martin-loop 0.1.4 → 1.3.0

package/dist/vendor/adapters/verifier-only.d.ts

@@ -0,0 +1,7 @@
+import type { MartinAdapter } from "../core/index.js";
+export interface VerifierOnlyAdapterOptions {
+    workingDirectory?: string;
+    verifyTimeoutMs?: number;
+    label?: string;
+}
+export declare function createVerifierOnlyAdapter(options?: VerifierOnlyAdapterOptions): MartinAdapter;

package/dist/vendor/adapters/verifier-only.js

@@ -0,0 +1,57 @@
+import { readGitExecutionArtifacts, runVerification } from "./cli-bridge.js";
+import { createAdapterCapabilities, normalizeUsage } from "./runtime-support.js";
+export function createVerifierOnlyAdapter(options = {}) {
+    const workingDirectory = options.workingDirectory ?? process.cwd();
+    const verifyTimeoutMs = options.verifyTimeoutMs ?? 60_000;
+    return {
+        adapterId: "direct:verifier:verify-only",
+        kind: "direct-provider",
+        label: options.label ?? "Verifier-only adapter",
+        metadata: {
+            providerId: "verifier",
+            model: "verify-only",
+            transport: "cli",
+            capabilities: createAdapterCapabilities({
+                usageSettlement: true,
+                diffArtifacts: true
+            })
+        },
+        async execute(request) {
+            const verification = await runVerification(request.context.verificationPlan, workingDirectory, verifyTimeoutMs, request.context.verificationStack);
+            const execution = await readGitExecutionArtifacts(workingDirectory, 5_000);
+            const changedFiles = execution.changedFiles ?? [];
+            if (verification.passed) {
+                return {
+                    status: "completed",
+                    summary: changedFiles.length > 0
+                        ? `Verifier-only run completed but modified files: ${changedFiles.join(", ")}`
+                        : "Verifier-only run completed without file edits.",
+                    usage: normalizeUsage({
+                        actualUsd: 0,
+                        tokensIn: 0,
+                        tokensOut: 0,
+                        provenance: "actual"
+                    }),
+                    verification,
+                    execution
+                };
+            }
+            return {
+                status: "failed",
+                summary: "Verifier-only run failed.",
+                usage: normalizeUsage({
+                    actualUsd: 0,
+                    tokensIn: 0,
+                    tokensOut: 0,
+                    provenance: "actual"
+                }),
+                verification,
+                execution,
+                failure: {
+                    message: verification.summary
+                }
+            };
+        }
+    };
+}
+//# sourceMappingURL=verifier-only.js.map

package/dist/vendor/cli/bin/exit.d.ts

@@ -0,0 +1,12 @@
+import type { Writable } from "node:stream";
+export interface CliProcessResult {
+    exitCode: number;
+    stdout: string;
+    stderr: string;
+}
+export interface CliExitRuntime {
+    stdout: Writable;
+    stderr: Writable;
+    exit: (code: number) => void;
+}
+export declare function writeCliResultAndExit(result: CliProcessResult, runtime?: CliExitRuntime): Promise<void>;

package/dist/vendor/cli/bin/exit.js

@@ -0,0 +1,28 @@
+export async function writeCliResultAndExit(result, runtime = {
+    stdout: process.stdout,
+    stderr: process.stderr,
+    exit: (code) => {
+        process.exit(code);
+    }
+}) {
+    await Promise.all([
+        writeStream(runtime.stdout, result.stdout),
+        writeStream(runtime.stderr, result.stderr)
+    ]);
+    runtime.exit(result.exitCode);
+}
+function writeStream(stream, value) {
+    if (!value) {
+        return Promise.resolve();
+    }
+    return new Promise((resolve, reject) => {
+        stream.write(`${value}\n`, (error) => {
+            if (error) {
+                reject(error);
+                return;
+            }
+            resolve();
+        });
+    });
+}
+//# sourceMappingURL=exit.js.map

package/dist/vendor/cli/commands/analyze.d.ts

@@ -0,0 +1,5 @@
+export declare function handleAnalyzeCommand(args: string[]): Promise<{
+    stdout: string;
+    stderr: string;
+    exitCode: number;
+}>;

