martin-loop 0.1.4 → 1.3.0

package/dist/vendor/core/policy/policy-schema.d.ts

@@ -0,0 +1,55 @@
+/**
+ * policy-schema.ts — SLICE-15
+ *
+ * Defines the MartinPolicyFile schema and built-in defaults.
+ * No external validation library — validated manually so zero new deps.
+ */
+export interface BudgetPolicy {
+    perRun: number;
+    perDay: number;
+}
+export interface SiemPolicy {
+    endpoint?: string;
+    format?: "ocsf" | "cef";
+    apiKey?: string;
+    flushIntervalMs?: number;
+}
+export interface PolicyFile {
+    /** Budget limits */
+    budgetUsd?: Partial<BudgetPolicy>;
+    /** Commands the leash always blocks (appended to built-in list) */
+    blockedCommands?: string[];
+    /** Verifier commands allowed to run (undefined = all allowed) */
+    allowedVerifiers?: string[];
+    /** Glob restricting which files attempts may touch */
+    fileScopeGlob?: string;
+    /** Hard cap on attempts per run */
+    maxAttempts?: number;
+    /** Pause and request approval before spending over this amount */
+    requireApprovalAboveUsd?: number;
+    /** CVE check configuration */
+    cveCheck?: {
+        enabled?: boolean;
+        blockSeverity?: "CRITICAL" | "HIGH" | "MEDIUM" | "LOW";
+        failClosed?: boolean;
+    };
+    /** SIEM configuration */
+    siem?: SiemPolicy;
+}
+export interface ResolvedPolicy {
+    budgetUsd: BudgetPolicy;
+    blockedCommands: string[];
+    allowedVerifiers: string[] | null;
+    fileScopeGlob: string | null;
+    maxAttempts: number;
+    requireApprovalAboveUsd: number | null;
+    cveCheck: {
+        enabled: boolean;
+        blockSeverity: "CRITICAL" | "HIGH" | "MEDIUM" | "LOW";
+        failClosed: boolean;
+    };
+    siem: SiemPolicy;
+}
+export declare const BUILTIN_DEFAULTS: ResolvedPolicy;
+export declare function validatePolicyFile(raw: unknown): string[];
+export declare function mergePolicies(base: ResolvedPolicy, override: PolicyFile): ResolvedPolicy;

