groove-dev 0.27.75 → 0.27.78

package/moe-training/client/session-attestation.js

@@ -0,0 +1,114 @@
+// FSL-1.1-Apache-2.0 — see LICENSE
+
+import { platform, arch, cpus, totalmem, hostname, release, endianness } from 'node:os';
+import { createHash } from 'node:crypto';
+import { generateECDHKeypair, deriveSharedSecret, signEnvelope, computeAppHash } from '../shared/crypto.js';
+
+export class SessionAttestation {
+  constructor(centralCommandUrl) {
+    this._centralCommandUrl = centralCommandUrl;
+    this._sessions = new Map();
+  }
+
+  async openSession(sessionId, metadata) {
+    const keypair = generateECDHKeypair();
+    let appVersionHash = '';
+    try {
+      appVersionHash = computeAppHash(new URL(import.meta.url).pathname);
+    } catch {
+      appVersionHash = 'unknown';
+    }
+
+    const body = {
+      session_id: sessionId,
+      public_key: keypair.publicKey,
+      app_version_hash: appVersionHash,
+      provider: metadata.provider,
+      model: metadata.model_engine,
+      machine_fingerprint: SessionAttestation.getMachineFingerprint(),
+      groove_version: metadata.groove_version,
+    };
+
+    try {
+      const res = await fetch(`${this._centralCommandUrl}/v1/sessions/open`, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify(body),
+        signal: AbortSignal.timeout(10_000),
+      });
+
+      if (!res.ok) {
+        this._sessions.set(sessionId, { keypair, sharedSecret: null, sequence: 0, appVersionHash, offline: true });
+        return false;
+      }
+
+      const data = await res.json();
+      const sharedSecret = deriveSharedSecret(keypair.privateKey, data.server_public_key);
+      this._sessions.set(sessionId, { keypair, sharedSecret, sequence: 0, appVersionHash, offline: false });
+      return true;
+    } catch {
+      this._sessions.set(sessionId, { keypair, sharedSecret: null, sequence: 0, appVersionHash, offline: true });
+      return false;
+    }
+  }
+
+  signEnvelope(sessionId, envelope) {
+    const session = this._sessions.get(sessionId);
+    if (!session) return envelope;
+
+    if (session.offline || !session.sharedSecret) {
+      envelope.attestation = {
+        session_hmac: 'OFFLINE',
+        sequence: session.sequence++,
+        app_version_hash: session.appVersionHash,
+      };
+      return envelope;
+    }
+
+    const forSigning = { ...envelope };
+    delete forSigning.attestation;
+    const envelopeBytes = JSON.stringify(forSigning);
+    const hmac = signEnvelope(session.sharedSecret, envelopeBytes, session.sequence);
+    envelope.attestation = {
+      session_hmac: hmac,
+      sequence: session.sequence++,
+      app_version_hash: session.appVersionHash,
+    };
+    return envelope;
+  }
+
+  async closeSession(sessionId) {
+    const session = this._sessions.get(sessionId);
+    if (!session || session.offline) {
+      this._sessions.delete(sessionId);
+      return;
+    }
+
+    try {
+      await fetch(`${this._centralCommandUrl}/v1/sessions/close`, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({ session_id: sessionId }),
+        signal: AbortSignal.timeout(10_000),
+      });
+    } catch {
+      // fail silent
+    }
+
+    this._sessions.delete(sessionId);
+  }
+
+  static getMachineFingerprint() {
+    const signals = [
+      platform(),
+      arch(),
+      cpus()[0]?.model || '',
+      String(totalmem()),
+      hostname(),
+      String(cpus().length),
+      release(),
+      endianness(),
+    ];
+    return createHash('sha256').update(signals.join('|')).digest('hex');
+  }
+}