package/dist/vendor/cli/commands/analyze.js

@@ -0,0 +1,58 @@
+import { join } from "node:path";
+import { analyzeRuns, buildReport, computeStats, createRlmClient, readRuns, renderMarkdown, writeReport } from "@martin/trace-intelligence";
+export async function handleAnalyzeCommand(args) {
+    const maxRuns = parseIntFlag(args, "--runs") ?? 20;
+    const since = parseFlag(args, "--since");
+    const output = parseFlag(args, "--output");
+    const runsRoot = parseFlag(args, "--runs-root");
+    const noRlm = args.includes("--no-rlm");
+    const jsonOut = args.includes("--json");
+    try {
+        const runs = await readRuns({ maxRuns, since, runsRoot });
+        if (runs.length === 0) {
+            return {
+                exitCode: 0,
+                stdout: "",
+                stderr: "No runs found. Run martin-loop at least once to generate trace data."
+            };
+        }
+        const rlmClient = noRlm ? undefined : createRlmClient();
+        const analysis = await analyzeRuns(runs, noRlm ? { deterministicOnly: true } : { client: rlmClient });
+        const stats = computeStats(runs);
+        const report = buildReport(runs, analysis, stats);
+        if (jsonOut) {
+            return {
+                exitCode: 0,
+                stdout: JSON.stringify(report, null, 2),
+                stderr: ""
+            };
+        }
+        const jsonPath = output ? join(output) : "trace-report.json";
+        const mdPath = jsonPath.replace(/\.json$/, ".md");
+        const { jsonPath: writtenJson, mdPath: writtenMd } = await writeReport(report, {
+            jsonOutput: jsonPath,
+            mdOutput: mdPath
+        });
+        return {
+            exitCode: 0,
+            stdout: renderMarkdown(report),
+            stderr: `\nReports written:\n  ${writtenJson}\n  ${writtenMd}\n`
+        };
+    }
+    catch (err) {
+        const message = err instanceof Error ? err.message : String(err);
+        return { exitCode: 1, stdout: "", stderr: `Error: ${message}` };
+    }
+}
+function parseFlag(args, flag) {
+    const idx = args.indexOf(flag);
+    return idx >= 0 ? args[idx + 1] : undefined;
+}
+function parseIntFlag(args, flag) {
+    const val = parseFlag(args, flag);
+    if (val === undefined)
+        return undefined;
+    const n = parseInt(val, 10);
+    return isNaN(n) ? undefined : n;
+}
+//# sourceMappingURL=analyze.js.map

package/dist/vendor/cli/commands/audit-log-verify.d.ts

@@ -0,0 +1,34 @@
+/**
+ * audit-log-verify.ts
+ *
+ * Implements `martin audit log-verify [--from ISO] [--to ISO]`.
+ *
+ * Walks every run directory in the Martin run store, verifies the Ed25519
+ * signature on each loop-record.json, and reports gaps, tamper evidence,
+ * and an overall PASS/FAIL verdict.
+ *
+ * Ed25519 verification is performed via verifyLoopRecordAttestation() from
+ * @martin/core — the same signing infrastructure used during run settlement.
+ */
+export interface AuditLogVerifyOptions {
+    /** ISO 8601 date string — only verify runs created on or after this date */
+    from?: string;
+    /** ISO 8601 date string — only verify runs created on or before this date */
+    to?: string;
+    /** Override the default runs root directory */
+    runsRoot?: string;
+}
+export interface AuditLogVerifyResult {
+    runsRoot: string;
+    rangeFrom: string;
+    rangeTo: string;
+    eventsChecked: number;
+    signaturesFailed: number;
+    gaps: string[];
+    failures: Array<{
+        runId: string;
+        reason: string;
+    }>;
+    verdict: "PASS" | "FAIL";
+}
+export declare function runAuditLogVerify(options?: AuditLogVerifyOptions): Promise<AuditLogVerifyResult>;

