martin-loop 0.1.2 → 0.1.4

package/dist/vendor/core/leash.d.ts

@@ -0,0 +1,48 @@
+import type { ApprovalPolicy, ExecutionProfile, LoopTask } from "../contracts/index.js";
+export type SafetySurface = "command" | "filesystem" | "secret" | "spend" | "network" | "dependency";
+export type SafetyViolationKind = "command_blocked" | "path_not_allowed" | "path_denied" | "path_outside_repo" | "network_blocked" | "dependency_approval_required" | "migration_approval_required" | "config_change_approval_required" | "secret_value" | "protected_path";
+export interface SafetyViolation {
+    kind: SafetyViolationKind;
+    message: string;
+    command?: string;
+    file?: string;
+    match?: string;
+}
+export interface SafetyLeashDecision {
+    allowed: boolean;
+    blocked: boolean;
+    riskLevel: "safe" | "blocked";
+    surface: SafetySurface;
+    profile?: ExecutionProfile;
+    blockedCommands: string[];
+    violations: SafetyViolation[];
+    reason?: string;
+}
+export interface ResolvedExecutionProfile {
+    name: ExecutionProfile;
+    networkMode: "off" | "allowlisted" | "open";
+    allowedNetworkDomains: string[];
+    requireDependencyApproval: boolean;
+    requireMigrationApproval: boolean;
+    requireConfigApproval: boolean;
+}
+export declare function evaluateVerificationLeash(task: Pick<LoopTask, "verificationPlan" | "verificationStack" | "executionProfile" | "allowedNetworkDomains">): SafetyLeashDecision;
+export declare function evaluateFilesystemLeash(input: {
+    repoRoot?: string;
+    changedFiles: string[];
+    allowedPaths?: string[];
+    deniedPaths?: string[];
+}): SafetyLeashDecision;
+export declare function evaluateSecretLeash(input: {
+    values: string[];
+}): SafetyLeashDecision;
+export declare function resolveExecutionProfile(input: {
+    executionProfile?: ExecutionProfile;
+    allowedNetworkDomains?: string[];
+}): ResolvedExecutionProfile;
+export declare function evaluateChangeApprovalLeash(input: {
+    changedFiles: string[];
+    executionProfile?: ExecutionProfile;
+    approvalPolicy?: ApprovalPolicy;
+}): SafetyLeashDecision;
+export declare function redactSecretsFromText(input: string): string;

