hebbian 0.5.0 → 0.5.1

package/dist/digest.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"digest.d.ts","sourceRoot":"","sources":["../src/digest.ts"],"names":[],"mappings":"AAiBA,MAAM,WAAW,YAAY;IAC5B,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC;IAChB,cAAc,EAAE,MAAM,CAAC;IACvB,SAAS,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,mBAAmB;IACnC,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,IAAI,GAAG,IAAI,GAAG,MAAM,GAAG,MAAM,CAAC;IACtC,QAAQ,EAAE,MAAM,EAAE,CAAC;CACnB;AAwDD;;GAEG;AACH,wBAAgB,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG;IAAE,cAAc,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAA;CAAE,GAAG,IAAI,CAYjG;AAED;;;GAGG;AACH,wBAAgB,gBAAgB,CAAC,SAAS,EAAE,MAAM,EAAE,cAAc,EAAE,MAAM,EAAE,SAAS,CAAC,EAAE,MAAM,GAAG,YAAY,CAsD5G;AA6CD;;;GAGG;AACH,wBAAgB,kBAAkB,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,mBAAmB,EAAE,CAuB5E"}
+{"version":3,"file":"digest.d.ts","sourceRoot":"","sources":["../src/digest.ts"],"names":[],"mappings":"AAiBA,MAAM,WAAW,YAAY;IAC5B,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC;IAChB,cAAc,EAAE,MAAM,CAAC;IACvB,SAAS,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,mBAAmB;IACnC,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,IAAI,GAAG,IAAI,GAAG,MAAM,GAAG,MAAM,CAAC;IACtC,QAAQ,EAAE,MAAM,EAAE,CAAC;CACnB;AAwDD;;GAEG;AACH,wBAAgB,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG;IAAE,cAAc,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAA;CAAE,GAAG,IAAI,CAYjG;AAED;;;GAGG;AACH,wBAAgB,gBAAgB,CAAC,SAAS,EAAE,MAAM,EAAE,cAAc,EAAE,MAAM,EAAE,SAAS,CAAC,EAAE,MAAM,GAAG,YAAY,CAsD5G;AA6CD;;;GAGG;AACH,wBAAgB,kBAAkB,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,mBAAmB,EAAE,CA8B5E"}

package/dist/evolve.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"evolve.d.ts","sourceRoot":"","sources":["../src/evolve.ts"],"names":[],"mappings":"AAaA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAEzC,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,SAAS,CAAC;AAYrC,MAAM,WAAW,YAAY;IAC5B,IAAI,EAAE,MAAM,GAAG,MAAM,GAAG,QAAQ,GAAG,OAAO,GAAG,OAAO,CAAC;IACrD,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,YAAY;IAC5B,OAAO,EAAE,YAAY,EAAE,CAAC;IACxB,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,OAAO,CAAC;CAChB;AAUD,wBAAsB,SAAS,CAAC,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,GAAG,OAAO,CAAC,YAAY,CAAC,CAgDzF;AAID,wBAAgB,iBAAiB,CAAC,KAAK,EAAE,KAAK,GAAG,MAAM,CAuBtD;AAID,wBAAgB,WAAW,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,EAAE,cAAc,CAAC,EAAE,MAAM,GAAG,MAAM,CAyCjG;AAID,wBAAsB,UAAU,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC,CAyDxF;AAID,wBAAgB,YAAY,CAAC,IAAI,EAAE,MAAM,GAAG,YAAY,EAAE,CA8BzD;AAID,wBAAgB,eAAe,CAAC,OAAO,EAAE,YAAY,EAAE,EAAE,MAAM,EAAE,KAAK,GAAG,YAAY,EAAE,CAmBtF;AAID,wBAAgB,cAAc,CAAC,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,YAAY,EAAE,GAAG,MAAM,CA8BjF"}
+{"version":3,"file":"evolve.d.ts","sourceRoot":"","sources":["../src/evolve.ts"],"names":[],"mappings":"AAeA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAEzC,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,SAAS,CAAC;AAYrC,MAAM,WAAW,YAAY;IAC5B,IAAI,EAAE,MAAM,GAAG,MAAM,GAAG,QAAQ,GAAG,OAAO,GAAG,OAAO,CAAC;IACrD,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,YAAY;IAC5B,OAAO,EAAE,YAAY,EAAE,CAAC;IACxB,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,OAAO,CAAC;CAChB;AAWD,wBAAsB,SAAS,CAAC,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,GAAG,OAAO,CAAC,YAAY,CAAC,CAkEzF;AAID,wBAAgB,iBAAiB,CAAC,KAAK,EAAE,KAAK,GAAG,MAAM,CAuBtD;AAeD,wBAAgB,WAAW,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,EAAE,cAAc,CAAC,EAAE,MAAM,GAAG,MAAM,CAyCjG;AAID,wBAAsB,UAAU,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC,CAyDxF;AAID,wBAAgB,YAAY,CAAC,IAAI,EAAE,MAAM,GAAG,YAAY,EAAE,CA8BzD;AAID,wBAAgB,eAAe,CAAC,OAAO,EAAE,YAAY,EAAE,EAAE,MAAM,EAAE,KAAK,GAAG,YAAY,EAAE,CAwBtF;AAID,wBAAgB,cAAc,CAAC,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,YAAY,EAAE,GAAG,MAAM,CA8BjF"}