package/dist/vendor/cli/commands/audit-log-verify.js

@@ -0,0 +1,99 @@
+/**
+ * audit-log-verify.ts
+ *
+ * Implements `martin audit log-verify [--from ISO] [--to ISO]`.
+ *
+ * Walks every run directory in the Martin run store, verifies the Ed25519
+ * signature on each loop-record.json, and reports gaps, tamper evidence,
+ * and an overall PASS/FAIL verdict.
+ *
+ * Ed25519 verification is performed via verifyLoopRecordAttestation() from
+ * @martin/core — the same signing infrastructure used during run settlement.
+ */
+import { readdir, readFile, stat } from "node:fs/promises";
+import { join } from "node:path";
+import { resolveRunsRoot, verifyLoopRecordAttestation } from "../../core/index.js";
+export async function runAuditLogVerify(options = {}) {
+    const runsRoot = options.runsRoot ?? resolveRunsRoot(process.env);
+    const fromMs = options.from ? new Date(options.from).getTime() : 0;
+    const toMs = options.to ? new Date(options.to).getTime() : Date.now();
+    const rangeFrom = new Date(fromMs).toISOString();
+    const rangeTo = new Date(toMs).toISOString();
+    // Enumerate run directories — each is a directory named by loopId
+    let entries;
+    try {
+        entries = await readdir(runsRoot);
+    }
+    catch {
+        // Run store doesn't exist yet — zero runs is a valid "PASS" state
+        return {
+            runsRoot,
+            rangeFrom,
+            rangeTo,
+            eventsChecked: 0,
+            signaturesFailed: 0,
+            gaps: [],
+            failures: [],
+            verdict: "PASS",
+        };
+    }
+    const runDirs = [];
+    for (const entry of entries) {
+        const full = join(runsRoot, entry);
+        try {
+            const info = await stat(full);
+            if (info.isDirectory()) {
+                runDirs.push(full);
+            }
+        }
+        catch {
+            // skip unreadable entries
+        }
+    }
+    // Filter by date range using loop-record.json createdAt field
+    const inRangeDirs = [];
+    const gaps = [];
+    for (const runDir of runDirs) {
+        const recordPath = join(runDir, "loop-record.json");
+        try {
+            const raw = await readFile(recordPath, "utf8");
+            const record = JSON.parse(raw);
+            const createdMs = record.createdAt ? new Date(record.createdAt).getTime() : NaN;
+            if (isNaN(createdMs)) {
+                gaps.push(`${runDir}: missing or unparseable createdAt`);
+                continue;
+            }
+            if (createdMs >= fromMs && createdMs <= toMs) {
+                inRangeDirs.push(runDir);
+            }
+        }
+        catch {
+            gaps.push(`${runDir}: loop-record.json unreadable — possible gap in audit trail`);
+        }
+    }
+    // Verify each in-range run
+    const failures = [];
+    for (const runDir of inRangeDirs) {
+        const result = await verifyLoopRecordAttestation(runDir);
+        if (!result.ok) {
+            failures.push({
+                runId: runDir.split(/[\\/]/).pop() ?? runDir,
+                reason: result.reason ?? "signature verification failed",
+            });
+        }
+    }
+    const eventsChecked = inRangeDirs.length;
+    const signaturesFailed = failures.length;
+    const verdict = signaturesFailed === 0 && gaps.length === 0 ? "PASS" : "FAIL";
+    return {
+        runsRoot,
+        rangeFrom,
+        rangeTo,
+        eventsChecked,
+        signaturesFailed,
+        gaps,
+        failures,
+        verdict,
+    };
+}
+//# sourceMappingURL=audit-log-verify.js.map

package/dist/vendor/cli/commands/audit.d.ts

@@ -0,0 +1,8 @@
+export interface AuditCommandResult {
+    stdout: string;
+    stderr: string;
+    exitCode: number;
+}
+export declare function handleAuditCommand(args: string[], options?: {
+    cwd?: string;
+}): Promise<AuditCommandResult>;