package/dist/vendor/core/policy/policy-schema.js

@@ -0,0 +1,78 @@
+/**
+ * policy-schema.ts — SLICE-15
+ *
+ * Defines the MartinPolicyFile schema and built-in defaults.
+ * No external validation library — validated manually so zero new deps.
+ */
+// ---------------------------------------------------------------------------
+// Built-in defaults
+// ---------------------------------------------------------------------------
+export const BUILTIN_DEFAULTS = {
+    budgetUsd: { perRun: Infinity, perDay: Infinity },
+    blockedCommands: [],
+    allowedVerifiers: null,
+    fileScopeGlob: null,
+    maxAttempts: 10,
+    requireApprovalAboveUsd: null,
+    cveCheck: { enabled: true, blockSeverity: "HIGH", failClosed: false },
+    siem: {}
+};
+// ---------------------------------------------------------------------------
+// Validator — returns error strings or empty array
+// ---------------------------------------------------------------------------
+export function validatePolicyFile(raw) {
+    const errors = [];
+    if (raw === null || typeof raw !== "object") {
+        return ["Policy file must be a JSON object"];
+    }
+    const p = raw;
+    if (p.budgetUsd !== undefined) {
+        if (typeof p.budgetUsd !== "object" || p.budgetUsd === null) {
+            errors.push("budgetUsd must be an object");
+        }
+        else {
+            const b = p.budgetUsd;
+            if (b.perRun !== undefined && typeof b.perRun !== "number")
+                errors.push("budgetUsd.perRun must be a number");
+            if (b.perDay !== undefined && typeof b.perDay !== "number")
+                errors.push("budgetUsd.perDay must be a number");
+        }
+    }
+    if (p.blockedCommands !== undefined && !Array.isArray(p.blockedCommands))
+        errors.push("blockedCommands must be an array of strings");
+    if (p.allowedVerifiers !== undefined && !Array.isArray(p.allowedVerifiers))
+        errors.push("allowedVerifiers must be an array of strings");
+    if (p.fileScopeGlob !== undefined && typeof p.fileScopeGlob !== "string")
+        errors.push("fileScopeGlob must be a string");
+    if (p.maxAttempts !== undefined && (typeof p.maxAttempts !== "number" || p.maxAttempts < 1))
+        errors.push("maxAttempts must be a positive integer");
+    if (p.requireApprovalAboveUsd !== undefined && typeof p.requireApprovalAboveUsd !== "number")
+        errors.push("requireApprovalAboveUsd must be a number");
+    return errors;
+}
+// ---------------------------------------------------------------------------
+// Merge: layer b on top of a (b wins on defined fields)
+// ---------------------------------------------------------------------------
+export function mergePolicies(base, override) {
+    return {
+        budgetUsd: {
+            perRun: override.budgetUsd?.perRun ?? base.budgetUsd.perRun,
+            perDay: override.budgetUsd?.perDay ?? base.budgetUsd.perDay
+        },
+        blockedCommands: [
+            ...base.blockedCommands,
+            ...(override.blockedCommands ?? [])
+        ],
+        allowedVerifiers: override.allowedVerifiers ?? base.allowedVerifiers,
+        fileScopeGlob: override.fileScopeGlob ?? base.fileScopeGlob,
+        maxAttempts: override.maxAttempts ?? base.maxAttempts,
+        requireApprovalAboveUsd: override.requireApprovalAboveUsd ?? base.requireApprovalAboveUsd,
+        cveCheck: {
+            enabled: override.cveCheck?.enabled ?? base.cveCheck.enabled,
+            blockSeverity: override.cveCheck?.blockSeverity ?? base.cveCheck.blockSeverity,
+            failClosed: override.cveCheck?.failClosed ?? base.cveCheck.failClosed
+        },
+        siem: { ...base.siem, ...(override.siem ?? {}) }
+    };
+}
+//# sourceMappingURL=policy-schema.js.map

package/dist/vendor/core/policy.d.ts

@@ -18,6 +18,12 @@ export interface ExitDecision {
     lifecycleState: LoopLifecycleState;
     status: LoopStatus;
     reason: string;
+    /** Machine-readable stop classifier for non-attempt exits such as preflight safety blocks. */
+    failureClass?: FailureClass;
+    /** Machine-readable safety surface, when the stop came from a safety leash. */
+    safetySurface?: string;
+    /** Stable reason code for dashboards, MCP, and downstream automation. */
+    reasonCode?: string;
 }
 export interface MartinAdapterResultLike {
     status: "completed" | "failed";

package/dist/vendor/core/probe/probe.d.ts

@@ -0,0 +1,49 @@
+import type { MartinAdapter, MartinUsage, ProbeTier } from "../index.js";
+export type EntryProbeRoute = "primary" | "cheap-first";
+export type EntryProbeOutcome = {
+    status: "skipped";
+    route: "primary";
+    reason: string;
+    primaryModel: string;
+    initialModel: string;
+    usage: MartinUsage;
+} | {
+    status: "failed";
+    route: "primary";
+    reason: string;
+    primaryModel: string;
+    initialModel: string;
+    probeModel: string;
+    usage: MartinUsage;
+    startedAt: string;
+    completedAt: string;
+    adapterId: string;
+    providerId: string;
+} | {
+    status: "completed";
+    route: EntryProbeRoute;
+    reason: string;
+    primaryModel: string;
+    initialModel: string;
+    probeModel: string;
+    tier: ProbeTier;
+    usage: MartinUsage;
+    startedAt: string;
+    completedAt: string;
+    adapterId: string;
+    providerId: string;
+};
+export declare function resolveProbeModel(primaryModel: string, fallbackModels: string[]): string | undefined;
+export declare function selectProbeRoute(input: {
+    status: "completed" | "failed" | "skipped";
+    tier?: ProbeTier;
+}): EntryProbeRoute;
+export declare function probePhase(input: {
+    adapter: MartinAdapter;
+    fallbackModels: string[];
+    objective: string;
+    fileHints: string[];
+    remainingBudgetUsd: number;
+    primaryModel: string;
+    now: () => string;
+}): Promise<EntryProbeOutcome>;

