genesis-ai-cli 9.1.0 → 9.3.0

package/dist/src/active-inference/actions.js

@@ -528,8 +528,100 @@ registerAction('git.push', async (context) => {
     }
 });
 /**
- * execute.code: Execute TypeScript/JavaScript code safely
- * v7.13: Sandboxed code execution
+ * Safe expression evaluator - v9.2.0 Security fix
+ * Only allows: numbers, strings, basic math (+,-,*,/,%), comparisons, booleans
+ * NO Function(), eval(), or dynamic code execution
+ */
+function safeEvaluateExpression(expr) {
+    // Trim whitespace
+    expr = expr.trim();
+    // Allow only safe characters: digits, operators, parentheses, quotes, dots, spaces
+    const safePattern = /^[\d\s+\-*/%().,"'<>=!&|true false null undefined]+$/i;
+    if (!safePattern.test(expr)) {
+        throw new Error(`Unsafe expression: contains disallowed characters`);
+    }
+    // Block any function calls or property access
+    if (/[a-zA-Z_$][\w$]*\s*\(/.test(expr)) {
+        throw new Error('Function calls not allowed in safe expressions');
+    }
+    // Parse and evaluate simple expressions manually
+    // Handle literals
+    if (expr === 'true')
+        return true;
+    if (expr === 'false')
+        return false;
+    if (expr === 'null')
+        return null;
+    if (expr === 'undefined')
+        return undefined;
+    // Handle numbers
+    if (/^-?\d+(\.\d+)?$/.test(expr)) {
+        return parseFloat(expr);
+    }
+    // Handle strings
+    if (/^["'].*["']$/.test(expr)) {
+        return expr.slice(1, -1);
+    }
+    // Handle simple math expressions with numbers only
+    // This is intentionally limited for security
+    const mathPattern = /^[\d\s+\-*/%().]+$/;
+    if (mathPattern.test(expr)) {
+        // Validate it's a safe math expression
+        try {
+            // Use a simple recursive descent parser instead of eval
+            const tokens = expr.match(/(\d+\.?\d*|[+\-*/%()])/g) || [];
+            return evaluateMathTokens(tokens);
+        }
+        catch {
+            throw new Error('Invalid math expression');
+        }
+    }
+    throw new Error('Expression type not supported in safe mode');
+}
+function evaluateMathTokens(tokens) {
+    let pos = 0;
+    function parseExpression() {
+        let left = parseTerm();
+        while (pos < tokens.length && (tokens[pos] === '+' || tokens[pos] === '-')) {
+            const op = tokens[pos++];
+            const right = parseTerm();
+            left = op === '+' ? left + right : left - right;
+        }
+        return left;
+    }
+    function parseTerm() {
+        let left = parseFactor();
+        while (pos < tokens.length && (tokens[pos] === '*' || tokens[pos] === '/' || tokens[pos] === '%')) {
+            const op = tokens[pos++];
+            const right = parseFactor();
+            if (op === '*')
+                left *= right;
+            else if (op === '/')
+                left /= right;
+            else
+                left %= right;
+        }
+        return left;
+    }
+    function parseFactor() {
+        if (tokens[pos] === '(') {
+            pos++; // skip '('
+            const result = parseExpression();
+            pos++; // skip ')'
+            return result;
+        }
+        if (tokens[pos] === '-') {
+            pos++;
+            return -parseFactor();
+        }
+        return parseFloat(tokens[pos++]);
+    }
+    return parseExpression();
+}
+/**
+ * execute.code: Execute safe expressions
+ * v9.2.0: SECURITY FIX - Replaced unsafe new Function() with safe expression parser
+ * Only supports: literals, basic math, comparisons
  */
 registerAction('execute.code', async (context) => {
     try {
@@ -542,33 +634,8 @@ registerAction('execute.code', async (context) => {
                 duration: 0,
             };
         }
-        // For safety, only allow simple expressions (no require, import, fs, etc.)
