
|
const permissions = buildPermissions(workingDir, []);
|
|
30
|
-
|
|
31
|
-
|
|
58
|
+
await expect(sandboxCanRead(permissions, homeRandomFile)).rejects.toThrow("Read access denied for OS home paths without explicit permission.");
|
|
59
|
+
});
|
|
60
|
+
it("allows reading files in workingDir even when workingDir is inside home", async () => {
|
|
61
|
+
const permissions = buildPermissions(path.join(homeDir, "workspace"), []);
|
|
62
|
+
const result = await sandboxCanRead(permissions, homeWorkspaceFile);
|
|
63
|
+
expect(result).toBe(await fs.realpath(homeWorkspaceFile));
|
|
32
64
|
});
|
|
33
|
-
it("
|
|
34
|
-
const permissions = buildPermissions(workingDir, [
|
|
65
|
+
it("allows reading files in explicitly granted writeDirs inside home", async () => {
|
|
66
|
+
const permissions = buildPermissions(workingDir, [path.join(homeDir, "allowed")]);
|
|
67
|
+
const result = await sandboxCanRead(permissions, homeWriteDirFile);
|
|
68
|
+
expect(result).toBe(await fs.realpath(homeWriteDirFile));
|
|
69
|
+
});
|
|
70
|
+
it("allows reading files in explicitly granted readDirs inside home", async () => {
|
|
71
|
+
const permissions = buildPermissions(workingDir, [], [path.join(homeDir, ".daycare", "skills")]);
|
|
72
|
+
const result = await sandboxCanRead(permissions, homeReadDirFile);
|
|
73
|
+
expect(result).toBe(await fs.realpath(homeReadDirFile));
|
|
74
|
+
});
|
|
75
|
+
it("allows reading system paths outside home", async () => {
|
|
76
|
+
const permissions = buildPermissions(workingDir, []);
|
|
35
77
|
const result = await sandboxCanRead(permissions, outsideFile);
|
|
36
78
|
expect(result).toBe(await fs.realpath(outsideFile));
|
|
37
79
|
});
|
|
@@ -53,10 +95,11 @@ describe("sandboxCanRead", () => {
|
|
|
53
95
|
await expect(sandboxCanRead(permissions, otherAppFile)).rejects.toThrow("App agents can only access their own app directory.");
|
|
54
96
|
});
|
|
55
97
|
});
|
|
56
|
-
function buildPermissions(workingDir, writeDirs) {
|
|
98
|
+
function buildPermissions(workingDir, writeDirs, readDirs = []) {
|
|
57
99
|
return {
|
|
58
100
|
workingDir: path.resolve(workingDir),
|
|
59
|
-
writeDirs: writeDirs.map((entry) => path.resolve(entry))
|
|
101
|
+
writeDirs: writeDirs.map((entry) => path.resolve(entry)),
|
|
102
|
+
readDirs: readDirs.map((entry) => path.resolve(entry))
|
|
60
103
|
};
|
|
61
104
|
}
|
|
62
105
|
//# sourceMappingURL=sandboxCanRead.spec.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"sandboxCanRead.spec.js","sourceRoot":"","sources":["../../sources/sandbox/sandboxCanRead.spec.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,IAAI,EAAE,EAAE,MAAM,SAAS,CAAC;AACzC,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,QAAQ,CAAC;
|
|
1
|
+
{"version":3,"file":"sandboxCanRead.spec.js","sourceRoot":"","sources":["../../sources/sandbox/sandboxCanRead.spec.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,IAAI,EAAE,EAAE,MAAM,SAAS,CAAC;AACzC,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,EAAE,EAAE,MAAM,QAAQ,CAAC;AAGzE,OAAO,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AAErD,QAAQ,CAAC,gBAAgB,EAAE,GAAG,EAAE;IAC5B,IAAI,UAAkB,CAAC;IACvB,IAAI,UAAkB,CAAC;IACvB,IAAI,WAAmB,CAAC;IACxB,IAAI,OAAe,CAAC;IACpB,IAAI,iBAAyB,CAAC;IAC9B,IAAI,cAAsB,CAAC;IAC3B,IAAI,iBAAyB,CAAC;IAC9B,IAAI,gBAAwB,CAAC;IAC7B,IAAI,eAAuB,CAAC;IAC5B,IAAI,OAAe,CAAC;IACpB,IAAI,YAAoB,CAAC;IAEzB,UAAU,CAAC,KAAK,IAAI,EAAE;QAClB,UAAU,GAAG,MAAM,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,MAAM,EAAE,EAAE,6BAA6B,CAAC,CAAC,CAAC;QACrF,UAAU,GAAG,MAAM,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,MAAM,EAAE,EAAE,2BAA2B,CAAC,CAAC,CAAC;QACnF,OAAO,GAAG,MAAM,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,MAAM,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QAC7E,EAAE,CAAC,KAAK,CAAC,EAAE,EAAE,SAAS,CAAC,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;QAEjD,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC;QACnD,MAAM,EAAE,CAAC,SAAS,CAAC,WAAW,EAAE,iBAAiB,EAAE,MAAM,CAAC,CAAC;QAE3D,iBAAiB,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;QACzD,cAAc,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QAClD,iBAAiB,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,WAAW,EAAE,WAAW,CAAC,CAAC;QACjE,gBAAgB,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,SAAS,EAAE,UAAU,CAAC,CAAC;QAC7D,eAAe,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,UAAU,EAAE,QAAQ,EAAE,UAAU,EAAE,UAAU,CAAC,CAAC;QACnF,MAAM,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,iBAAiB,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACrE,MAAM,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,iBAAiB,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACrE,MAAM,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,gBAAgB,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACpE,MAAM,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACnE,MAAM,EAAE,CAAC,SAAS,CAAC,iBAAiB,EAAE,WAAW,EAAE,MAAM,CAAC,CAAC;QAC3D,MAAM,EAAE,CAAC,SAAS,CAAC,cAAc,EAAE,WAAW,EAAE,MAAM,CAAC,CAAC;QACxD,MAAM,EAAE,CAAC,SAAS,CAAC,iBAAiB,EAAE,gBAAgB,EAAE,MAAM,CAAC,CAAC;QAChE,MAAM,EAAE,CAAC,SAAS,CAAC,gBAAgB,EAAE,cAAc,EAAE,MAAM,CAAC,CAAC;QAC7D,MAAM,EAAE,CAAC,SAAS,CAAC,eAAe,EAAE,YAAY,EAAE,MAAM,CAAC,CAAC;QAE1D,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC;QAC5D,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,MAAM,EAAE,WAAW,EAAE,QAAQ,CAAC,CAAC;QACpE,MAAM,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC3D,MAAM,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,YAAY,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAChE,MAAM,EAAE,CAAC,SAAS,CAAC,OAAO,EAAE,cAAc,EAAE,MAAM,CAAC,CAAC;QACpD,MAAM,EAAE,CAAC,SAAS,CAAC,YAAY,EAAE,oBAAoB,EAAE,MAAM,CAAC,CAAC;IACnE,CAAC,CAAC,CAAC;IAEH,SAAS,CAAC,KAAK,IAAI,EAAE;QACjB,MAAM,EAAE,CAAC,EAAE,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;QAC1D,MAAM,EAAE,CAAC,EAAE,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;QAC1D,MAAM,EAAE,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;QACvD,EAAE,CAAC,eAAe,EAAE,CAAC;IACzB,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,gCAAgC,EAAE,KAAK,IAAI,EAAE;QAC5C,MAAM,WAAW,GAAG,gBAAgB,CAAC,UAAU,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC;QAE5D,MAAM,MAAM,CAAC,cAAc,CAAC,WAAW,EAAE,iBAAiB,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CACxE,yCAAyC,CAC5C,CAAC;IACN,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,uDAAuD,EAAE,KAAK,IAAI,EAAE;QACnE,MAAM,WAAW,GAAG,gBAAgB,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC;QAErD,MAAM,MAAM,CAAC,cAAc,CAAC,WAAW,EAAE,cAAc,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CACrE,mEAAmE,CACtE,CAAC;IACN,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wEAAwE,EAAE,KAAK,IAAI,EAAE;QACpF,MAAM,WAAW,GAAG,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,WAAW,CAAC,EAAE,EAAE,CAAC,CAAC;QAE1E,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,WAAW,EAAE,iBAAiB,CAAC,CAAC;QAEpE,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,kEAAkE,EAAE,KAAK,IAAI,EAAE;QAC9E,MAAM,WAAW,GAAG