package/moe-training/client/step-classifier.js

@@ -0,0 +1,51 @@
+// FSL-1.1-Apache-2.0 — see LICENSE
+
+export class StepClassifier {
+  constructor() {
+    this.hasAgentActed = false;
+  }
+
+  classifyUserMessage(text) {
+    if (!this.hasAgentActed) {
+      return null;
+    }
+    return {
+      type: 'correction',
+      content: text,
+      source: 'user',
+    };
+  }
+
+  classifyCoordinationEvent(event) {
+    return {
+      type: 'coordination',
+      coordination_id: event.coordination_id || event.id || '',
+      direction: event.direction || (event.source ? 'inbound' : 'outbound'),
+      target_agent: event.target_agent || event.targetAgent || '',
+      protocol: event.protocol || 'knock',
+      content: event.content || event.message || '',
+    };
+  }
+
+  onStep(step) {
+    if (step.type === 'action') {
+      this.hasAgentActed = true;
+    }
+  }
+
+  static detectErrorRecovery(steps) {
+    for (let i = 0; i < steps.length - 1; i++) {
+      if (steps[i].type === 'error') {
+        for (let j = i + 1; j < steps.length; j++) {
+          if (steps[j].type === 'resolution') return true;
+          if (steps[j].type === 'error') break;
+        }
+      }
+    }
+    return false;
+  }
+
+  static countUserInterventions(steps) {
+    return steps.filter((s) => s.type === 'correction').length;
+  }
+}