package/dist/vendor/core/probe/probe.js

@@ -0,0 +1,115 @@
+export function resolveProbeModel(primaryModel, fallbackModels) {
+    const orderedModels = [...new Set(fallbackModels.map((model) => model.trim()).filter(Boolean))];
+    const primaryIndex = orderedModels.indexOf(primaryModel.trim());
+    if (primaryIndex <= 0) {
+        return undefined;
+    }
+    return orderedModels[0];
+}
+export function selectProbeRoute(input) {
+    return input.status === "completed" && input.tier === "trivial" ? "cheap-first" : "primary";
+}
+export async function probePhase(input) {
+    const probeModel = resolveProbeModel(input.primaryModel, input.fallbackModels);
+    if (!probeModel) {
+        return {
+            status: "skipped",
+            route: "primary",
+            reason: "No cheaper same-lane fallback model is configured for the current primary.",
+            primaryModel: input.primaryModel,
+            initialModel: input.primaryModel,
+            usage: zeroUsage()
+        };
+    }
+    const probeAdapter = input.adapter.withModel?.(probeModel);
+    if (!probeAdapter?.probe) {
+        return {
+            status: "skipped",
+            route: "primary",
+            reason: "The current adapter does not support entry probing.",
+            primaryModel: input.primaryModel,
+            initialModel: input.primaryModel,
+            usage: zeroUsage()
+        };
+    }
+    const startedAt = input.now();
+    try {
+        const result = await probeAdapter.probe({
+            objective: input.objective,
+            fileHints: input.fileHints,
+            primaryModel: input.primaryModel,
+            probeModel,
+            remainingBudgetUsd: input.remainingBudgetUsd
+        });
+        return buildOutcome({
+            result,
+            probeModel,
+            primaryModel: input.primaryModel,
+            startedAt,
+            completedAt: input.now(),
+            adapterId: probeAdapter.adapterId,
+            providerId: probeAdapter.metadata.providerId
+        });
+    }
+    catch (error) {
+        const reason = error instanceof Error ? error.message : String(error);
+        return {
+            status: "failed",
+            route: "primary",
+            reason,
+            primaryModel: input.primaryModel,
+            initialModel: input.primaryModel,
+            probeModel,
+            usage: zeroUsage(),
+            startedAt,
+            completedAt: input.now(),
+            adapterId: probeAdapter.adapterId,
+            providerId: probeAdapter.metadata.providerId
+        };
+    }
+}
+function buildOutcome(input) {
+    if (input.result.status === "completed") {
+        const route = selectProbeRoute({
+            status: input.result.status,
+            tier: input.result.tier
+        });
+        const initialModel = route === "cheap-first" ? input.probeModel : input.primaryModel;
+        return {
+            status: "completed",
+            route,
+            reason: input.result.reason,
+            primaryModel: input.primaryModel,
+            initialModel,
+            probeModel: input.probeModel,
+            tier: input.result.tier,
+            usage: input.result.usage,
+            startedAt: input.startedAt,
+            completedAt: input.completedAt,
+            adapterId: input.adapterId,
+            providerId: input.providerId
+        };
+    }
+    return {
+        status: "failed",
+        route: "primary",
+        reason: input.result.reason,
+        primaryModel: input.primaryModel,
+        initialModel: input.primaryModel,
+        probeModel: input.probeModel,
+        usage: input.result.usage,
+        startedAt: input.startedAt,
+        completedAt: input.completedAt,
+        adapterId: input.adapterId,
+        providerId: input.providerId
+    };
+}
+function zeroUsage() {
+    return {
+        actualUsd: 0,
+        tokensIn: 0,
+        tokensOut: 0,
+        provenance: "unavailable"
+    };
+}
+//# sourceMappingURL=probe.js.map