package/dist/grow.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"grow.d.ts","sourceRoot":"","sources":["../src/grow.ts"],"names":[],"mappings":"AAeA,MAAM,WAAW,UAAU;IAC1B,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC;IACzB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;CAChB;AAED;;;GAGG;AACH,wBAAgB,UAAU,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,UAAU,CAwC5E"}
+{"version":3,"file":"grow.d.ts","sourceRoot":"","sources":["../src/grow.ts"],"names":[],"mappings":"AAeA,MAAM,WAAW,UAAU;IAC1B,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC;IACzB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;CAChB;AAED;;;GAGG;AACH,wBAAgB,UAAU,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,UAAU,CA2C5E"}

package/dist/index.js

@@ -400,6 +400,9 @@ function growNeuron(brainRoot, neuronPath) {
     const counter = fireNeuron(brainRoot, neuronPath);
     return { action: "fired", path: neuronPath, counter };
   }
+  if (neuronPath.includes("..") || neuronPath.startsWith("/")) {
+    throw new Error(`Invalid neuron path: "${neuronPath}" (path traversal not allowed)`);
+  }
   const parts = neuronPath.split("/");
   const regionName = parts[0];
   if (!REGIONS.includes(regionName)) {
@@ -1295,10 +1298,20 @@ function json(res, data, status = 200) {
 function error(res, message, status = 400) {
   json(res, { error: message }, status);
 }
+var MAX_BODY_BYTES = 1048576;
 async function readBody(req) {
   return new Promise((resolve3, reject) => {
     const chunks = [];
-    req.on("data", (chunk) => chunks.push(chunk));
+    let total = 0;
+    req.on("data", (chunk) => {
+      total += chunk.length;
+      if (total > MAX_BODY_BYTES) {
+        reject(new Error("Request body too large"));
+        req.destroy();
+        return;
+      }
+      chunks.push(chunk);
+    });
     req.on("end", () => resolve3(Buffer.concat(chunks).toString("utf8")));
     req.on("error", reject);
   });
@@ -1795,6 +1808,8 @@ function extractCorrections(messages) {
     if (text.length < MIN_CORRECTION_LENGTH) continue;
     if (/^[\/!]/.test(text.trim())) continue;
     if (text.trim().endsWith("?")) continue;
+    if (/^<[a-zA-Z]/.test(text.trim())) continue;
+    if (/^Base directory for this skill:/i.test(text.trim())) continue;
     const correction = detectCorrection(text);
     if (correction) {
       corrections.push(correction);
@@ -1978,6 +1993,10 @@ function writeAuditLog(brainRoot, sessionId, entries) {
   writeFileSync11(logPath, lines.join("\n") + (lines.length > 0 ? "\n" : ""), "utf8");
 }
 