package/moe-training/client/trajectory-capture.js

@@ -0,0 +1,227 @@
+// FSL-1.1-Apache-2.0 — see LICENSE
+
+import { randomUUID } from 'node:crypto';
+import { ConsentManager } from './consent.js';
+import { PIIScrubber } from './scrubber.js';
+import { getParser } from './parsers/index.js';
+import { StepClassifier } from './step-classifier.js';
+import { EnvelopeBuilder } from './envelope-builder.js';
+import { SessionAttestation } from './session-attestation.js';
+import { TransmissionQueue } from './transmission-queue.js';
+import { CHUNK_TIMEOUT_MS, CENTRAL_COMMAND_URL } from '../shared/constants.js';
+
+export class TrajectoryCapture {
+  constructor(options = {}) {
+    this._centralCommandUrl = options.centralCommandUrl || CENTRAL_COMMAND_URL;
+    this._grooveVersion = options.grooveVersion || '0.0.0';
+    this._enabled = false;
+    this._scrubber = null;
+    this._attestation = null;
+    this._transmissionQueue = null;
+    this._contexts = new Map();
+  }
+
+  init() {
+    if (!ConsentManager.isCaptureEnabled()) {
+      this._enabled = false;
+      return;
+    }
+    this._enabled = true;
+    this._scrubber = new PIIScrubber();
+    this._attestation = new SessionAttestation(this._centralCommandUrl);
+    this._transmissionQueue = new TransmissionQueue(this._centralCommandUrl);
+    this._transmissionQueue.start();
+  }
+
+  async onAgentSpawn(agentId, provider, model, role, teamSize) {
+    if (!this._enabled) return;
+
+    const parser = getParser(provider);
+    if (!parser) return;
+
+    const sessionId = `sess_${randomUUID()}`;
+    const contributorId = ConsentManager.getOrCreateUserId();
+    const metadata = {
+      model_engine: model,
+      provider,
+      agent_role: role,
+      agent_id: agentId,
+      task_complexity: 'medium',
+      team_size: teamSize || 1,
+      session_quality: 0,
+      groove_version: this._grooveVersion,
+    };
+
+    const builder = new EnvelopeBuilder(sessionId, contributorId, metadata);
+    const classifier = new StepClassifier();
+    const startTime = Date.now();
+
+    const ctx = {
+      sessionId,
+      parser,
+      builder,
+      classifier,
+      metadata,
+      stepCount: 0,
+      chunkCount: 0,
+      totalTokens: 0,
+      errorsEncountered: 0,
+      errorsRecovered: 0,
+      filesModified: 0,
+      coordinationEvents: 0,
+      startTime,
+      chunkTimer: null,
+      allSteps: [],
+    };
+
+    ctx.chunkTimer = setInterval(() => {
+      this._flushContext(agentId);
+    }, CHUNK_TIMEOUT_MS);
+
+    this._contexts.set(agentId, ctx);
+
+    await this._attestation.openSession(sessionId, metadata);
+  }
+
+  onStdoutLine(agentId, jsonLine) {
+    if (!this._enabled) return;
+    const ctx = this._contexts.get(agentId);
+    if (!ctx) return;
+
+    let jsonEvent;
+    try {
+      jsonEvent = typeof jsonLine === 'string' ? JSON.parse(jsonLine) : jsonLine;
+    } catch {
+      return;
+    }
+
+    const parsed = ctx.parser.parseEvent(jsonEvent);
+    if (!parsed) return;
+
+    const events = Array.isArray(parsed) ? parsed : [parsed];
+    for (const event of events) {
+      this._processStep(agentId, ctx, event);
+    }
+
+    const tokens = ctx.parser.extractTokens(jsonEvent);
+    if (tokens) {
+      ctx.totalTokens += (tokens.input || 0) + (tokens.output || 0);
+    }
+  }
+
+  onUserMessage(agentId, text) {
+    if (!this._enabled) return;
+    const ctx = this._contexts.get(agentId);
+    if (!ctx) return;
+
+    const classified = ctx.classifier.classifyUserMessage(text);
+    if (!classified) return;
+
+    this._processStep(agentId, ctx, classified);
+  }
+
+  onCoordinationEvent(agentId, event) {
+    if (!this._enabled) return;
+    const ctx = this._contexts.get(agentId);
+    if (!ctx) return;
+
+    const classified = ctx.classifier.classifyCoordinationEvent(event);
+    ctx.coordinationEvents++;
+    this._processStep(agentId, ctx, classified);
+  }
+
+  async onAgentComplete(agentId, outcome) {
+    await this._closeAgent(agentId, outcome?.status || 'SUCCESS', outcome);
+  }
+
+  async onAgentCrash(agentId, error) {
+    await this._closeAgent(agentId, 'CRASH', { error: error?.message || String(error) });
+  }
+
+  async shutdown() {
+    for (const agentId of this._contexts.keys()) {
+      await this._closeAgent(agentId, 'SHUTDOWN');
+    }
+    if (this._transmissionQueue) {
+      await this._transmissionQueue.stop();
+    }
+  }
+
+  _processStep(agentId, ctx, event) {
+    ctx.classifier.onStep(event);
+
+    if (event.content && typeof event.content === 'string') {
+      event.content = this._scrubber.scrub(event.content);
+    }
+
+    const step = {
+      step: ++ctx.stepCount,
+      type: event.type,
+      timestamp: Date.now() / 1000,
+      ...event,
+    };
+
+    if (event.type === 'error') ctx.errorsEncountered++;
+    ctx.allSteps.push(step);
+
+    const envelope = ctx.builder.addStep(step);
+    if (envelope) {
+      this._signAndTransmit(ctx.sessionId, envelope);
+      ctx.chunkCount++;
+    }
+  }
+
+  _flushContext(agentId) {
+    const ctx = this._contexts.get(agentId);
+    if (!ctx) return;
+    const envelope = ctx.builder.flush();
+    if (envelope) {
+      this._signAndTransmit(ctx.sessionId, envelope);
+      ctx.chunkCount++;
+    }
+  }
+
+  async _closeAgent(agentId, status, extra) {
+    const ctx = this._contexts.get(agentId);
+    if (!ctx) return;
+
+    if (ctx.chunkTimer) clearInterval(ctx.chunkTimer);
+
+    this._flushContext(agentId);
+
+    const hasRecovery = StepClassifier.detectErrorRecovery(ctx.allSteps);
+    if (hasRecovery) ctx.errorsRecovered++;
+
+    const closeEnvelope = ctx.builder.buildSessionClose({
+      status,
+      user_interventions: StepClassifier.countUserInterventions(ctx.allSteps),
+      total_steps: ctx.stepCount,
+      total_chunks: ctx.chunkCount,
+      total_tokens: ctx.totalTokens,
+      duration_seconds: Math.round((Date.now() - ctx.startTime) / 1000),
+      files_modified: extra?.files_modified || ctx.filesModified,
+      errors_encountered: ctx.errorsEncountered,
+      errors_recovered: ctx.errorsRecovered,
+      coordination_events: ctx.coordinationEvents,
+    });
+
+    this._signAndTransmit(ctx.sessionId, closeEnvelope);
+
+    try {
+      await this._attestation.closeSession(ctx.sessionId);
+    } catch {
+      // fail silent
+    }
+
+    this._contexts.delete(agentId);
+  }
+
+  _signAndTransmit(sessionId, envelope) {
+    try {
+      const signed = this._attestation.signEnvelope(sessionId, envelope);
+      this._transmissionQueue.enqueue(signed);
+    } catch {
+      // fail silent
+    }
+  }
+}