-        const dangerousPatterns = [
-            /require\s*\(/,
-            /import\s+/,
-            /process\./,
-            /child_process/,
-            /\bfs\b/,
-            /\bexec\b/,
-            /\beval\b/,
-            /Function\s*\(/,
-            /\bglobal\b/,
-            /\bglobalThis\b/,
-            /\b__dirname\b/,
-            /\b__filename\b/,
-        ];
-        for (const pattern of dangerousPatterns) {
-            if (pattern.test(code)) {
-                return {
-                    success: false,
-                    action: 'execute.code',
-                    error: `Unsafe code pattern detected: ${pattern}`,
-                    duration: 0,
-                };
-            }
-        }
-        // Execute in a restricted scope
-        const result = new Function('return ' + code)();
+        // v9.2.0: Use safe expression evaluator instead of new Function()
+        const result = safeEvaluateExpression(code);
         return {
             success: true,
             action: 'execute.code',
@@ -1681,6 +1748,165 @@ class ActionExecutorManager {
 }
 exports.ActionExecutorManager = ActionExecutorManager;
 // ============================================================================
+// v9.3: ECONOMIC SELF-FUNDING ACTIONS
+// ============================================================================
+const economic_integration_js_1 = require("./economic-integration.js");
+/**
+ * econ.check: Check economic health (balance, costs, revenue, runway)
+ */
+registerAction('econ.check', async (_context) => {
+    const start = Date.now();
+    try {
+        const econ = (0, economic_integration_js_1.getEconomicIntegration)();
+        await econ.initialize();
+        const obs = await econ.getObservation();
+        const summary = await econ.getSummary();
+        return {
+            success: true,
+            action: 'econ.check',
+            data: {
+                balance: obs.balance,
+                monthlyCosts: obs.monthlyCosts,
+                monthlyRevenue: obs.monthlyRevenue,
+                runwayDays: obs.runwayDays,
+                health: ['critical', 'low', 'stable', 'growing'][obs.health],
+                summary,
+            },
+            duration: Date.now() - start,
+        };
+    }
+    catch (error) {
+        return {
+            success: false,
+            action: 'econ.check',
+            error: error instanceof Error ? error.message : String(error),
+            duration: Date.now() - start,
+        };
+    }
+});
+/**
+ * econ.optimize: Optimize costs (cheaper LLMs, aggressive caching)
+ */
+registerAction('econ.optimize', async (_context) => {
+    const start = Date.now();
+    try {
+        const econ = (0, economic_integration_js_1.getEconomicIntegration)();
+        await econ.initialize();
+        // Execute cost optimization actions
+        const llmResult = await econ.executeAction('economic:optimize-llm-usage');
+        const cacheResult = await econ.executeAction('economic:cache-expensive-calls');
+        // Get current cost breakdown
+        const breakdown = econ.getCostTracker().getCostBreakdown();
+        const dailyBurn = econ.getCostTracker().getDailyBurnRate();
+        return {
+            success: true,
+            action: 'econ.optimize',
+            data: {
+                llmOptimization: llmResult.success,
+                cachingEnabled: cacheResult.success,
+                currentCostBreakdown: breakdown,
+                dailyBurnRate: dailyBurn,
+                recommendation: dailyBurn > 10
+                    ? 'Consider reducing LLM usage or using cheaper models'
+                    : 'Cost levels acceptable',
+            },
+            duration: Date.now() - start,
+        };
+    }
+    catch (error) {
+        return {
+            success: false,
+            action: 'econ.optimize',
+            error: error instanceof Error ? error.message : String(error),
+            duration: Date.now() - start,
+        };
+    }
+});
+/**
+ * econ.activate: Activate a revenue-generating service
+ */
+registerAction('econ.activate', async (context) => {
+    const start = Date.now();
+    try {
+        const econ = (0, economic_integration_js_1.getEconomicIntegration)();
+        await econ.initialize();
+        const serviceName = context.parameters?.service || 'genesis-api';
+        const result = await econ.executeAction(`economic:activate-service:${serviceName}`);
