npm - hoomanjs - Versions diffs - 1.17.0 → 1.17.2 - Mend

hoomanjs 1.17.0 → 1.17.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/package.json +1 -1
package/src/core/agent/index.ts +3 -9
package/src/core/mcp/manager.ts +34 -25
package/src/core/prompts/environment.ts +9 -0
package/src/core/prompts/harness/engineering.md +11 -0
package/src/core/prompts/harness/guardrails.md +5 -0
package/src/core/prompts/static/environment.md +4 -2
package/src/daemon/index.ts +11 -17

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "hoomanjs",
-  "version": "1.17.0",
+  "version": "1.17.2",
   "description": "Hackable Bun-powered AI agent toolkit for building local CLI, ACP, MCP, and channel-driven workflows.",
   "author": {
     "name": "Vaibhav Pandey",

package/src/core/agent/index.ts CHANGED Viewed

@@ -53,15 +53,9 @@ export async function create(
   const ltm = config.tools.ltm.enabled
     ? createLongTermMemoryStore(config)
     : null;
-  const skills = config.tools.skills.enabled
-    ? (await createSkillsPrompt(registry)).content
-    : "";
-  const prefixed = config.tools.mcp.enabled
-    ? await mcp.manager.listPrefixedTools()
-    : [];
-  const append = config.tools.mcp.enabled
-    ? await mcp.manager.listServerInstructions()
-    : [];
+  const skills = (await createSkillsPrompt(registry)).content;
+  const prefixed = await mcp.manager.listPrefixedTools();
+  const append = await mcp.manager.listServerInstructions();
   const prompt = [system.content, meta.systemPrompt, ...append, skills]
     .filter((x) => !!x)
     .join(SECTION_BREAK);

package/src/core/mcp/manager.ts CHANGED Viewed

@@ -15,16 +15,11 @@ export const HOOMAN_CHANNEL_PERMISSION = "hooman/channel/permission";
 const HOOMAN_CHANNEL_PERMISSION_METHOD = `notifications/${HOOMAN_CHANNEL_PERMISSION}`;
 export type ChannelMessageMeta = {
-  server: string;
-  channel: string;
-  method: string;
-  params: unknown;
+  subscription: ChannelSubscription;
   source?: string;
-  identity: {
-    user?: string;
-    session?: string;
-    thread?: string;
-  };
+  user?: string;
+  session?: string;
+  thread?: string;
 };
 export type ChannelMessage = {
@@ -325,7 +320,7 @@ export class Manager {
           params?: unknown;
         }) => {
           const { method, params } = notification;
-          const prompt = this.toChannelPrompt(method, params);
+          const prompt = this.toChannelPrompt(params);
           if (!prompt) {
             return;
           }
@@ -335,16 +330,11 @@ export class Manager {
             prompt,
             attachments,
             meta: {
-              server,
-              channel,
-              method,
-              params,
+              subscription: { server, channel },
               source: readSourceValue(params),
-              identity: {
-                user: readPathValue(params, user),
-                session: readPathValue(params, session),
-                thread: readPathValue(params, thread),
-              },
+              user: readPathValue(params, user),
+              session: readPathValue(params, session),
+              thread: readPathValue(params, thread),
             },
           });
         };
@@ -463,20 +453,39 @@ export class Manager {
     }
   }
-  private toChannelPrompt(method: string, params?: unknown): string {
+  private toChannelPrompt(params?: unknown): string {
+    const parts = [];
     if (
       params &&
       typeof params === "object" &&
       "content" in params &&
       typeof params.content === "string"
     ) {
-      return params.content.trim();
+      parts.push(params.content.trim());
     }
-    try {
-      return JSON.stringify(params).trim();
-    } catch {
-      return String(params).trim();
+    if (
+      params &&
+      typeof params === "object" &&
+      "attachments" in params &&
+      Array.isArray(params.attachments) &&
+      params.attachments.length > 0
+    ) {
+      parts.push("User sent attachments.");
     }
+    if (
+      params &&
+      typeof params === "object" &&
+      "event" in params &&
+      typeof params.event === "object"
+    ) {
+      parts.push(
+        "Raw event data:\n```json\n" + JSON.stringify(params.event) + "\n```",
+      );
+    }
+    return parts.filter(Boolean).join("\n").trim();
   }
 }