package/dist/vendor/core/proof/patch-proof.d.ts

@@ -0,0 +1,58 @@
+export type ConfidenceGrade = "A" | "B" | "C";
+export interface ProofRedFinding {
+    trapId: string;
+    severity: "warn" | "block";
+    description: string;
+}
+export interface PatchProof {
+    runId: string;
+    patchId: string;
+    confidenceGrade: ConfidenceGrade;
+    proofBundleVersion: "h3.v1";
+    emittedAt: string;
+    changedSymbols: string[];
+    affectedPublicInterfaces: string[];
+    downstreamCallSites: string[];
+    driftViolations: string[];
+    redFindingsResolved: number;
+    residualRisk: "low" | "medium" | "high";
+    rollbackCompatible: boolean;
+    /** Required when confidenceGrade is C */
+    gradeJustification?: string;
+}
+export interface PatchProofInput {
+    runId: string;
+    patchId: string;
+    changedSymbols: string[];
+    affectedPublicInterfaces: string[];
+    downstreamCallSites: string[];
+    driftViolations: string[];
+    redFindingsResolved: number;
+    redFindings: ProofRedFinding[];
+    rollbackCompatible: boolean;
+    /** Provide when grade would be C to satisfy the justification requirement */
+    gradeJustification?: string;
+}
+/**
+ * Determines the confidence grade from findings.
+ *
+ * A — zero warn+block findings, no drift violations
+ * B — ≤2 warn-severity findings, zero block findings
+ * C — >2 warn findings (all warn, none block) — requires gradeJustification
+ * D — any block-severity finding → caller must REJECT, never emit
+ */
+export declare function gradeFromFindings(input: {
+    redFindings: ProofRedFinding[];
+    driftViolations: string[];
+}): ConfidenceGrade | "D";
+/**
+ * Builds a PatchProof object. Returns null if the grade is D (block findings).
+ * Never emits grade D — caller should reject the patch.
+ */
+export declare function buildPatchProof(input: PatchProofInput): PatchProof;
+/**
+ * Builds and writes patch-proof.json to the run output directory.
+ * Returns the written proof, or null if the patch should be rejected (grade D).
+ * A null return means NO file was written.
+ */
+export declare function emitPatchProof(input: PatchProofInput, runDir: string): Promise<PatchProof | null>;

package/dist/vendor/core/proof/patch-proof.js

@@ -0,0 +1,84 @@
+import { writeFile } from "node:fs/promises";
+import { join } from "node:path";
+// ─── Grade logic ──────────────────────────────────────────────────────────────
+/**
+ * Determines the confidence grade from findings.
+ *
+ * A — zero warn+block findings, no drift violations
+ * B — ≤2 warn-severity findings, zero block findings
+ * C — >2 warn findings (all warn, none block) — requires gradeJustification
+ * D — any block-severity finding → caller must REJECT, never emit
+ */
+export function gradeFromFindings(input) {
+    const blockCount = input.redFindings.filter((f) => f.severity === "block").length;
+    if (blockCount > 0)
+        return "D";
+    const warnCount = input.redFindings.filter((f) => f.severity === "warn").length;
+    const hasDrift = input.driftViolations.length > 0;
+    if (warnCount === 0 && !hasDrift)
+        return "A";
+    if (warnCount <= 2 && !hasDrift)
+        return "B";
+    return "C";
+}
+function residualRiskFromGrade(grade) {
+    if (grade === "A")
+        return "low";
+    if (grade === "B")
+        return "medium";
+    return "high";
+}
+// ─── Builder ──────────────────────────────────────────────────────────────────
+/**
+ * Builds a PatchProof object. Returns null if the grade is D (block findings).
+ * Never emits grade D — caller should reject the patch.
+ */
+export function buildPatchProof(input) {
+    const grade = gradeFromFindings({
+        redFindings: input.redFindings,
+        driftViolations: input.driftViolations
+    });
+    const gradeJustification = input.gradeJustification?.trim();
+    if (grade === "D") {
+        throw new Error(`buildPatchProof: patch ${input.patchId} has block-severity findings — must be rejected, not proven.`);
+    }
+    if (grade === "C" && !gradeJustification) {
+        throw new Error(`buildPatchProof: grade C requires a non-empty gradeJustification for patch ${input.patchId}.`);
+    }
+    const proof = {
+        runId: input.runId,
+        patchId: input.patchId,
+        confidenceGrade: grade,
+        proofBundleVersion: "h3.v1",
+        emittedAt: new Date().toISOString(),
+        changedSymbols: input.changedSymbols,
+        affectedPublicInterfaces: input.affectedPublicInterfaces,
+        downstreamCallSites: input.downstreamCallSites,
+        driftViolations: input.driftViolations,
+        redFindingsResolved: input.redFindingsResolved,
+        residualRisk: residualRiskFromGrade(grade),
+        rollbackCompatible: input.rollbackCompatible,
+        ...(grade === "C" && gradeJustification ? { gradeJustification } : {})
+    };
+    return proof;
+}
+// ─── Emitter ──────────────────────────────────────────────────────────────────
+/**
+ * Builds and writes patch-proof.json to the run output directory.
+ * Returns the written proof, or null if the patch should be rejected (grade D).
+ * A null return means NO file was written.
+ */
+export async function emitPatchProof(input, runDir) {
+    const grade = gradeFromFindings({
+        redFindings: input.redFindings,
+        driftViolations: input.driftViolations
+    });
+    if (grade === "D") {
+        // Grade D is never emitted — patch is rejected
+        return null;
+    }
+    const proof = buildPatchProof(input);
+    await writeFile(join(runDir, "patch-proof.json"), JSON.stringify(proof, null, 2), "utf8");
+    return proof;
+}
+//# sourceMappingURL=patch-proof.js.map