,gBAAgB,CAAC,UAAU,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC,CAAC,CAAC;QAElF,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,WAAW,EAAE,gBAAgB,CAAC,CAAC;QAEnE,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,gBAAgB,CAAC,CAAC,CAAC;IAC7D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,iEAAiE,EAAE,KAAK,IAAI,EAAE;QAC7E,MAAM,WAAW,GAAG,gBAAgB,CAAC,UAAU,EAAE,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,UAAU,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC;QAEjG,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,WAAW,EAAE,eAAe,CAAC,CAAC;QAElE,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,CAAC;IAC5D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,0CAA0C,EAAE,KAAK,IAAI,EAAE;QACtD,MAAM,WAAW,GAAG,gBAAgB,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC;QAErD,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC;QAE9D,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC,CAAC;IACxD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,oDAAoD,EAAE,KAAK,IAAI,EAAE;QAChE,MAAM,WAAW,GAAG,gBAAgB,CAAC,UAAU,EAAE,CAAC,UAAU,CAAC,CAAC,CAAC;QAE/D,MAAM,MAAM,CAAC,cAAc,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAC9D,yDAAyD,CAC5D,CAAC;IACN,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,mDAAmD,EAAE,KAAK,IAAI,EAAE;QAC/D,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC;QACnE,MAAM,EAAE,CAAC,KAAK,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAChD,MAAM,WAAW,GAAG,gBAAgB,CAAC,UAAU,EAAE,CAAC,UAAU,CAAC,CAAC,CAAC;QAE/D,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;QAE1D,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;IACpD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sDAAsD,EAAE,KAAK,IAAI,EAAE;QAClE,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC;QACnE,MAAM,EAAE,CAAC,KAAK,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAChD,MAAM,WAAW,GAAG,gBAAgB,CAAC,UAAU,EAAE,CAAC,UAAU,CAAC,CAAC,CAAC;QAE/D,MAAM,MAAM,CAAC,cAAc,CAAC,WAAW,EAAE,YAAY,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CACnE,qDAAqD,CACxD,CAAC;IACN,CAAC,CAAC,CAAC;AACP,CAAC,CAAC,CAAC;AAEH,SAAS,gBAAgB,CAAC,UAAkB,EAAE,SAAmB,EAAE,WAAqB,EAAE;IACtF,OAAO;QACH,UAAU,EAAE,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC;QACpC,SAAS,EAAE,SAAS,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;QACxD,QAAQ,EAAE,QAAQ,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;KACzD,CAAC;AACN,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"sandboxCanWrite.d.ts","sourceRoot":"","sources":["../../sources/sandbox/sandboxCanWrite.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,SAAS,CAAC;
|
|
1
|
+
{"version":3,"file":"sandboxCanWrite.d.ts","sourceRoot":"","sources":["../../sources/sandbox/sandboxCanWrite.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,SAAS,CAAC;AAQlD;;;GAGG;AACH,wBAAsB,eAAe,CAAC,WAAW,EAAE,kBAAkB,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAkBtG"}
|
|
@@ -1,5 +1,9 @@
|
|
|
1
1
|
import { pathResolveSecure } from "./pathResolveSecure.js";
|
|
2
2
|
import { sandboxAppsAccessCheck } from "./sandboxAppsAccessCheck.js";
|
|
3
|
+
import { sandboxDangerousFileCheck } from "./sandboxDangerousFileCheck.js";
|
|
4
|
+
import { sandboxDangerousFilesBuild } from "./sandboxDangerousFilesBuild.js";
|
|
5
|
+
import { sandboxPathDenyCheck } from "./sandboxPathDenyCheck.js";
|
|
6
|
+
import { sandboxSensitiveDenyPathsBuild } from "./sandboxSensitiveDenyPathsBuild.js";
|
|
3
7
|
/**
|
|
4
8
|
* Resolves a write target against the current write allowlist.