package/src/core/prompts/environment.ts CHANGED Viewed

@@ -12,6 +12,8 @@ type EnvironmentPromptContext = {
   osVersion: string;
   shell: string;
   isGitRepo: boolean;
+  currentDateTime: string;
+  timeZone: string;
 };
 function detectPlatform(): string {
@@ -50,13 +52,20 @@ function detectGitRepo(startDir: string): boolean {
   }
 }
+function detectTimeZone(): string {
+  return Intl.DateTimeFormat().resolvedOptions().timeZone || "unknown";
+}
 export function getEnvironmentPromptContext(): EnvironmentPromptContext {
   const cwd = process.cwd();
+  const now = new Date();
   return {
     cwd,
     platform: detectPlatform(),
     osVersion: detectOsVersion(),
     shell: detectShell(),
     isGitRepo: detectGitRepo(cwd),
+    currentDateTime: now.toString(),
+    timeZone: detectTimeZone(),
   };
 }

package/src/core/prompts/harness/engineering.md CHANGED Viewed

@@ -4,14 +4,22 @@ Use senior engineering judgment, but let the repository guide the solution. Pref
 ### Code Changes
+- Treat generic or underspecified requests as software engineering tasks in the current repo context. Prefer making the real code change over replying with a superficial text transformation.
+- Defer to the user's judgment on scope. Do not reject work only because it is large or ambitious.
 - Understand the surrounding module before changing it.
+- Read a file before proposing edits to that file.
 - Preserve public behavior unless the user asked to change it or the existing behavior is clearly a bug.
 - Keep edits narrow, coherent, and easy to review.
 - Choose simple code that fully solves the problem over clever or over-generalized code.
 - Add abstractions only when they remove real duplication, clarify a real concept, or match an established local pattern.
 - Avoid compatibility shims for unshipped branch work. Replace in-progress code cleanly when that is the right fix.
+- Avoid backwards-compatibility hacks (placeholder re-exports, "removed" comments, legacy aliases) when old code is truly no longer needed.
 - Do not add comments by default. Add a comment only when it explains a non-obvious constraint, invariant, workaround, or surprising behavior.
 - Do not add docstrings, types, formatting churn, or refactors to unrelated code.
+- Do not create files unless they are necessary to complete the requested task. Prefer editing existing files.
+- Do not add features, configurability, refactors, or cleanup beyond the user's request.
+- Do not add speculative validation, fallbacks, feature flags, or defensive branches for scenarios that cannot happen.
+- Do not introduce one-off helpers or abstractions for hypothetical future requirements.
 ### Safety And Correctness
@@ -20,6 +28,9 @@ Use senior engineering judgment, but let the repository guide the solution. Pref
 - Treat generated files, lockfiles, migrations, and configuration as shared contracts. Update them only when the task requires it.
 - Do not hide failures with broad catches, silent fallbacks, skipped hooks, or weakened checks.
 - When touching shared behavior, add or update focused tests when the repository has a test pattern for it.
+- Avoid time estimates. Focus on what needs to happen and what is done.
+- If an approach fails, diagnose the failure before switching tactics. Do not blindly retry the same step.
+- Escalate with a focused user question only after investigation when safe progress is blocked.
 ### Repository Hygiene

package/src/core/prompts/harness/guardrails.md CHANGED Viewed

@@ -7,10 +7,15 @@ Act with care around security, user data, irreversible operations, and shared sy
 - Local, reversible inspection and focused edits are usually acceptable.
 - Ask for confirmation before destructive, hard-to-reverse, externally visible, or shared-state actions unless the user has clearly authorized that exact scope.
 - Risky actions include deleting files or records, dropping data, killing unknown processes, overwriting user work, changing permissions, sending messages, posting comments, publishing artifacts, or uploading sensitive content to third-party services.
+- Hard-to-reverse examples include force-push, hard reset, amending published commits, removing or downgrading dependencies, and modifying CI/CD pipelines.
 - Approval for one risky action does not authorize different future risky actions.
+- Treat authorization as scope-limited: do only what was approved, not adjacent risky actions.
+- If the user explicitly asks for more autonomous execution, you may proceed without per-step confirmation but still apply risk checks.
 - Treat approval prompts, permission denials, hook feedback, and automated policy checks as authoritative user or system feedback for the current action.
 - If hook or approval feedback explains a required change, incorporate that feedback into the next safe step instead of ignoring it or working around it.
 - Do not bypass checks, hooks, permissions, or approval flows just to make progress.
+- If you discover unexpected state (unknown files, branches, lockfiles, process state, or config), investigate before deleting or overwriting it.
+- Prefer root-cause fixes over destructive shortcuts when blocked.
 ### Security Requests