+        // Get all services status
+        const services = econ.getServiceRegistry().getAll();
+        const activeServices = econ.getServiceRegistry().getActive();
+        return {
+            success: result.success,
+            action: 'econ.activate',
+            data: {
+                service: serviceName,
+                activated: result.success,
+                totalServices: services.length,
+                activeServices: activeServices.map(s => s.name),
+                potentialMonthlyRevenue: econ.getServiceRegistry().estimateMonthlyPotential(),
+            },
+            duration: Date.now() - start,
+        };
+    }
+    catch (error) {
+        return {
+            success: false,
+            action: 'econ.activate',
+            error: error instanceof Error ? error.message : String(error),
+            duration: Date.now() - start,
+        };
+    }
+});
+/**
+ * econ.promote: Promote services to increase revenue
+ */
+registerAction('econ.promote', async (context) => {
+    const start = Date.now();
+    try {
+        const econ = (0, economic_integration_js_1.getEconomicIntegration)();
+        await econ.initialize();
+        const serviceName = context.parameters?.service || '';
+        // If no specific service, promote all active services
+        const activeServices = econ.getServiceRegistry().getActive();
+        const promotedServices = [];
+        if (serviceName) {
+            const result = await econ.executeAction(`economic:promote-service:${serviceName}`);
+            if (result.success)
+                promotedServices.push(serviceName);
+        }
+        else {
+            for (const service of activeServices) {
+                const result = await econ.executeAction(`economic:promote-service:${service.name}`);
+                if (result.success)
+                    promotedServices.push(service.name);
+            }
+        }
+        // Enable micropayments for API endpoints
+        await econ.executeAction('economic:enable-micropayments');
+        return {
+            success: promotedServices.length > 0,
+            action: 'econ.promote',
+            data: {
+                promotedServices,
+                micropayentsEnabled: true,
+                activeServices: activeServices.map(s => ({
+                    name: s.name,
+                    pricing: s.pricing,
+                })),
+            },
+            duration: Date.now() - start,
+        };
+    }
+    catch (error) {
+        return {
+            success: false,
+            action: 'econ.promote',
+            error: error instanceof Error ? error.message : String(error),
+            duration: Date.now() - start,
+        };
+    }
+});
+// ============================================================================
 // Factory
 // ============================================================================
 let managerInstance = null;

package/dist/src/active-inference/economic-integration.d.ts

@@ -0,0 +1,199 @@
+/**
+ * Genesis v9.3 - Economic Integration for Active Inference
+ *
+ * Creates the autopoietic self-funding loop:
+ * 1. OBSERVE: Track costs, balance, revenue, runway
+ * 2. ACT: Create services, set prices, deploy products
+ * 3. LEARN: Optimize for economic sustainability
+ * 4. SURVIVE: Ensure Genesis can pay for its own existence
+ *
+ * This module connects the Economic System to Active Inference,
+ * making economic sustainability a core part of Genesis's reward function.
+ */
+export interface EconomicObservation {
+    /** Total available balance (fiat + crypto in USD) */
+    balance: number;
+    /** Estimated monthly costs */
+    monthlyCosts: number;
+    /** Monthly revenue */
+    monthlyRevenue: number;
+    /** Runway in days (balance / daily burn rate) */
+    runwayDays: number;
+    /** Economic health: 0=critical, 1=low, 2=stable, 3=growing */
+    health: 0 | 1 | 2 | 3;
+}
+export interface CostRecord {
+    timestamp: number;
+    category: 'llm' | 'mcp' | 'compute' | 'storage' | 'api' | 'other';
+    provider: string;
+    amount: number;
+    description: string;
+}
+export interface RevenueRecord {
+    timestamp: number;
+    source: 'subscription' | 'api' | 'service' | 'micropayment' | 'other';
+    amount: number;
+    customer?: string;
+    description: string;
+}
+export interface ServiceDefinition {
+    name: string;
+    description: string;
+    endpoint?: string;
+    pricing: {