|
|
5
9
|
* Expects: target is an absolute path.
|
|
@@ -11,6 +15,13 @@ export async function sandboxCanWrite(permissions, target) {
|
|
|
11
15
|
if (!access.allowed) {
|
|
12
16
|
throw new Error(access.reason ?? "Write access denied.");
|
|
13
17
|
}
|
|
18
|
+
// Keep write behavior aligned with sandbox-runtime deny protections.
|
|
19
|
+
if (sandboxPathDenyCheck(result.realPath, sandboxSensitiveDenyPathsBuild())) {
|
|
20
|
+
throw new Error("Write access denied for sensitive paths.");
|
|
21
|
+
}
|
|
22
|
+
if (sandboxDangerousFileCheck(result.realPath, sandboxDangerousFilesBuild())) {
|
|
23
|
+
throw new Error("Write access denied for dangerous files or directories.");
|
|
24
|
+
}
|
|
14
25
|
return result.realPath;
|
|
15
26
|
}
|
|
16
27
|
//# sourceMappingURL=sandboxCanWrite.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"sandboxCanWrite.js","sourceRoot":"","sources":["../../sources/sandbox/sandboxCanWrite.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAC3D,OAAO,EAAE,sBAAsB,EAAE,MAAM,6BAA6B,CAAC;
|
|
1
|
+
{"version":3,"file":"sandboxCanWrite.js","sourceRoot":"","sources":["../../sources/sandbox/sandboxCanWrite.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAC3D,OAAO,EAAE,sBAAsB,EAAE,MAAM,6BAA6B,CAAC;AACrE,OAAO,EAAE,yBAAyB,EAAE,MAAM,gCAAgC,CAAC;AAC3E,OAAO,EAAE,0BAA0B,EAAE,MAAM,iCAAiC,CAAC;AAC7E,OAAO,EAAE,oBAAoB,EAAE,MAAM,2BAA2B,CAAC;AACjE,OAAO,EAAE,8BAA8B,EAAE,MAAM,qCAAqC,CAAC;AAErF;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CAAC,WAA+B,EAAE,MAAc;IACjF,MAAM,WAAW,GAAG,CAAC,GAAG,WAAW,CAAC,SAAS,CAAC,CAAC;IAC/C,MAAM,MAAM,GAAG,MAAM,iBAAiB,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC;IAC5D,MAAM,MAAM,GAAG,sBAAsB,CAAC,WAAW,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC;IACpE,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;QAClB,MAAM,IAAI,KAAK,CAAC,MAAM,CAAC,MAAM,IAAI,sBAAsB,CAAC,CAAC;IAC7D,CAAC;IAED,qEAAqE;IACrE,IAAI,oBAAoB,CAAC,MAAM,CAAC,QAAQ,EAAE,8BAA8B,EAAE,CAAC,EAAE,CAAC;QAC1E,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC;IAChE,CAAC;IAED,IAAI,yBAAyB,CAAC,MAAM,CAAC,QAAQ,EAAE,0BAA0B,EAAE,CAAC,EAAE,CAAC;QAC3E,MAAM,IAAI,KAAK,CAAC,yDAAyD,CAAC,CAAC;IAC/E,CAAC;IAED,OAAO,MAAM,CAAC,QAAQ,CAAC;AAC3B,CAAC"}
|