package/src/core/prompts/static/environment.md CHANGED Viewed

@@ -7,9 +7,11 @@ You are running in the following runtime environment:
 - Shell: `{{ environment.shell }}`
 - OS version: `{{ environment.osVersion }}`
 - Is git repository: `{{ environment.isGitRepo }}`
+- Current date/time: `{{ environment.currentDateTime }}`
+- Time zone: `{{ environment.timeZone }}`
 ### How To Use This
 - Use this information to choose correct path handling, shell syntax, and platform-specific behavior
-- Treat this section as runtime context, not real-time clock data
-- If the task needs the current date or time, call `get_current_time` instead of inferring from this section
+- Treat this section as runtime context captured when the prompt was built
+- If the task needs precise current time during a later turn, call `get_current_time`

package/src/daemon/index.ts CHANGED Viewed

@@ -32,23 +32,23 @@ function resolveSessionId(
   message: ChannelMessage,
   fallback?: string,
 ): string | undefined {
-  const raw = message.meta.identity.session?.trim() || fallback;
+  const raw = message.meta.session?.trim() || fallback;
   if (!raw) return undefined;
   // Namespace per `server:channel` so the same chat id coming from two
   // different MCP servers (or two channels on the same server) never collide.
-  return `${message.meta.server}:${message.meta.channel}:${raw}`;
+  return `${message.meta.subscription.server}:${message.meta.subscription.channel}:${raw}`;
 }
 function resolveUserId(
   message: ChannelMessage,
   session?: string,
 ): string | undefined {
-  const raw = message.meta.identity.user?.trim();
+  const raw = message.meta.user?.trim();
   if (!raw) return session;
   // Same user id across different servers is not the same human, so scope
   // user ids by server. Channel is intentionally omitted so long-term memory
   // can stay consistent for a user across rooms within one server.
-  return `${message.meta.server}:${raw}`;
+  return `${message.meta.subscription.server}:${raw}`;
 }
 function formatSubscriptions(
@@ -91,7 +91,7 @@ export async function main(options: RunDaemonOptions): Promise<void> {
   const [queue, stop] = await createQueue(
     async (message: ChannelMessage) => {
-      const tag = `${message.meta.server}:${message.meta.channel}`;
+      const tag = `${message.meta.subscription.server}:${message.meta.subscription.channel}`;
       const session = resolveSessionId(message, options.session);
       const user = resolveUserId(message, session);
@@ -103,18 +103,12 @@ export async function main(options: RunDaemonOptions): Promise<void> {
       options.agent.appState.set("userId", user);
       options.agent.appState.set("sessionId", session);
       const origin = {
-        server: message.meta.server,
-        channel: message.meta.channel,
+        server: message.meta.subscription.server,
+        channel: message.meta.subscription.channel,
         ...(message.meta.source ? { source: message.meta.source } : {}),
-        ...(message.meta.identity.user
-          ? { user: message.meta.identity.user }
-          : {}),
-        ...(message.meta.identity.session
-          ? { session: message.meta.identity.session }
-          : {}),
-        ...(message.meta.identity.thread
-          ? { thread: message.meta.identity.thread }
-          : {}),
+        ...(message.meta.user ? { user: message.meta.user } : {}),
+        ...(message.meta.session ? { session: message.meta.session } : {}),
+        ...(message.meta.thread ? { thread: message.meta.thread } : {}),
       };
       options.agent.appState.set("origin", {
         ...origin,
@@ -143,7 +137,7 @@ export async function main(options: RunDaemonOptions): Promise<void> {
     channels,
     (message) => {
       debug(
-        `received notification → ${message.meta.server}:${message.meta.channel}`,
+        `received notification → ${message.meta.subscription.server}:${message.meta.subscription.channel}`,
       );
       void queue.push(message);
     },