package/dist/vendor/cli/commands/audit.js

@@ -0,0 +1,199 @@
+import { readdir, readFile } from "node:fs/promises";
+import { join } from "node:path";
+import { generateAuditPackFromRunDirectory, verifyAuditPack } from "@martin/contracts/audit";
+import { resolveRunsRoot } from "../../core/index.js";
+export async function handleAuditCommand(args, options = {}) {
+    const subcommand = args[0];
+    try {
+        switch (subcommand) {
+            case "generate": {
+                const runId = parseFlag(args, "--run-id");
+                const output = parseFlag(args, "--output") ?? join(options.cwd ?? process.cwd(), "audit-pack");
+                if (!runId) {
+                    return { stdout: "", stderr: "Missing --run-id", exitCode: 1 };
+                }
+                const result = await generateAuditPackFromRunDirectory({
+                    runId,
+                    runDir: join(resolveRunsRoot(process.env), runId),
+                    outputDir: output,
+                    generatedBy: "martin"
+                });
+                return {
+                    stdout: JSON.stringify({
+                        command: "audit.generate",
+                        runId,
+                        packPath: result.packPath,
+                        manifest: result.manifest
+                    }, null, 2),
+                    stderr: "",
+                    exitCode: 0
+                };
+            }
+            case "verify": {
+                const pack = parseFlag(args, "--pack");
+                if (!pack) {
+                    return { stdout: "", stderr: "Missing --pack", exitCode: 1 };
+                }
+                const result = await verifyAuditPack(pack);
+                return formatVerificationResult(result);
+            }
+            case "show": {
+                const runId = parseFlag(args, "--run-id");
+                if (!runId) {
+                    return { stdout: "", stderr: "Missing --run-id", exitCode: 1 };
+                }
+                const runsRoot = parseFlag(args, "--runs-root") ?? resolveRunsRoot(process.env);
+                const summary = await summarizeRunAudit(join(runsRoot, runId), runId);
+                return {
+                    stdout: JSON.stringify({
+                        command: "audit.show",
+                        ...summary
+                    }, null, 2),
+                    stderr: "",
+                    exitCode: 0
+                };
+            }
+            case "log-verify": {
+                const { runAuditLogVerify } = await import("./audit-log-verify.js");
+                const from = parseFlag(args, "--from");
+                const to = parseFlag(args, "--to");
+                const runsRoot = parseFlag(args, "--runs-root");
+                const result = await runAuditLogVerify({ from, to, runsRoot });
+                const output = JSON.stringify({
+                    command: "audit.log-verify",
+                    ...result,
+                }, null, 2);
+                if (result.verdict === "PASS") {
+                    return { stdout: output, stderr: "", exitCode: 0 };
+                }
+                return { stdout: "", stderr: output, exitCode: 1 };
+            }
+            default:
+                return {
+                    stdout: "",
+                    stderr: [
+                        "Usage: martin audit <subcommand> [options]",
+                        "",
+                        "Subcommands:",
+                        "  generate --run-id <id> --output <dir>   Generate audit pack",
+                        "  verify --pack <dir>                     Verify audit pack manifest",
+                        "  show --run-id <id> [--runs-root <dir>]  Summarize persisted run audit evidence",
+                        "  log-verify [--from ISO] [--to ISO]      Verify Ed25519 signatures across run log"
+                    ].join("\n"),
+                    exitCode: 1
+                };
+        }
+    }
+    catch (error) {
+        const message = error instanceof Error ? error.message : String(error);
+        return { stdout: "", stderr: message, exitCode: 1 };
+    }
+}
+async function summarizeRunAudit(runDir, runId) {
+    const [contract, state, loop, ledger, attemptDirs] = await Promise.all([
+        readJsonIfExists(join(runDir, "contract.json")),
+        readJsonIfExists(join(runDir, "state.json")),
+        readJsonIfExists(join(runDir, "loop-record.json")),
+        readLedgerIfExists(join(runDir, "ledger.jsonl")),
+        readAttemptDirs(join(runDir, "artifacts"))
+    ]);
+    const eventKinds = ledger.reduce((counts, event) => {
+        const kind = typeof event.kind === "string" ? event.kind : "unknown";
+        counts[kind] = (counts[kind] ?? 0) + 1;
+        return counts;
+    }, {});
+    const loopRecord = isRecord(loop) ? loop : undefined;
+    const contractRecord = isRecord(contract) ? contract : undefined;
+    const stateRecord = isRecord(state) ? state : undefined;
+    const task = isRecord(loopRecord?.task)
+        ? loopRecord.task
+        : isRecord(contractRecord?.task)
+            ? contractRecord.task
+            : undefined;
+    return {
+        runId,
+        runDir,
+        status: asString(loopRecord?.status) ?? "unknown",
+        lifecycleState: asString(loopRecord?.lifecycleState) ?? asString(stateRecord?.phase) ?? null,
+        taskTitle: asString(task?.title) ?? null,
+        attempts: Array.isArray(loopRecord?.attempts) ? loopRecord.attempts.length : attemptDirs.length,
+        ledgerEvents: ledger.length,
+        eventKinds,
+        cost: isRecord(loopRecord?.cost) ? loopRecord.cost : null,
+        artifacts: {
+            hasContract: contract !== null,
+            hasState: state !== null,
+            hasLoopRecord: loop !== null,
+            attemptDirs
+        }
+    };
+}
+async function readJsonIfExists(path) {
+    try {
+        return JSON.parse(await readFile(path, "utf8"));
+    }
+    catch {
+        return null;
+    }
+}
+async function readLedgerIfExists(path) {
+    try {
+        const contents = await readFile(path, "utf8");
+        return contents
+            .trim()
+            .split(/\r?\n/u)
+            .filter(Boolean)
+            .map((line) => JSON.parse(line));
+    }
+    catch {
+        return [];
+    }
+}
+async function readAttemptDirs(path) {
+    try {
+        const entries = await readdir(path, { withFileTypes: true });
+        return entries
+            .filter((entry) => entry.isDirectory() && entry.name.startsWith("attempt-"))
+            .map((entry) => entry.name)
+            .sort();
+    }
+    catch {
+        return [];
+    }
+}
+function isRecord(value) {
+    return typeof value === "object" && value !== null && !Array.isArray(value);
+}
+function asString(value) {
+    return typeof value === "string" ? value : undefined;
+}
+function formatVerificationResult(result) {
+    if (result.ok) {
+        return {
+            stdout: JSON.stringify({
+                command: "audit.verify",
+                status: "passed",
+                manifest: result.manifest,
+                checkedFiles: result.checkedFiles.length
+            }, null, 2),
+            stderr: "",
+            exitCode: 0
+        };
+    }
+    return {
+        stdout: "",
+        stderr: JSON.stringify({
+            command: "audit.verify",
+            status: "failed",
+            failures: result.failures
+        }, null, 2),
+        exitCode: 1
+    };
+}
+function parseFlag(args, flag) {
+    const idx = args.indexOf(flag);
+    if (idx === -1 || idx >= args.length - 1)
+        return undefined;
+    return args[idx + 1];
+}
+//# sourceMappingURL=audit.js.map