package/dist/vendor/core/leash.js

@@ -0,0 +1,408 @@
+import { isAbsolute, relative, resolve } from "node:path";
+const BLOCKED_PATTERNS = [
+    /(^|\s)rm\s+-rf(\s|$)/u,
+    /git\s+reset\s+--hard/iu,
+    /git\s+clean\s+-fd/iu,
+    /curl\b[^\n|]*\|\s*(sh|bash)/iu,
+    /wget\b[^\n|]*\|\s*(sh|bash)/iu,
+    /(^|\s)sudo(\s|$)/u,
+    /(^|\s)mkfs(\.|\s|$)/u,
+    /(^|\s)dd\s+if=/u,
+    /(shutdown|reboot)(\s|$)/iu,
+    /:\(\)\{:\|:&\};:/u,
+    /chmod\s+-R\s+777\s+\//iu,
+    /(kubectl|docker)\s+.*\b(delete|prune|rm)\b/iu,
+    /ssh\s+/iu,
+    /scp\s+/iu
+];
+const SECRET_PATTERNS = [
+    {
+        kind: "secret_value",
+        pattern: /\bOPENAI_API_KEY\s*=\s*[^\s"'`]+/giu,
+        replacement: "OPENAI_API_KEY=[REDACTED_SECRET]"
+    },
+    {
+        kind: "secret_value",
+        pattern: /\bsk-[A-Za-z0-9_-]{8,}\b/gu,
+        replacement: "[REDACTED_SECRET]"
+    },
+    {
+        kind: "secret_value",
+        pattern: /\bghp_[A-Za-z0-9_]{8,}\b/gu,
+        replacement: "[REDACTED_SECRET]"
+    }
+];
+const PROTECTED_PATH_PATTERNS = [
+    {
+        kind: "protected_path",
+        pattern: /\B\.env(?!\.example\b)(?:\.[A-Za-z0-9._-]+)?\b/giu,
+        replacement: "[REDACTED_PATH]"
+    },
+    {
+        kind: "protected_path",
+        pattern: /\bid_rsa\b/giu,
+        replacement: "[REDACTED_PATH]"
+    },
+    {
+        kind: "protected_path",
+        pattern: /\b[A-Za-z0-9._/-]+\.(pem|p12|key)\b/giu,
+        replacement: "[REDACTED_PATH]"
+    }
+];
+export function evaluateVerificationLeash(task) {
+    const commands = [
+        ...(task.verificationPlan ?? []),
+        ...((task.verificationStack ?? []).map((step) => step.command))
+    ].filter(Boolean);
+    const profile = resolveExecutionProfile(task);
+    const blockedCommands = commands.filter((command) => BLOCKED_PATTERNS.some((pattern) => pattern.test(command)));
+    const violations = blockedCommands.map((command) => ({
+        kind: "command_blocked",
+        command,
+        message: `Blocked destructive verifier command: ${command}`
+    }));
+    if (blockedCommands.length > 0) {
+        return {
+            allowed: false,
+            blocked: true,
+            riskLevel: "blocked",
+            surface: "command",
+            profile: profile.name,
+            blockedCommands,
+            violations,
+            reason: "Safety leash blocked destructive or unbounded verifier commands."
+        };
+    }
+    const networkViolations = commands
+        .map((command) => buildNetworkViolation(command, profile))
+        .filter((violation) => Boolean(violation));
+    if (networkViolations.length > 0) {
+        return {
+            allowed: false,
+            blocked: true,
+            riskLevel: "blocked",
+            surface: "network",
+            profile: profile.name,
+            blockedCommands: commands.filter((command) => buildNetworkViolation(command, profile)),
+            violations: networkViolations,
+            reason: `Safety leash blocked outbound network access for the ${profile.name} profile.`
+        };
+    }
+    return {
+        allowed: true,
+        blocked: false,
+        riskLevel: "safe",
+        surface: "command",
+        profile: profile.name,
+        blockedCommands: [],
+        violations: []
+    };
+}
+export function evaluateFilesystemLeash(input) {
+    const violations = [];
+    for (const rawFile of input.changedFiles) {
+        const normalized = normalizeChangedFile(rawFile, input.repoRoot);
+        if (normalized.outsideRepo) {
+            violations.push({
+                kind: "path_outside_repo",
+                file: rawFile,
+                message: `Changed file is outside the configured repo root: ${rawFile}`
+            });
+            continue;
+        }
+        const file = normalized.file;
+        if (!file) {
+            continue;
+        }
+        if ((input.deniedPaths ?? []).some((pattern) => matchesPathPattern(file, pattern))) {
+            violations.push({
+                kind: "path_denied",
+                file,
+                message: `Changed file matches a denylisted path: ${file}`
+            });
+            continue;
+        }
+        const allowedPaths = input.allowedPaths ?? [];
+        if (allowedPaths.length > 0 && !allowedPaths.some((pattern) => matchesPathPattern(file, pattern))) {
+            violations.push({
+                kind: "path_not_allowed",
+                file,
+                message: `Changed file is outside the allowed paths: ${file}`
+            });
+        }
+    }
+    if (violations.length > 0) {
+        return {
+            allowed: false,
+            blocked: true,
+            riskLevel: "blocked",
+            surface: "filesystem",