package/dist/vendor/core/proof/semantic-probe.d.ts

@@ -0,0 +1,25 @@
+export type ProbeGrade = "A" | "B" | "C";
+export type ProbeReasonCode = "semantic_implausible" | "probe_disabled" | "probe_error";
+export interface SemanticProbeOptions {
+    objective: string;
+    diff: string;
+    modelCallFn?: (prompt: string) => Promise<string>;
+    policy?: {
+        enabled: boolean;
+    };
+}
+export interface SemanticProbeResult {
+    plausible: boolean;
+    grade: ProbeGrade;
+    reasonCode?: ProbeReasonCode;
+    reason?: string;
+}
+/**
+ * Runs a cheap model probe to check whether a diff is semantically plausible
+ * for the given objective. This is a SOFT signal — it never hard-blocks a
+ * patch. A "no" response downgrades the grade (A→B, B→C, C→C).
+ *
+ * Fail-open: if the probe is disabled, the model call throws, or no
+ * modelCallFn is provided, returns plausible:true with grade unchanged.
+ */
+export declare function semanticPlausibilityProbe(options: SemanticProbeOptions, baseGrade?: ProbeGrade): Promise<SemanticProbeResult>;

package/dist/vendor/core/proof/semantic-probe.js

@@ -0,0 +1,82 @@
+// SLICE-08 — Semantic plausibility probe
+// Soft second-order guard that asks a model: "does this diff plausibly solve
+// this objective?" Failure downgrades the patch grade but never hard-blocks.
+function downgradeGrade(grade) {
+    if (grade === "A")
+        return "B";
+    if (grade === "B")
+        return "C";
+    return "C";
+}
+function buildProbePrompt(objective, diff) {
+    return [
+        "You are a code review assistant.",
+        "Objective: " + objective,
+        "Diff:\n" + diff,
+        "",
+        'Does this diff plausibly solve the objective? Answer with exactly "yes" or "no".'
+    ].join("\n");
+}
+/**
+ * Runs a cheap model probe to check whether a diff is semantically plausible
+ * for the given objective. This is a SOFT signal — it never hard-blocks a
+ * patch. A "no" response downgrades the grade (A→B, B→C, C→C).
+ *
+ * Fail-open: if the probe is disabled, the model call throws, or no
+ * modelCallFn is provided, returns plausible:true with grade unchanged.
+ */
+export async function semanticPlausibilityProbe(options, baseGrade = "A") {
+    const { objective, diff, modelCallFn, policy } = options;
+    // Disabled path
+    if (policy && !policy.enabled) {
+        return {
+            plausible: true,
+            grade: baseGrade,
+            reasonCode: "probe_disabled",
+            reason: "Semantic probe is disabled by policy"
+        };
+    }
+    // No model function provided — fail open
+    if (!modelCallFn) {
+        return {
+            plausible: true,
+            grade: baseGrade,
+            reasonCode: "probe_disabled",
+            reason: "No modelCallFn provided; probe skipped"
+        };
+    }
+    try {
+        const prompt = buildProbePrompt(objective, diff);
+        const response = await modelCallFn(prompt);
+        const normalized = response.trim().toLowerCase();
+        if (normalized.includes("yes")) {
+            return { plausible: true, grade: baseGrade };
+        }
+        if (normalized.includes("no")) {
+            const downgradedGrade = downgradeGrade(baseGrade);
+            return {
+                plausible: false,
+                grade: downgradedGrade,
+                reasonCode: "semantic_implausible",
+                reason: "Model probe responded: diff does not plausibly solve objective"
+            };
+        }
+        // Ambiguous response — fail open
+        return {
+            plausible: true,
+            grade: baseGrade,
+            reasonCode: "probe_error",
+            reason: `Ambiguous probe response: "${response.slice(0, 80)}"`
+        };
+    }
+    catch (err) {
+        const message = err instanceof Error ? err.message : String(err);
+        return {
+            plausible: true,
+            grade: baseGrade,
+            reasonCode: "probe_error",
+            reason: `Probe model call failed: ${message}`
+        };
+    }
+}
+//# sourceMappingURL=semantic-probe.js.map