package/dist/vendor/cli/commands/corpus.d.ts

@@ -0,0 +1,5 @@
+export declare function handleCorpusCommand(args: string[]): Promise<{
+    stdout: string;
+    stderr: string;
+    exitCode: number;
+}>;

package/dist/vendor/cli/commands/corpus.js

@@ -0,0 +1,60 @@
+import { computeCorpusStats, loadCorpus, resolveEntry, resolveCorpusPath, saveCorpus } from "@martin/trace-intelligence";
+export async function handleCorpusCommand(args) {
+    const subcommand = args[0];
+    const corpusPath = resolveCorpusPath();
+    try {
+        const corpus = await loadCorpus(corpusPath);
+        switch (subcommand) {
+            case "show":
+            case undefined: {
+                const stats = computeCorpusStats(corpus);
+                const lines = [
+                    `Corpus: ${corpusPath}`,
+                    `Entries: ${stats.totalEntries} (${stats.resolvedEntries} resolved, ${stats.activeEntries} open)`,
+                    ""
+                ];
+                if (corpus.entries.length === 0) {
+                    lines.push("No patterns in corpus yet. Run martin analyze to populate.");
+                }
+                else {
+                    for (const entry of corpus.entries) {
+                        const resolved = entry.resolved ? "[resolved]" : "[open]    ";
+                        lines.push(`${resolved} ${entry.fingerprint.slice(0, 12)} ${entry.kind} (${entry.severity}) — seen ${entry.occurrenceCount}x, ${entry.totalAffectedRuns} runs`);
+                    }
+                }
+                return { exitCode: 0, stdout: lines.join("\n"), stderr: "" };
+            }
+            case "clear": {
+                const cleared = { ...corpus, entries: [], updatedAt: new Date().toISOString() };
+                await saveCorpus(cleared, corpusPath);
+                return { exitCode: 0, stdout: `Corpus cleared (${corpus.entries.length} entries removed).`, stderr: "" };
+            }
+            case "resolve": {
+                const fingerprint = args[1];
+                if (!fingerprint) {
+                    return { exitCode: 1, stdout: "", stderr: "Usage: martin corpus resolve <fingerprint>" };
+                }
+                try {
+                    const updated = resolveEntry(corpus, fingerprint);
+                    await saveCorpus(updated, corpusPath);
+                    return { exitCode: 0, stdout: `Entry ${fingerprint} marked as resolved.`, stderr: "" };
+                }
+                catch (resolveErr) {
+                    const msg = resolveErr instanceof Error ? resolveErr.message : String(resolveErr);
+                    return { exitCode: 1, stdout: "", stderr: msg };
+                }
+            }
+            default:
+                return {
+                    exitCode: 1,
+                    stdout: "",
+                    stderr: `Unknown corpus subcommand: ${subcommand}\nUsage: martin corpus [show|clear|resolve <fingerprint>]`
+                };
+        }
+    }
+    catch (err) {
+        const message = err instanceof Error ? err.message : String(err);
+        return { exitCode: 1, stdout: "", stderr: `Error: ${message}` };
+    }
+}
+//# sourceMappingURL=corpus.js.map

package/dist/vendor/cli/commands/doctor.d.ts

@@ -0,0 +1,8 @@
+export interface DoctorCommandResult {
+    stdout: string;
+    stderr: string;
+    exitCode: number;
+}
+export declare function handleDoctorCommand(args: string[], options?: {
+    cwd?: string;
+}): Promise<DoctorCommandResult>;