+            blockedCommands: [],
+            violations,
+            reason: "Safety leash blocked file changes outside the allowed repo contract."
+        };
+    }
+    return {
+        allowed: true,
+        blocked: false,
+        riskLevel: "safe",
+        surface: "filesystem",
+        blockedCommands: [],
+        violations: []
+    };
+}
+export function evaluateSecretLeash(input) {
+    const violations = [];
+    for (const value of input.values) {
+        if (!value)
+            continue;
+        for (const rule of SECRET_PATTERNS) {
+            for (const match of value.matchAll(rule.pattern)) {
+                const matched = match[0];
+                if (!matched)
+                    continue;
+                violations.push({
+                    kind: rule.kind,
+                    match: matched,
+                    message: "Secret-like credential value detected in the runtime context."
+                });
+            }
+        }
+    }
+    if (violations.length > 0) {
+        return {
+            allowed: false,
+            blocked: true,
+            riskLevel: "blocked",
+            surface: "secret",
+            blockedCommands: [],
+            violations,
+            reason: "Safety leash blocked secret-like credential values from entering the runtime context."
+        };
+    }
+    return {
+        allowed: true,
+        blocked: false,
+        riskLevel: "safe",
+        surface: "secret",
+        blockedCommands: [],
+        violations: []
+    };
+}
+export function resolveExecutionProfile(input) {
+    const name = input.executionProfile ?? "strict_local";
+    const allowedNetworkDomains = [...(input.allowedNetworkDomains ?? [])];
+    switch (name) {
+        case "ci_safe":
+            return {
+                name,
+                networkMode: "off",
+                allowedNetworkDomains,
+                requireDependencyApproval: true,
+                requireMigrationApproval: true,
+                requireConfigApproval: true
+            };
+        case "staging_controlled":
+            return {
+                name,
+                networkMode: allowedNetworkDomains.length > 0 ? "allowlisted" : "off",
+                allowedNetworkDomains,
+                requireDependencyApproval: true,
+                requireMigrationApproval: true,
+                requireConfigApproval: true
+            };
+        case "research_untrusted":
+            return {
+                name,
+                networkMode: allowedNetworkDomains.length > 0 ? "allowlisted" : "open",
+                allowedNetworkDomains,
+                requireDependencyApproval: true,
+                requireMigrationApproval: true,
+                requireConfigApproval: true
+            };
+        case "strict_local":
+        default:
+            return {
+                name: "strict_local",
+                networkMode: "off",
+                allowedNetworkDomains,
+                requireDependencyApproval: true,
+                requireMigrationApproval: true,
+                requireConfigApproval: true
+            };
+    }
+}
+export function evaluateChangeApprovalLeash(input) {
+    const profile = resolveExecutionProfile({
+        executionProfile: input.executionProfile
+    });
+    const violations = [];
+    for (const file of input.changedFiles.map((entry) => entry.replace(/\\/gu, "/"))) {
+        if (isDependencyFile(file) && profile.requireDependencyApproval && !input.approvalPolicy?.dependencyAdds) {
+            violations.push({
+                kind: "dependency_approval_required",
+                file,
+                message: `Dependency-related file change requires approval in the ${profile.name} profile: ${file}`
+            });
+            continue;
+        }
+        if (isMigrationFile(file) && profile.requireMigrationApproval && !input.approvalPolicy?.migrations) {
+            violations.push({
+                kind: "migration_approval_required",
+                file,
+                message: `Migration change requires approval in the ${profile.name} profile: ${file}`
+            });
+            continue;
+        }
+        if (isConfigChangeFile(file) && profile.requireConfigApproval && !input.approvalPolicy?.configChanges) {
+            violations.push({
+                kind: "config_change_approval_required",
+                file,
+                message: `Deployment or configuration change requires approval in the ${profile.name} profile: ${file}`
+            });
+        }
+    }
+    if (violations.length > 0) {
+        return {
+            allowed: false,
+            blocked: true,
+            riskLevel: "blocked",
+            surface: "dependency",
+            profile: profile.name,