+// src/evolve.ts
+import { existsSync as existsSync16, readFileSync as readFileSync8, writeFileSync as writeFileSync13 } from "fs";
+import { join as join17 } from "path";
+
 // src/outcome.ts
 import { execSync as execSync3 } from "child_process";
 import { existsSync as existsSync15, mkdirSync as mkdirSync10, writeFileSync as writeFileSync12, readFileSync as readFileSync7, readdirSync as readdirSync10, rmSync as rmSync2, statSync as statSync4 } from "fs";
@@ -2154,8 +2173,9 @@ function buildOutcomeSummary(brainRoot) {
   });
   for (const [neuron, s] of sorted) {
     const ratio = s.sessions > 0 ? (s.reverts / s.sessions).toFixed(2) : "0.00";
-    const trend = parseFloat(ratio) > 0.5 ? "\u2190 act on this" : parseFloat(ratio) > 0.3 ? "\u2190 watch" : "";
-    lines.push(`- ${neuron}: sessions=${s.sessions} reverts=${s.reverts} acceptances=${s.acceptances} contra_ratio=${ratio} ${trend}`);
+    const trend = parseFloat(ratio) > 0.5 ? "act on this" : parseFloat(ratio) > 0.3 ? "watch" : "";
+    const safePath = neuron.replace(/[\n\r#]/g, " ").trim();
+    lines.push(`- ${safePath}: sessions=${s.sessions} reverts=${s.reverts} acceptances=${s.acceptances} contra_ratio=${ratio} ${trend}`);
   }
   lines.push("");
   return lines.join("\n");
@@ -2204,12 +2224,26 @@ var PROTECTED_REGIONS = ["brainstem", "limbic", "sensors"];
 var DEFAULT_MODEL = "gemini-2.0-flash-lite";
 var API_TIMEOUT = 3e4;
 var RETRY_DELAY = 5e3;
+var EVOLVE_COOLDOWN_FILE = "hippocampus/evolve_last_run";
 async function runEvolve(brainRoot, dryRun) {
   const apiKey = process.env.GEMINI_API_KEY;
   if (!apiKey) {
     console.error("\u274C GEMINI_API_KEY not set. Get one at https://aistudio.google.com/apikey");
     return { actions: [], executed: 0, skipped: 0, dryRun };
   }
+  if (!dryRun && process.env.EVOLVE_NO_COOLDOWN !== "1") {
+    const cooldownMs = (parseInt(process.env.EVOLVE_COOLDOWN_SECONDS ?? "60", 10) || 60) * 1e3;
+    const cooldownPath = join17(brainRoot, EVOLVE_COOLDOWN_FILE);
+    if (existsSync16(cooldownPath)) {
+      const lastRun = parseInt(readFileSync8(cooldownPath, "utf8").trim(), 10);
+      const elapsed = Date.now() - lastRun;
+      if (elapsed < cooldownMs) {
+        const remaining = Math.ceil((cooldownMs - elapsed) / 1e3);
+        console.log(`\u23F3 evolve cooldown: ${remaining}s remaining (use EVOLVE_NO_COOLDOWN=1 to bypass)`);
+        return { actions: [], executed: 0, skipped: 0, dryRun };
+      }
+    }
+  }
   const episodes = readEpisodes(brainRoot);
   const brain = scanBrain(brainRoot);
   const summary = buildBrainSummary(brain);
@@ -2240,6 +2274,7 @@ async function runEvolve(brainRoot, dryRun) {
   const executed = executeActions(brainRoot, actions);
   logEpisode(brainRoot, "evolve", "", `${executed} action(s) executed, ${skipped} skipped`);
   console.log(`\u{1F9E0} evolve: ${executed} action(s) executed, ${skipped} skipped`);
+  writeFileSync13(join17(brainRoot, EVOLVE_COOLDOWN_FILE), String(Date.now()), "utf8");
   return { actions, executed, skipped, dryRun: false };
 }
 function buildBrainSummary(brain) {
@@ -2262,8 +2297,12 @@ function buildBrainSummary(brain) {
   }
   return lines.join("\n");
 }
+function sanitizeForPrompt(text) {
+  const firstLine = (text.split("\n")[0] ?? "").trim();
+  return firstLine.replace(/^#+\s*/g, "").slice(0, 200);
+}
 function buildPrompt(summary, episodes, outcomeSummary) {
-  const episodeLines = episodes.length > 0 ? episodes.map((e) => `- [${e.ts}] ${e.type}: ${e.path} \u2014 ${e.detail}`).join("\n") : "(no recent episodes)";
+  const episodeLines = episodes.length > 0 ? episodes.map((e) => `- [${e.ts}] ${e.type}: ${e.path} \u2014 ${sanitizeForPrompt(e.detail)}`).join("\n") : "(no recent episodes)";
   const outcomeSection = outcomeSummary || "";
   return `You are the evolve engine for a hebbian brain \u2014 a filesystem-based memory system for AI agents.
 
@@ -2302,7 +2341,7 @@ Respond with a JSON array of actions:
 }
 async function callGemini(prompt, apiKey) {
   const model = process.env.EVOLVE_MODEL || DEFAULT_MODEL;
-  const url = `https://generativelanguage.googleapis.com/v1beta/models/${model}:generateContent?key=${apiKey}`;
+  const url = `https://generativelanguage.googleapis.com/v1beta/models/${model}:generateContent`;
   const body = {
     contents: [{ parts: [{ text: prompt }] }],
     generationConfig: {
@@ -2318,7 +2357,7 @@ async function callGemini(prompt, apiKey) {
     try {
       const res = await fetch(url, {
         method: "POST",
-        headers: { "Content-Type": "application/json" },
+        headers: { "Content-Type": "application/json", "x-goog-api-key": apiKey },
         body: JSON.stringify(body),
         signal: AbortSignal.timeout(API_TIMEOUT)
       });
@@ -2372,6 +2411,10 @@ function parseActions(text) {
 }
 function validateActions(actions, _brain) {
   return actions.filter((action) => {
+    if (action.path.includes("..") || action.path.startsWith("/")) {
+      console.log(`   \u26A0\uFE0F blocked: ${action.type} ${action.path} (path traversal)`);
+      return false;
+    }
     const region = action.path.split("/")[0];
     if (!region || PROTECTED_REGIONS.includes(region)) {
       console.log(`   \u{1F6E1}\uFE0F blocked: ${action.type} ${action.path} (protected region)`);