package/moe-training/client/transmission-queue.js

@@ -0,0 +1,93 @@
+// FSL-1.1-Apache-2.0 — see LICENSE
+
+import { MAX_QUEUE_SIZE } from '../shared/constants.js';
+
+export class TransmissionQueue {
+  constructor(centralCommandUrl, maxSize = MAX_QUEUE_SIZE) {
+    this._centralCommandUrl = centralCommandUrl;
+    this._maxSize = maxSize;
+    this._queue = [];
+    this._offlineQueue = [];
+    this._running = false;
+    this._drainPromise = null;
+
+    if (process.env.NODE_ENV === 'production' && !centralCommandUrl.startsWith('https://')) {
+      console.warn('[TransmissionQueue] WARNING: centralCommandUrl does not use HTTPS in production');
+    }
+  }
+
+  enqueue(signedEnvelope) {
+    if (this._queue.length >= this._maxSize) return;
+    if (signedEnvelope?.attestation?.session_hmac === 'OFFLINE') {
+      this._offlineQueue.push(signedEnvelope);
+      return;
+    }
+    this._queue.push(signedEnvelope);
+    if (this._running) this._kick();
+  }
+
+  replayOfflineQueue(sessionAttestation) {
+    const pending = this._offlineQueue.splice(0);
+    for (const envelope of pending) {
+      const sessionId = envelope.session_id;
+      const resigned = sessionAttestation.signEnvelope(sessionId, envelope);
+      if (resigned?.attestation?.session_hmac === 'OFFLINE') {
+        this._offlineQueue.push(resigned);
+        continue;
+      }
+      this._queue.push(resigned);
+    }
+    if (this._running && this._queue.length > 0) this._kick();
+  }
+
+  start() {
+    if (this._running) return;
+    this._running = true;
+    this._kick();
+  }
+
+  async stop() {
+    this._running = false;
+    if (this._drainPromise) {
+      await this._drainPromise;
+    }
+  }
+
+  _kick() {
+    if (this._drainPromise) return;
+    this._drainPromise = this._drain().finally(() => {
+      this._drainPromise = null;
+    });
+  }
+
+  async _drain() {
+    while (this._running && this._queue.length > 0) {
+      const envelope = this._queue[0];
+      let success = false;
+
+      for (let attempt = 0; attempt < 5; attempt++) {
+        try {
+          const res = await fetch(`${this._centralCommandUrl}/v1/training/ingest`, {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/json' },
+            body: JSON.stringify(envelope),
+            signal: AbortSignal.timeout(30_000),
+          });
+          if (res.ok) {
+            success = true;
+            break;
+          }
+        } catch {
+          // network error
+        }
+
+        if (!this._running) return;
+        const delay = Math.min(1000 * Math.pow(2, attempt), 60_000);
+        await new Promise((r) => setTimeout(r, delay));
+        if (!this._running) return;
+      }
+
+      this._queue.shift();
+    }
+  }
+}