+            blockedCommands: [],
+            violations,
+            reason: "Safety leash blocked dependency, migration, or configuration changes that require approval."
+        };
+    }
+    return {
+        allowed: true,
+        blocked: false,
+        riskLevel: "safe",
+        surface: "dependency",
+        profile: profile.name,
+        blockedCommands: [],
+        violations: []
+    };
+}
+export function redactSecretsFromText(input) {
+    let output = input;
+    for (const rule of [...SECRET_PATTERNS, ...PROTECTED_PATH_PATTERNS]) {
+        output = output.replace(rule.pattern, rule.replacement);
+    }
+    return output;
+}
+function normalizeChangedFile(file, repoRoot) {
+    const normalizedInput = file.replace(/\\/gu, "/");
+    if (!repoRoot) {
+        return {
+            file: normalizedInput,
+            outsideRepo: normalizedInput.startsWith("../") || normalizedInput.includes("/../")
+        };
+    }
+    const absoluteRoot = resolve(repoRoot);
+    const absoluteFile = isAbsolute(file) ? resolve(file) : resolve(absoluteRoot, file);
+    const repoRelative = relative(absoluteRoot, absoluteFile).replace(/\\/gu, "/");
+    if (repoRelative.length === 0 ||
+        repoRelative === ".." ||
+        repoRelative.startsWith("../") ||
+        isAbsolute(repoRelative)) {
+        return { outsideRepo: true };
+    }
+    return {
+        file: repoRelative,
+        outsideRepo: false
+    };
+}
+function matchesPathPattern(file, pattern) {
+    const normalizedFile = file.replace(/\\/gu, "/");
+    const normalizedPattern = pattern.replace(/\\/gu, "/");
+    if (normalizedPattern.includes("**")) {
+        const prefix = normalizedPattern.split("**")[0] ?? normalizedPattern;
+        return normalizedFile.startsWith(prefix.replace(/\/$/u, ""));
+    }
+    if (normalizedPattern.endsWith("*")) {
+        return normalizedFile.startsWith(normalizedPattern.replace(/\*+$/u, ""));
+    }
+    return (normalizedFile === normalizedPattern ||
+        normalizedFile.startsWith(`${normalizedPattern.replace(/\/$/u, "")}/`));
+}
+function buildNetworkViolation(command, profile) {
+    const targets = extractNetworkTargets(command);
+    if (targets.length === 0) {
+        return undefined;
+    }
+    if (profile.networkMode === "open") {
+        return undefined;
+    }
+    if (profile.networkMode === "allowlisted") {
+        const blockedTarget = targets.find((target) => !profile.allowedNetworkDomains.some((domain) => target === domain || target.endsWith(`.${domain}`)));
+        if (!blockedTarget) {
+            return undefined;
+        }
+        return {
+            kind: "network_blocked",
+            command,
+            match: blockedTarget,
+            message: `Network target is not allowlisted for the ${profile.name} profile: ${blockedTarget}`
+        };
+    }
+    return {
+        kind: "network_blocked",
+        command,
+        match: targets[0],
+        message: `Outbound network access is blocked for the ${profile.name} profile.`
+    };
+}
+function extractNetworkTargets(command) {
+    if (!/\b(curl|wget|invoke-webrequest|iwr|httpie|http)\b/iu.test(command)) {
+        return [];
+    }
+    return [...command.matchAll(/https?:\/\/([^/\s"'`]+)/giu)]
+        .map((match) => match[1]?.toLowerCase())
+        .filter((value) => Boolean(value));
+}
+function isDependencyFile(file) {
+    const normalized = file.replace(/\\/gu, "/");
+    return [
+        "package.json",
+        "package-lock.json",
+        "pnpm-lock.yaml",
+        "yarn.lock",
+        "bun.lock",
+        "bun.lockb",
+        "pyproject.toml",
+        "requirements.txt",
+        "Cargo.toml",
+        "Cargo.lock"
+    ].includes(normalized.split("/").at(-1) ?? normalized);
+}
+function isMigrationFile(file) {
+    const normalized = file.replace(/\\/gu, "/");
+    return (normalized.includes("/migrations/") ||
+        normalized.startsWith("migrations/") ||
+        normalized.includes("prisma/migrations/"));
+}
+function isConfigChangeFile(file) {
+    const normalized = file.replace(/\\/gu, "/");
+    const leaf = normalized.split("/").at(-1) ?? normalized;
+    if ([
+        "vercel.json",
+        "netlify.toml",
+        "wrangler.toml",
+        "docker-compose.yml",
+        "docker-compose.yaml",
+        "compose.yml",
+        "compose.yaml",
+        "fly.toml",
+        "railway.json"
+    ].includes(leaf)) {
+        return true;
+    }
+    return (normalized.startsWith(".github/workflows/") ||
+        normalized.startsWith("deploy/") ||
+        normalized.startsWith("deployment/") ||
+        normalized.startsWith("infra/") ||
+        normalized.startsWith("infrastructure/") ||
+        normalized.startsWith("ops/"));
+}
+//# sourceMappingURL=leash.js.map