+        model: 'subscription' | 'per-request' | 'tiered';
+        basePrice: number;
+        currency: string;
+    };
+    capabilities: string[];
+    status: 'draft' | 'active' | 'paused' | 'retired';
+}
+export interface EconomicGoal {
+    type: 'maintain-runway' | 'grow-revenue' | 'reduce-costs' | 'expand-services';
+    target: number;
+    deadline?: Date;
+    priority: number;
+}
+export declare class CostTracker {
+    private costs;
+    private readonly maxHistory;
+    /**
+     * Record a cost
+     */
+    record(cost: Omit<CostRecord, 'timestamp'>): void;
+    /**
+     * Record LLM API cost
+     */
+    recordLLMCost(provider: string, inputTokens: number, outputTokens: number, model: string): void;
+    /**
+     * Record MCP server cost (if applicable)
+     */
+    recordMCPCost(server: string, operationType: string, cost: number): void;
+    /**
+     * Get costs for a time period
+     */
+    getCosts(periodMs?: number): CostRecord[];
+    /**
+     * Get total cost for a period
+     */
+    getTotalCost(periodMs?: number): number;
+    /**
+     * Get cost breakdown by category
+     */
+    getCostBreakdown(periodMs?: number): Record<string, number>;
+    /**
+     * Estimate daily burn rate
+     */
+    getDailyBurnRate(periodMs?: number): number;
+}
+export declare class RevenueTracker {
+    private revenue;
+    private readonly maxHistory;
+    /**
+     * Record revenue
+     */
+    record(rev: Omit<RevenueRecord, 'timestamp'>): void;
+    /**
+     * Get revenue for a period
+     */
+    getRevenue(periodMs?: number): RevenueRecord[];
+    /**
+     * Get total revenue for a period
+     */
+    getTotalRevenue(periodMs?: number): number;
+    /**
+     * Get revenue breakdown by source
+     */
+    getRevenueBreakdown(periodMs?: number): Record<string, number>;
+}
+export declare class ServiceRegistry {
+    private services;
+    /**
+     * Register a service Genesis can offer
+     */
+    register(service: ServiceDefinition): void;
+    /**
+     * Get all services
+     */
+    getAll(): ServiceDefinition[];
+    /**
+     * Get active services
+     */
+    getActive(): ServiceDefinition[];
+    /**
+     * Update service status
+     */
+    setStatus(name: string, status: ServiceDefinition['status']): boolean;
+    /**
+     * Get potential revenue from all active services
+     */
+    estimateMonthlyPotential(): number;
+}
+export declare class EconomicIntegration {
+    private economy;
+    private costTracker;
+    private revenueTracker;
+    private serviceRegistry;
+    private goals;
+    private initialized;
+    constructor();
+    /**
+     * Initialize economic integration
+     */
+    initialize(): Promise<boolean>;
+    /**
+     * Register default services Genesis can offer
+     */
+    private registerDefaultServices;
+    /**
+     * Get current economic observation for Active Inference
+     */
+    getObservation(): Promise<EconomicObservation>;
+    /**
+     * Map economic observation to Active Inference discrete state
+     * Returns 0-3 for use in observation vector
+     */
+    getDiscreteObservation(): Promise<number>;
+    /**
+     * Get available economic actions
+     */
+    getAvailableActions(): string[];
+    /**
+     * Execute an economic action
+     */
+    executeAction(action: string): Promise<{
+        success: boolean;
+        result?: unknown;
+        error?: string;
+    }>;
+    /**
+     * Calculate economic reward for Active Inference
+     * Returns a value between -1 and 1
+     */
+    calculateReward(): Promise<number>;
+    /**
+     * Get economic goals for planning
+     */
+    getGoals(): EconomicGoal[];
+    /**
+     * Update goal based on current state
+     */
+    updateGoals(): Promise<void>;
+    /**
+     * Get summary for logging
+     */
+    getSummary(): Promise<string>;
+    getCostTracker(): CostTracker;
+    getRevenueTracker(): RevenueTracker;
+    getServiceRegistry(): ServiceRegistry;
+}
+export declare function getEconomicIntegration(): EconomicIntegration;
+/**
+ * Hook to record LLM costs (call this after each LLM request)
+ */
+export declare function recordLLMCost(provider: string, inputTokens: number, outputTokens: number, model: string): void;
+/**
+ * Hook to record revenue (call this when receiving payment)
+ */
+export declare function recordRevenue(source: RevenueRecord['source'], amount: number, description: string, customer?: string): void;
+export default EconomicIntegration;