package/dist/vendor/core/recovery/failure-mode-runner.d.ts

@@ -0,0 +1,29 @@
+export interface FailureModeRecoveryCase {
+    modeId: string;
+    injectedFault: string;
+    expectedRecovery: string;
+    recovered: boolean;
+    silentCorruption: boolean;
+    recoveryTimeMs: number;
+    evidence: string[];
+}
+export interface FailureModeRecoverySuiteInput {
+    suiteId: string;
+    cases: FailureModeRecoveryCase[];
+    minRecoveryRate?: number;
+    maxSilentCorruption?: number;
+    maxRecoveryTimeMs?: number;
+}
+export interface FailureModeRecoverySuiteReport {
+    suiteId: string;
+    totalCases: number;
+    recoveredCases: number;
+    recoveryRate: number;
+    silentCorruptionCount: number;
+    maxObservedRecoveryTimeMs: number;
+    gateStatus: "pass" | "fail";
+    allowedClaimWording: string;
+    nonClaims: string[];
+    cases: FailureModeRecoveryCase[];
+}
+export declare function runFailureModeRecoverySuite(input: FailureModeRecoverySuiteInput): FailureModeRecoverySuiteReport;

package/dist/vendor/core/recovery/failure-mode-runner.js

@@ -0,0 +1,39 @@
+export function runFailureModeRecoverySuite(input) {
+    const totalCases = input.cases.length;
+    const recoveredCases = input.cases.filter((testCase) => testCase.recovered).length;
+    const silentCorruptionCount = input.cases.filter((testCase) => testCase.silentCorruption).length;
+    const maxObservedRecoveryTimeMs = Math.max(0, ...input.cases.map((testCase) => testCase.recoveryTimeMs));
+    const recoveryRate = totalCases === 0 ? 0 : Math.round((recoveredCases / totalCases) * 10000) / 100;
+    const minRecoveryRate = input.minRecoveryRate ?? 99;
+    const maxSilentCorruption = input.maxSilentCorruption ?? 0;
+    const maxRecoveryTimeMs = input.maxRecoveryTimeMs ?? Number.POSITIVE_INFINITY;
+    const gateStatus = recoveryRate >= minRecoveryRate &&
+        silentCorruptionCount <= maxSilentCorruption &&
+        maxObservedRecoveryTimeMs <= maxRecoveryTimeMs
+        ? "pass"
+        : "fail";
+    return {
+        suiteId: input.suiteId,
+        totalCases,
+        recoveredCases,
+        recoveryRate,
+        silentCorruptionCount,
+        maxObservedRecoveryTimeMs,
+        gateStatus,
+        allowedClaimWording: `Self-healing for the declared failure-mode catalog only: ${recoveredCases}/${totalCases} recovered, ` +
+            `${silentCorruptionCount} silent-corruption cases.`,
+        nonClaims: [
+            "unqualified self-healing",
+            "universal recovery",
+            "recovery for undeclared failure modes"
+        ],
+        cases: input.cases.map(cloneCase)
+    };
+}
+function cloneCase(testCase) {
+    return {
+        ...testCase,
+        evidence: [...testCase.evidence]
+    };
+}
+//# sourceMappingURL=failure-mode-runner.js.map