package/dist/vendor/core/persistence/compiler.d.ts

@@ -0,0 +1,18 @@
+import { type CompilerAdapterRequest, type PromptPacket } from "../compiler.js";
+import type { RunStore } from "./store.js";
+export interface CompileResult {
+    packet: PromptPacket;
+}
+/**
+ * Compile a deterministic PromptPacket from the request state and, when a
+ * store is provided, persist it as compiled-context.json in the attempt
+ * artifact directory.
+ *
+ * R3.7: Context compiler produces deterministic compiled-context.json.
+ * R3.8: Any attempt prompt can be reconstructed from disk artifacts alone.
+ */
+export declare function compileAndPersistContext(request: CompilerAdapterRequest, options: {
+    attemptIndex: number;
+    store?: RunStore;
+    now?: string;
+}): Promise<CompileResult>;

package/dist/vendor/core/persistence/compiler.js

@@ -0,0 +1,35 @@
+import { compilePromptPacket } from "../compiler.js";
+import { makeLedgerEvent } from "./ledger.js";
+/**
+ * Compile a deterministic PromptPacket from the request state and, when a
+ * store is provided, persist it as compiled-context.json in the attempt
+ * artifact directory.
+ *
+ * R3.7: Context compiler produces deterministic compiled-context.json.
+ * R3.8: Any attempt prompt can be reconstructed from disk artifacts alone.
+ */
+export async function compileAndPersistContext(request, options) {
+    const packet = compilePromptPacket(request);
+    const ts = options.now ?? new Date().toISOString();
+    if (options.store) {
+        // Write compiled-context.json to attempt artifact directory
+        await options.store.writeAttemptArtifacts(request.loopId, options.attemptIndex, {
+            compiledContext: packet
+        });
+        // Append prompt.compiled ledger event
+        await options.store.appendLedger(request.loopId, makeLedgerEvent({
+            kind: "prompt.compiled",
+            runId: request.loopId,
+            attemptIndex: options.attemptIndex,
+            payload: {
+                attemptId: request.attemptId,
+                attemptNumber: packet.attemptNumber,
+                priorFailurePatterns: packet.priorFailurePatterns,
+                budgetEnvelope: packet.budgetEnvelope
+            },
+            timestamp: ts
+        }));
+    }
+    return { packet };
+}
+//# sourceMappingURL=compiler.js.map

package/dist/vendor/core/persistence/index.d.ts

@@ -0,0 +1,6 @@
+export { makeLedgerEvent } from "./ledger.js";
+export type { LedgerEvent, LedgerEventDraft, LedgerEventKind } from "./ledger.js";
+export { artifactDir, createFileRunStore, resolveRunsRoot, runDir } from "./store.js";
+export type { AttemptArtifacts, RunContract, RunStore } from "./store.js";
+export { compileAndPersistContext } from "./compiler.js";
+export type { CompileResult } from "./compiler.js";

package/dist/vendor/core/persistence/index.js

@@ -0,0 +1,4 @@
+export { makeLedgerEvent } from "./ledger.js";
+export { artifactDir, createFileRunStore, resolveRunsRoot, runDir } from "./store.js";
+export { compileAndPersistContext } from "./compiler.js";
+//# sourceMappingURL=index.js.map

package/dist/vendor/core/persistence/ledger.d.ts

@@ -0,0 +1,23 @@
+/**
+ * Ledger event types for the Phase 3 persistence stack.
+ * These are WRITE-side events that go into ledger.jsonl — separate from the
+ * read-model LoopEventType used by the control plane.
+ */
+export type LedgerEventKind = "contract.created" | "attempt.admitted" | "attempt.rejected" | "prompt.compiled" | "patch.generated" | "verification.completed" | "grounding.violations_found" | "safety.violations_found" | "budget.settled" | "attempt.kept" | "attempt.discarded" | "run.exited";
+export interface LedgerEvent {
+    kind: LedgerEventKind;
+    runId: string;
+    attemptIndex?: number;
+    timestamp: string;
+    payload: Record<string, unknown>;
+}
+export interface LedgerEventDraft {
+    kind: LedgerEventKind;
+    runId: string;
+    attemptIndex?: number;
+    payload: Record<string, unknown>;
+    timestamp?: string;
+}
+export declare function makeLedgerEvent(draft: LedgerEventDraft, options?: {
+    now?: string;
+}): LedgerEvent;

package/dist/vendor/core/persistence/ledger.js

@@ -0,0 +1,10 @@
+export function makeLedgerEvent(draft, options = {}) {
+    return {
+        kind: draft.kind,
+        runId: draft.runId,
+        timestamp: draft.timestamp ?? options.now ?? new Date().toISOString(),
+        payload: draft.payload,
+        ...(draft.attemptIndex !== undefined ? { attemptIndex: draft.attemptIndex } : {})
+    };
+}
+//# sourceMappingURL=ledger.js.map

package/dist/vendor/core/persistence/store.d.ts

@@ -0,0 +1,77 @@
+import type { LoopBudget, LoopTask, MachineState } from "../../contracts/index.js";
+import { type LedgerEvent } from "./ledger.js";
+export interface RunContract {
+    runId: string;
+    workspaceId: string;
+    projectId: string;
+    task: LoopTask;
+    budget: LoopBudget;
+    createdAt: string;
+    metadata?: Record<string, string>;
+}
+export interface AttemptArtifacts {
+    /** Compiled PromptPacket written as compiled-context.json */
+    compiledContext: unknown;
+    /** Unified diff string from the patch (optional) */
+    diff?: string;
+    /** Raw verifier command output (optional) */
+    verifierOutput?: string;
+    /** Grounding scan result (optional) */
+    groundingScan?: unknown;
+    /** Safety leash artifact captured for a blocked or escalated attempt (optional) */
+    leash?: unknown;
+    /** Patch score artifact captured for Phase 10 patch-truth decisions (optional) */
+    patchScore?: unknown;
+    /** Patch keep/discard/escalate decision artifact (optional) */
+    patchDecision?: unknown;
+    /** Rollback boundary captured before an attempt mutates the repo (optional) */
+    rollbackBoundary?: unknown;
+    /** Rollback restore outcome captured after discard/escalation/failure (optional) */
+    rollbackOutcome?: unknown;
+}
+/**
+ * RunStore isolates all filesystem persistence from orchestration logic.
+ * runMartin accepts an optional store; when provided, every lifecycle event
+ * is durably written before the run proceeds to the next step.
+ */
+export interface RunStore {
+    /**
+     * Write contract.json for a new run. Called once at run start.
+     * The contract is immutable after this point.
+     */
+    initRun(contract: RunContract): Promise<void>;
+    /**
+     * Overwrite state.json with the current MachineState.
+     * Called on every phase transition.
+     */
+    updateState(runId: string, state: MachineState): Promise<void>;
+    /**
+     * Append one event line to ledger.jsonl. Append-only — never rewrites.
+     */
+    appendLedger(runId: string, event: LedgerEvent): Promise<void>;
+    /**
+     * Write artifacts for a completed attempt to artifacts/attempt-<n>/.
+     */
+    writeAttemptArtifacts(runId: string, attemptIndex: number, artifacts: AttemptArtifacts): Promise<void>;
+}
+export declare function resolveRunsRoot(env?: NodeJS.ProcessEnv): string;
+export declare function runDir(runsRoot: string, runId: string): string;
+export declare function artifactDir(runsRoot: string, runId: string, attemptIndex: number): string;
+/**
+ * Filesystem-backed RunStore. Writes to:
+ *   <runsRoot>/<runId>/contract.json
+ *   <runsRoot>/<runId>/state.json
+ *   <runsRoot>/<runId>/ledger.jsonl
+ *   <runsRoot>/<runId>/artifacts/attempt-<n>/compiled-context.json
+ *   <runsRoot>/<runId>/artifacts/attempt-<n>/diff.patch (if diff provided)
+ *   <runsRoot>/<runId>/artifacts/attempt-<n>/verifier-output.txt (if provided)
+ *   <runsRoot>/<runId>/artifacts/attempt-<n>/grounding-scan.json (if provided)
+ *   <runsRoot>/<runId>/artifacts/attempt-<n>/leash.json (if leash provided)
+ *   <runsRoot>/<runId>/artifacts/attempt-<n>/patch-score.json (if patchScore provided)
+ *   <runsRoot>/<runId>/artifacts/attempt-<n>/patch-decision.json (if patchDecision provided)
+ *   <runsRoot>/<runId>/artifacts/attempt-<n>/rollback-boundary.json (if rollbackBoundary provided)
+ *   <runsRoot>/<runId>/artifacts/attempt-<n>/rollback-outcome.json (if rollbackOutcome provided)
+ */
+export declare function createFileRunStore(options?: {
+    runsRoot?: string;
+}): RunStore;